From 14a30ee102ee05228341c2442f37c8f8e77fb89e Mon Sep 17 00:00:00 2001
From: Ionut Filip <ionut.philip@gmail.com>
Date: Thu, 17 Jan 2019 16:24:52 +0200
Subject: [PATCH 01/21] Added IPv6 as optional

---
 setup/flavors/compose/docker-compose.yml     |  8 ++++++-
 setup/flavors/compose/mailu.env              |  3 +++
 setup/server.py                              | 15 ++++++++++++-
 setup/static/render.js                       | 13 ++++++++++++
 setup/templates/steps/compose/03_expose.html | 22 +++++++++++++-------
 5 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml
index 67408bee..a1d985e4 100644
--- a/setup/flavors/compose/docker-compose.yml
+++ b/setup/flavors/compose/docker-compose.yml
@@ -3,7 +3,7 @@
 # Please read the documentation before attempting any change.
 # Generated for {{ flavor }} flavor
 
-version: '3.6'
+version: '2.2'
 
 services:
 
@@ -160,8 +160,14 @@ services:
 
 networks:
   default:
+    {% if ipv6_enabled %}
+    enable_ipv6: true
+    {% endif %}
     driver: bridge
     ipam:
       driver: default
       config:
         - subnet: {{ subnet }}
+        {% if ipv6_enabled %}
+        - subnet: {{ subnet6 }}
+        {% endif %}
diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env
index 7d160011..341b7634 100644
--- a/setup/flavors/compose/mailu.env
+++ b/setup/flavors/compose/mailu.env
@@ -27,6 +27,9 @@ SECRET_KEY={{ secret(16) }}
 
 # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
 SUBNET={{ subnet }}
+{% if ipv6_enabled %}
+SUBNET6={{ subnet6 }}
+{% endif %}
 
 # Main mail domain
 DOMAIN={{ domain }}
diff --git a/setup/server.py b/setup/server.py
index fea27ead..134989f4 100644
--- a/setup/server.py
+++ b/setup/server.py
@@ -9,6 +9,7 @@ import string
 import random
 import ipaddress
 import hashlib
+import time
 
 
 version = os.getenv("this_version")
@@ -33,6 +34,17 @@ def secret(length=16):
         for _ in range(length)
     )
 
+#Original copied from https://github.com/andrewlkho/ulagen
+def random_ipv6_subnet():
+    eui64 = uuid.getnode() >> 24 << 48 | 0xfffe000000 | uuid.getnode() & 0xffffff
+    eui64_canon = "-".join([format(eui64, "02X")[i:i+2] for i in range(0, 18, 2)])
+
+    h = hashlib.sha1()
+    h.update((eui64_canon + str(time.time() - time.mktime((1900, 1, 1, 0, 0, 0, 0, 1, -1)))).encode('utf-8'))
+    globalid = h.hexdigest()[0:10]
+
+    prefix = ":".join(("fd" + globalid[0:2], globalid[2:6], globalid[6:10]))
+    return prefix
 
 def build_app(path):
 
@@ -69,8 +81,9 @@ def build_app(path):
     @root_bp.route("/submit_flavor", methods=["POST"])
     def submit_flavor():
         data = flask.request.form.copy()
+        subnet6 = random_ipv6_subnet()
         steps = sorted(os.listdir(os.path.join(path, "templates", "steps", data["flavor"])))
-        return flask.render_template('wizard.html', flavor=data["flavor"], steps=steps)
+        return flask.render_template('wizard.html', flavor=data["flavor"], steps=steps, subnet6=subnet6)
 
     @prefix_bp.route("/submit", methods=["POST"])
     @root_bp.route("/submit", methods=["POST"])
diff --git a/setup/static/render.js b/setup/static/render.js
index 23afcbec..e501fffb 100644
--- a/setup/static/render.js
+++ b/setup/static/render.js
@@ -86,3 +86,16 @@ $(document).ready(function() {
 		}
 	});
 });
+
+$(document).ready(function() {
+	if ($('#enable_ipv6').prop('checked')) {
+		$("#ipv6").show();
+	}
+	$("#enable_ipv6").change(function() {
+		if ($(this).is(":checked")) {
+			$("#ipv6").show();
+		} else {
+			$("#ipv6").hide();
+		}
+	});
+});
diff --git a/setup/templates/steps/compose/03_expose.html b/setup/templates/steps/compose/03_expose.html
index 0c912778..5d7b29ad 100644
--- a/setup/templates/steps/compose/03_expose.html
+++ b/setup/templates/steps/compose/03_expose.html
@@ -17,13 +17,27 @@ avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</co
 <!--   Validates IPv4 address -->
   <input class="form-control" type="text" name="bind4" value="127.0.0.1" 
   		pattern="^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$">
+  <label>Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)</label>
+  <input class="form-control" type="text" name="subnet" required pattern="^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$"
+    value="192.168.203.0/24">
 </div>
 
-<div class="form-group">
+<div class="form-check form-check-inline">
+  <label class="form-check-label">
+    <input class="form-check-input" type="checkbox" name="ipv6_enabled" value="true" id="enable_ipv6">
+    Enable IPv6
+  </label>
+</div>
+
+<div class="form-group" id="ipv6" style="display: none">
+  <p><span class="label label-warning">Warning</span> You must use specific addresses, please
+	avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</code>.</p>
   <label>IPv6 listen address</label>
 <!--   Validates IPv6 address -->
   <input class="form-control" type="text" name="bind6" value="::1"
   		pattern="^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$">
+  <label>Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)</label>
+  <input class="form-control" type="text" name="subnet6" required value="{{ subnet6 }}:beef::/64">
 </div>
 
 <div class="form-check form-check-inline">
@@ -33,12 +47,6 @@ avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</co
   </label>
 </div>
 
-<div class="form-group">
-  <label>Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)</label>
-  <input class="form-control" type="text" name="subnet" required pattern="^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$"
-    value="192.168.203.0/24">
-</div>
-
 <p>You server will be available under a main hostname but may expose multiple public
 hostnames. Every e-mail domain that points to this server must have one of the
 hostnames in its <code>MX</code> record. Hostnames must be coma-separated.</p>

From 3ae1c75c551ba922de5df7503ed4d06867c934fc Mon Sep 17 00:00:00 2001
From: Ionut Filip <ionut.philip@gmail.com>
Date: Thu, 17 Jan 2019 16:24:52 +0200
Subject: [PATCH 02/21] Added IPv6 as optional

---
 setup/flavors/compose/docker-compose.yml     |  8 ++++++-
 setup/flavors/compose/mailu.env              |  3 +++
 setup/server.py                              | 15 ++++++++++++-
 setup/static/render.js                       | 13 ++++++++++++
 setup/templates/steps/compose/03_expose.html | 22 +++++++++++++-------
 5 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml
index 67408bee..a1d985e4 100644
--- a/setup/flavors/compose/docker-compose.yml
+++ b/setup/flavors/compose/docker-compose.yml
@@ -3,7 +3,7 @@
 # Please read the documentation before attempting any change.
 # Generated for {{ flavor }} flavor
 
-version: '3.6'
+version: '2.2'
 
 services:
 
@@ -160,8 +160,14 @@ services:
 
 networks:
   default:
+    {% if ipv6_enabled %}
+    enable_ipv6: true
+    {% endif %}
     driver: bridge
     ipam:
       driver: default
       config:
         - subnet: {{ subnet }}
+        {% if ipv6_enabled %}
+        - subnet: {{ subnet6 }}
+        {% endif %}
diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env
index 7d160011..341b7634 100644
--- a/setup/flavors/compose/mailu.env
+++ b/setup/flavors/compose/mailu.env
@@ -27,6 +27,9 @@ SECRET_KEY={{ secret(16) }}
 
 # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
 SUBNET={{ subnet }}
+{% if ipv6_enabled %}
+SUBNET6={{ subnet6 }}
+{% endif %}
 
 # Main mail domain
 DOMAIN={{ domain }}
diff --git a/setup/server.py b/setup/server.py
index 556d4b3a..4dfd49ae 100644
--- a/setup/server.py
+++ b/setup/server.py
@@ -9,6 +9,7 @@ import string
 import random
 import ipaddress
 import hashlib
+import time
 
 
 version = os.getenv("this_version", "master")
@@ -33,6 +34,17 @@ def secret(length=16):
         for _ in range(length)
     )
 
