No OneTemporary
Actions

Size

131 KB

Referenced Files

None

订阅者

None

View Options

	diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
	index f294e7cc..aa85c8b2 100644
	--- a/data/Dockerfiles/nginx/bootstrap.py
	+++ b/data/Dockerfiles/nginx/bootstrap.py
	@@ -1,98 +1,99 @@
	import os
	import subprocess
	from jinja2 import Environment, FileSystemLoader

	def includes_conf(env, template_vars):
	server_name = "server_name.active"
	listen_plain = "listen_plain.active"
	listen_ssl = "listen_ssl.active"

	server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {' '.join(template_vars['ADDITIONAL_SERVER_NAMES'])};"
	listen_plain_config = f"listen {template_vars['HTTP_PORT']};"
	listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};"
	if not template_vars['DISABLE_IPv6']:
	listen_plain_config += f"\nlisten [::]:{template_vars['HTTP_PORT']};"
	listen_ssl_config += f"\nlisten [::]:{template_vars['HTTPS_PORT']} ssl;"
	listen_ssl_config += "\nhttp2 on;"

	with open(f"/etc/nginx/conf.d/{server_name}", "w") as f:
	f.write(server_name_config)

	with open(f"/etc/nginx/conf.d/{listen_plain}", "w") as f:
	f.write(listen_plain_config)

	with open(f"/etc/nginx/conf.d/{listen_ssl}", "w") as f:
	f.write(listen_ssl_config)

	def sites_default_conf(env, template_vars):
	config_name = "sites-default.conf"
	template = env.get_template(f"{config_name}.j2")
	config = template.render(template_vars)

	with open(f"/etc/nginx/includes/{config_name}", "w") as f:
	f.write(config)

	def nginx_conf(env, template_vars):
	config_name = "nginx.conf"
	template = env.get_template(f"{config_name}.j2")
	config = template.render(template_vars)

	with open(f"/etc/nginx/{config_name}", "w") as f:
	f.write(config)

	def prepare_template_vars():
	ipv4_network = os.getenv("IPV4_NETWORK", "172.22.1")
	additional_server_names = os.getenv("ADDITIONAL_SERVER_NAMES", "")

	template_vars = {
	'IPV4_NETWORK': ipv4_network,
	'TRUSTED_NETWORK': os.getenv("TRUSTED_NETWORK", False),
	'SKIP_RSPAMD': os.getenv("SKIP_RSPAMD", "n").lower() in ("y", "yes"),
	'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"),
	'NGINX_USE_PROXY_PROTOCOL': os.getenv("NGINX_USE_PROXY_PROTOCOL", "n").lower() in ("y", "yes"),
	'MAILCOW_HOSTNAME': os.getenv("MAILCOW_HOSTNAME", ""),
	'ADDITIONAL_SERVER_NAMES': [item.strip() for item in additional_server_names.split(",")],
	'HTTP_PORT': os.getenv("HTTP_PORT", "80"),
	'HTTPS_PORT': os.getenv("HTTPS_PORT", "443"),
	'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),
	'RSPAMDHOST': os.getenv("RSPAMDHOST", "rspamd-mailcow"),
	'PHPFPMHOST': os.getenv("PHPFPMHOST", "php-fpm-mailcow"),
	'DISABLE_IPv6': os.getenv("DISABLE_IPv6", "n").lower() in ("y", "yes"),
	+ 'HTTP_REDIRECT': os.getenv("HTTP_REDIRECT", "n").lower() in ("y", "yes"),
	}

	ssl_dir = '/etc/ssl/mail/'
	template_vars['valid_cert_dirs'] = []
	for d in os.listdir(ssl_dir):
	full_path = os.path.join(ssl_dir, d)
	if not os.path.isdir(full_path):
	continue

	cert_path = os.path.join(full_path, 'cert.pem')
	key_path = os.path.join(full_path, 'key.pem')
	domains_path = os.path.join(full_path, 'domains')

	if os.path.isfile(cert_path) and os.path.isfile(key_path) and os.path.isfile(domains_path):
	with open(domains_path, 'r') as file:
	domains = file.read().strip()
	domains_list = domains.split()
	if domains_list and template_vars["MAILCOW_HOSTNAME"] not in domains_list:
	template_vars['valid_cert_dirs'].append({
	'cert_path': full_path + '/',
	'domains': domains
	})

	return template_vars

	def main():
	env = Environment(loader=FileSystemLoader('./etc/nginx/conf.d/templates'))

	# Render config
	print("Render config")
	template_vars = prepare_template_vars()
	sites_default_conf(env, template_vars)
	nginx_conf(env, template_vars)
	includes_conf(env, template_vars)


	if __name__ == "__main__":
	main()
	diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
	index b35aeeea..2bb601c5 100644
	--- a/data/conf/nginx/templates/nginx.conf.j2
	+++ b/data/conf/nginx/templates/nginx.conf.j2
	@@ -1,148 +1,188 @@
	user nginx;
	worker_processes auto;

	error_log /var/log/nginx/error.log notice;
	pid /var/run/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	#tcp_nopush on;

	keepalive_timeout 65;

	#gzip on;

	# map-size.conf:
	map_hash_max_size 256;
	map_hash_bucket_size 256;

	# site.conf:
	proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h max_size=1g;
	server_names_hash_max_size 512;
	server_names_hash_bucket_size 128;

	map $http_x_forwarded_proto $client_req_scheme {
	default $scheme;
	https https;
	}

	+ {% if HTTP_REDIRECT %}
	+ # HTTP to HTTPS redirect
	+ server {
	+ root /web;
	+ listen {{ HTTP_PORT }} default_server;
	+ listen [::]:{{ HTTP_PORT }} default_server;
	+
	+ server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* {{ ADDITIONAL_SERVER_NAMES \| join(' ') }};
	+
	+ if ( $request_uri ~* "%0A\|%0D" ) { return 403; }
	+ location ^~ /.well-known/acme-challenge/ {
	+ allow all;
	+ default_type "text/plain";
	+ }
	+ location / {
	+ return 301 https://$host$uri$is_args$args;
	+ }
	+ }
	+ {%endif%}
	+
	# Default Server Name
	server {
	listen 127.0.0.1:65510; # sogo-auth verify internal
	+
	+ {% if not HTTP_REDIRECT %}
	listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
	+ {%endif%}
	listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
	+
	{% if not DISABLE_IPv6 %}
	+ {% if not HTTP_REDIRECT %}
	listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
	+ {%endif%}
	listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
	{%endif%}
	+
	http2 on;

	ssl_certificate /etc/ssl/mail/cert.pem;
	ssl_certificate_key /etc/ssl/mail/key.pem;

	server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.*;

	include /etc/nginx/includes/sites-default.conf;
	}

	# Additional Server Names
	{% for SERVER_NAME in ADDITIONAL_SERVER_NAMES %}
	server {
	listen 127.0.0.1:65510; # sogo-auth verify internal
	+
	+ {% if not HTTP_REDIRECT %}
	listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
	+ {%endif%}
	listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
	+
	{% if not DISABLE_IPv6 %}
	+ {% if not HTTP_REDIRECT %}
	listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
	+ {%endif%}
	listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
	{%endif%}
	+
	http2 on;

	ssl_certificate /etc/ssl/mail/cert.pem;
	ssl_certificate_key /etc/ssl/mail/key.pem;

	server_name {{ SERVER_NAME }};

	include /etc/nginx/includes/sites-default.conf;
	}
	{% endfor %}

	# rspamd dynmaps:
	server {
	listen 8081;
	{% if not DISABLE_IPv6 %}
	listen [::]:8081;
	{%endif%}
	index index.php index.html;
	server_name _;
	error_log /var/log/nginx/error.log;
	access_log /var/log/nginx/access.log;
	root /dynmaps;

	location ~ \.php$ {
	try_files $uri =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass {{ PHPFPMHOST }}:9001;
	fastcgi_index index.php;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	}
	}

	# rspamd meta_exporter:
	server {
	listen 9081;
	index index.php index.html;
	server_name _;
	error_log /var/log/nginx/error.log;
	access_log /var/log/nginx/access.log;
	root /meta_exporter;
	client_max_body_size 10M;
	location ~ \.php$ {
	client_max_body_size 10M;
	try_files $uri =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass {{ PHPFPMHOST }}:9001;
	fastcgi_index pipe.php;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	}
	}

	{% for cert in valid_cert_dirs %}
	server {
	+ {% if not HTTP_REDIRECT %}
	listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
	+ {%endif%}
	listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
	+
	{% if not DISABLE_IPv6 %}
	+ {% if not HTTP_REDIRECT %}
	listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
	+ {%endif%}
	listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
	{%endif%}
	+
	http2 on;

	ssl_certificate {{ cert.cert_path }}cert.pem;
	ssl_certificate_key {{ cert.cert_path }}key.pem;

	server_name {{ cert.domains }};

	include /etc/nginx/includes/sites-default.conf;
	}
	{% endfor %}

	include /etc/nginx/conf.d/*.conf;
	}
	diff --git a/docker-compose.yml b/docker-compose.yml
	index 626c957c..421610ba 100644
	--- a/docker-compose.yml
	+++ b/docker-compose.yml
	@@ -1,655 +1,656 @@
	services:

	unbound-mailcow:
	image: mailcow/unbound:1.23
	environment:
	- TZ=${TZ}
	- SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}
	volumes:
	- ./data/hooks/unbound:/hooks:Z
	- ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
	restart: always
	tty: true
	networks:
	mailcow-network:
	ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
	aliases:
	- unbound

	mysql-mailcow:
	image: mariadb:10.5
	depends_on:
	- unbound-mailcow
	- netfilter-mailcow
	stop_grace_period: 45s
	volumes:
	- mysql-vol-1:/var/lib/mysql/
	- mysql-socket-vol-1:/var/run/mysqld/
	- ./data/conf/mysql/:/etc/mysql/conf.d/:ro,Z
	environment:
	- TZ=${TZ}
	- MYSQL_ROOT_PASSWORD=${DBROOT}
	- MYSQL_DATABASE=${DBNAME}
	- MYSQL_USER=${DBUSER}
	- MYSQL_PASSWORD=${DBPASS}
	- MYSQL_INITDB_SKIP_TZINFO=1
	restart: always
	ports:
	- "${SQL_PORT:-127.0.0.1:13306}:3306"
	networks:
	mailcow-network:
	aliases:
	- mysql

	redis-mailcow:
	image: redis:7-alpine
	entrypoint: /redis-conf.sh
	volumes:
	- redis-vol-1:/data/
	- ./data/conf/redis/redis-conf.sh:/redis-conf.sh:z
	restart: always
	depends_on:
	- netfilter-mailcow
	ports:
	- "${REDIS_PORT:-127.0.0.1:7654}:6379"
	environment:
	- TZ=${TZ}
	- REDISPASS=${REDISPASS}
	sysctls:
	- net.core.somaxconn=4096
	networks:
	mailcow-network:
	ipv4_address: ${IPV4_NETWORK:-172.22.1}.249
	aliases:
	- redis

	clamd-mailcow:
	image: mailcow/clamd:1.70
	restart: always
	depends_on:
	unbound-mailcow:
	condition: service_healthy
	dns:
	- ${IPV4_NETWORK:-172.22.1}.254
	environment:
	- TZ=${TZ}
	- SKIP_CLAMD=${SKIP_CLAMD:-n}
	volumes:
	- ./data/conf/clamav/:/etc/clamav/:Z
	- clamd-db-vol-1:/var/lib/clamav
	networks:
	mailcow-network:
	aliases:
	- clamd

	rspamd-mailcow:
	image: mailcow/rspamd:1.99
	stop_grace_period: 30s
	depends_on:
	- dovecot-mailcow
	- clamd-mailcow
	environment:
	- TZ=${TZ}
	- IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
	- IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
	- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
	- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
	- REDISPASS=${REDISPASS}
	- SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
	volumes:
	- ./data/hooks/rspamd:/hooks:Z
	- ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
	- ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:Z
	- ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:Z
	- ./data/conf/rspamd/plugins.d/:/etc/rspamd/plugins.d:Z
	- ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro,Z
	- ./data/conf/rspamd/rspamd.conf.local:/etc/rspamd/rspamd.conf.local:Z
	- ./data/conf/rspamd/rspamd.conf.override:/etc/rspamd/rspamd.conf.override:Z
	- rspamd-vol-1:/var/lib/rspamd
	restart: always
	hostname: rspamd
	dns:
	- ${IPV4_NETWORK:-172.22.1}.254
	networks:
	mailcow-network:
	aliases:
	- rspamd

