This release includes features that have been tested in the nightly branch over the past year. If youโve been following our nightly progress update, you may already be familiar with some of the changes listed below.
Caution
Before updating, please ensure you have a current backup of your installation.
This update heavily changes the authentication process. If you donโt want to apply the 2025-03 update, you can switch to the legacy branch with ./update.sh --legacy.
The legacy branch will only receive security updates until February 2026.
Read more about the legacy branch
Breaking Changes
Logins for Administrator, Domain Administrator, and Users have been separated:
- Administrator Login:
/admin - Domain Administrator Login:
/domainadmin - Users:
/
Direct SOGo login is now disabled. All unauthenticated requests to /SOGo will be redirected to /.
Users must use the mailcow login.
Administrators can define whether a user should be redirected to the mailcow UI or SOGo after login.
Other Notable Changes
- All Alpine-based images have been updated to Alpine 3.21.
- 2FA protected mailboxes will need an app password for authentication with mail protocols.
New Feature
mailcow now supports external Identity Providers for authentication.
This is optional โ administrators can configure an external identity provider, which can be used alongside the SQL database for authentication.
You can even configure which authentication source a specific user should use.
Currently supported Identity Providers:
- Keycloak โ Documentation
- LDAP/AD โ Documentation
- Generic OIDC โ Documentation
Improvements
mailcow now uses Dovecot's password caching to reduce authentication-related load.
Changelog
Full Changelog: 2025-02...2025-03
New Contributors
- @marvinruder made their first contribution in #6365