+#Original copied from https://github.com/andrewlkho/ulagen
+def random_ipv6_subnet():
+    eui64 = uuid.getnode() >> 24 << 48 | 0xfffe000000 | uuid.getnode() & 0xffffff
+    eui64_canon = "-".join([format(eui64, "02X")[i:i+2] for i in range(0, 18, 2)])
+
+    h = hashlib.sha1()
+    h.update((eui64_canon + str(time.time() - time.mktime((1900, 1, 1, 0, 0, 0, 0, 1, -1)))).encode('utf-8'))
+    globalid = h.hexdigest()[0:10]
+
+    prefix = ":".join(("fd" + globalid[0:2], globalid[2:6], globalid[6:10]))
+    return prefix
 
 def build_app(path):
 
@@ -69,8 +81,9 @@ def build_app(path):
     @root_bp.route("/submit_flavor", methods=["POST"])
     def submit_flavor():
         data = flask.request.form.copy()
+        subnet6 = random_ipv6_subnet()
         steps = sorted(os.listdir(os.path.join(path, "templates", "steps", data["flavor"])))
-        return flask.render_template('wizard.html', flavor=data["flavor"], steps=steps)
+        return flask.render_template('wizard.html', flavor=data["flavor"], steps=steps, subnet6=subnet6)
 
     @prefix_bp.route("/submit", methods=["POST"])
     @root_bp.route("/submit", methods=["POST"])
diff --git a/setup/static/render.js b/setup/static/render.js
index 23afcbec..e501fffb 100644
--- a/setup/static/render.js
+++ b/setup/static/render.js
@@ -86,3 +86,16 @@ $(document).ready(function() {
 		}
 	});
 });
+
+$(document).ready(function() {
+	if ($('#enable_ipv6').prop('checked')) {
+		$("#ipv6").show();
+	}
+	$("#enable_ipv6").change(function() {
+		if ($(this).is(":checked")) {
+			$("#ipv6").show();
+		} else {
+			$("#ipv6").hide();
+		}
+	});
+});
diff --git a/setup/templates/steps/compose/03_expose.html b/setup/templates/steps/compose/03_expose.html
index 837b7bba..d54985d4 100644
--- a/setup/templates/steps/compose/03_expose.html
+++ b/setup/templates/steps/compose/03_expose.html
@@ -18,13 +18,27 @@ avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</co
 <!--   Validates IPv4 address -->
   <input class="form-control" type="text" name="bind4" value="127.0.0.1" 
   		pattern="^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$">
+  <label>Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)</label>
+  <input class="form-control" type="text" name="subnet" required pattern="^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$"
+    value="192.168.203.0/24">
 </div>
 
-<div class="form-group">
+<div class="form-check form-check-inline">
+  <label class="form-check-label">
+    <input class="form-check-input" type="checkbox" name="ipv6_enabled" value="true" id="enable_ipv6">
+    Enable IPv6
+  </label>
+</div>
+
+<div class="form-group" id="ipv6" style="display: none">
+  <p><span class="label label-warning">Warning</span> You must use specific addresses, please
+	avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</code>.</p>
   <label>IPv6 listen address</label>
 <!--   Validates IPv6 address -->
   <input class="form-control" type="text" name="bind6" value="::1"
   		pattern="^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$">
+  <label>Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)</label>
+  <input class="form-control" type="text" name="subnet6" required value="{{ subnet6 }}:beef::/64">
 </div>
 
 <p>The unbound resolver enables Mailu to do DNSsec verification, DNS root lookups and caching. This also helps the antispam service not to get blocked by the public or ISP DNS servers.</p>
@@ -34,12 +48,6 @@ avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</co
     Enable unbound resolver
   </label>
 </div>
-<br><br>
-<div class="form-group">
-  <label>Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)</label>
-  <input class="form-control" type="text" name="subnet" required pattern="^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$"
-    value="192.168.203.0/24">
-</div>
 
 <p>You server will be available under a main hostname but may expose multiple public
 hostnames. Every e-mail domain that points to this server must have one of the

From 7a9685bcb93a8a2e5ebd1b8598952be9534a62d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <muhlemmer@gmail.com>
Date: Thu, 17 Jan 2019 16:32:47 +0200
Subject: [PATCH 03/21] Resolve admin during start to work around Docker DNS
 flaky-ness

---
 core/dovecot/start.py |  8 +++++---
 core/postfix/start.py | 14 ++++++++------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/core/dovecot/start.py b/core/dovecot/start.py
index 15e370de..bae92260 100755
--- a/core/dovecot/start.py
+++ b/core/dovecot/start.py
@@ -16,10 +16,11 @@ log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
 
 def start_podop():
     os.setuid(8)
+    url = "http://" + os.environ["ADMIN_ADDRESS"] + "/internal/dovecot/§"
     run_server(0, "dovecot", "/tmp/podop.socket", [
-		("quota", "url", "http://admin/internal/dovecot/§"),
-		("auth", "url", "http://admin/internal/dovecot/§"),
-		("sieve", "url", "http://admin/internal/dovecot/§"),
+		("quota", "url", url ),
+		("auth", "url", url),
+		("sieve", "url", url),
     ])
 
 def convert(src, dst):
@@ -42,6 +43,7 @@ def resolve(hostname):
 # Actual startup script
 os.environ["FRONT_ADDRESS"] = resolve(os.environ.get("FRONT_ADDRESS", "front"))
 os.environ["REDIS_ADDRESS"] = resolve(os.environ.get("REDIS_ADDRESS", "redis"))
+os.environ["ADMIN_ADDRESS"] = resolve(os.environ.get("ADMIN_ADDRESS", "admin"))
 if os.environ["WEBMAIL"] != "none":
     os.environ["WEBMAIL_ADDRESS"] = resolve(os.environ.get("WEBMAIL_ADDRESS", "webmail"))
 
diff --git a/core/postfix/start.py b/core/postfix/start.py
index a06b3833..e3b3eb40 100755
--- a/core/postfix/start.py
+++ b/core/postfix/start.py
@@ -17,14 +17,15 @@ log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
 
 def start_podop():
     os.setuid(100)
+    url = "http://" + os.environ["ADMIN_ADDRESS"] + "/internal/postfix/"
     # TODO: Remove verbosity setting from Podop?
     run_server(0, "postfix", "/tmp/podop.socket", [
-		("transport", "url", "http://admin/internal/postfix/transport/§"),
-		("alias", "url", "http://admin/internal/postfix/alias/§"),
-		("domain", "url", "http://admin/internal/postfix/domain/§"),
-        ("mailbox", "url", "http://admin/internal/postfix/mailbox/§"),
-        ("senderaccess", "url", "http://admin/internal/postfix/sender/access/§"),
-        ("senderlogin", "url", "http://admin/internal/postfix/sender/login/§")
+		("transport", "url", url + "transport/§"),
+		("alias", "url", url + "alias/§"),
+		("domain", "url", url + "domain/§"),
+        ("mailbox", "url", url + "mailbox/§"),
+        ("senderaccess", "url", url + "sender/access/§"),
+        ("senderlogin", "url", url + "sender/login/§")
     ])
 
 def convert(src, dst):
@@ -46,6 +47,7 @@ def resolve(hostname):
 
 # Actual startup script
 os.environ["FRONT_ADDRESS"] = resolve(os.environ.get("FRONT_ADDRESS", "front"))
+os.environ["ADMIN_ADDRESS"] = resolve(os.environ.get("ADMIN_ADDRESS", "admin"))
 os.environ["HOST_ANTISPAM"] = os.environ.get("HOST_ANTISPAM", "antispam:11332")
 os.environ["HOST_LMTP"] = os.environ.get("HOST_LMTP", "imap:2525")
 

From 34608727471a24946378a48856118c8567fee45b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <muhlemmer@gmail.com>
Date: Thu, 17 Jan 2019 17:56:00 +0200
Subject: [PATCH 04/21] Documentation on IPv6

---
 CHANGELOG.md                                 |  1 +
 docs/faq.rst                                 | 43 ++++++++++++++++++++
 setup/templates/steps/compose/03_expose.html |  3 +-
 3 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 23cbebb0..cf73a463 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -80,6 +80,7 @@ v1.6.0 - unreleased
 - Enhancement: Include favicon package ([#801](https://github.com/Mailu/Mailu/issues/801), ([#802](https://github.com/Mailu/Mailu/issues/802))
 - Enhancement: Add logging at critical places in python start.py scripts. Implement LOG_LEVEL to control verbosity ([#588](https://github.com/Mailu/Mailu/issues/588))
 - Enhancement: Mark message as seen when reporting as spam
+- Enhancement: Better support and document IPv6 ([#827](https://github.com/Mailu/Mailu/issues/827))
 - Upstream: Update Roundcube
 - Upstream: Update Rainloop
 - Bug: Rainloop fails with "domain not allowed" ([#93](https://github.com/Mailu/Mailu/issues/93))
diff --git a/docs/faq.rst b/docs/faq.rst
index 2669d9d1..45f5534b 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -134,6 +134,49 @@ You're mail service will be reachable for IMAP, POP3, SMTP and Webmail at the ad
 
 *Issue reference:* `742`_, `747`_.
 