	php-fpm-mailcow:
	image: mailcow/phpfpm:1.92
	command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
	depends_on:
	- redis-mailcow
	volumes:
	- ./data/hooks/phpfpm:/hooks:Z
	- ./data/web:/web:z
	- ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
	- ./data/conf/rspamd/custom/:/rspamd_custom_maps:z
	- rspamd-vol-1:/var/lib/rspamd
	- mysql-socket-vol-1:/var/run/mysqld/
	- ./data/conf/sogo/:/etc/sogo/:z
	- ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
	- ./data/conf/phpfpm/sogo-sso/:/etc/sogo-sso/:z
	- ./data/conf/phpfpm/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf:Z
	- ./data/conf/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:Z
	- ./data/conf/phpfpm/php-conf.d/upload.ini:/usr/local/etc/php/conf.d/upload.ini:Z
	- ./data/conf/phpfpm/php-conf.d/other.ini:/usr/local/etc/php/conf.d/zzz-other.ini:Z
	- ./data/conf/dovecot/global_sieve_before:/global_sieve/before:z
	- ./data/conf/dovecot/global_sieve_after:/global_sieve/after:z
	- ./data/assets/templates:/tpls:z
	- ./data/conf/nginx/:/etc/nginx/conf.d/:z
	dns:
	- ${IPV4_NETWORK:-172.22.1}.254
	environment:
	- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
	- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
	- REDISPASS=${REDISPASS}
	- LOG_LINES=${LOG_LINES:-9999}
	- TZ=${TZ}
	- DBNAME=${DBNAME}
	- DBUSER=${DBUSER}
	- DBPASS=${DBPASS}
	- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
	- MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
	- IMAP_PORT=${IMAP_PORT:-143}
	- IMAPS_PORT=${IMAPS_PORT:-993}
	- POP_PORT=${POP_PORT:-110}
	- POPS_PORT=${POPS_PORT:-995}
	- SIEVE_PORT=${SIEVE_PORT:-4190}
	- IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
	- IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
	- SUBMISSION_PORT=${SUBMISSION_PORT:-587}
	- SMTPS_PORT=${SMTPS_PORT:-465}
	- SMTP_PORT=${SMTP_PORT:-25}
	- API_KEY=${API_KEY:-invalid}
	- API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
	- API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
	- COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
	- SKIP_FTS=${SKIP_FTS:-y}
	- SKIP_CLAMD=${SKIP_CLAMD:-n}
	- SKIP_SOGO=${SKIP_SOGO:-n}
	- ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
	- MASTER=${MASTER:-y}
	- DEV_MODE=${DEV_MODE:-n}
	- DEMO_MODE=${DEMO_MODE:-n}
	- WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
	- CLUSTERMODE=${CLUSTERMODE:-}
	- ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
	restart: always
	networks:
	mailcow-network:
	aliases:
	- phpfpm

	sogo-mailcow:
	image: mailcow/sogo:1.128
	environment:
	- DBNAME=${DBNAME}
	- DBUSER=${DBUSER}
	- DBPASS=${DBPASS}
	- TZ=${TZ}
	- LOG_LINES=${LOG_LINES:-9999}
	- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
	- MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
	- ACL_ANYONE=${ACL_ANYONE:-disallow}
	- ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
	- IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
	- SOGO_EXPIRE_SESSION=${SOGO_EXPIRE_SESSION:-480}
	- SKIP_SOGO=${SKIP_SOGO:-n}
	- MASTER=${MASTER:-y}
	- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
	- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
	- REDISPASS=${REDISPASS}
	dns:
	- ${IPV4_NETWORK:-172.22.1}.254
	volumes:
	- ./data/hooks/sogo:/hooks:Z
	- ./data/conf/sogo/:/etc/sogo/:z
	- ./data/web/inc/init_db.inc.php:/init_db.inc.php:z
	- ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
	- ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
	- ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
	- mysql-socket-vol-1:/var/run/mysqld/
	- sogo-web-vol-1:/sogo_web
	- sogo-userdata-backup-vol-1:/sogo_backup
	labels:
	ofelia.enabled: "true"
	ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
	ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool -v expire-sessions $${SOGO_EXPIRE_SESSION} \|\| exit 0\""
	ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
	ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/cron.creds \|\| exit 0\""
	ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
	ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/cron.creds \|\| exit 0\""
	ofelia.job-exec.sogo_backup.schedule: "@every 24h"
	ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL \|\| exit 0\""
	restart: always
	networks:
	mailcow-network:
	ipv4_address: ${IPV4_NETWORK:-172.22.1}.248
	aliases:
	- sogo

	dovecot-mailcow:
	image: mailcow/dovecot:2.3
	depends_on:
	- mysql-mailcow
	- netfilter-mailcow
	- redis-mailcow
	dns:
	- ${IPV4_NETWORK:-172.22.1}.254
	cap_add:
	- NET_BIND_SERVICE
	volumes:
	- ./data/hooks/dovecot:/hooks:Z
	- ./data/conf/dovecot:/etc/dovecot:z
	- ./data/assets/ssl:/etc/ssl/mail/:ro,z
	- ./data/conf/sogo/:/etc/sogo/:z
	- ./data/conf/phpfpm/sogo-sso/:/etc/phpfpm/:z
	- vmail-vol-1:/var/vmail
	- vmail-index-vol-1:/var/vmail_index
	- crypt-vol-1:/mail_crypt/
	- ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
	- ./data/assets/templates:/templates:z
	- rspamd-vol-1:/var/lib/rspamd
	- mysql-socket-vol-1:/var/run/mysqld/
	environment:
	- DOVECOT_MASTER_USER=${DOVECOT_MASTER_USER:-}
	- DOVECOT_MASTER_PASS=${DOVECOT_MASTER_PASS:-}
	- MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
	- DOVEADM_REPLICA_PORT=${DOVEADM_REPLICA_PORT:-}
	- LOG_LINES=${LOG_LINES:-9999}
	- DBNAME=${DBNAME}
	- DBUSER=${DBUSER}
	- DBPASS=${DBPASS}
	- TZ=${TZ}
	- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
	- MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
	- IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
	- ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
	- MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
	- ACL_ANYONE=${ACL_ANYONE:-disallow}
	- SKIP_FTS=${SKIP_FTS:-y}
	- FTS_HEAP=${FTS_HEAP:-512}
	- FTS_PROCS=${FTS_PROCS:-3}
	- MAILDIR_SUB=${MAILDIR_SUB:-}
	- MASTER=${MASTER:-y}
	- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
	- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
	- REDISPASS=${REDISPASS}
	- COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
	ports:
	- "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
	- "${IMAP_PORT:-143}:143"
	- "${IMAPS_PORT:-993}:993"
	- "${POP_PORT:-110}:110"
	- "${POPS_PORT:-995}:995"
	- "${SIEVE_PORT:-4190}:4190"
	restart: always
	tty: true
	labels:
	ofelia.enabled: "true"
	ofelia.job-exec.dovecot_imapsync_runner.schedule: "@every 1m"
	ofelia.job-exec.dovecot_imapsync_runner.no-overlap: "true"
	ofelia.job-exec.dovecot_imapsync_runner.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu nobody /usr/local/bin/imapsync_runner.pl \|\| exit 0\""
	ofelia.job-exec.dovecot_trim_logs.schedule: "@every 1m"
	ofelia.job-exec.dovecot_trim_logs.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/trim_logs.sh \|\| exit 0\""
	ofelia.job-exec.dovecot_quarantine.schedule: "@every 20m"
	ofelia.job-exec.dovecot_quarantine.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/quarantine_notify.py \|\| exit 0\""
	ofelia.job-exec.dovecot_clean_q_aged.schedule: "@every 24h"
	ofelia.job-exec.dovecot_clean_q_aged.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/clean_q_aged.sh \|\| exit 0\""
	ofelia.job-exec.dovecot_maildir_gc.schedule: "@every 30m"
	ofelia.job-exec.dovecot_maildir_gc.command: "/bin/bash -c \"source /source_env.sh ; /usr/local/bin/gosu vmail /usr/local/bin/maildir_gc.sh\""
	ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
	ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
	ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
	ofelia.job-exec.dovecot_fts.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/optimize-fts.sh\""
	ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
	ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
	ulimits:
	nproc: 65535
	nofile:
	soft: 20000
	hard: 40000
	networks:
	mailcow-network:
	ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
	aliases:
	- dovecot

	postfix-mailcow:
	image: mailcow/postfix:1.79
	depends_on:
	mysql-mailcow:
	condition: service_started
	unbound-mailcow:
	condition: service_healthy
	volumes:
	- ./data/hooks/postfix:/hooks:Z
	- ./data/conf/postfix:/opt/postfix/conf:z
	- ./data/assets/ssl:/etc/ssl/mail/:ro,z
	- postfix-vol-1:/var/spool/postfix
	- crypt-vol-1:/var/lib/zeyple
	- rspamd-vol-1:/var/lib/rspamd
	- mysql-socket-vol-1:/var/run/mysqld/
	environment:
	- LOG_LINES=${LOG_LINES:-9999}
	- TZ=${TZ}
	- DBNAME=${DBNAME}
	- DBUSER=${DBUSER}
	- DBPASS=${DBPASS}
	- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
	- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
	- REDISPASS=${REDISPASS}
	- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
	- SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
	cap_add:
	- NET_BIND_SERVICE
	ports:
	- "${SMTP_PORT:-25}:25"
	- "${SMTPS_PORT:-465}:465"
	- "${SUBMISSION_PORT:-587}:587"
	restart: always
	dns:
	- ${IPV4_NETWORK:-172.22.1}.254
	networks:
	mailcow-network:
	ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
	aliases:
	- postfix

	memcached-mailcow:
	image: memcached:alpine
	restart: always
	environment:
	- TZ=${TZ}
	networks:
	mailcow-network:
	aliases:
	- memcached

	nginx-mailcow:
	depends_on:
	- redis-mailcow
	- php-fpm-mailcow
	- sogo-mailcow
	- rspamd-mailcow
	image: mailcow/nginx:1.02
	dns:
	- ${IPV4_NETWORK:-172.22.1}.254
	environment:
	- HTTPS_PORT=${HTTPS_PORT:-443}
	- HTTP_PORT=${HTTP_PORT:-80}
	- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
	- ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
	- TZ=${TZ}
	- SKIP_SOGO=${SKIP_SOGO:-n}
	- SKIP_RSPAMD=${SKIP_RSPAMD:-n}
	- DISABLE_IPv6=${DISABLE_IPv6:-n}
	+ - HTTP_REDIRECT=${HTTP_REDIRECT:-n}
	- PHPFPMHOST=${PHPFPMHOST:-}
	- SOGOHOST=${SOGOHOST:-}
	- RSPAMDHOST=${RSPAMDHOST:-}
	- REDISHOST=${REDISHOST:-}
	- IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
	volumes:
	- ./data/web:/web:ro,z
	- ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
	- ./data/assets/ssl/:/etc/ssl/mail/:ro,z
	- ./data/conf/nginx/:/etc/nginx/conf.d/:z
	- ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
	- sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
	ports:
	- "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
	- "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
	restart: always
	networks:
	mailcow-network:
	aliases:
	- nginx

	acme-mailcow:
	depends_on:
	nginx-mailcow:
	condition: service_started
	unbound-mailcow:
	condition: service_healthy
	image: mailcow/acme:1.91
	dns:
	- ${IPV4_NETWORK:-172.22.1}.254
	environment:
	- LOG_LINES=${LOG_LINES:-9999}
	- ACME_CONTACT=${ACME_CONTACT:-}
	- ADDITIONAL_SAN=${ADDITIONAL_SAN}
	- AUTODISCOVER_SAN=${AUTODISCOVER_SAN:-y}
	- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
	- DBNAME=${DBNAME}
	- DBUSER=${DBUSER}
	- DBPASS=${DBPASS}
	- SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
	- COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
	- DIRECTORY_URL=${DIRECTORY_URL:-}
	- ENABLE_SSL_SNI=${ENABLE_SSL_SNI:-n}
	- SKIP_IP_CHECK=${SKIP_IP_CHECK:-n}
	- SKIP_HTTP_VERIFICATION=${SKIP_HTTP_VERIFICATION:-n}
	- ONLY_MAILCOW_HOSTNAME=${ONLY_MAILCOW_HOSTNAME:-n}
	- LE_STAGING=${LE_STAGING:-n}
	- TZ=${TZ}
	- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
	- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
	- REDISPASS=${REDISPASS}
	- SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
	- SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
	volumes:
	- ./data/web/.well-known/acme-challenge:/var/www/acme:z
	- ./data/assets/ssl:/var/lib/acme/:z
	- ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
	- mysql-socket-vol-1:/var/run/mysqld/
	restart: always
	networks:
	mailcow-network:
	aliases:
	- acme

	netfilter-mailcow:
	image: mailcow/netfilter:1.60
	stop_grace_period: 30s
	restart: always
	privileged: true
	environment:
	- TZ=${TZ}
	- IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
	- IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
	- SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
	- SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
	- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
	- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
	- REDISPASS=${REDISPASS}
	- MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
	- DISABLE_NETFILTER_ISOLATION_RULE=${DISABLE_NETFILTER_ISOLATION_RULE:-n}
	network_mode: "host"
	volumes:
	- /lib/modules:/lib/modules:ro