+How to make IPv6 work?
+``````````````````````
+
+Docker currently does not expose the IPv6 ports properly, as it does not interface with ``ip6tables``.
+Lets start with quoting everything that's wrong:
+
+  Unfortunately, initially Docker was not created with IPv6 in mind.
+  It was added later and, while it has come a long way, is still not as usable as one would want.
+  Much discussion is still going on as to how IPv6 should be used in a containerized world;
+  See the various GitHub issues linked below:
+  
+  - Giving each container a publicly routable address means all ports (even unexposed / unpublished ports) are suddenly
+    reachable by everyone, if no additional filtering is done
+    (`docker/docker#21614 <https://github.com/docker/docker/issues/21614>`_)
+  - By default, each container gets a random IPv6, making it impossible to do properly do DNS;
+    the alternative is to assign a specific IPv6 address to each container,
+    still an administrative hassle (`docker/docker#13481 <https://github.com/docker/docker/issues/13481>`_)
+  - Published ports won't work on IPv6, unless you have the userland proxy enabled
+    (which, for now, is enabled by default in Docker)
+  - The userland proxy, however, seems to be on its way out
+    (`docker/docker#14856 <https://github.com/docker/docker/issues/14856>`_) and has various issues, like:
+  
+    - It can use a lot of RAM (`docker/docker#11185 <https://github.com/docker/docker/issues/11185>`_)
+    - Source IP addresses are rewritten, making it completely unusable for many purposes, e.g. mail servers 
+      (`docker/docker#17666 <https://github.com/docker/docker/issues/17666>`_),
+      (`docker/libnetwork#1099 <https://github.com/docker/libnetwork/issues/1099>`_).
+  
+  -- `Robbert Klarenbeek <https://github.com/robbertkl>`_ (docker-ipv6nat author)
+
+So, how to make it work? Well, by using `docker-ipv6nat`_! This nifty container will set up ``ip6tables``,
+just as Docker would do for IPv4. We know that nat-ing is not advised in IPv6,
+however exposing all containers to public network neither. The choice is ultimately yous.
+
+Mailu `setup utility`_ generates a safe IPv6 ULA subnet by default. So when you run the following command,
+Mailu will start to function on IPv6:
+
+.. code-block:: bash
+
+  docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock:ro --privileged --net=host robbertkl/ipv6nat
+
+.. _`docker-ipv6nat`: https://github.com/robbertkl/docker-ipv6nat
+.. _`setup utility`: https://setup.mailu.io
+
 How does Mailu scale up?
 ````````````````````````
 
diff --git a/setup/templates/steps/compose/03_expose.html b/setup/templates/steps/compose/03_expose.html
index d54985d4..c909fc9b 100644
--- a/setup/templates/steps/compose/03_expose.html
+++ b/setup/templates/steps/compose/03_expose.html
@@ -31,8 +31,7 @@ avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</co
 </div>
 
 <div class="form-group" id="ipv6" style="display: none">
-  <p><span class="label label-warning">Warning</span> You must use specific addresses, please
-	avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</code>.</p>
+  <p><span class="label label-danger">Read this:</span> Docker currently does not expose the IPv6 ports properly, as it does not interface with <code>ip6tables</code>. Be sure to read our <a href="https://mailu.io/{{ version }}/faq.html#how-to-make-ipv6-work">FAQ section</a>!</p>
   <label>IPv6 listen address</label>
 <!--   Validates IPv6 address -->
   <input class="form-control" type="text" name="bind6" value="::1"

From 7bb9082984bd485b14f853d19c4f5b1d46bbe912 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <muhlemmer@gmail.com>
Date: Fri, 18 Jan 2019 12:31:25 +0200
Subject: [PATCH 05/21] Remove docker-compose v3 from CHANGELOG

---
 CHANGELOG.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cf73a463..ad916685 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,7 +29,6 @@ v1.6.0 - unreleased
 - Feature: Automated Releases ([#487](https://github.com/Mailu/Mailu/issues/487))
 - Feature: Support for ARC ([#495](https://github.com/Mailu/Mailu/issues/495))
 - Feature: Add posibilty to run webmail on root ([#501](https://github.com/Mailu/Mailu/issues/501))
-- Feature: Upgrade docker-compose.yml to version 3 ([#539](https://github.com/Mailu/Mailu/issues/539))
 - Feature: Documentation to deploy mailu on a docker swarm ([#551](https://github.com/Mailu/Mailu/issues/551))
 - Feature: Add optional Maildir-Compression ([#553](https://github.com/Mailu/Mailu/issues/553))
 - Feature: Preserve rspamd history on container restart ([#561](https://github.com/Mailu/Mailu/issues/561))

From 9684ebf33f5220b804e76aa85186622ce2a266a8 Mon Sep 17 00:00:00 2001
From: Ionut Filip <ionut.philip@gmail.com>
Date: Thu, 24 Jan 2019 14:28:21 +0200
Subject: [PATCH 06/21] Use mailustart package from git

---
 core/dovecot/Dockerfile    |  5 +++--
 core/dovecot/start.py      | 22 +---------------------
 core/postfix/Dockerfile    |  5 +++--
 core/postfix/start.py      | 22 +---------------------
 services/rspamd/Dockerfile |  5 +++--
 services/rspamd/start.py   | 23 +----------------------
 6 files changed, 12 insertions(+), 70 deletions(-)

diff --git a/core/dovecot/Dockerfile b/core/dovecot/Dockerfile
index 83d23b52..b37fe4d7 100644
--- a/core/dovecot/Dockerfile
+++ b/core/dovecot/Dockerfile
@@ -1,10 +1,11 @@
 FROM alpine:3.8
 # python3 shared with most images
 RUN apk add --no-cache \
-    python3 py3-pip \
+    python3 py3-pip git \
   && pip3 install --upgrade pip
 # Shared layer between rspamd, postfix, dovecot, unbound and nginx
-RUN pip3 install jinja2
+RUN pip3 install jinja2 \
+  && pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
 # Shared layer between rspamd, postfix, dovecot
 RUN pip3 install tenacity
 # Image specific layers under this line
diff --git a/core/dovecot/start.py b/core/dovecot/start.py
index bae92260..53999bd6 100755
--- a/core/dovecot/start.py
+++ b/core/dovecot/start.py
@@ -1,15 +1,12 @@
 #!/usr/bin/python3
 
-import jinja2
 import os
-import socket
 import glob
 import multiprocessing
-import tenacity
 import logging as log
 import sys
+from mailustart import resolve, convert
 
-from tenacity import retry
 from podop import run_server
 
 log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
@@ -23,23 +20,6 @@ def start_podop():
 		("sieve", "url", url),
     ])
 
-def convert(src, dst):
-    logger = log.getLogger("convert()")
-    logger.debug("Source: %s, Destination: %s", src, dst)
-    open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
-
-@retry(
-    stop=tenacity.stop_after_attempt(100),
-    wait=tenacity.wait_random(min=2, max=5),
-    before=tenacity.before_log(log.getLogger("tenacity.retry"), log.DEBUG),
-    before_sleep=tenacity.before_sleep_log(log.getLogger("tenacity.retry"), log.INFO),
-    after=tenacity.after_log(log.getLogger("tenacity.retry"), log.DEBUG)
-    )
-def resolve(hostname):
-    logger = log.getLogger("resolve()")
-    logger.info(hostname)
-    return socket.gethostbyname(hostname)
-
 # Actual startup script
 os.environ["FRONT_ADDRESS"] = resolve(os.environ.get("FRONT_ADDRESS", "front"))
 os.environ["REDIS_ADDRESS"] = resolve(os.environ.get("REDIS_ADDRESS", "redis"))
diff --git a/core/postfix/Dockerfile b/core/postfix/Dockerfile
index ac9c8159..5a9bef40 100644
--- a/core/postfix/Dockerfile
+++ b/core/postfix/Dockerfile
@@ -1,10 +1,11 @@
 FROM alpine:3.8
 # python3 shared with most images
 RUN apk add --no-cache \
-    python3 py3-pip \
+    python3 py3-pip git \
   && pip3 install --upgrade pip
 # Shared layer between rspamd, postfix, dovecot, unbound and nginx
-RUN pip3 install jinja2
+RUN pip3 install jinja2 \
+  && pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
 # Shared layer between rspamd, postfix, dovecot
 RUN pip3 install tenacity
 # Image specific layers under this line
diff --git a/core/postfix/start.py b/core/postfix/start.py