	watchdog-mailcow:
	image: mailcow/watchdog:2.06
	dns:
	- ${IPV4_NETWORK:-172.22.1}.254
	tmpfs:
	- /tmp
	volumes:
	- rspamd-vol-1:/var/lib/rspamd
	- mysql-socket-vol-1:/var/run/mysqld/
	- postfix-vol-1:/var/spool/postfix
	- ./data/assets/ssl:/etc/ssl/mail/:ro,z
	restart: always
	depends_on:
	- postfix-mailcow
	- dovecot-mailcow
	- mysql-mailcow
	- acme-mailcow
	- redis-mailcow
	environment:
	- IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
	- LOG_LINES=${LOG_LINES:-9999}
	- TZ=${TZ}
	- DBNAME=${DBNAME}
	- DBUSER=${DBUSER}
	- DBPASS=${DBPASS}
	- DBROOT=${DBROOT}
	- USE_WATCHDOG=${USE_WATCHDOG:-n}
	- WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL:-}
	- WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
	- WATCHDOG_NOTIFY_START=${WATCHDOG_NOTIFY_START:-y}
	- WATCHDOG_SUBJECT=${WATCHDOG_SUBJECT:-Watchdog ALERT}
	- WATCHDOG_NOTIFY_WEBHOOK=${WATCHDOG_NOTIFY_WEBHOOK:-}
	- WATCHDOG_NOTIFY_WEBHOOK_BODY=${WATCHDOG_NOTIFY_WEBHOOK_BODY:-}
	- WATCHDOG_EXTERNAL_CHECKS=${WATCHDOG_EXTERNAL_CHECKS:-n}
	- WATCHDOG_MYSQL_REPLICATION_CHECKS=${WATCHDOG_MYSQL_REPLICATION_CHECKS:-n}
	- WATCHDOG_VERBOSE=${WATCHDOG_VERBOSE:-n}
	- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
	- COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
	- IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
	- IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0}
	- CHECK_UNBOUND=${CHECK_UNBOUND:-1}
	- SKIP_CLAMD=${SKIP_CLAMD:-n}
	- SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
	- SKIP_SOGO=${SKIP_SOGO:-n}
	- HTTPS_PORT=${HTTPS_PORT:-443}
	- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
	- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
	- REDISPASS=${REDISPASS}
	- EXTERNAL_CHECKS_THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD:-1}
	- NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
	- UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
	- REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
	- MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
	- MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
	- SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
	- POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
	- CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
	- DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
	- DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
	- PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5}
	- RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
	- FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
	- ACME_THRESHOLD=${ACME_THRESHOLD:-1}
	- RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
	- OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
	- MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
	- MAILQ_CRIT=${MAILQ_CRIT:-30}
	networks:
	mailcow-network:
	aliases:
	- watchdog

	dockerapi-mailcow:
	image: mailcow/dockerapi:2.10
	security_opt:
	- label=disable
	restart: always
	dns:
	- ${IPV4_NETWORK:-172.22.1}.254
	environment:
	- DBROOT=${DBROOT}
	- TZ=${TZ}
	- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
	- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
	- REDISPASS=${REDISPASS}
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	networks:
	mailcow-network:
	aliases:
	- dockerapi

	olefy-mailcow:
	image: mailcow/olefy:1.13
	restart: always
	environment:
	- TZ=${TZ}
	- OLEFY_BINDADDRESS=0.0.0.0
	- OLEFY_BINDPORT=10055
	- OLEFY_TMPDIR=/tmp
	- OLEFY_PYTHON_PATH=/usr/bin/python3
	- OLEFY_OLEVBA_PATH=/usr/bin/olevba
	- OLEFY_LOGLVL=20
	- OLEFY_MINLENGTH=500
	- OLEFY_DEL_TMP=1
	networks:
	mailcow-network:
	aliases:
	- olefy

	ofelia-mailcow:
	image: mcuadros/ofelia:latest
	restart: always
	command: daemon --docker -f label=com.docker.compose.project=${COMPOSE_PROJECT_NAME}
	environment:
	- TZ=${TZ}
	- COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME}
	depends_on:
	- sogo-mailcow
	- dovecot-mailcow
	labels:
	ofelia.enabled: "true"
	security_opt:
	- label=disable
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	networks:
	mailcow-network:
	aliases:
	- ofelia

	ipv6nat-mailcow:
	depends_on:
	- unbound-mailcow
	- mysql-mailcow
	- redis-mailcow
	- clamd-mailcow
	- rspamd-mailcow
	- php-fpm-mailcow
	- sogo-mailcow
	- dovecot-mailcow
	- postfix-mailcow
	- memcached-mailcow
	- nginx-mailcow
	- acme-mailcow
	- netfilter-mailcow
	- watchdog-mailcow
	- dockerapi-mailcow
	environment:
	- TZ=${TZ}
	image: robbertkl/ipv6nat
	security_opt:
	- label=disable
	restart: always
	privileged: true
	network_mode: "host"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	- /lib/modules:/lib/modules:ro

	networks:
	mailcow-network:
	driver: bridge
	driver_opts:
	com.docker.network.bridge.name: br-mailcow
	enable_ipv6: true
	ipam:
	driver: default
	config:
	- subnet: ${IPV4_NETWORK:-172.22.1}.0/24
	- subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}

	volumes:
	vmail-vol-1:
	vmail-index-vol-1:
	mysql-vol-1:
	mysql-socket-vol-1:
	redis-vol-1:
	rspamd-vol-1:
	postfix-vol-1:
	crypt-vol-1:
	sogo-web-vol-1:
	sogo-userdata-backup-vol-1:
	clamd-db-vol-1:
	diff --git a/generate_config.sh b/generate_config.sh
	index 8f03e389..e3faf7bb 100755
	--- a/generate_config.sh
	+++ b/generate_config.sh
	@@ -1,585 +1,588 @@
	#!/usr/bin/env bash

	set -o pipefail

	if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
	echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
	echo "Please update to 5.x or use another distribution."
	exit 1
	fi

	if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
	if grep -q Ubuntu <<< "$(uname -a)"; then
	echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
	echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
	exit 1
	fi
	fi

	if grep --help 2>&1 \| head -n 1 \| grep -q -i "busybox"; then echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi
	# This will also cover sort
	if cp --help 2>&1 \| head -n 1 \| grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
	if sed --help 2>&1 \| head -n 1 \| grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi

	for bin in openssl curl docker git awk sha1sum grep cut; do
	if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
	done

	# Check Docker Version (need at least 24.X)
	docker_version=$(docker -v \| grep -oP '\d+\.\d+\.\d+' \| head -n 1 \| cut -d '.' -f 1)

	if [[ $docker_version -lt 24 ]]; then
	echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"
	echo -e "\e[33mmailcow needs a newer Docker version to work properly...\e[0m"
	echo -e "\e[31mPlease update your Docker installation... exiting\e[0m"
	exit 1
	fi

	if docker compose > /dev/null 2>&1; then
	if docker compose version --short \| grep -e "^2." -e "^v2." > /dev/null 2>&1; then
	COMPOSE_VERSION=native
	echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
	echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
	sleep 2
	echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
	else
	echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
	echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
	exit 1
	fi
	elif docker-compose > /dev/null 2>&1; then
	if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
	if docker-compose version --short \| grep "^2." > /dev/null 2>&1; then
	COMPOSE_VERSION=standalone
	echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
	echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
	sleep 2
	echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
	else
	echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
	echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
	exit 1
	fi
	fi

	else
	echo -e "\e[31mCannot find Docker Compose.\e[0m"
	echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
	exit 1
	fi

	detect_bad_asn() {
	echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
	response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
	if [ "$response" -eq 503 ]; then
	if [ -z "$SPAMHAUS_DQS_KEY" ]; then
	echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
	echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
	sleep 2
	echo ""
	echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
	echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
	echo ""
	sleep 2

	else
	echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
	echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
	fi
	elif [ "$response" -eq 200 ]; then
	echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
	elif [ "$response" -eq 429 ]; then
	echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
	else
	echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
	fi
	}

	### If generate_config.sh is started with --dev or -d it will not check out nightly or master branch and will keep on the current branch
	if [[ ${1} == "--dev" \|\| ${1} == "-d" ]]; then
	SKIP_BRANCH=y
	else
	SKIP_BRANCH=n
	fi

	if [ -f mailcow.conf ]; then
	read -r -p "A config file exists and will be overwritten, are you sure you want to continue? [y/N] " response
	case $response in
	[yY][eE][sS]\|[yY])
	mv mailcow.conf mailcow.conf_backup
	chmod 600 mailcow.conf_backup
	;;
	*)
	exit 1
	;;
	esac
	fi

	echo "Press enter to confirm the detected value '[value]' where applicable or enter a custom value."
	while [ -z "${MAILCOW_HOSTNAME}" ]; do
	read -p "Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname: " -e MAILCOW_HOSTNAME
	DOTS=${MAILCOW_HOSTNAME//[^.]};
	if [ ${#DOTS} -lt 1 ]; then
	echo -e "\e[31mMAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is not a FQDN!\e[0m"
	sleep 1
	echo "Please change it to a FQDN and redeploy the stack with docker(-)compose up -d"
	exit 1
	elif [[ "${MAILCOW_HOSTNAME: -1}" == "." ]]; then
	echo "MAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is ending with a dot. This is not a valid FQDN!"
	exit 1
	elif [ ${#DOTS} -eq 1 ]; then
	echo -e "\e[33mMAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) does not contain a Subdomain. This is not fully tested and may cause issues.\e[0m"
	echo "Find more information about why this message exists here: https://github.com/mailcow/mailcow-dockerized/issues/1572"
	read -r -p "Do you want to proceed anyway? [y/N] " response
	if [[ "$response" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	echo "OK. Procceding."
	else
	echo "OK. Exiting."
	exit 1
	fi
	fi
	done

	if [ -a /etc/timezone ]; then
	DETECTED_TZ=$(cat /etc/timezone)
	elif [ -a /etc/localtime ]; then
	DETECTED_TZ=$(readlink /etc/localtime\|sed -n 's\|^.*zoneinfo/\|\|p')
	fi

	while [ -z "${MAILCOW_TZ}" ]; do
	if [ -z "${DETECTED_TZ}" ]; then
	read -p "Timezone: " -e MAILCOW_TZ
	else
	read -p "Timezone [${DETECTED_TZ}]: " -e MAILCOW_TZ
	[ -z "${MAILCOW_TZ}" ] && MAILCOW_TZ=${DETECTED_TZ}
	fi
	done

	MEM_TOTAL=$(awk '/MemTotal/ {print $2}' /proc/meminfo)

	if [ -z "${SKIP_CLAMD}" ]; then
	if [ "${MEM_TOTAL}" -le "2621440" ]; then
	echo "Installed memory is <= 2.5 GiB. It is recommended to disable ClamAV to prevent out-of-memory situations."
	echo "ClamAV can be re-enabled by setting SKIP_CLAMD=n in mailcow.conf."
	read -r -p "Do you want to disable ClamAV now? [Y/n] " response
	case $response in
	[nN][oO]\|[nN])
	SKIP_CLAMD=n
	;;
	*)
	SKIP_CLAMD=y
	;;
	esac
	else
	SKIP_CLAMD=n
	fi
	fi

	if [[ ${SKIP_BRANCH} != y ]]; then
	echo "Which branch of mailcow do you want to use?"
	echo ""
	echo "Available Branches:"
	echo "- master branch (stable updates) \| default, recommended [1]"
	echo "- nightly branch (unstable updates, testing) \| not-production ready [2]"
	sleep 1

	while [ -z "${MAILCOW_BRANCH}" ]; do
	read -r -p "Choose the Branch with it's number [1/2] " branch
	case $branch in
	[2])
	MAILCOW_BRANCH="nightly"
	;;
	*)
	MAILCOW_BRANCH="master"
	;;
	esac
	done

	git fetch --all
	git checkout -f "$MAILCOW_BRANCH"

	elif [[ ${SKIP_BRANCH} == y ]]; then
	echo -e "\033[33mEnabled Dev Mode.\033[0m"
	echo -e "\033[33mNot checking out a different branch!\033[0m"
	MAILCOW_BRANCH=$(git rev-parse --short $(git rev-parse @{upstream}))

	else
	echo -e "\033[31mCould not determine branch input..."
	echo -e "\033[31mExiting."
	exit 1
	fi

	if [ ! -z "${MAILCOW_BRANCH}" ]; then
	git_branch=${MAILCOW_BRANCH}
	fi

	[ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc

	cat << EOF > mailcow.conf
	# ------------------------------
	# mailcow web ui configuration
	# ------------------------------
	# example.org is _not_ a valid hostname, use a fqdn here.
	# Default admin user is "admin"
	# Default password is "moohoo"

	MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}

	# Password hash algorithm
	# Only certain password hash algorithm are supported. For a fully list of supported schemes,
	# see https://docs.mailcow.email/models/model-passwd/
	MAILCOW_PASS_SCHEME=BLF-CRYPT

	# ------------------------------
	# SQL database configuration
	# ------------------------------

	DBNAME=mailcow
	DBUSER=mailcow

	# Please use long, random alphanumeric strings (A-Za-z0-9)

	DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null \| head -c 28)
	DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null \| head -c 28)

	# ------------------------------
	# REDIS configuration
	# ------------------------------

	REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null \| head -c 28)

	# ------------------------------
	# HTTP/S Bindings
	# ------------------------------

	# You should use HTTPS, but in case of SSL offloaded reverse proxies:
	# Might be important: This will also change the binding within the container.
	# If you use a proxy within Docker, point it to the ports you set below.
	# Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
	# IMPORTANT: Do not use port 8081, 9081 or 65510!
	# Example: HTTP_BIND=1.2.3.4
	# For IPv4 leave it as it is: HTTP_BIND= & HTTPS_PORT=
	# For IPv6 see https://docs.mailcow.email/post_installation/firststeps-ip_bindings/

	HTTP_PORT=80
	HTTP_BIND=

	HTTPS_PORT=443
	HTTPS_BIND=

	+# Redirect HTTP connections to HTTPS - y/n
	+HTTP_REDIRECT=n
	+
	# ------------------------------
	# Other bindings
	# ------------------------------
	# You should leave that alone
	# Format: 11.22.33.44:25 or 12.34.56.78:465 etc.

	SMTP_PORT=25
	SMTPS_PORT=465
	SUBMISSION_PORT=587
	IMAP_PORT=143
	IMAPS_PORT=993
	POP_PORT=110
	POPS_PORT=995
	SIEVE_PORT=4190
	DOVEADM_PORT=127.0.0.1:19991
	SQL_PORT=127.0.0.1:13306
	REDIS_PORT=127.0.0.1:7654

	# Your timezone
	# See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
	# Use the column named 'TZ identifier' + pay attention for the column named 'Notes'

	TZ=${MAILCOW_TZ}

	# Fixed project name
	# Please use lowercase letters only

	COMPOSE_PROJECT_NAME=mailcowdockerized

	# Used Docker Compose version
	# Switch here between native (compose plugin) and standalone
	# For more informations take a look at the mailcow docs regarding the configuration options.
	# Normally this should be untouched but if you decided to use either of those you can switch it manually here.
	# Please be aware that at least one of those variants should be installed on your machine or mailcow will fail.

	DOCKER_COMPOSE_VERSION=${COMPOSE_VERSION}

	# Set this to "allow" to enable the anyone pseudo user. Disabled by default.
	# When enabled, ACL can be created, that apply to "All authenticated users"
	# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
	# Otherwise a user might share data with too many other users.
	ACL_ANYONE=disallow

	# Garbage collector cleanup
	# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
	# How long should objects remain in the garbage until they are being deleted? (value in minutes)
	# Check interval is hourly

	MAILDIR_GC_TIME=7200

	# Additional SAN for the certificate
	#
	# You can use wildcard records to create specific names for every domain you add to mailcow.
	# Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
	#ADDITIONAL_SAN=imap.,smtp.
	# This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "smtp.example.net"
	# plus every domain you add in the future.
	#
	# You can also just add static names...
	#ADDITIONAL_SAN=srv1.example.net
	# ...or combine wildcard and static names:
	#ADDITIONAL_SAN=imap.*,srv1.example.com
	#

	ADDITIONAL_SAN=

	# Obtain certificates for autodiscover.* and autoconfig.* domains.
	# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.
	# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs
	# between services. So acme-mailcow obtains for maildomains and all web-things get handled
	# in the reverse proxy.
	AUTODISCOVER_SAN=y

	# Additional server names for mailcow UI
	#
	# Specify alternative addresses for the mailcow UI to respond to
	# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.
	# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.
	# You can understand this as server_name directive in Nginx.
	# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f

	ADDITIONAL_SERVER_NAMES=

	# Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n

	SKIP_LETS_ENCRYPT=n

	# Create seperate certificates for all domains - y/n
	# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
	# see https://doc.dovecot.org/admin_manual/ssl/sni_support
	ENABLE_SSL_SNI=n

	# Skip IPv4 check in ACME container - y/n

	SKIP_IP_CHECK=n

	# Skip HTTP verification in ACME container - y/n

	SKIP_HTTP_VERIFICATION=n

	# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n

	SKIP_UNBOUND_HEALTHCHECK=n

	# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n

	SKIP_CLAMD=${SKIP_CLAMD}

	# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n

	SKIP_SOGO=n

	# Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.
	# Dovecot inside mailcow use Flatcurve as FTS Backend.

	SKIP_FTS=n

	# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.
	# Flatcurve (Xapian backend) is used as the FTS Indexer. It is supposed to be efficient in CPU and RAM consumption.
	# However: Please always monitor your Resource consumption!

	FTS_HEAP=128

	# Controls how many processes the Dovecot indexing process can spawn at max.
	# Too many indexing processes can use a lot of CPU and Disk I/O.
	# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations

	FTS_PROCS=1

	# Allow admins to log into SOGo as email user (without any password)

	ALLOW_ADMIN_EMAIL_LOGIN=n

	# Enable watchdog (watchdog-mailcow) to restart unhealthy containers

	USE_WATCHDOG=y

	# Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
	# CAUTION:
	# 1. You should use external recipients
	# 2. Mails are sent unsigned (no DKIM)
	# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
	# Multiple rcpts allowed, NO quotation marks, NO spaces

	#WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
	#WATCHDOG_NOTIFY_EMAIL=

	# Send notifications to a webhook URL that receives a POST request with the content type "application/json".
	# You can use this to send notifications to services like Discord, Slack and others.
	#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	# JSON body included in the webhook POST request. Needs to be in single quotes.
	# Following variables are available: SUBJECT, BODY
	#WATCHDOG_NOTIFY_WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "${SUBJECT}\n${BODY}"}'

	# Notify about banned IP (includes whois lookup)
	WATCHDOG_NOTIFY_BAN=n

	# Send a notification when the watchdog is started.
	WATCHDOG_NOTIFY_START=y

	# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.
	#WATCHDOG_SUBJECT=

	# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
	# https://www.servercow.de/mailcow?lang=en
	# https://www.servercow.de/mailcow?lang=de
	# No data is collected. Opt-in and anonymous.
	# Will only work with unmodified mailcow setups.
	WATCHDOG_EXTERNAL_CHECKS=n

	# Enable watchdog verbose logging
	WATCHDOG_VERBOSE=n

	# Max log lines per service to keep in Redis logs

	LOG_LINES=9999

	# Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
	# Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses

	IPV4_NETWORK=172.22.1

	# Internal IPv6 subnet in fc00::/7
	# Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses

	IPV6_NETWORK=fd4d:6169:6c63:6f77::/64

	# Use this IPv4 for outgoing connections (SNAT)

	#SNAT_TO_SOURCE=

	# Use this IPv6 for outgoing connections (SNAT)

	#SNAT6_TO_SOURCE=

	# Create or override an API key for the web UI
	# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
	# An API key defined as API_KEY has read-write access
	# An API key defined as API_KEY_READ_ONLY has read-only access
	# Allowed chars for API_KEY and API_KEY_READ_ONLY: a-z, A-Z, 0-9, -
	# You can define API_KEY and/or API_KEY_READ_ONLY

	#API_KEY=
	#API_KEY_READ_ONLY=
	#API_ALLOW_FROM=172.22.1.1,127.0.0.1

	# mail_home is ~/Maildir
	MAILDIR_SUB=Maildir

	# SOGo session timeout in minutes
	SOGO_EXPIRE_SESSION=480

	# DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars.
	# Empty by default to auto-generate master user and password on start.
	# User expands to DOVECOT_MASTER_USER@mailcow.local
	# LEAVE EMPTY IF UNSURE
	DOVECOT_MASTER_USER=
	# LEAVE EMPTY IF UNSURE
	DOVECOT_MASTER_PASS=

	# Let's Encrypt registration contact information
	# Optional: Leave empty for none
	# This value is only used on first order!
	# Setting it at a later point will require the following steps:
	# https://docs.mailcow.email/troubleshooting/debug-reset_tls/
	ACME_CONTACT=

	# WebAuthn device manufacturer verification
	# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
	# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
	WEBAUTHN_ONLY_TRUSTED_VENDORS=n

	# Spamhaus Data Query Service Key
	# Optional: Leave empty for none
	# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.
	# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.
	# Otherwise it will work normally.
	SPAMHAUS_DQS_KEY=

	# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n
	# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost
	DISABLE_NETFILTER_ISOLATION_RULE=n
	EOF

	mkdir -p data/assets/ssl

	chmod 600 mailcow.conf

	# copy but don't overwrite existing certificate
	echo "Generating snake-oil certificate..."
	# Making Willich more popular
	openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
	echo "Copying snake-oil certificate..."
	cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/

	# Set app_info.inc.php
	case ${git_branch} in
	master)
	mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
	;;
	nightly)
	mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
	mailcow_last_git_version=""
	;;
	*)
	mailcow_git_version=$(git rev-parse --short HEAD)
	mailcow_last_git_version=""
	;;
	esac
	# if [ ${git_branch} == "master" ]; then
	# mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
	# elif [ ${git_branch} == "nightly" ]; then
	# mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
	# mailcow_last_git_version=""
	# else
	# mailcow_git_version=$(git rev-parse --short HEAD)
	# mailcow_last_git_version=""
	# fi

	if [[ $SKIP_BRANCH != "y" ]]; then
	mailcow_git_commit=$(git rev-parse origin/${git_branch})
	mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} )
	else
	mailcow_git_commit=$(git rev-parse ${git_branch})
	mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} )
	git_branch=$(git rev-parse --abbrev-ref HEAD)
	fi

	if [ $? -eq 0 ]; then
	echo '<?php' > data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_LAST_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_OWNER="mailcow";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_REPO="mailcow-dockerized";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_URL="https://github.com/mailcow/mailcow-dockerized";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_COMMIT="'$mailcow_git_commit'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_COMMIT_DATE="'$mailcow_git_commit_date'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_BRANCH="'$git_branch'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php
	echo '?>' >> data/web/inc/app_info.inc.php
	else
	echo '<?php' > data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_LAST_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_OWNER="mailcow";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_REPO="mailcow-dockerized";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_URL="https://github.com/mailcow/mailcow-dockerized";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_COMMIT="";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_COMMIT_DATE="";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_BRANCH="'$git_branch'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php
	echo '?>' >> data/web/inc/app_info.inc.php
	echo -e "\e[33mCannot determine current git repository version...\e[0m"
	fi

	detect_bad_asn
	diff --git a/update.sh b/update.sh
	index 4240dad3..c11179c5 100755
	--- a/update.sh
	+++ b/update.sh
	@@ -1,1543 +1,1550 @@
	#!/usr/bin/env bash

	############## Begin Function Section ##############

	check_online_status() {
	CHECK_ONLINE_DOMAINS=('https://github.com' 'https://hub.docker.com')
	for domain in "${CHECK_ONLINE_DOMAINS[@]}"; do
	if timeout 6 curl --head --silent --output /dev/null ${domain}; then
	return 0
	fi
	done
	return 1
	}

	prefetch_images() {
	[[ -z ${BRANCH} ]] && { echo -e "\e[33m\nUnknown branch...\e[0m"; exit 1; }
	git fetch origin #${BRANCH}
	while read image; do
	if [[ "${image}" == "robbertkl/ipv6nat" ]]; then
	if ! grep -qi "ipv6nat-mailcow" docker-compose.yml \|\| grep -qi "enable_ipv6: false" docker-compose.yml; then
	continue
	fi
	fi
	RET_C=0
	until docker pull "${image}"; do
	RET_C=$((RET_C + 1))
	echo -e "\e[33m\nError pulling $image, retrying...\e[0m"
	[ ${RET_C} -gt 3 ] && { echo -e "\e[31m\nToo many failed retries, exiting\e[0m"; exit 1; }
	sleep 1
	done
	done < <(git show "origin/${BRANCH}:docker-compose.yml" \| grep "image:" \| awk '{ gsub("image:","", $3); print $2 }')
	}

	docker_garbage() {
	SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
	IMGS_TO_DELETE=()

	declare -A IMAGES_INFO
	COMPOSE_IMAGES=($(grep -oP "image: \Kmailcow.+" "${SCRIPT_DIR}/docker-compose.yml"))

	for existing_image in $(docker images --format "{{.ID}}:{{.Repository}}:{{.Tag}}" \| grep 'mailcow/'); do
	ID=$(echo "$existing_image" \| cut -d ':' -f 1)
	REPOSITORY=$(echo "$existing_image" \| cut -d ':' -f 2)
	TAG=$(echo "$existing_image" \| cut -d ':' -f 3)

	if [[ " ${COMPOSE_IMAGES[@]} " =~ " ${REPOSITORY}:${TAG} " ]]; then
	continue
	else
	IMGS_TO_DELETE+=("$ID")
	IMAGES_INFO["$ID"]="$REPOSITORY:$TAG"
	fi
	done

	if [[ ! -z ${IMGS_TO_DELETE[*]} ]]; then
	echo "The following unused mailcow images were found:"
	for id in "${IMGS_TO_DELETE[@]}"; do
	echo " ${IMAGES_INFO[$id]} ($id)"
	done

	if [ ! $FORCE ]; then
	read -r -p "Do you want to delete them to free up some space? [y/N] " response
	if [[ "$response" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	docker rmi ${IMGS_TO_DELETE[*]}
	else
	echo "OK, skipped."
	fi
	else
	echo "Running in forced mode! Force removing old mailcow images..."
	docker rmi ${IMGS_TO_DELETE[*]}
	fi
	echo -e "\e[32mFurther cleanup...\e[0m"
	echo "If you want to cleanup further garbage collected by Docker, please make sure all containers are up and running before cleaning your system by executing \"docker system prune\""
	fi
	}

	in_array() {
	local e match="$1"
	shift
	for e; do [[ "$e" == "$match" ]] && return 0; done
	return 1
	}