index e3b3eb40..f113dddb 100755
--- a/core/postfix/start.py
+++ b/core/postfix/start.py
@@ -1,16 +1,13 @@
 #!/usr/bin/python3
 
-import jinja2
 import os
-import socket
 import glob
 import shutil
-import tenacity
 import multiprocessing
 import logging as log
 import sys
+from mailustart import resolve, convert
 
-from tenacity import retry
 from podop import run_server
 
 log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
@@ -28,23 +25,6 @@ def start_podop():
         ("senderlogin", "url", url + "sender/login/§")
     ])
 
-def convert(src, dst):
-    logger = log.getLogger("convert()")
-    logger.debug("Source: %s, Destination: %s", src, dst)
-    open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
-
-@retry(
-    stop=tenacity.stop_after_attempt(100),
-    wait=tenacity.wait_random(min=2, max=5),
-    before=tenacity.before_log(log.getLogger("tenacity.retry"), log.DEBUG),
-    before_sleep=tenacity.before_sleep_log(log.getLogger("tenacity.retry"), log.INFO),
-    after=tenacity.after_log(log.getLogger("tenacity.retry"), log.DEBUG)
-    )
-def resolve(hostname):
-    logger = log.getLogger("resolve()")
-    logger.info(hostname)
-    return socket.gethostbyname(hostname)
-
 # Actual startup script
 os.environ["FRONT_ADDRESS"] = resolve(os.environ.get("FRONT_ADDRESS", "front"))
 os.environ["ADMIN_ADDRESS"] = resolve(os.environ.get("ADMIN_ADDRESS", "admin"))
diff --git a/services/rspamd/Dockerfile b/services/rspamd/Dockerfile
index 6d0cb5d0..57196a4d 100644
--- a/services/rspamd/Dockerfile
+++ b/services/rspamd/Dockerfile
@@ -1,10 +1,11 @@
 FROM alpine:3.8
 # python3 shared with most images
 RUN apk add --no-cache \
-    python3 py3-pip \
+    python3 py3-pip git \
   && pip3 install --upgrade pip
 # Shared layer between rspamd, postfix, dovecot, unbound and nginx
-RUN pip3 install jinja2
+RUN pip3 install jinja2 \
+  && pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
 # Shared layer between rspamd, postfix, dovecot
 RUN pip3 install tenacity
 # Image specific layers under this line
diff --git a/services/rspamd/start.py b/services/rspamd/start.py
index 744d4a9c..3febed2b 100755
--- a/services/rspamd/start.py
+++ b/services/rspamd/start.py
@@ -1,34 +1,13 @@
 #!/usr/bin/python3
 
-import jinja2
 import os
-import socket
 import glob
-import tenacity
 import logging as log
 import sys
-
-from tenacity import retry
+from mailustart import resolve, convert
 
 log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
 
-def convert(src, dst):
-    logger = log.getLogger("convert()")
-    logger.debug("Source: %s, Destination: %s", src, dst)
-    open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
-
-@retry(
-    stop=tenacity.stop_after_attempt(100),
-    wait=tenacity.wait_random(min=2, max=5),
-    before=tenacity.before_log(log.getLogger("tenacity.retry"), log.DEBUG),
-    before_sleep=tenacity.before_sleep_log(log.getLogger("tenacity.retry"), log.INFO),
-    after=tenacity.after_log(log.getLogger("tenacity.retry"), log.DEBUG)
-    )
-def resolve(hostname):
-    logger = log.getLogger("resolve()")
-    logger.info(hostname)
-    return socket.gethostbyname(hostname)
-
 # Actual startup script
 os.environ["FRONT_ADDRESS"] = resolve(os.environ.get("FRONT_ADDRESS", "front"))
 

From 2c5f9771173a76219aea392ccead35a6635a741b Mon Sep 17 00:00:00 2001
From: Dario Ernst <github@kanojo.de>
Date: Sat, 19 Jan 2019 10:35:13 +0100
Subject: [PATCH 07/21] Make certdumper output fullchain-pems
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Before it only outputted a pem-file with the server-certificate —
however, it seems some clients want the fullchain delivered, as it’s
common with letsencrypt.

closes #847
---
 optional/traefik-certdumper/run.sh | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/optional/traefik-certdumper/run.sh b/optional/traefik-certdumper/run.sh
index 78d20a84..5d643670 100755
--- a/optional/traefik-certdumper/run.sh
+++ b/optional/traefik-certdumper/run.sh
@@ -4,20 +4,16 @@ function dump() {
     echo "$(date) Dumping certificates"
     bash dumpcerts.sh /traefik/acme.json /tmp/work/ || return
 
-    for crt_file in $(ls /tmp/work/certs/*); do
-        pem_file=$(echo $crt_file | sed 's/certs/pem/g' | sed 's/.crt/-public.pem/g')
-        echo "openssl x509 -inform PEM -in $crt_file > $pem_file"
-        openssl x509 -inform PEM -in $crt_file > $pem_file
-    done
+    # private-keys are rsa, we need pem though
     for key_file in $(ls /tmp/work/private/*); do
         pem_file=$(echo $key_file | sed 's/private/pem/g' | sed 's/.key/-private.pem/g')
-        echo "openssl rsa -in $key_file -text > $pem_file"
         openssl rsa -in $key_file -text > $pem_file
     done
 
     echo "$(date) Copying certificates"
     cp -v /tmp/work/pem/${DOMAIN}-private.pem /output/key.pem
-    cp -v /tmp/work/pem/${DOMAIN}-public.pem /output/cert.pem
+    # the .crt is a chained-pem, as common for letsencrypt
+    cp -v /tmp/work/certs/${DOMAIN}.crt /output/cert.pem
 }
 
 mkdir -p /tmp/work/pem /tmp/work/certs

From 3f4c65e6d1985291802a2e3c9b9e3f2334a4bb80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <muhlemmer@gmail.com>
Date: Thu, 24 Jan 2019 20:14:28 +0200
Subject: [PATCH 08/21] Make mergify shut-up when merged or closed

---
 .mergify.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.mergify.yml b/.mergify.yml
index ccf049d3..7c8b7b38 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -4,6 +4,8 @@ pull_request_rules:
     conditions:
       - -title~=(WIP|wip)
       - -label~=^(status/wip|status/blocked)$
+      - -closed
+      - -merged
     actions:
       comment:
         message: |

From fba246e9a1d1d96a385789ee4a25c24e8682e6ba Mon Sep 17 00:00:00 2001
From: hoellen <dev@hoellen.eu>
Date: Thu, 24 Jan 2019 21:32:22 +0100
Subject: [PATCH 09/21] add wildcard option to cli (alias)

---
 CHANGELOG.md               | 1 +
 core/admin/mailu/manage.py | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cbd22a47..469ef722 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ v1.6.1 - unreleased
 -------------------
 - Enhancement: Make Unbound drop privileges after binding to port
 - Enhancement: Create an Authentication Token with IPv6 address restriction ([#829](https://github.com/Mailu/Mailu/issues/829))
+- Enhancement: Missing wildcard option in alias flask command ([#869](https://github.com/Mailu/Mailu/issues/869))
 
 v1.6.0 - 2019-01-18
 -------------------
diff --git a/core/admin/mailu/manage.py b/core/admin/mailu/manage.py
index e11644e7..3a8256ad 100644
--- a/core/admin/mailu/manage.py
+++ b/core/admin/mailu/manage.py
@@ -292,8 +292,9 @@ def alias_delete(email):
 @click.argument('localpart')
 @click.argument('domain_name')
 @click.argument('destination')
+@click.option('-w', '--wildcard', is_flag=True)
 @flask_cli.with_appcontext
-def alias(localpart, domain_name, destination):
+def alias(localpart, domain_name, destination, wildcard=False):
     """ Create an alias
     """
     domain = models.Domain.query.get(domain_name)
@@ -303,6 +304,7 @@ def alias(localpart, domain_name, destination):
     alias = models.Alias(
         localpart=localpart,
         domain=domain,
+        wildcard=wildcard,
         destination=destination.split(','),
         email="%s@%s" % (localpart, domain_name)
     )

From a731e04670359218cf2be6610206761cc1f9536c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <muhlemmer@gmail.com>
Date: Fri, 25 Jan 2019 14:27:20 +0200
Subject: [PATCH 10/21] Update docs on review dissmissal and automatic rebuilds

---
 docs/contributors/environment.rst | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/docs/contributors/environment.rst b/docs/contributors/environment.rst
index 66c1a400..e2e74d8f 100644
--- a/docs/contributors/environment.rst
+++ b/docs/contributors/environment.rst
@@ -227,12 +227,9 @@ trying to fix. When happy, you can approve the PR. When running into failures, m
 Additional commits
 ``````````````````
 
-Sometimes users add new commits after ``bors try`` was  run automatically.
-In such cases, a reviewer will have to re-issue a ``bors try`` manually in order
-to get the latest changes in the test image. The reviewer will have to be sure the
-build finished successful before pulling the new images.
-
-Any previous reviews get dismissed automatically, whenever a new commit is done afterwards.
+On every new commit ``bors try`` is  run automatically. Past approvals get dismissed automatically.
+When doing a subsequent review on the same PR, be sure to pull the latest image from docker hub
+after Bors confirms a successful build.
 
 When bors try fails
 ```````````````````

From 34b31727c4ae230cf3dffa65c779046e0e129bff Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario.ernst@rommelag.com>
Date: Fri, 25 Jan 2019 15:08:41 +0100
Subject: [PATCH 11/21] Fix password validator for creating fetched accounts

---
 CHANGELOG.md                         | 3 ++-
 core/admin/mailu/ui/views/fetches.py | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cbd22a47..a3746e3a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,8 @@ v1.6.1 - unreleased
 -------------------
 - Enhancement: Make Unbound drop privileges after binding to port
 - Enhancement: Create an Authentication Token with IPv6 address restriction ([#829](https://github.com/Mailu/Mailu/issues/829))
-
+- Bug: Fix creating new fetched accounts
+-
 v1.6.0 - 2019-01-18
 -------------------
 
diff --git a/core/admin/mailu/ui/views/fetches.py b/core/admin/mailu/ui/views/fetches.py
index f2049fe9..ec208af1 100644
--- a/core/admin/mailu/ui/views/fetches.py
+++ b/core/admin/mailu/ui/views/fetches.py
@@ -22,7 +22,7 @@ def fetch_create(user_email):
     user_email = user_email or flask_login.current_user.email
     user = models.User.query.get(user_email) or flask.abort(404)
     form = forms.FetchForm()
-    form.pw.validators = [wtforms.validators.DataRequired()]
+    form.password.validators = [wtforms.validators.DataRequired()]
     if form.validate_on_submit():
         fetch = models.Fetch(user=user)
         form.populate_obj(fetch)

From 004a431e978f573d65defc9f1904200711434c75 Mon Sep 17 00:00:00 2001
From: Ionut Filip <ionut.philip@gmail.com>
Date: Thu, 24 Jan 2019 16:14:33 +0200
Subject: [PATCH 12/21] Change to mailustart functions

---
 core/dovecot/Dockerfile       |  5 +----
 core/nginx/Dockerfile         |  4 ++--
 core/nginx/config.py          | 19 +++++--------------
 core/postfix/Dockerfile       |  5 +----
 core/postfix/start.py         |  4 ++--
 services/rspamd/Dockerfile    |  5 +----
 services/unbound/Dockerfile   |  4 ++--
 services/unbound/start.py     |  7 +------
 webmails/rainloop/Dockerfile  |  4 +++-
 webmails/rainloop/start.py    | 11 +++--------
 webmails/roundcube/Dockerfile |  4 +++-
 webmails/roundcube/start.py   |  7 +------
 12 files changed, 25 insertions(+), 54 deletions(-)

diff --git a/core/dovecot/Dockerfile b/core/dovecot/Dockerfile
index b37fe4d7..02c9e49d 100644
--- a/core/dovecot/Dockerfile
+++ b/core/dovecot/Dockerfile
@@ -4,10 +4,7 @@ RUN apk add --no-cache \
     python3 py3-pip git \
   && pip3 install --upgrade pip
 # Shared layer between rspamd, postfix, dovecot, unbound and nginx
-RUN pip3 install jinja2 \
-  && pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
-# Shared layer between rspamd, postfix, dovecot
-RUN pip3 install tenacity
+RUN pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
 # Image specific layers under this line
 RUN apk add --no-cache \
   dovecot dovecot-pigeonhole-plugin rspamd-client bash \
diff --git a/core/nginx/Dockerfile b/core/nginx/Dockerfile
index 6afa8301..9bc4c745 100644
--- a/core/nginx/Dockerfile
+++ b/core/nginx/Dockerfile
@@ -1,10 +1,10 @@
 FROM alpine:3.8
 # python3 shared with most images
 RUN apk add --no-cache \
-    python3 py3-pip \
+    python3 py3-pip git \
   && pip3 install --upgrade pip
 # Shared layer between rspamd, postfix, dovecot, unbound and nginx
-RUN pip3 install jinja2
+RUN pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
 # Image specific layers under this line
 RUN apk add --no-cache certbot nginx nginx-mod-mail openssl curl \
  && pip3 install idna requests watchdog
diff --git a/core/nginx/config.py b/core/nginx/config.py
index 79370508..82b02519 100755
--- a/core/nginx/config.py
+++ b/core/nginx/config.py
@@ -1,32 +1,23 @@
 #!/usr/bin/python3
 
-import jinja2
 import os
 import logging as log
 import sys
+from mailustart import resolve, convert
 
 args = os.environ.copy()
 
 log.basicConfig(stream=sys.stderr, level=args.get("LOG_LEVEL", "WARNING"))
 
-def convert(src, dst, args):
-    logger = log.getLogger("convert()")
-    logger.debug("Source: %s, Destination: %s", src, dst)
-    open(dst, "w").write(jinja2.Template(open(src).read()).render(**args))
-
 # Get the first DNS server
 with open("/etc/resolv.conf") as handle:
     content = handle.read().split()
     args["RESOLVER"] = content[content.index("nameserver") + 1]
 
-if "HOST_WEBMAIL" not in args:
-    args["HOST_WEBMAIL"] = "webmail"
-if "HOST_ADMIN" not in args:
-    args["HOST_ADMIN"] = "admin"
-if "HOST_WEBDAV" not in args:
-    args["HOST_WEBDAV"] = "webdav:5232"
-if "HOST_ANTISPAM" not in args:
-    args["HOST_ANTISPAM"] = "antispam:11334"
+args["HOST_WEBMAIL"] = resolve(args.get("HOST_WEBMAIL", "webmail"))
+args["HOST_ADMIN"] = resolve(args.get("HOST_ADMIN", "admin"))
+args["HOST_WEBDAV"] = resolve(args.get("HOST_WEBDAV", "webdav:5232"))
+args["HOST_ANTISPAM"] = resolve(args.get("HOST_ANTISPAM", "antispam:11334"))
 
 # TLS configuration
 cert_name = os.getenv("TLS_CERT_FILENAME", default="cert.pem")
diff --git a/core/postfix/Dockerfile b/core/postfix/Dockerfile
index 5a9bef40..4b6c4aee 100644
--- a/core/postfix/Dockerfile
+++ b/core/postfix/Dockerfile
@@ -4,10 +4,7 @@ RUN apk add --no-cache \
     python3 py3-pip git \
   && pip3 install --upgrade pip
 # Shared layer between rspamd, postfix, dovecot, unbound and nginx
-RUN pip3 install jinja2 \
-  && pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
-# Shared layer between rspamd, postfix, dovecot
-RUN pip3 install tenacity
+RUN pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
 # Image specific layers under this line
 
 RUN apk add --no-cache postfix postfix-pcre rsyslog \
diff --git a/core/postfix/start.py b/core/postfix/start.py
index f113dddb..95c97fde 100755
--- a/core/postfix/start.py
+++ b/core/postfix/start.py
@@ -28,8 +28,8 @@ def start_podop():
 # Actual startup script
 os.environ["FRONT_ADDRESS"] = resolve(os.environ.get("FRONT_ADDRESS", "front"))
 os.environ["ADMIN_ADDRESS"] = resolve(os.environ.get("ADMIN_ADDRESS", "admin"))
-os.environ["HOST_ANTISPAM"] = os.environ.get("HOST_ANTISPAM", "antispam:11332")
-os.environ["HOST_LMTP"] = os.environ.get("HOST_LMTP", "imap:2525")
+os.environ["HOST_ANTISPAM"] = resolve(os.environ.get("HOST_ANTISPAM", "antispam:11332"))
+os.environ["HOST_LMTP"] = resolve(os.environ.get("HOST_LMTP", "imap:2525"))
 
 for postfix_file in glob.glob("/conf/*.cf"):
     convert(postfix_file, os.path.join("/etc/postfix", os.path.basename(postfix_file)))
diff --git a/services/rspamd/Dockerfile b/services/rspamd/Dockerfile
index 57196a4d..32e93fac 100644
--- a/services/rspamd/Dockerfile
+++ b/services/rspamd/Dockerfile
@@ -4,10 +4,7 @@ RUN apk add --no-cache \
     python3 py3-pip git \
   && pip3 install --upgrade pip
 # Shared layer between rspamd, postfix, dovecot, unbound and nginx
-RUN pip3 install jinja2 \
-  && pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
-# Shared layer between rspamd, postfix, dovecot
-RUN pip3 install tenacity
+RUN pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
 # Image specific layers under this line
 RUN apk add --no-cache rspamd rspamd-controller rspamd-proxy rspamd-fuzzy ca-certificates curl
 
diff --git a/services/unbound/Dockerfile b/services/unbound/Dockerfile
index dbf8a3a9..9d40b691 100644
--- a/services/unbound/Dockerfile
+++ b/services/unbound/Dockerfile
@@ -1,10 +1,10 @@
 FROM alpine:3.8
 # python3 shared with most images
 RUN apk add --no-cache \
-    python3 py3-pip \
+    python3 py3-pip git \
   && pip3 install --upgrade pip
 # Shared layer between rspamd, postfix, dovecot, unbound and nginx
-RUN pip3 install jinja2
+RUN pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
 # Image specific layers under this line
 RUN apk add --no-cache unbound curl bind-tools \
   && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
diff --git a/services/unbound/start.py b/services/unbound/start.py
index 4dd5f3be..6216e783 100755
--- a/services/unbound/start.py
+++ b/services/unbound/start.py
@@ -1,17 +1,12 @@
 #!/usr/bin/python3
 
-import jinja2
 import os
 import logging as log
 import sys
+from mailustart import convert
 
 log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
 
-def convert(src, dst):
-    logger = log.getLogger("convert()")
-    logger.debug("Source: %s, Destination: %s", src, dst)
-    open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
-
 convert("/unbound.conf", "/etc/unbound/unbound.conf")
 
 os.execv("/usr/sbin/unbound", ["-c /etc/unbound/unbound.conf"])
diff --git a/webmails/rainloop/Dockerfile b/webmails/rainloop/Dockerfile
index 224fe457..c20f1975 100644
--- a/webmails/rainloop/Dockerfile
+++ b/webmails/rainloop/Dockerfile
@@ -1,7 +1,7 @@
 FROM php:7.2-apache
 #Shared layer between rainloop and roundcube
 RUN apt-get update && apt-get install -y \
-  python3 curl \
+  python3 curl python3-pip git \
   && rm -rf /var/lib/apt/lists \
   && echo "ServerSignature Off" >> /etc/apache2/apache2.conf
 
@@ -21,6 +21,8 @@ RUN apt-get update && apt-get install -y \
  && chown -R www-data: * \
  && apt-get purge -y unzip \
  && rm -rf /var/lib/apt/lists
+ 
+ RUN pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
 
 COPY include.php /var/www/html/include.php
 COPY php.ini /php.ini
diff --git a/webmails/rainloop/start.py b/webmails/rainloop/start.py
index e2b917bf..495eb376 100755
--- a/webmails/rainloop/start.py
+++ b/webmails/rainloop/start.py
@@ -1,21 +1,16 @@
 #!/usr/bin/python3
 
-import jinja2
 import os
 import shutil
 import logging as log
 import sys
+from mailustart import resolve, convert
 
 log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
 
-def convert(src, dst):
-    logger = log.getLogger("convert()")
-    logger.debug("Source: %s, Destination: %s", src, dst)
-    open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
-
 # Actual startup script
-os.environ["FRONT_ADDRESS"] = os.environ.get("FRONT_ADDRESS", "front")
-os.environ["IMAP_ADDRESS"] = os.environ.get("IMAP_ADDRESS", "imap")
+os.environ["FRONT_ADDRESS"] = resolve(os.environ.get("FRONT_ADDRESS", "front"))
+os.environ["IMAP_ADDRESS"] = resolve(os.environ.get("IMAP_ADDRESS", "imap"))
 
 os.environ["MAX_FILESIZE"] = str(int(int(os.environ.get("MESSAGE_SIZE_LIMIT"))*0.66/1048576))
 
diff --git a/webmails/roundcube/Dockerfile b/webmails/roundcube/Dockerfile
index 1c5d82c4..cecf009b 100644
--- a/webmails/roundcube/Dockerfile
+++ b/webmails/roundcube/Dockerfile
@@ -1,7 +1,7 @@
 FROM php:7.2-apache
 #Shared layer between rainloop and roundcube
 RUN apt-get update && apt-get install -y \
-  python3 curl \
+  python3 curl python3-pip git \
   && rm -rf /var/lib/apt/lists \
   && echo "ServerSignature Off" >> /etc/apache2/apache2.conf
 
@@ -23,6 +23,8 @@ RUN apt-get update && apt-get install -y \
  && chown -R www-data: logs temp \
  && rm -rf /var/lib/apt/lists
 
+ RUN pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
+
 COPY php.ini /php.ini
 COPY config.inc.php /var/www/html/config/
 COPY start.py /start.py
diff --git a/webmails/roundcube/start.py b/webmails/roundcube/start.py
index 4effd965..c0e52883 100755
--- a/webmails/roundcube/start.py
+++ b/webmails/roundcube/start.py
@@ -1,17 +1,12 @@
 #!/usr/bin/python3
 
 import os
-import jinja2
 import logging as log
 import sys
+from mailustart import convert
 
 log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
 
-def convert(src, dst):
-    logger = log.getLogger("convert()")
-    logger.debug("Source: %s, Destination: %s", src, dst)
-    open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
-
 os.environ["MAX_FILESIZE"] = str(int(int(os.environ.get("MESSAGE_SIZE_LIMIT"))*0.66/1048576))
 
 convert("/php.ini", "/usr/local/etc/php/conf.d/roundcube.ini")

From f8dffe5a19cac4fea79bbc55de0a064b296385f6 Mon Sep 17 00:00:00 2001
From: Ionut Filip <ionut.philip@gmail.com>
Date: Fri, 25 Jan 2019 13:28:24 +0200
Subject: [PATCH 13/21] Resolve hosts in admin

---
 core/admin/Dockerfile              |  3 ++-
 core/admin/mailu/configuration.py  | 10 ++++++++--
 core/admin/mailu/internal/nginx.py |  4 +---
 core/nginx/config.py               |  8 ++++++--
 4 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/core/admin/Dockerfile b/core/admin/Dockerfile
index 33c0bde7..4f887ff2 100644
--- a/core/admin/Dockerfile
+++ b/core/admin/Dockerfile
@@ -1,8 +1,9 @@
 FROM alpine:3.8
 # python3 shared with most images
 RUN apk add --no-cache \
-    python3 py3-pip \
+    python3 py3-pip git \
   && pip3 install --upgrade pip
+RUN pip3 install git+https://github.com/usrpro/MailuStart.git#egg=mailustart
 # Image specific layers under this line
 RUN mkdir -p /app
 WORKDIR /app
diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py
index a8cd3e25..55093479 100644
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -1,5 +1,5 @@
 import os
-
+from mailustart import resolve
 
 DEFAULT_CONFIG = {
     # Specific to the admin UI
@@ -60,7 +60,6 @@ DEFAULT_CONFIG = {
     'POD_ADDRESS_RANGE': None
 }
 
-
 class ConfigManager(dict):
     """ Naive configuration manager that uses environment only
     """
@@ -74,6 +73,12 @@ class ConfigManager(dict):
     def __init__(self):
         self.config = dict()
 
+    def resolve_host(self):
+        self.config['HOST_IMAP'] = resolve(self.config['HOST_IMAP'])
+        self.config['HOST_POP3'] = resolve(self.config['HOST_POP3'])
+        self.config['HOST_AUTHSMTP'] = resolve(self.config['HOST_AUTHSMTP'])
+        self.config['HOST_SMTP'] = resolve(self.config['HOST_SMTP'])
+
     def __coerce_value(self, value):
         if isinstance(value, str) and value.lower() in ('true','yes'):
             return True
@@ -88,6 +93,7 @@ class ConfigManager(dict):
             key: self.__coerce_value(os.environ.get(key, value))
             for key, value in DEFAULT_CONFIG.items()
         })
+        self.resolve_host()
 
         # automatically set the sqlalchemy string
         if self.config['DB_FLAVOR']:
diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py
index 460719f2..2dac4db1 100644
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@@ -2,7 +2,6 @@ from mailu import models
 from flask import current_app as app
 
 import re
-import socket
 import urllib
 
 
@@ -89,5 +88,4 @@ def get_server(protocol, authenticated=False):
             hostname, port = extract_host_port(app.config['HOST_AUTHSMTP'], 10025)
         else:
             hostname, port = extract_host_port(app.config['HOST_SMTP'], 25)
-    address = socket.gethostbyname(hostname)
-    return address, port
+    return hostname, port
diff --git a/core/nginx/config.py b/core/nginx/config.py
index 82b02519..78c76345 100755
--- a/core/nginx/config.py
+++ b/core/nginx/config.py
@@ -14,10 +14,14 @@ with open("/etc/resolv.conf") as handle:
     content = handle.read().split()
     args["RESOLVER"] = content[content.index("nameserver") + 1]
 
-args["HOST_WEBMAIL"] = resolve(args.get("HOST_WEBMAIL", "webmail"))
 args["HOST_ADMIN"] = resolve(args.get("HOST_ADMIN", "admin"))
-args["HOST_WEBDAV"] = resolve(args.get("HOST_WEBDAV", "webdav:5232"))
 args["HOST_ANTISPAM"] = resolve(args.get("HOST_ANTISPAM", "antispam:11334"))
+args["HOST_WEBMAIL"] = args.get("HOST_WEBMAIL", "webmail")
+if args["WEBMAIL"] != "none":
+    args["HOST_WEBMAIL"] = resolve(args.get("HOST_WEBMAIL"))
+args["HOST_WEBDAV"] = args.get("HOST_WEBDAV", "webdav:5232")
+if args["WEBDAV"] != "none":
+    args["HOST_WEBDAV"] = resolve(args.get("HOST_WEBDAV"))
 
 # TLS configuration
 cert_name = os.getenv("TLS_CERT_FILENAME", default="cert.pem")

From 392637e16acd0db0eb73e7943f5c6517ad3ead72 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Fri, 25 Jan 2019 20:08:05 +0100
Subject: [PATCH 14/21] Correct the URL users are directed to after using setup
 without exposing /admin

closes #885
---
 setup/.env                       |  2 +-
 setup/docker-compose.yml         |  2 +-
 setup/flavors/compose/setup.html |  9 +++++++--
 setup/flavors/stack/setup.html   | 11 ++++++++---
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/setup/.env b/setup/.env
index 2c1113ce..676b07fd 100644
--- a/setup/.env
+++ b/setup/.env
@@ -1,5 +1,5 @@
 # Hostname passed to Traefik
-ADDRESS=setup.mailu.io
+ADDRESS=test02.usrpro.io
 
 # Current release
 RELEASE=master
diff --git a/setup/docker-compose.yml b/setup/docker-compose.yml
index 9c93fd6f..b7b4b05f 100644
--- a/setup/docker-compose.yml
+++ b/setup/docker-compose.yml
@@ -13,4 +13,4 @@ services:
     depends_on:
       - redis
     ports:
-      - 127.0.0.1:8001:80
+      - 0.0.0.0:80:80
diff --git a/setup/flavors/compose/setup.html b/setup/flavors/compose/setup.html
index 46369577..1c372143 100644
--- a/setup/flavors/compose/setup.html
+++ b/setup/flavors/compose/setup.html
@@ -44,8 +44,13 @@ Before you can use Mailu, you must create the primary administrator user account
 one of the hostnames 
 <a href="https://{{ hostnames.split(',')[0] }}{{ admin_path }}">{{ hostnames.split(',')[0] }}{{ admin_path }}</a>.
 {% else %}
-<a href="http://127.0.0.1:8080">http://127.0.0.1:8080</a> (only directly from the host running docker).
+<a href="http://127.0.0.1:8080/ui">http://127.0.0.1:8080/ui</a> (only directly from the host running docker).
+If you run mailu on a remote server, and wish to access the admin interface via a SSH tunnel, you can create a port-forward from your local machine to your server like
+<pre><code>ssh -L 127.0.0.1:8080:127.0.0.1:8080 &lt;user&gt;@&lt;server&gt;
+</pre></code>
+And access the above URL from your local machine.
+<br />
 {% endif %}
-And choose the "Update password" option in the left menu.
+Also, choose the "Update password" option in the left menu.
 </p>
 {% endcall %}
diff --git a/setup/flavors/stack/setup.html b/setup/flavors/stack/setup.html
index 81470b5b..9a243ccb 100644
--- a/setup/flavors/stack/setup.html
+++ b/setup/flavors/stack/setup.html
@@ -50,11 +50,16 @@ Before you can use Mailu, you must create the primary administrator user account
 
 <p>Login to the admin interface to change the password for a safe one, at
 {% if admin_enabled %}
-one of the hostnames 
+one of the hostnames
 <a href="https://{{ hostnames.split(',')[0] }}{{ admin_path }}">{{ hostnames.split(',')[0] }}{{ admin_path }}</a>.
 {% else %}
-<a href="http://127.0.0.1:8080">http://127.0.0.1:8080</a> (only directly from the host running docker).
+<a href="http://127.0.0.1:8080/ui">http://127.0.0.1:8080/ui</a> (only directly from the host running docker).
+If you run mailu on a remote server, and wish to access the admin interface via a SSH tunnel, you can create a port-forward from your local machine to your server like
+<pre><code>ssh -L 127.0.0.1:8080:127.0.0.1:8080 &lt;user&gt;@&lt;server&gt;
+</pre></code>
+And access the above URL from your local machine.
+<br />
 {% endif %}
-And choose the "Update password" option in the left menu.
+Also, choose the "Update password" option in the left menu.
 </p>
 {% endcall %}

From d9d6f514aaab9fb3e3c33cb3c54df7c7929dc973 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Sat, 26 Jan 2019 19:15:46 +0100
Subject: [PATCH 15/21] Catch webmail-url empty but webmail configured and
 force to default
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Quite some users managed to delete the contents of the webmail-url field in
setup, which forces front into a restart loop. Catch the case where a webmail
service is configured, but url is empty — and force to default /webmail.

closes #856
---
 setup/flavors/compose/mailu.env | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env
index 5ccd8ace..a23a2c4b 100644
--- a/setup/flavors/compose/mailu.env
+++ b/setup/flavors/compose/mailu.env
@@ -116,7 +116,11 @@ WEBROOT_REDIRECT=/webmail
 WEB_ADMIN={{ admin_path }}
 
 # Path to the webmail if enabled
+{% if webmail_type != 'none' and webmail_path == '' %}
+WEB_WEBMAIL=/webmail
+{% else %}
 WEB_WEBMAIL={{ webmail_path }}
+{% endif %}
 
 # Website name
 SITENAME={{ site_name }}

From 0676252ec1c26fa83d60625a46729453ad49d2d7 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Mon, 28 Jan 2019 20:23:41 +0100
Subject: [PATCH 16/21] Revert accidental setup commits and fix code/pre tags

---
 setup/.env                       | 2 +-
 setup/docker-compose.yml         | 2 +-
 setup/flavors/compose/setup.html | 2 +-
 setup/flavors/stack/setup.html   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/setup/.env b/setup/.env
index 676b07fd..2c1113ce 100644
--- a/setup/.env
+++ b/setup/.env
@@ -1,5 +1,5 @@
 # Hostname passed to Traefik
-ADDRESS=test02.usrpro.io
+ADDRESS=setup.mailu.io
 
 # Current release
 RELEASE=master
diff --git a/setup/docker-compose.yml b/setup/docker-compose.yml
index b7b4b05f..9c93fd6f 100644
--- a/setup/docker-compose.yml
+++ b/setup/docker-compose.yml
@@ -13,4 +13,4 @@ services:
     depends_on:
       - redis
     ports:
-      - 0.0.0.0:80:80
+      - 127.0.0.1:8001:80
diff --git a/setup/flavors/compose/setup.html b/setup/flavors/compose/setup.html
index 1c372143..b29e726a 100644
--- a/setup/flavors/compose/setup.html
+++ b/setup/flavors/compose/setup.html
@@ -47,7 +47,7 @@ one of the hostnames
 <a href="http://127.0.0.1:8080/ui">http://127.0.0.1:8080/ui</a> (only directly from the host running docker).
 If you run mailu on a remote server, and wish to access the admin interface via a SSH tunnel, you can create a port-forward from your local machine to your server like
 <pre><code>ssh -L 127.0.0.1:8080:127.0.0.1:8080 &lt;user&gt;@&lt;server&gt;
-</pre></code>
+</code></pre>
 And access the above URL from your local machine.
 <br />
 {% endif %}
diff --git a/setup/flavors/stack/setup.html b/setup/flavors/stack/setup.html
index 9a243ccb..9d51a949 100644
--- a/setup/flavors/stack/setup.html
+++ b/setup/flavors/stack/setup.html
@@ -56,7 +56,7 @@ one of the hostnames
 <a href="http://127.0.0.1:8080/ui">http://127.0.0.1:8080/ui</a> (only directly from the host running docker).
 If you run mailu on a remote server, and wish to access the admin interface via a SSH tunnel, you can create a port-forward from your local machine to your server like
 <pre><code>ssh -L 127.0.0.1:8080:127.0.0.1:8080 &lt;user&gt;@&lt;server&gt;
-</pre></code>
+</code></pre>
 And access the above URL from your local machine.
 <br />
 {% endif %}

From ef5a114cff9d1ba661d1df695ac16a94ece9e8e6 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Mon, 28 Jan 2019 20:32:36 +0100
Subject: [PATCH 17/21] Put webmail on / for empty webmail_path from setup

---
 setup/flavors/compose/mailu.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env
index a23a2c4b..f7bccd3f 100644
--- a/setup/flavors/compose/mailu.env
+++ b/setup/flavors/compose/mailu.env
@@ -117,7 +117,7 @@ WEB_ADMIN={{ admin_path }}
 
 # Path to the webmail if enabled
 {% if webmail_type != 'none' and webmail_path == '' %}
-WEB_WEBMAIL=/webmail
+WEB_WEBMAIL=/
 {% else %}
 WEB_WEBMAIL={{ webmail_path }}
 {% endif %}

From 611363cbe4c24ed8fd5d2ad9913f60676c9e63e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20V=C3=A1zquez=20Acosta?= <manuel@merchise.org>
Date: Mon, 4 Feb 2019 15:28:50 -0500
Subject: [PATCH 18/21] Don't generate the clamav configuration if ANTIVIRUS is
 none.

Otherwise the rspamd will try to connect to none, timing out several times and
leading to poor performance.
---
 services/rspamd/conf/antivirus.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/services/rspamd/conf/antivirus.conf b/services/rspamd/conf/antivirus.conf
index a72f79c1..7bf646b8 100644
--- a/services/rspamd/conf/antivirus.conf
+++ b/services/rspamd/conf/antivirus.conf
@@ -1,6 +1,8 @@
+{% if ANTIVIRUS == 'clamav' %}
 clamav {
   attachments_only = true;
   symbol = "CLAM_VIRUS";
   type = "clamav";
   servers = "antivirus:3310";
 }
+{% endif %}

From 27bbab97d6e1756085b75226bdf150f6c8d0d7ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20V=C3=A1zquez=20Acosta?= <manuel@merchise.org>
Date: Mon, 4 Feb 2019 15:37:30 -0500
Subject: [PATCH 19/21] Add Changlog entry.

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 02325ad2..4bb60acb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ v1.6.1 - unreleased
 - Enhancement: Create an Authentication Token with IPv6 address restriction ([#829](https://github.com/Mailu/Mailu/issues/829))
 - Bug: Fix creating new fetched accounts
 - Enhancement: Missing wildcard option in alias flask command ([#869](https://github.com/Mailu/Mailu/issues/869))
+- Bug: Fix poor performance if ANTIVIRUS is configured to none.
 
 v1.6.0 - 2019-01-18
 -------------------

From 3cfaa00fac6c1edb1fc31a446193b896efa44350 Mon Sep 17 00:00:00 2001
From: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
Date: Sat, 9 Feb 2019 15:12:24 +0100
Subject: [PATCH 20/21] Update command for user import

The current example seems to be obsolete.
---
 docs/cli.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/cli.rst b/docs/cli.rst
index bdf4a6d1..d666ab4b 100644
--- a/docs/cli.rst
+++ b/docs/cli.rst
@@ -39,7 +39,7 @@ primary difference with simple `user` command is that password is being imported
 
 .. code-block:: bash
 
-  docker-compose run --rm admin python manage.py user --hash_scheme='SHA512-CRYPT' myuser example.net '$6$51ebe0cb9f1dab48effa2a0ad8660cb489b445936b9ffd812a0b8f46bca66dd549fea530ce'
+  docker-compose run --rm admin flask mailu user-import myuser example.net '$6$51ebe0cb9f1dab48effa2a0ad8660cb489b445936b9ffd812a0b8f46bca66dd549fea530ce' 'SHA512-CRYPT'
 
 user_delete
 ------------

From 6cc6f2742bf373772015dabaa5b6abf6204e57f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20V=C3=A1zquez=20Acosta?= <manuel@merchise.org>
Date: Sat, 9 Feb 2019 10:29:15 -0500
Subject: [PATCH 21/21] Activate ClamAV in filters tests.

See https://github.com/Mailu/Mailu/pull/907#issuecomment-462043036
---
 tests/compose/filters/mailu.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/compose/filters/mailu.env b/tests/compose/filters/mailu.env
index 25c7c133..e165fee2 100644
--- a/tests/compose/filters/mailu.env
+++ b/tests/compose/filters/mailu.env
@@ -60,7 +60,7 @@ WEBMAIL=none
 WEBDAV=none
 
 # Antivirus solution (value: clamav, none)
-#ANTIVIRUS=clamav
+ANTIVIRUS=clamav
 
 #Antispam solution
 ANTISPAM=none