	migrate_docker_nat() {
	NAT_CONFIG='{"ipv6":true,"fixed-cidr-v6":"fd00:dead:beef:c0::/80","experimental":true,"ip6tables":true}'
	# Min Docker version
	DOCKERV_REQ=20.10.2
	# Current Docker version
	DOCKERV_CUR=$(docker version -f '{{.Server.Version}}')
	if grep -qi "ipv6nat-mailcow" docker-compose.yml && grep -qi "enable_ipv6: true" docker-compose.yml; then
	echo -e "\e[32mNative IPv6 implementation available.\e[0m"
	echo "This will enable experimental features in the Docker daemon and configure Docker to do the IPv6 NATing instead of ipv6nat-mailcow."
	echo '!!! This step is recommended !!!'
	echo "mailcow will try to roll back the changes if starting Docker fails after modifying the daemon.json configuration file."
	read -r -p "Should we try to enable the native IPv6 implementation in Docker now (recommended)? [y/N] " dockernatresponse
	if [[ ! "${dockernatresponse}" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	echo "OK, skipping this step."
	return 0
	fi
	fi
	# Sort versions and check if we are running a newer or equal version to req
	if [ $(printf "${DOCKERV_REQ}\n${DOCKERV_CUR}" \| sort -V \| tail -n1) == "${DOCKERV_CUR}" ]; then
	# If Dockerd daemon json exists
	if [ -s /etc/docker/daemon.json ]; then
	IFS=',' read -r -a dockerconfig <<< $(cat /etc/docker/daemon.json \| tr -cd '[:alnum:],')
	if ! in_array ipv6true "${dockerconfig[@]}" \|\| \
	! in_array experimentaltrue "${dockerconfig[@]}" \|\| \
	! in_array ip6tablestrue "${dockerconfig[@]}" \|\| \
	! grep -qi "fixed-cidr-v6" /etc/docker/daemon.json; then
	echo -e "\e[33mWarning:\e[0m You seem to have modified the /etc/docker/daemon.json configuration by yourself and not fully/correctly activated the native IPv6 NAT implementation."
	echo "You will need to merge your existing configuration manually or fix/delete the existing daemon.json configuration before trying the update process again."
	echo -e "Please merge the following content and restart the Docker daemon:\n"
	echo "${NAT_CONFIG}"
	return 1
	fi
	else
	echo "Working on IPv6 NAT, please wait..."
	echo "${NAT_CONFIG}" > /etc/docker/daemon.json
	ip6tables -F -t nat
	[[ -e /etc/rc.conf ]] && rc-service docker restart \|\| systemctl restart docker.service
	if [[ $? -ne 0 ]]; then
	echo -e "\e[31mError:\e[0m Failed to activate IPv6 NAT! Reverting and exiting."
	rm /etc/docker/daemon.json
	if [[ -e /etc/rc.conf ]]; then
	rc-service docker restart
	else
	systemctl reset-failed docker.service
	systemctl restart docker.service
	fi
	return 1
	fi
	fi
	# Removing legacy container
	sed -i '/ipv6nat-mailcow:$/,/^$/d' docker-compose.yml
	if [ -s docker-compose.override.yml ]; then
	sed -i '/ipv6nat-mailcow:$/,/^$/d' docker-compose.override.yml
	if [[ "$(cat docker-compose.override.yml \| sed '/^\s*$/d' \| wc -l)" == "2" ]]; then
	mv docker-compose.override.yml docker-compose.override.yml_backup
	fi
	fi
	echo -e "\e[32mGreat! \e[0mNative IPv6 NAT is active.\e[0m"
	else
	echo -e "\e[31mPlease upgrade Docker to version ${DOCKERV_REQ} or above.\e[0m"
	return 0
	fi
	}

	remove_obsolete_nginx_ports() {
	# Removing obsolete docker-compose.override.yml
	for override in docker-compose.override.yml docker-compose.override.yaml; do
	if [ -s $override ] ; then
	if cat $override \| grep nginx-mailcow > /dev/null 2>&1; then
	if cat $override \| grep -E '(\[::])' > /dev/null 2>&1; then
	if cat $override \| grep -w 80:80 > /dev/null 2>&1 && cat $override \| grep -w 443:443 > /dev/null 2>&1 ; then
	echo -e "\e[33mBacking up ${override} to preserve custom changes...\e[0m"
	echo -e "\e[33m!!! Manual Merge needed (if other overrides are set) !!!\e[0m"
	sleep 3
	cp $override ${override}_backup
	sed -i '/nginx-mailcow:$/,/^$/d' $override
	echo -e "\e[33mRemoved obsolete NGINX IPv6 Bind from original override File.\e[0m"
	if [[ "$(cat $override \| sed '/^\s*$/d' \| wc -l)" == "2" ]]; then
	mv $override ${override}_empty
	echo -e "\e[31m${override} is empty. Renamed it to ensure mailcow is startable.\e[0m"
	fi
	fi
	fi
	fi
	fi
	done
	}

	detect_docker_compose_command(){
	if ! [[ "${DOCKER_COMPOSE_VERSION}" =~ ^(native\|standalone)$ ]]; then
	if docker compose > /dev/null 2>&1; then
	if docker compose version --short \| grep -e "^2." -e "^v2." > /dev/null 2>&1; then
	DOCKER_COMPOSE_VERSION=native
	COMPOSE_COMMAND="docker compose"
	echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
	echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
	sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
	sleep 2
	echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
	else
	echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
	echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
	exit 1
	fi
	elif docker-compose > /dev/null 2>&1; then
	if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
	if docker-compose version --short \| grep "^2." > /dev/null 2>&1; then
	DOCKER_COMPOSE_VERSION=standalone
	COMPOSE_COMMAND="docker-compose"
	echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
	echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
	sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
	sleep 2
	echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
	else
	echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
	echo -e "\e[31mPlease update/install regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
	exit 1
	fi
	fi

	else
	echo -e "\e[31mCannot find Docker Compose.\e[0m"
	echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
	exit 1
	fi

	elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then
	COMPOSE_COMMAND="docker compose"
	# Check if Native Compose works and has not been deleted
	if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
	# IF it not exists/work anymore try the other command
	COMPOSE_COMMAND="docker-compose"
	if ! $COMPOSE_COMMAND > /dev/null 2>&1 \|\| ! $COMPOSE_COMMAND --version \| grep "^2." > /dev/null 2>&1; then
	# IF it cannot find Standalone in > 2.X, then script stops
	echo -e "\e[31mCannot find Docker Compose or the Version is lower then 2.X.X.\e[0m"
	echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
	exit 1
	fi
	# If it finds the standalone Plugin it will use this instead and change the mailcow.conf Variable accordingly
	echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
	echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from native to standalone\e[0m"
	sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
	sleep 2
	fi


	elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
	COMPOSE_COMMAND="docker-compose"
	# Check if Standalone Compose works and has not been deleted
	if ! $COMPOSE_COMMAND > /dev/null 2>&1 && ! $COMPOSE_COMMAND --version > /dev/null 2>&1 \| grep "^2." > /dev/null 2>&1; then
	# IF it not exists/work anymore try the other command
	COMPOSE_COMMAND="docker compose"
	if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
	# IF it cannot find Native in > 2.X, then script stops
	echo -e "\e[31mCannot find Docker Compose.\e[0m"
	echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
	exit 1
	fi
	# If it finds the native Plugin it will use this instead and change the mailcow.conf Variable accordingly
	echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
	echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from standalone to native\e[0m"
	sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
	sleep 2
	fi
	fi
	}

	detect_bad_asn() {
	echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
	response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
	if [ "$response" -eq 503 ]; then
	if [ -z "$SPAMHAUS_DQS_KEY" ]; then
	echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
	echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
	sleep 2
	echo ""
	echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
	echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
	echo ""
	sleep 2

	else
	echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
	echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
	fi
	elif [ "$response" -eq 200 ]; then
	echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
	elif [ "$response" -eq 429 ]; then
	echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
	else
	echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
	fi
	}

	fix_broken_dnslist_conf() {

	# Fixing issue: #6143. To be removed in a later patch

	local file="${SCRIPT_DIR}/data/conf/postfix/dns_blocklists.cf"
	# Check if the file exists
	if [[ ! -f "$file" ]]; then
	return 1
	fi

	# Check if the file contains the autogenerated comment
	if grep -q "# Autogenerated by mailcow" "$file"; then
	# Ask the user if custom changes were made
	echo -e "\e[91mWARNING!!! \e[31mAn old version of dns_blocklists.cf has been detected which may cause a broken postfix upon startup (see: https://github.com/mailcow/mailcow-dockerized/issues/6143)...\e[0m"
	echo -e "\e[31mIf you have any custom settings in there you might copy it away and adapt the changes after the file is regenerated...\e[0m"
	read -p "Do you want to delete the file now and let mailcow regenerate it properly? [y/n]" response
	if [[ "${response}" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	rm "$file"
	echo -e "\e[32mdns_blocklists.cf has been deleted and will be properly regenerated"
	return 0
	else
	echo -e "\e[35mOk, not deleting it! Please make sure you take a look at postfix upon start then..."
	return 2
	fi
	fi

	}

	adapt_new_options() {

	CONFIG_ARRAY=(
	"SKIP_LETS_ENCRYPT"
	"SKIP_SOGO"
	"USE_WATCHDOG"
	"WATCHDOG_NOTIFY_EMAIL"
	"WATCHDOG_NOTIFY_WEBHOOK"
	"WATCHDOG_NOTIFY_WEBHOOK_BODY"
	"WATCHDOG_NOTIFY_BAN"
	"WATCHDOG_NOTIFY_START"
	"WATCHDOG_EXTERNAL_CHECKS"
	"WATCHDOG_SUBJECT"
	"SKIP_CLAMD"
	"SKIP_IP_CHECK"
	"ADDITIONAL_SAN"
	"DOVEADM_PORT"
	"IPV4_NETWORK"
	"IPV6_NETWORK"
	"LOG_LINES"
	"SNAT_TO_SOURCE"
	"SNAT6_TO_SOURCE"
	"COMPOSE_PROJECT_NAME"
	"DOCKER_COMPOSE_VERSION"
	"SQL_PORT"
	"API_KEY"
	"API_KEY_READ_ONLY"
	"API_ALLOW_FROM"
	"MAILDIR_GC_TIME"
	"MAILDIR_SUB"
	"ACL_ANYONE"
	"FTS_HEAP"
	"FTS_PROCS"
	"SKIP_FTS"
	"ENABLE_SSL_SNI"
	"ALLOW_ADMIN_EMAIL_LOGIN"
	"SKIP_HTTP_VERIFICATION"
	"SOGO_EXPIRE_SESSION"
	"REDIS_PORT"
	"DOVECOT_MASTER_USER"
	"DOVECOT_MASTER_PASS"
	"MAILCOW_PASS_SCHEME"
	"ADDITIONAL_SERVER_NAMES"
	"ACME_CONTACT"
	"WATCHDOG_VERBOSE"
	"WEBAUTHN_ONLY_TRUSTED_VENDORS"
	"SPAMHAUS_DQS_KEY"
	"SKIP_UNBOUND_HEALTHCHECK"
	"DISABLE_NETFILTER_ISOLATION_RULE"
	+ "HTTP_REDIRECT"
	)

	sed -i --follow-symlinks '$a\' mailcow.conf
	for option in ${CONFIG_ARRAY[@]}; do
	if [[ ${option} == "ADDITIONAL_SAN" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "${option}=" >> mailcow.conf
	fi
	elif [[ ${option} == "COMPOSE_PROJECT_NAME" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "COMPOSE_PROJECT_NAME=mailcowdockerized" >> mailcow.conf
	fi
	elif [[ ${option} == "DOCKER_COMPOSE_VERSION" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "# Used Docker Compose version" >> mailcow.conf
	echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
	echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf
	echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf
	echo "# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail." >> mailcow.conf
	echo "" >> mailcow.conf
	echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
	fi
	elif [[ ${option} == "DOVEADM_PORT" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
	fi
	elif [[ ${option} == "WATCHDOG_NOTIFY_EMAIL" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "WATCHDOG_NOTIFY_EMAIL=" >> mailcow.conf
	fi
	elif [[ ${option} == "LOG_LINES" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
	echo "LOG_LINES=9999" >> mailcow.conf
	fi
	elif [[ ${option} == "IPV4_NETWORK" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
	echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
	fi
	elif [[ ${option} == "IPV6_NETWORK" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
	echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
	fi
	elif [[ ${option} == "SQL_PORT" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
	echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
	fi
	elif [[ ${option} == "API_KEY" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Create or override API key for web UI' >> mailcow.conf
	echo "#API_KEY=" >> mailcow.conf
	fi
	elif [[ ${option} == "API_KEY_READ_ONLY" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Create or override read-only API key for web UI' >> mailcow.conf
	echo "#API_KEY_READ_ONLY=" >> mailcow.conf
	fi
	elif [[ ${option} == "API_ALLOW_FROM" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Must be set for API_KEY to be active' >> mailcow.conf
	echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
	echo "#API_ALLOW_FROM=" >> mailcow.conf
	fi
	elif [[ ${option} == "SNAT_TO_SOURCE" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
	echo "#SNAT_TO_SOURCE=" >> mailcow.conf
	fi
	elif [[ ${option} == "SNAT6_TO_SOURCE" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
	echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
	fi
	elif [[ ${option} == "MAILDIR_GC_TIME" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Garbage collector cleanup' >> mailcow.conf
	echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
	echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
	echo '# Check interval is hourly' >> mailcow.conf
	echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
	fi
	elif [[ ${option} == "ACL_ANYONE" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
	echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
	echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.' >> mailcow.conf
	echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
	echo 'ACL_ANYONE=disallow' >> mailcow.conf
	fi
	elif [[ ${option} == "FTS_HEAP" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.' >> mailcow.conf
	echo '# Flatcurve is used as FTS Engine. It is supposed to be pretty efficient in CPU and RAM consumption.' >> mailcow.conf
	echo '# Please always monitor your Resource consumption!' >> mailcow.conf
	echo "FTS_HEAP=128" >> mailcow.conf
	fi
	elif [[ ${option} == "SKIP_FTS" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.' >> mailcow.conf
	echo "# Dovecot inside mailcow use Flatcurve as FTS Backend." >> mailcow.conf
	echo "SKIP_FTS=y" >> mailcow.conf
	fi
	elif [[ ${option} == "FTS_PROCS" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Controls how many processes the Dovecot indexing process can spawn at max.' >> mailcow.conf
	echo '# Too many indexing processes can use a lot of CPU and Disk I/O' >> mailcow.conf
	echo '# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations' >> mailcow.conf
	echo "FTS_PROCS=1" >> mailcow.conf
	fi
	elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
	echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
	echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
	echo "ENABLE_SSL_SNI=n" >> mailcow.conf
	fi
	elif [[ ${option} == "SKIP_SOGO" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
	echo "SKIP_SOGO=n" >> mailcow.conf
	fi
	elif [[ ${option} == "MAILDIR_SUB" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
	echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
	echo "MAILDIR_SUB=" >> mailcow.conf
	fi
	elif [[ ${option} == "WATCHDOG_NOTIFY_WEBHOOK" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
	echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
	echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
	fi
	elif [[ ${option} == "WATCHDOG_NOTIFY_WEBHOOK_BODY" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
	echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
	WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "${SUBJECT}\n${BODY}"}'
	echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
	fi
	elif [[ ${option} == "WATCHDOG_NOTIFY_BAN" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
	echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
	fi
	elif [[ ${option} == "WATCHDOG_NOTIFY_START" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Send a notification when the watchdog is started.' >> mailcow.conf
	echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
	fi
	elif [[ ${option} == "WATCHDOG_SUBJECT" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
	echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
	fi
	elif [[ ${option} == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
	echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
	echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
	echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
	fi
	elif [[ ${option} == "SOGO_EXPIRE_SESSION" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# SOGo session timeout in minutes' >> mailcow.conf
	echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
	fi
	elif [[ ${option} == "REDIS_PORT" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
	fi
	elif [[ ${option} == "DOVECOT_MASTER_USER" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
	echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
	echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
	echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
	echo "DOVECOT_MASTER_USER=" >> mailcow.conf
	fi
	elif [[ ${option} == "DOVECOT_MASTER_PASS" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
	echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
	fi
	elif [[ ${option} == "MAILCOW_PASS_SCHEME" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Password hash algorithm' >> mailcow.conf
	echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
	echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
	echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
	fi
	elif [[ ${option} == "ADDITIONAL_SERVER_NAMES" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Additional server names for mailcow UI' >> mailcow.conf
	echo '#' >> mailcow.conf
	echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
	echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
	echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
	echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
	echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
	echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
	fi
	elif [[ ${option} == "ACME_CONTACT" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Lets Encrypt registration contact information' >> mailcow.conf
	echo '# Optional: Leave empty for none' >> mailcow.conf
	echo '# This value is only used on first order!' >> mailcow.conf
	echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
	echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
	echo 'ACME_CONTACT=' >> mailcow.conf
	fi
	elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "# WebAuthn device manufacturer verification" >> mailcow.conf
	echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
	echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
	echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
	fi
	elif [[ ${option} == "SPAMHAUS_DQS_KEY" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "# Spamhaus Data Query Service Key" >> mailcow.conf
	echo '# Optional: Leave empty for none' >> mailcow.conf
	echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
	echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
	echo '# Otherwise it will work as usual.' >> mailcow.conf
	echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
	fi
	elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Enable watchdog verbose logging' >> mailcow.conf
	echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
	fi
	elif [[ ${option} == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
	echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
	fi
	elif [[ ${option} == "DISABLE_NETFILTER_ISOLATION_RULE" ]]; then
	if ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
	echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
	echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
	- fi
	+ fi
	+ elif [[ ${option} == "HTTP_REDIRECT" ]]; then
	+ if ! grep -q ${option} mailcow.conf; then
	+ echo "Adding new option \"${option}\" to mailcow.conf"
	+ echo '# Redirect HTTP connections to HTTPS - y/n' >> mailcow.conf
	+ echo 'HTTP_REDIRECT=n' >> mailcow.conf
	+ fi
	elif ! grep -q ${option} mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "${option}=n" >> mailcow.conf
	fi
	done
	}

	migrate_solr_config_options() {

	sed -i --follow-symlinks '$a\' mailcow.conf

	if grep -q "SOLR_HEAP" mailcow.conf; then
	echo "Removing SOLR_HEAP in mailcow.conf"
	sed -i '/# Solr heap size in MB\b/d' mailcow.conf
	sed -i '/# Solr is a prone to run\b/d' mailcow.conf
	sed -i '/SOLR_HEAP\b/d' mailcow.conf
	fi

	if grep -q "SKIP_SOLR" mailcow.conf; then
	echo "Removing SKIP_SOLR in mailcow.conf"
	sed -i '/\bSkip Solr on low-memory\b/d' mailcow.conf
	sed -i '/\bSolr is disabled by default\b/d' mailcow.conf
	sed -i '/\bDisable Solr or\b/d' mailcow.conf
	sed -i '/\bSKIP_SOLR\b/d' mailcow.conf
	fi

	if grep -q "SOLR_PORT" mailcow.conf; then
	echo "Removing SOLR_PORT in mailcow.conf"
	sed -i '/\bSOLR_PORT\b/d' mailcow.conf
	fi

	if grep -q "FLATCURVE_EXPERIMENTAL" mailcow.conf; then
	echo "Removing FLATCURVE_EXPERIMENTAL in mailcow.conf"
	sed -i '/\bFLATCURVE_EXPERIMENTAL\b/d' mailcow.conf
	fi

	solr_volume=$(docker volume ls -qf name=^${COMPOSE_PROJECT_NAME}_solr-vol-1)
	if [[ -n $solr_volume ]]; then
	echo -e "\e[34mSolr has been replaced within mailcow since 2025-01.\nThe volume $solr_volume is unused.\e[0m"
	sleep 1
	if [ ! "$FORCE" ]; then
	read -r -p "Remove $solr_volume? [y/N] " response
	if [[ "$response" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	echo -e "\e[33mRemoving $solr_volume...\e[0m"
	docker volume rm $solr_volume \|\| echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
	echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
	else
	echo -e "Not removing $solr_volume. Run \`docker volume rm $solr_volume\` manually if needed."
	fi
	else
	echo -e "\e[33mForce removing $solr_volume...\e[0m"
	docker volume rm $solr_volume \|\| echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
	echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
	fi
	fi

	# Delete old fts.conf before forced switch to flatcurve to ensure update is working properly
	FTS_CONF_PATH="${SCRIPT_DIR}/data/conf/dovecot/conf.d/fts.conf"
	if [[ -f "$FTS_CONF_PATH" ]]; then
	if grep -q "Autogenerated by mailcow" "$FTS_CONF_PATH"; then
	rm -rf $FTS_CONF_PATH
	fi
	fi
	}

	############## End Function Section ##############

	# Check permissions
	if [ "$(id -u)" -ne "0" ]; then
	echo "You need to be root"
	exit 1
	fi

	SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

	# Run pre-update-hook
	if [ -f "${SCRIPT_DIR}/pre_update_hook.sh" ]; then
	bash "${SCRIPT_DIR}/pre_update_hook.sh"
	fi

	if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
	echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
	echo "Please update to 5.x or use another distribution."
	exit 1
	fi

	if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
	if grep -q Ubuntu <<< "$(uname -a)"; then
	echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!"
	echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
	exit 1
	fi
	echo "mailcow on a 4.4.x kernel is not supported. It may or may not work, please upgrade your kernel or continue at your own risk."
	read -p "Press any key to continue..." < /dev/tty
	fi

	# Exit on error and pipefail
	set -o pipefail

	# Setting high dc timeout
	export COMPOSE_HTTP_TIMEOUT=600

	# Add /opt/bin to PATH
	PATH=$PATH:/opt/bin

	umask 0022

	# Unset COMPOSE_COMMAND and DOCKER_COMPOSE_VERSION Variable to be on the newest state.
	unset COMPOSE_COMMAND
	unset DOCKER_COMPOSE_VERSION

	for bin in curl docker git awk sha1sum grep cut; do
	if [[ -z $(command -v ${bin}) ]]; then
	echo "Cannot find ${bin}, exiting..."
	exit 1;
	fi
	done

	# Check Docker Version (need at least 24.X)
	docker_version=$(docker -v \| grep -oP '\d+\.\d+\.\d+' \| cut -d '.' -f 1 \| head -1)

	if [[ $docker_version -lt 24 ]]; then
	echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"
	echo -e "\e[33mmailcow needs a newer Docker version to work properly... continuing on your own risk!\e[0m"
	echo -e "\e[31mPlease update your Docker installation... sleeping 10s\e[0m"
	sleep 10
	fi

	export LC_ALL=C
	DATE=$(date +%Y-%m-%d_%H_%M_%S)
	BRANCH="$(cd "${SCRIPT_DIR}"; git rev-parse --abbrev-ref HEAD)"

	while (($#)); do
	case "${1}" in
	--check\|-c)
	echo "Checking remote code for updates..."
	LATEST_REV=$(git ls-remote --exit-code --refs --quiet https://github.com/mailcow/mailcow-dockerized "${BRANCH}" \| cut -f1)
	if [ "$?" -ne 0 ]; then
	echo "A problem occurred while trying to fetch the latest revision from github."
	exit 99
	fi
	if [[ -z $(git log HEAD --pretty=format:"%H" \| grep "${LATEST_REV}") ]]; then
	echo -e "Updated code is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master"
	git log --date=short --pretty=format:"%ad - %s" "$(git rev-parse --short HEAD)"..origin/master
	exit 0
	else
	echo "No updates available."
	exit 3
	fi
	;;
	--check-tags)
	echo "Checking remote tags for updates..."
	LATEST_TAG_REV=$(git ls-remote --exit-code --quiet --tags origin \| tail -1 \| cut -f1)
	if [ "$?" -ne 0 ]; then
	echo "A problem occurred while trying to fetch the latest tag from github."
	exit 99
	fi
	if [[ -z $(git log HEAD --pretty=format:"%H" \| grep "${LATEST_TAG_REV}") ]]; then
	echo -e "New tag is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/releases/latest"
	exit 0
	else
	echo "No updates available."
	exit 3
	fi
	;;
	--ours)
	MERGE_STRATEGY=ours
	;;
	--skip-start)
	SKIP_START=y
	;;
	--skip-ping-check)
	SKIP_PING_CHECK=y
	;;
	--stable)
	CURRENT_BRANCH="$(cd "${SCRIPT_DIR}"; git rev-parse --abbrev-ref HEAD)"
	NEW_BRANCH="master"
	;;
	--gc)
	echo -e "\e[32mCollecting garbage...\e[0m"
	docker_garbage
	exit 0
	;;
	--nightly)
	CURRENT_BRANCH="$(cd "${SCRIPT_DIR}"; git rev-parse --abbrev-ref HEAD)"
	NEW_BRANCH="nightly"
	;;
	--prefetch)
	echo -e "\e[32mPrefetching images...\e[0m"
	prefetch_images
	exit 0
	;;
	-f\|--force)
	echo -e "\e[32mRunning in forced mode...\e[0m"
	FORCE=y
	;;
	-d\|--dev)
	echo -e "\e[32mRunning in Developer mode...\e[0m"
	DEV=y
	;;
	--help\|-h)
	echo './update.sh [-c\|--check, --check-tags, --ours, --gc, --nightly, --prefetch, --skip-start, --skip-ping-check, --stable, -f\|--force, -d\|--dev, -h\|--help]

	-c\|--check - Check for updates and exit (exit codes => 0: update available, 3: no updates)
	--check-tags - Check for newer tags and exit (exit codes => 0: newer tag available, 3: no newer tag)
	--ours - Use merge strategy option "ours" to solve conflicts in favor of non-mailcow code (local changes over remote changes), not recommended!
	--gc - Run garbage collector to delete old image tags
	--nightly - Switch your mailcow updates to the unstable (nightly) branch. FOR TESTING PURPOSES ONLY!!!!
	--prefetch - Only prefetch new images and exit (useful to prepare updates)
	--skip-start - Do not start mailcow after update
	--skip-ping-check - Skip ICMP Check to public DNS resolvers (Use it only if you'\''ve blocked any ICMP Connections to your mailcow machine)
	--stable - Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly.
	-f\|--force - Force update, do not ask questions
	-d\|--dev - Enables Developer Mode (No Checkout of update.sh for tests)
	'
	exit 0
	esac
	shift
	done

	[[ ! -f mailcow.conf ]] && { echo -e "\e[31mmailcow.conf is missing! Is mailcow installed?\e[0m"; exit 1;}

	chmod 600 mailcow.conf
	source mailcow.conf

	detect_docker_compose_command

	fix_broken_dnslist_conf

	DOTS=${MAILCOW_HOSTNAME//[^.]};
	if [ ${#DOTS} -lt 1 ]; then
	echo -e "\e[31mMAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is not a FQDN!\e[0m"
	sleep 1
	echo "Please change it to a FQDN and redeploy the stack with $COMPOSE_COMMAND up -d"
	exit 1
	elif [[ "${MAILCOW_HOSTNAME: -1}" == "." ]]; then
	echo "MAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is ending with a dot. This is not a valid FQDN!"
	exit 1
	elif [ ${#DOTS} -eq 1 ]; then
	echo -e "\e[33mMAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) does not contain a Subdomain. This is not fully tested and may cause issues.\e[0m"
	echo "Find more information about why this message exists here: https://github.com/mailcow/mailcow-dockerized/issues/1572"
	read -r -p "Do you want to proceed anyway? [y/N] " response
	if [[ "$response" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	echo "OK. Proceeding."
	else
	echo "OK. Exiting."
	exit 1
	fi
	fi

	if grep --help 2>&1 \| head -n 1 \| grep -q -i "busybox"; then echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi
	# This will also cover sort
	if cp --help 2>&1 \| head -n 1 \| grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
	if sed --help 2>&1 \| head -n 1 \| grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi

	CONFIG_ARRAY=(
	"SKIP_LETS_ENCRYPT"
	"SKIP_SOGO"
	"USE_WATCHDOG"
	"WATCHDOG_NOTIFY_EMAIL"
	"WATCHDOG_NOTIFY_WEBHOOK"
	"WATCHDOG_NOTIFY_WEBHOOK_BODY"
	"WATCHDOG_NOTIFY_BAN"
	"WATCHDOG_NOTIFY_START"
	"WATCHDOG_EXTERNAL_CHECKS"
	"WATCHDOG_SUBJECT"
	"SKIP_CLAMD"
	"SKIP_IP_CHECK"
	"ADDITIONAL_SAN"
	"AUTODISCOVER_SAN"
	"DOVEADM_PORT"
	"IPV4_NETWORK"
	"IPV6_NETWORK"
	"LOG_LINES"
	"SNAT_TO_SOURCE"
	"SNAT6_TO_SOURCE"
	"COMPOSE_PROJECT_NAME"
	"DOCKER_COMPOSE_VERSION"
	"SQL_PORT"
	"API_KEY"
	"API_KEY_READ_ONLY"
	"API_ALLOW_FROM"
	"MAILDIR_GC_TIME"
	"MAILDIR_SUB"
	"ACL_ANYONE"
	"ENABLE_SSL_SNI"
	"ALLOW_ADMIN_EMAIL_LOGIN"
	"SKIP_HTTP_VERIFICATION"
	"SOGO_EXPIRE_SESSION"
	"REDIS_PORT"
	"DOVECOT_MASTER_USER"
	"DOVECOT_MASTER_PASS"
	"MAILCOW_PASS_SCHEME"
	"ADDITIONAL_SERVER_NAMES"
	"ACME_CONTACT"
	"WATCHDOG_VERBOSE"
	"WEBAUTHN_ONLY_TRUSTED_VENDORS"
	"SPAMHAUS_DQS_KEY"
	"SKIP_UNBOUND_HEALTHCHECK"
	"DISABLE_NETFILTER_ISOLATION_RULE"
	"REDISPASS"
	)

	detect_bad_asn

	sed -i --follow-symlinks '$a\' mailcow.conf
	for option in "${CONFIG_ARRAY[@]}"; do
	if [[ ${option} == "ADDITIONAL_SAN" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "${option}=" >> mailcow.conf
	fi
	elif [[ "${option}" == "COMPOSE_PROJECT_NAME" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "COMPOSE_PROJECT_NAME=mailcowdockerized" >> mailcow.conf
	fi
	elif [[ "${option}" == "DOCKER_COMPOSE_VERSION" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "# Used Docker Compose version" >> mailcow.conf
	echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
	echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf
	echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf
	echo "# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail." >> mailcow.conf
	echo "" >> mailcow.conf
	echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
	fi
	elif [[ "${option}" == "DOVEADM_PORT" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
	fi
	elif [[ "${option}" == "WATCHDOG_NOTIFY_EMAIL" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "WATCHDOG_NOTIFY_EMAIL=" >> mailcow.conf
	fi
	elif [[ "${option}" == "LOG_LINES" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
	echo "LOG_LINES=9999" >> mailcow.conf
	fi
	elif [[ "${option}" == "IPV4_NETWORK" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
	echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
	fi
	elif [[ "${option}" == "IPV6_NETWORK" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
	echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
	fi
	elif [[ "${option}" == "SQL_PORT" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
	echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
	fi
	elif [[ "${option}" == "API_KEY" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Create or override API key for web UI' >> mailcow.conf
	echo "#API_KEY=" >> mailcow.conf
	fi
	elif [[ "${option}" == "API_KEY_READ_ONLY" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Create or override read-only API key for web UI' >> mailcow.conf
	echo "#API_KEY_READ_ONLY=" >> mailcow.conf
	fi
	elif [[ "${option}" == "API_ALLOW_FROM" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Must be set for API_KEY to be active' >> mailcow.conf
	echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
	echo "#API_ALLOW_FROM=" >> mailcow.conf
	fi
	elif [[ "${option}" == "SNAT_TO_SOURCE" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
	echo "#SNAT_TO_SOURCE=" >> mailcow.conf
	fi
	elif [[ "${option}" == "SNAT6_TO_SOURCE" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
	echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
	fi
	elif [[ "${option}" == "MAILDIR_GC_TIME" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Garbage collector cleanup' >> mailcow.conf
	echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
	echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
	echo '# Check interval is hourly' >> mailcow.conf
	echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
	fi
	elif [[ "${option}" == "ACL_ANYONE" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
	echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
	echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.' >> mailcow.conf
	echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
	echo 'ACL_ANYONE=disallow' >> mailcow.conf
	fi
	elif [[ "${option}" == "ENABLE_SSL_SNI" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
	echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
	echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
	echo "ENABLE_SSL_SNI=n" >> mailcow.conf
	fi
	elif [[ "${option}" == "SKIP_SOGO" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
	echo "SKIP_SOGO=n" >> mailcow.conf
	fi
	elif [[ "${option}" == "MAILDIR_SUB" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
	echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
	echo "MAILDIR_SUB=" >> mailcow.conf
	fi
	elif [[ "${option}" == "WATCHDOG_NOTIFY_WEBHOOK" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
	echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
	echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
	fi
	elif [[ "${option}" == "WATCHDOG_NOTIFY_WEBHOOK_BODY" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
	echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
	WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "${SUBJECT}\n${BODY}"}'
	echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
	fi
	elif [[ "${option}" == "WATCHDOG_NOTIFY_BAN" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
	echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
	fi
	elif [[ "${option}" == "WATCHDOG_NOTIFY_START" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Send a notification when the watchdog is started.' >> mailcow.conf
	echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
	fi
	elif [[ "${option}" == "WATCHDOG_SUBJECT" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
	echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
	fi
	elif [[ "${option}" == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
	echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
	echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
	echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
	fi
	elif [[ "${option}" == "SOGO_EXPIRE_SESSION" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# SOGo session timeout in minutes' >> mailcow.conf
	echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
	fi
	elif [[ "${option}" == "REDIS_PORT" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
	fi
	elif [[ "${option}" == "DOVECOT_MASTER_USER" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
	echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
	echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
	echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
	echo "DOVECOT_MASTER_USER=" >> mailcow.conf
	fi
	elif [[ "${option}" == "DOVECOT_MASTER_PASS" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
	echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
	fi
	elif [[ "${option}" == "MAILCOW_PASS_SCHEME" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Password hash algorithm' >> mailcow.conf
	echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
	echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
	echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
	fi
	elif [[ "${option}" == "ADDITIONAL_SERVER_NAMES" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Additional server names for mailcow UI' >> mailcow.conf
	echo '#' >> mailcow.conf
	echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
	echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
	echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
	echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
	echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
	echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
	fi

	elif [[ "${option}" == "AUTODISCOVER_SAN" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Obtain certificates for autodiscover.* and autoconfig.* domains.' >> mailcow.conf
	echo '# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.' >> mailcow.conf
	echo '# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs' >> mailcow.conf
	echo '# between services. So acme-mailcow obtains for maildomains and all web-things get handled' >> mailcow.conf
	echo '# in the reverse proxy.' >> mailcow.conf
	echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
	fi

	elif [[ "${option}" == "ACME_CONTACT" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Lets Encrypt registration contact information' >> mailcow.conf
	echo '# Optional: Leave empty for none' >> mailcow.conf
	echo '# This value is only used on first order!' >> mailcow.conf
	echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
	echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
	echo 'ACME_CONTACT=' >> mailcow.conf
	fi
	elif [[ "${option}" == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "# WebAuthn device manufacturer verification" >> mailcow.conf
	echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
	echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
	echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
	fi
	elif [[ "${option}" == "SPAMHAUS_DQS_KEY" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "# Spamhaus Data Query Service Key" >> mailcow.conf
	echo '# Optional: Leave empty for none' >> mailcow.conf
	echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
	echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
	echo '# Otherwise it will work as usual.' >> mailcow.conf
	echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
	fi
	elif [[ "${option}" == "WATCHDOG_VERBOSE" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Enable watchdog verbose logging' >> mailcow.conf
	echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
	fi
	elif [[ "${option}" == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
	echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
	fi
	elif [[ "${option}" == "DISABLE_NETFILTER_ISOLATION_RULE" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
	echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
	echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
	fi
	elif [[ "${option}" == "REDISPASS" ]]; then
	if ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo -e '\n# ------------------------------' >> mailcow.conf
	echo '# REDIS configuration' >> mailcow.conf
	echo -e '# ------------------------------\n' >> mailcow.conf
	echo "REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null \| head -c 28)" >> mailcow.conf
	fi
	elif ! grep -q "${option}" mailcow.conf; then
	echo "Adding new option \"${option}\" to mailcow.conf"
	echo "${option}=n" >> mailcow.conf
	fi
	done

	if [[ ("${SKIP_PING_CHECK}" == "y") ]]; then
	echo -e "\e[32mSkipping Ping Check...\e[0m"

	else
	echo -en "Checking internet connection... "
	if ! check_online_status; then
	echo -e "\e[31mfailed\e[0m"
	exit 1
	else
	echo -e "\e[32mOK\e[0m"
	fi
	fi

	if ! [ "$NEW_BRANCH" ]; then
	echo -e "\e[33mDetecting which build your mailcow runs on...\e[0m"
	sleep 1
	if [ "${BRANCH}" == "master" ]; then
	echo -e "\e[32mYou are receiving stable updates (master).\e[0m"
	echo -e "\e[33mTo change that run the update.sh Script one time with the --nightly parameter to switch to nightly builds.\e[0m"

	elif [ "${BRANCH}" == "nightly" ]; then
	echo -e "\e[31mYou are receiving unstable updates (nightly). These are for testing purposes only!!!\e[0m"
	sleep 1
	echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"

	else
	echo -e "\e[33mYou are receiving updates from an unsupported branch.\e[0m"
	sleep 1
	echo -e "\e[33mThe mailcow stack might still work but it is recommended to switch to the master branch (stable builds).\e[0m"
	echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"
	fi
	elif [ "$FORCE" ]; then
	echo -e "\e[31mYou are running in forced mode!\e[0m"
	echo -e "\e[31mA Branch Switch can only be performed manually (monitored).\e[0m"
	echo -e "\e[31mPlease rerun the update.sh Script without the --force/-f parameter.\e[0m"
	sleep 1
	elif [ "$NEW_BRANCH" == "master" ] && [ "$CURRENT_BRANCH" != "master" ]; then
	echo -e "\e[33mYou are about to switch your mailcow updates to the stable (master) branch.\e[0m"
	sleep 1
	echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no data is lost...\e[0m"
	sleep 1
	echo -e "\e[31mWARNING: Please see on GitHub or ask in the community if a switch to master is stable or not.
	In some rear cases an update back to master can destroy your mailcow configuration such as database upgrade, etc.
	Normally an upgrade back to master should be safe during each full release.
	Check GitHub for Database changes and update only if there similar to the full release!\e[0m"
	read -r -p "Are you sure you that want to continue upgrading to the stable (master) branch? [y/N] " response
	if [[ ! "${response}" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	echo "OK. If you prepared yourself for that please run the update.sh Script with the --stable parameter again to trigger this process here."
	exit 0
	fi
	BRANCH="$NEW_BRANCH"
	DIFF_DIRECTORY=update_diffs
	DIFF_FILE="${DIFF_DIRECTORY}/diff_before_upgrade_to_master_$(date +"%Y-%m-%d-%H-%M-%S")"
	mv diff_before_upgrade* "${DIFF_DIRECTORY}/" 2> /dev/null
	if ! git diff-index --quiet HEAD; then
	echo -e "\e[32mSaving diff to ${DIFF_FILE}...\e[0m"
	mkdir -p "${DIFF_DIRECTORY}"
	git diff "${BRANCH}" --stat > "${DIFF_FILE}"
	git diff "${BRANCH}" >> "${DIFF_FILE}"
	fi
	echo -e "\e[32mSwitching Branch to ${BRANCH}...\e[0m"
	git fetch origin
	git checkout -f "${BRANCH}"

	elif [ "$NEW_BRANCH" == "nightly" ] && [ "$CURRENT_BRANCH" != "nightly" ]; then
	echo -e "\e[33mYou are about to switch your mailcow Updates to the unstable (nightly) branch.\e[0m"
	sleep 1
	echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no Data is lost...\e[0m"
	sleep 1
	echo -e "\e[31mWARNING: A switch to nightly is possible any time. But a switch back (to master) isn't.\e[0m"
	read -r -p "Are you sure you that want to continue upgrading to the unstable (nightly) branch? [y/N] " response
	if [[ ! "${response}" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	echo "OK. If you prepared yourself for that please run the update.sh Script with the --nightly parameter again to trigger this process here."
	exit 0
	fi
	BRANCH=$NEW_BRANCH
	DIFF_DIRECTORY=update_diffs
	DIFF_FILE=${DIFF_DIRECTORY}/diff_before_upgrade_to_nightly_$(date +"%Y-%m-%d-%H-%M-%S")
	mv diff_before_upgrade* ${DIFF_DIRECTORY}/ 2> /dev/null
	if ! git diff-index --quiet HEAD; then
	echo -e "\e[32mSaving diff to ${DIFF_FILE}...\e[0m"
	mkdir -p ${DIFF_DIRECTORY}
	git diff "${BRANCH}" --stat > "${DIFF_FILE}"
	git diff "${BRANCH}" >> "${DIFF_FILE}"
	fi
	git fetch origin
	git checkout -f "${BRANCH}"
	fi

	if [ ! "$DEV" ]; then
	echo -e "\e[32mChecking for newer update script...\e[0m"
	SHA1_1="$(sha1sum update.sh)"
	git fetch origin #${BRANCH}
	git checkout "origin/${BRANCH}" update.sh
	SHA1_2=$(sha1sum update.sh)
	if [[ "${SHA1_1}" != "${SHA1_2}" ]]; then
	echo "update.sh changed, please run this script again, exiting."
	chmod +x update.sh
	exit 2
	fi
	fi

	if [ ! "$FORCE" ]; then
	read -r -p "Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N] " response
	if [[ ! "${response}" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	echo "OK, exiting."
	exit 0
	fi
	migrate_docker_nat
	fi

	remove_obsolete_nginx_ports

	echo -e "\e[32mValidating docker-compose stack configuration...\e[0m"
	sed -i 's/HTTPS_BIND:-:/HTTPS_BIND:-/g' docker-compose.yml
	sed -i 's/HTTP_BIND:-:/HTTP_BIND:-/g' docker-compose.yml
	if ! $COMPOSE_COMMAND config -q; then
	echo -e "\e[31m\nOh no, something went wrong. Please check the error message above.\e[0m"
	exit 1
	fi

	echo -e "\e[32mChecking for conflicting bridges...\e[0m"
	MAILCOW_BRIDGE=$($COMPOSE_COMMAND config \| grep -i com.docker.network.bridge.name \| cut -d':' -f2)
	while read NAT_ID; do
	iptables -t nat -D POSTROUTING "$NAT_ID"
	done < <(iptables -L -vn -t nat --line-numbers \| grep "$IPV4_NETWORK" \| grep -E 'MASQUERADE.*all' \| grep -v "${MAILCOW_BRIDGE}" \| cut -d' ' -f1)

	DIFF_DIRECTORY=update_diffs
	DIFF_FILE=${DIFF_DIRECTORY}/diff_before_update_$(date +"%Y-%m-%d-%H-%M-%S")
	mv diff_before_update* ${DIFF_DIRECTORY}/ 2> /dev/null
	if ! git diff-index --quiet HEAD; then
	echo -e "\e[32mSaving diff to ${DIFF_FILE}...\e[0m"
	mkdir -p ${DIFF_DIRECTORY}
	git diff --stat > "${DIFF_FILE}"
	git diff >> "${DIFF_FILE}"
	fi

	echo -e "\e[32mPrefetching images...\e[0m"
	prefetch_images

	echo -e "\e[32mStopping mailcow...\e[0m"
	sleep 2
	MAILCOW_CONTAINERS=($($COMPOSE_COMMAND ps -q))
	$COMPOSE_COMMAND down
	echo -e "\e[32mChecking for remaining containers...\e[0m"
	sleep 2
	for container in "${MAILCOW_CONTAINERS[@]}"; do
	docker rm -f "$container" 2> /dev/null
	done

	[[ -f data/conf/nginx/ZZZ-ejabberd.conf ]] && rm data/conf/nginx/ZZZ-ejabberd.conf
	migrate_solr_config_options
	adapt_new_options

	# Silently fixing remote url from andryyy to mailcow
	# git remote set-url origin https://github.com/mailcow/mailcow-dockerized

	DEFAULT_REPO="https://github.com/mailcow/mailcow-dockerized"
	CURRENT_REPO=$(git config --get remote.origin.url)
	if [ "$CURRENT_REPO" != "$DEFAULT_REPO" ]; then
	echo "The Repository currently used is not the default Mailcow Repository."
	echo "Currently Repository: $CURRENT_REPO"
	echo "Default Repository: $DEFAULT_REPO"
	if [ ! "$FORCE" ]; then
	read -r -p "Should it be changed back to default? [y/N] " repo_response
	if [[ "$repo_response" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	git remote set-url origin $DEFAULT_REPO
	fi
	else
	echo "Running in forced mode... setting Repo to default!"
	git remote set-url origin $DEFAULT_REPO
	fi
	fi

	if [ ! "$DEV" ]; then
	echo -e "\e[32mCommitting current status...\e[0m"
	[[ -z "$(git config user.name)" ]] && git config user.name moo
	[[ -z "$(git config user.email)" ]] && git config user.email moo@cow.moo
	[[ ! -z $(git ls-files data/conf/rspamd/override.d/worker-controller-password.inc) ]] && git rm data/conf/rspamd/override.d/worker-controller-password.inc
	git add -u
	git commit -am "Before update on ${DATE}" > /dev/null
	echo -e "\e[32mFetching updated code from remote...\e[0m"
	git fetch origin #${BRANCH}
	echo -e "\e[32mMerging local with remote code (recursive, strategy: \"${MERGE_STRATEGY:-theirs}\", options: \"patience\"...\e[0m"
	git config merge.defaultToUpstream true
	git merge -X"${MERGE_STRATEGY:-theirs}" -Xpatience -m "After update on ${DATE}"
	# Need to use a variable to not pass return codes of if checks
	MERGE_RETURN=$?
	if [[ ${MERGE_RETURN} == 128 ]]; then
	echo -e "\e[31m\nOh no, what happened?\n=> You most likely added files to your local mailcow instance that were now added to the official mailcow repository. Please move them to another location before updating mailcow.\e[0m"
	exit 1
	elif [[ ${MERGE_RETURN} == 1 ]]; then
	echo -e "\e[93mPotential conflict, trying to fix...\e[0m"
	git status --porcelain \| grep -E "UD\|DU" \| awk '{print $2}' \| xargs rm -v
	git add -A
	git commit -m "After update on ${DATE}" > /dev/null
	git checkout .
	echo -e "\e[32mRemoved and recreated files if necessary.\e[0m"
	elif [[ ${MERGE_RETURN} != 0 ]]; then
	echo -e "\e[31m\nOh no, something went wrong. Please check the error message above.\e[0m"
	echo
	echo "Run $COMPOSE_COMMAND up -d to restart your stack without updates or try again after fixing the mentioned errors."
	exit 1
	fi
	elif [ "$DEV" ]; then
	echo -e "\e[33mDEVELOPER MODE: Not creating a git diff and commiting it to prevent development stuff within a backup diff...\e[0m"
	fi

	echo -e "\e[32mFetching new images, if any...\e[0m"
	sleep 2
	$COMPOSE_COMMAND pull

	# Fix missing SSL, does not overwrite existing files
	[[ ! -d data/assets/ssl ]] && mkdir -p data/assets/ssl
	cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/

	echo -e "Checking IPv6 settings... "
	if grep -q 'SYSCTL_IPV6_DISABLED=1' mailcow.conf; then
	echo
	echo '!! IMPORTANT !!'
	echo
	echo 'SYSCTL_IPV6_DISABLED was removed due to complications. IPv6 can be disabled by editing "docker-compose.yml" and setting "enable_ipv6: true" to "enable_ipv6: false".'
	echo "This setting will only be active after a complete shutdown of mailcow by running $COMPOSE_COMMAND down followed by $COMPOSE_COMMAND up -d."
	echo
	echo '!! IMPORTANT !!'
	echo
	read -p "Press any key to continue..." < /dev/tty
	fi

	# Checking for old project name bug
	sed -i --follow-symlinks 's#COMPOSEPROJECT_NAME#COMPOSE_PROJECT_NAME#g' mailcow.conf

	# Fix Rspamd maps
	if [ -f data/conf/rspamd/custom/global_from_blacklist.map ]; then
	mv data/conf/rspamd/custom/global_from_blacklist.map data/conf/rspamd/custom/global_smtp_from_blacklist.map
	fi
	if [ -f data/conf/rspamd/custom/global_from_whitelist.map ]; then
	mv data/conf/rspamd/custom/global_from_whitelist.map data/conf/rspamd/custom/global_smtp_from_whitelist.map
	fi

	# Fix deprecated metrics.conf
	if [ -f "data/conf/rspamd/local.d/metrics.conf" ]; then
	if [ ! -z "$(git diff --name-only origin/master data/conf/rspamd/local.d/metrics.conf)" ]; then
	echo -e "\e[33mWARNING\e[0m - Please migrate your customizations of data/conf/rspamd/local.d/metrics.conf to actions.conf and groups.conf after this update."
	echo "The deprecated configuration file metrics.conf will be moved to metrics.conf_deprecated after updating mailcow."
	fi
	mv data/conf/rspamd/local.d/metrics.conf data/conf/rspamd/local.d/metrics.conf_deprecated
	fi

	# Set app_info.inc.php
	if [ ${BRANCH} == "master" ]; then
	mailcow_git_version=$(git describe --tags $(git rev-list --tags --max-count=1))
	elif [ ${BRANCH} == "nightly" ]; then
	mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
	mailcow_last_git_version=""
	else
	mailcow_git_version=$(git rev-parse --short HEAD)
	mailcow_last_git_version=""
	fi

	mailcow_git_commit=$(git rev-parse "origin/${BRANCH}")
	mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} )

	if [ $? -eq 0 ]; then
	echo '<?php' > data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_LAST_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_OWNER="mailcow";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_REPO="mailcow-dockerized";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_URL="https://github.com/mailcow/mailcow-dockerized";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_COMMIT="'$mailcow_git_commit'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_COMMIT_DATE="'$mailcow_git_commit_date'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_BRANCH="'$BRANCH'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php
	echo '?>' >> data/web/inc/app_info.inc.php
	else
	echo '<?php' > data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_LAST_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_OWNER="mailcow";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_REPO="mailcow-dockerized";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_URL="https://github.com/mailcow/mailcow-dockerized";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_COMMIT="";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_GIT_COMMIT_DATE="";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_BRANCH="'$BRANCH'";' >> data/web/inc/app_info.inc.php
	echo ' $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php
	echo '?>' >> data/web/inc/app_info.inc.php
	echo -e "\e[33mCannot determine current git repository version...\e[0m"
	fi

	if [[ ${SKIP_START} == "y" ]]; then
	echo -e "\e[33mNot starting mailcow, please run \"$COMPOSE_COMMAND up -d --remove-orphans\" to start mailcow.\e[0m"
	else
	echo -e "\e[32mStarting mailcow...\e[0m"
	sleep 2
	$COMPOSE_COMMAND up -d --remove-orphans
	fi

	echo -e "\e[32mCollecting garbage...\e[0m"
	docker_garbage

	# Run post-update-hook
	if [ -f "${SCRIPT_DIR}/post_update_hook.sh" ]; then
	bash "${SCRIPT_DIR}/post_update_hook.sh"
	fi

	# echo "In case you encounter any problem, hard-reset to a state before updating mailcow:"
	# echo
	# git reflog --color=always \| grep "Before update on "
	# echo
	# echo "Use \"git reset --hard hash-on-the-left\" and run $COMPOSE_COMMAND up -d afterwards."

File Metadata

Mime Type: text/x-diff
Expires: 9月 9 Tue, 5:47 AM (7 h, 34 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 5375
默认替代文本: (131 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions