get rid of old stuff

remove bayarea
remove annaville
2026-04-10 18:31:16 -05:00 · 2026-04-09 17:58:08 -05:00 · 2026-04-09 10:16:09 -05:00 · 2026-04-03 15:13:24 -05:00 · 2026-04-03 14:42:07 -05:00 · 2026-04-03 14:37:12 -05:00
63 changed files with 19730 additions and 158 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,8 @@
 *.jar
 auth
 .env
 .venv*
 __pycache__
 node_modules
 ses-lambda-python/*
 !ses-lambda-python/lambda_function.py
--- a/40
+++ b/40
@@ -0,0 +1,40 @@
 Anleitung zur Generierung einer neuen Domain/DNS/Email
 Grundlegendes
 - Domain kaufen
 - Domain bei cloudflare eintragen und den A Record und einen CNAME www eintragen (per Hand)
 - bei Bedarf die Nameserver beim Domain Halter eintragen (Hetzner, networksolutions) und abwarten, das cloudflare den Status active anzeigt
 AMAZON Einrichtung
 - Die 3 Scripte zur Amamzon Konfiguration ausführen
 1. awss3.sh
 2. awsses.sh
 3. awsiam.sh (Access Token und SMTP Passwort abspeichern !!!!)
 - cloudflareDns.sh ausführen und warten bis die Identities alle auf Aktiv gesetzt sind
 Server Arbeiten
 - .env anpassen und neue Domain eintragen, den Bucket Namen sowie die Usernames
 - dovecot_passwd_manager.py update ausführen um die passwd anzupassen
 - Zertifikate erzeugen und kopieren
 1. DOMAIN=imap.[DOMAIN] EMAIL=andreas.knuth@gmail.com docker compose run --rm certbot
 2. cp -R letsencrypt/archive/imap.[DOMAIN] ../dovecot/ssl/
 3. in der dovecor.conf folgenden Eintrag hinzufügen
 local_name imap.[DOMAIN] {
  ssl_cert = </etc/dovecot/ssl/imap.[DOMAIN]/fullchain1.pem
  ssl_key = </etc/dovecot/ssl/imap.[DOMAIN]/privkey1.pem
 }
 Einrichten des EMail Clients
 - IMAP
 1. Server Name: imap.[DOMAIN]
 2. Port: 993
 3. UserName: Account Name -> z.B. info@[DOMAIN]
 4. Security: SSL/TLS
 5. Auth: Normal Passwd
 -SMTP
 1. Server Name: 	email-smtp.us-east-2.amazonaws.com
 2. Port: 	587
 3. User Name: [Access Token von oben]
 4. Authentication method: 	Normal password
 5. Connection Security: 	STARTTLS
 6. Passwort: SMTP Passwort, nicht der Security Token !!!!
--- a/app/.env
+++ b/app/.env
@@ -1,6 +0,0 @@
 DB_HOST=postgres
 DB_PORT=5432
 DB_SCHEMA=public
 POSTGRES_DB=bizmatch
 POSTGRES_USER=bizmatch
 POSTGRES_PASSWORD=xieng7Seih
--- a/app/docker-compose.dev.yml
+++ b/app/docker-compose.dev.yml
@@ -0,0 +1,44 @@
 services:
  app:
    image: node:22-alpine
    working_dir: /app
    volumes:
      - ~/git/bizmatch-project/bizmatch-server:/app
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=development
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_NAME=${POSTGRES_DB}
      - DB_USER=${POSTGRES_USER}
      - DB_PASSWORD=${POSTGRES_PASSWORD}
    env_file:
      - ~/git/docker/app/.env # Pfad zur .env-Datei      
    command: sh -c "npm install && npm run build --omit=dev && node dist/src/main.js"
    restart: unless-stopped
    depends_on:
      - postgres
    networks:
      - bizmatch
  postgres:
    container_name: bizmatchdb
    image: postgres:latest
    restart: always
    volumes:
      - ${PWD}/bizmatchdb-data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    env_file:
      - ~/git/docker/app/.env  # Neu: Separate Env-File für Prod          
    ports:
      - "5432:5432"
    networks:
      - bizmatch
 networks:
  bizmatch:
    external: true
--- a/app/docker-compose.prod.yml
+++ b/app/docker-compose.prod.yml
@@ -0,0 +1,47 @@
 services:
  app:
    image: node:22-alpine
    container_name: bizmatch-app-prod  # Neu: Unterscheide Namen
    working_dir: /app
    volumes:
      - /home/aknuth/git/bizmatch-project-prod/bizmatch-server:/app  # Verwende Prod-Checkout
    ports:
      - "3001:3000"  # Neu: Host-Port 3001, Container-Port bleibt 3000
    env_file:
      - path: ./env.prod  # Neu: Separate Env-File für Prod
        required: true
    environment:
      - NODE_ENV=development  # Neu: Production-Modus (für Nest.js-Config)
      - DB_HOST=postgres-prod  # Neu: Passe an neuen Service-Namen
      - DB_PORT=5432
      - DB_NAME=${POSTGRES_DB}  # Neu: Separate DB-Name aus Env-File
      - DB_USER=${POSTGRES_USER}
      - DB_PASSWORD=${POSTGRES_PASSWORD}
    command: sh -c "npm install && npm run build && node dist/src/main.js"  # Entferne --omit=dev für Prod
    restart: unless-stopped
    depends_on:
      - postgres-prod
    networks:
      - bizmatch-prod  # Neu: Separates Network für Isolation
  postgres-prod:  # Neu: Umbenannt für Unterscheidung
    container_name: bizmatchdb-prod
    image: postgres:latest
    restart: always
    volumes:
      - ${PWD}/bizmatchdb-data-prod:/var/lib/postgresql/data  # Neu: Separates Daten-Volume
    env_file:
      - path: ./env.prod  # Neu: Separate Env-File für Prod
        required: true
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    ports:
      - "5433:5432"  # Neu: Host-Port 5433, Container-Port bleibt 5432
    networks:
      - bizmatch-prod
 networks:
  bizmatch-prod:
    external: true  # Neu: Erstelle es mit `docker network create bizmatch-prod`
--- a/app/docker-compose.yml
+++ b/app/docker-compose.yml
@@ -1,25 +0,0 @@
 version: '3.8'
 services:
  postgres:
      container_name: postgres_app
      image: postgres:15.5-alpine3.19
      volumes:
        - bizmatch_volume:/var/lib/postgresql/data
      environment:
        POSTGRES_DB: ${POSTGRES_DB}
        POSTGRES_USER: ${POSTGRES_USER}
        POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      ports:
        - "5432:5432"
      networks:
        - bizmatch
 networks:
  bizmatch:
    external: true
 volumes:
  bizmatch_volume:
    external: true
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -1,76 +1,98 @@
 {
-    acme_dns cloudflare q1P7J3uqS96FGj_iiX2mI8y1ulTaIFrTp8tyTXhG
+    email {env.CLOUDFLARE_EMAIL}
    acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
    acme_ca https://acme-v02.api.letsencrypt.org/directory
    debug
 }
 # Prod: Neue Domains
 www.bizmatch.net {
  handle /pictures/* {
    root * /home/aknuth/git/bizmatch-project/bizmatch-server  # Prod-Ordner
    file_server
  }
  # Statische Dateien (CSS, JS, Bilder) – lange cachen, da sich der Name bei Änderungen ändert
  header /assets/* Cache-Control "public, max-age=31536000, immutable"
  header /*.css Cache-Control "public, max-age=31536000, immutable"
  header /*.js Cache-Control "public, max-age=31536000, immutable"
  # Die index.html und API-Antworten – NIEMALS cachen
  header /index.html Cache-Control "no-cache, no-store, must-revalidate"  
  handle {
    reverse_proxy host.docker.internal:4200
  }
  log {
    output file /var/log/caddy/access.prod.log  # Separate Logs
  }
  encode gzip zstd
 }
 bizmatch.net {
-    tls {
+  redir https://www.bizmatch.net{uri} permanent
        dns cloudflare q1P7J3uqS96FGj_iiX2mI8y1ulTaIFrTp8tyTXhG
 }
 www.qrmaster.net {
    handle {
        reverse_proxy host.docker.internal:3050
    }
-www.bizmatch.net {
+    log {
-    tls {
+        output file /var/log/caddy/qrmaster.log
-        dns cloudflare q1P7J3uqS96FGj_iiX2mI8y1ulTaIFrTp8tyTXhG
+        format console
    }
    encode gzip
 }
 qrmaster.net {
  redir https://www.qrmaster.net{uri} permanent
 }
 www.innungsapp.com {
    handle {
        reverse_proxy host.docker.internal:3010
    }
    log {
        output file /var/log/caddy/innungsapp.log
        format console
    }
    encode gzip
 }
 innungsapp.com {
  redir https://www.innungsapp.com{uri} permanent
 }
 auth.bizmatch.net {
-    reverse_proxy keycloak:8080 {
+        reverse_proxy https://bizmatch-net.firebaseapp.com {
-        header_up Host {http.request.host}
+            header_up Host bizmatch-net.firebaseapp.com
-        header_up X-Real-IP {http.request.remote}
+            header_up X-Forwarded-For {remote_host}
-        header_up X-Forwarded-For {http.request.remote}
+            header_up X-Forwarded-Proto {scheme}
-        header_up X-Forwarded-Host {http.request.host}
+            header_up X-Real-IP {remote_host}
        header_up X-Forwarded-Server {http.request.host}
        header_up X-Forwarded-Port {http.request.port}
        header_up X-Forwarded-Proto {http.request.scheme}
        header_up Upgrade {http.request.header.Upgrade}
        header_up Connection {http.request.header.Connection}
        # Entfernen des X-Frame-Options-Headers
        # header_up -X-Frame-Options
    }
    tls {
        dns cloudflare q1P7J3uqS96FGj_iiX2mI8y1ulTaIFrTp8tyTXhG
        }
 }
 gitea.bizmatch.net {
    reverse_proxy gitea:3500
    tls {
        dns cloudflare q1P7J3uqS96FGj_iiX2mI8y1ulTaIFrTp8tyTXhG
    }
 }
-dev.bizmatch.net {
+api.bizmatch.net {
-  handle /pictures/* {
+  reverse_proxy host.docker.internal:3001 {  # Neu: Proxy auf Prod-Port 3001
    root * /home/aknuth/git/bizmatch-project/bizmatch-server
    file_server
  }
  handle {
    root * /srv
    try_files {path} {path}/ /index.html
    file_server
  }
  log {
    output file /var/log/caddy/access.log {
      roll_size 10MB
      roll_keep 5
      roll_keep_for 48h
    }
  }
  encode gzip 
  tls {
       dns cloudflare q1P7J3uqS96FGj_iiX2mI8y1ulTaIFrTp8tyTXhG
  }
 }
 api-dev.bizmatch.net {
  reverse_proxy host.docker.internal:3000 {
    header_up X-Real-IP {http.request.header.CF-Connecting-IP}
    header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
    header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
    header_up CF-IPCountry {http.request.header.CF-IPCountry}
  }
-  tls {
+}
-        dns cloudflare q1P7J3uqS96FGj_iiX2mI8y1ulTaIFrTp8tyTXhG
+
 greenlenspro.com {
  encode zstd gzip
  @storage path /storage /storage/*
  handle @storage {
    uri strip_prefix /storage
    reverse_proxy minio:9000
  }
  @api path /api /api/* /auth /auth/* /v1 /v1/* /health /plants /plants/*
  handle @api {
    reverse_proxy api:3000
  }
  handle {
    reverse_proxy landing:3000
  }
 }
--- a/caddy/Dockerfile.caddy
+++ b/caddy/Dockerfile.caddy
@@ -0,0 +1,13 @@
 # Dockerfile.caddy
 ARG CADDY_VERSION=2.9.1
 FROM caddy:${CADDY_VERSION}-builder AS builder
 # Caddy in exakt dieser Version + Plugins bauen
 RUN xcaddy build ${CADDY_VERSION} \
  --with github.com/caddy-dns/cloudflare \
  --with github.com/caddyserver/replace-response
 FROM caddy:${CADDY_VERSION}
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy
 RUN mkdir -p /var/log/caddy
--- a/caddy/docker-compose.yml
+++ b/caddy/docker-compose.yml
@@ -1,11 +1,13 @@
 version: '3.7'
 services:
  caddy:
    image: custom-caddy:2.9.1-rr1
    container_name: caddy
-    image: iarekylew00t/caddy-cloudflare:latest
+    build:
      context: .
      dockerfile: Dockerfile.caddy
    restart: unless-stopped
    ports:
-      # - "80:80"
+      - "80:80"
      - "443:443"
    extra_hosts:
      - 'host.docker.internal:host-gateway'
@@ -13,16 +15,26 @@ services:
      - bizmatch
      - keycloak
      - gitea
      - mail_network
      - greenlens_net
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - $PWD/email_autodiscover:/etc/caddy/email_autodiscover
      - $PWD/email.mobileconfig.tpl:/etc/caddy/email.mobileconfig.tpl
      - $PWD/email-setup:/var/www/email-setup
      - caddy_data:/data
      - caddy_config:/config
-      #- /home/aknuth/git/bizmatch/dist/bizmatch/browser:/srv
+      - /home/aknuth/git/bizmatch-project/bizmatch/dist/bizmatch/browser:/home/aknuth/git/bizmatch-project/bizmatch/dist/bizmatch/browser
-      - /home/aknuth/git/bizmatch-project/bizmatch/dist/bizmatch/browser:/srv
+      - /home/aknuth/git/bizmatch-project-prod/bizmatch/dist/bizmatch/browser:/home/aknuth/git/bizmatch-project-prod/bizmatch/dist/bizmatch/browser
      - /home/aknuth/git/bizmatch-project/bizmatch-server/pictures:/home/aknuth/git/bizmatch-project/bizmatch-server/pictures
      - /home/aknuth/git/bizmatch-project-prod/bizmatch-server/pictures:/home/aknuth/git/bizmatch-project-prod/bizmatch-server/pictures
      - /home/aknuth/git/annaville-sda-site/dist:/home/aknuth/git/annaville-sda-site/dist:ro  # ← DAS FEHLT!
      - /home/aknuth/git/bay-area-affiliates/dist/bay-area-affiliates/browser:/app
      - /home/aknuth/log/caddy:/var/log/caddy
      - /home/aknuth/git/config-email/frontend/dist:/home/aknuth/git/config-email/frontend/dist:ro
    environment:
-      - CLOUDFLARE_API_TOKEN=q1P7J3uqS96FGj_iiX2mI8y1ulTaIFrTp8tyTXhG
+      - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
 networks:
  bizmatch:
@@ -31,6 +43,10 @@ networks:
    external: true
  gitea:
    external: true
  mail_network:
    external: true
  greenlens_net:
    external: true    
 volumes:
  caddy_data:
--- a/caddy/email-setup/autodiscover.xml
+++ b/caddy/email-setup/autodiscover.xml
@@ -0,0 +1,29 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>IMAP</Type>
        <Server>mail.email-srvr.com</Server>
        <Port>993</Port>
        <DomainRequired>off</DomainRequired>
        <LoginName></LoginName>
        <SPA>off</SPA>
        <SSL>on</SSL>
        <AuthRequired>on</AuthRequired>
      </Protocol>
      <Protocol>
        <Type>SMTP</Type>
        <Server>mail.email-srvr.com</Server>
        <Port>465</Port>
        <DomainRequired>off</DomainRequired>
        <LoginName></LoginName>
        <SPA>off</SPA>
        <SSL>on</SSL>
        <AuthRequired>on</AuthRequired>
      </Protocol>
    </Account>
  </Response>
 </Autodiscover>
--- a/caddy/email-setup/logo.png
+++ b/caddy/email-setup/logo.png
--- a/caddy/email-setup/setup.html
+++ b/caddy/email-setup/setup.html
@@ -0,0 +1,122 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Email Setup</title>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js"></script>
    <style>
        body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif; background: #f2f2f7; display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; padding: 20px; box-sizing: border-box; }
        .card { background: white; padding: 2.5rem; border-radius: 24px; box-shadow: 0 12px 30px rgba(0,0,0,0.1); width: 100%; max-width: 420px; text-align: center; transition: all 0.3s ease; }
        .logo { width: 80px; height: 80px; margin-bottom: 1.5rem; }
        h1 { margin: 0 0 1rem 0; color: #1a1a1a; font-size: 1.8rem; }
        p { color: #666; line-height: 1.5; margin-bottom: 2rem; }
        /* Input Section */
        #input-section { transition: opacity 0.3s ease; }
        input { width: 100%; padding: 16px; margin-bottom: 16px; border: 2px solid #eee; border-radius: 14px; font-size: 16px; box-sizing: border-box; transition: border-color 0.2s; outline: none; }
        input:focus { border-color: #007AFF; }
        button { width: 100%; padding: 16px; background: #007AFF; color: white; border: none; border-radius: 14px; font-size: 18px; font-weight: 600; cursor: pointer; transition: background 0.2s, transform 0.1s; }
        button:hover { background: #0062cc; }
        button:active { transform: scale(0.98); }
        /* QR Section (initially hidden) */
        #qr-section { display: none; opacity: 0; transition: opacity 0.5s ease; }
        #qrcode { margin: 2rem auto; padding: 15px; background: white; border-radius: 16px; box-shadow: 0 4px 12px rgba(0,0,0,0.08); display: inline-block; }
        #qrcode img { margin: auto; } /* Centers the generated QR code */
        .hint { font-size: 0.9rem; color: #888; margin-top: 1.5rem; }
        .hint strong { color: #333; }
        .error { color: #d32f2f; background: #fde8e8; padding: 10px; border-radius: 8px; font-size: 0.9rem; display: none; margin-bottom: 16px; }
        .back-btn { background: transparent; color: #007AFF; margin-top: 1rem; font-size: 16px; }
        .back-btn:hover { background: #f0f8ff; }
    </style>
 </head>
 <body>
 <div class="card">
    <img src="/logo.png" alt="Logo" class="logo">
    <div id="input-section">
        <h1>Email Setup</h1>
        <p>Enter your email address to automatically configure your iPhone or iPad.</p>
        <div id="error-msg" class="error">Please enter a valid email address.</div>
        <input type="email" id="email" placeholder="name@company.com" required autocomplete="email">
        <button onclick="generateQR()">Generate QR Code</button>
    </div>
    <div id="qr-section">
        <h1>Scan me!</h1>
        <p>Open the <strong>Camera app</strong> on your iPhone and point it at this code.</p>
        <div id="qrcode"></div>
        <p class="hint">
            Tap the banner that appears at the top.<br>
            Click <strong>"Allow"</strong> and then go to <strong>Settings</strong> to install the profile.
        </p>
        <button class="back-btn" onclick="resetForm()">Back</button>
    </div>
 </div>
 <script>
    const inputSection = document.getElementById('input-section');
    const qrSection = document.getElementById('qr-section');
    const emailInput = document.getElementById('email');
    const errorMsg = document.getElementById('error-msg');
    let qrcode = null;
    function generateQR() {
        const email = emailInput.value.trim();
        if (!email || !email.includes('@') || email.split('@')[1].length < 3) {
            errorMsg.style.display = 'block';
            emailInput.focus();
            return;
        }
        errorMsg.style.display = 'none';
        const domain = email.split('@')[1];
        // The magic link
        const targetUrl = `https://autodiscover.${domain}/apple?email=${email}`;
        // Hide input, show QR
        inputSection.style.display = 'none';
        qrSection.style.display = 'block';
        setTimeout(() => qrSection.style.opacity = '1', 50);
        // Generate (or update) QR Code
        if (qrcode === null) {
            qrcode = new QRCode(document.getElementById("qrcode"), {
                text: targetUrl,
                width: 200,
                height: 200,
                colorDark : "#000000",
                colorLight : "#ffffff",
                correctLevel : QRCode.CorrectLevel.H
            });
        } else {
            qrcode.clear();
            qrcode.makeCode(targetUrl);
        }
    }
    function resetForm() {
        qrSection.style.opacity = '0';
        setTimeout(() => {
            qrSection.style.display = 'none';
            inputSection.style.display = 'block';
            emailInput.value = '';
            emailInput.focus();
        }, 300);
    }
    emailInput.addEventListener("keypress", function(event) {
        if (event.key === "Enter") generateQR();
    });
 </script>
 </body>
 </html>
--- a/caddy/email.mobileconfig.tpl
+++ b/caddy/email.mobileconfig.tpl
@@ -0,0 +1,67 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>EmailAccountDescription</key>
            <string>{{.Req.URL.Query.Get "email"}}</string>
            <key>EmailAccountName</key>
            <string>{{.Req.URL.Query.Get "email"}}</string>
            <key>EmailAccountType</key>
            <string>EmailTypeIMAP</string>
            <key>EmailAddress</key>
            <string>{{.Req.URL.Query.Get "email"}}</string>
            <key>IncomingMailServerAuthentication</key>
            <string>EmailAuthPassword</string>
            <key>IncomingMailServerHostName</key>
            <string>mail.email-srvr.com</string>
            <key>IncomingMailServerPortNumber</key>
            <integer>993</integer>
            <key>IncomingMailServerUseSSL</key>
            <true/>
            <key>IncomingMailServerUsername</key>
            <string>{{.Req.URL.Query.Get "email"}}</string>
            <key>OutgoingMailServerAuthentication</key>
            <string>EmailAuthPassword</string>
            <key>OutgoingMailServerHostName</key>
            <string>mail.email-srvr.com</string>
            <key>OutgoingMailServerPortNumber</key>
            <integer>465</integer>
            <key>OutgoingMailServerUseSSL</key>
            <true/>
            <key>OutgoingMailServerUsername</key>
            <string>{{.Req.URL.Query.Get "email"}}</string>
            <key>PayloadDescription</key>
            <string>E-Mail Konfiguration für {{.Req.URL.Query.Get "email"}}</string>
            <key>PayloadDisplayName</key>
            <string>{{.Req.URL.Query.Get "email"}}</string>
            <key>PayloadIdentifier</key>
            <string>com.email-srvr.profile.{{.Req.URL.Query.Get "email"}}</string>
            <key>PayloadType</key>
            <string>com.apple.mail.managed</string>
            <key>PayloadUUID</key>
            <string>{{uuidv4}}</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Automatische E-Mail Einrichtung für {{.Req.URL.Query.Get "email"}}</string>
    <key>PayloadDisplayName</key>
    <string>E-Mail Einstellungen</string>
    <key>PayloadIdentifier</key>
    <string>com.email-srvr.profile.root</string>
    <key>PayloadOrganization</key>
    <string>IT Support</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>{{uuidv4}}</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
 </dict>
 </plist>
--- a/caddy/email_autodiscover
+++ b/caddy/email_autodiscover
@@ -0,0 +1,97 @@
 (email_settings) {
    # 1. Autodiscover für Outlook
    route /autodiscover/autodiscover.xml {
        header Content-Type "application/xml"
        # Wir nutzen {header.X-Anchormailbox} um die Email dynamisch einzufügen
        respond `<?xml version="1.0" encoding="utf-8"?>
 <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>IMAP</Type>
        <Server>mail.email-srvr.com</Server>
        <Port>993</Port>
        <DomainRequired>on</DomainRequired>
        <LoginName>{header.X-Anchormailbox}</LoginName>
        <SPA>off</SPA>
        <SSL>on</SSL>
        <AuthRequired>on</AuthRequired>
      </Protocol>
      <Protocol>
        <Type>POP3</Type>
        <Server>mail.email-srvr.com</Server>
        <Port>995</Port>
        <DomainRequired>on</DomainRequired>
        <LoginName>{header.X-Anchormailbox}</LoginName>
        <SPA>off</SPA>
        <SSL>on</SSL>
        <AuthRequired>on</AuthRequired>
      </Protocol>      
      <Protocol>
        <Type>SMTP</Type>
        <Server>mail.email-srvr.com</Server>
        <Port>465</Port>
        <DomainRequired>on</DomainRequired>
        <LoginName>{header.X-Anchormailbox}</LoginName>
        <SPA>off</SPA>
        <SSL>on</SSL>
        <AuthRequired>on</AuthRequired>
      </Protocol>
    </Account>
  </Response>
 </Autodiscover>` 200
    }
    # 2. JSON Autodiscover (Modern Outlook) - bleibt gleich
    route /autodiscover/autodiscover.json {
        header Content-Type "application/json"
        respond `{
            "Protocol": "AutodiscoverV1",
            "Url": "https://autodiscover.bayarea-cc.com/autodiscover/autodiscover.xml"
        }` 200
    }
    # 3. Thunderbird Autoconfig - bleibt gleich (dort funktioniert %EMAILADDRESS% ja nativ)
    route /mail/config-v1.1.xml {
        header Content-Type "application/xml"
        respond `<?xml version="1.0"?>
 <clientConfig version="1.1">
  <emailProvider id="email-srvr.com">
    <displayName>Rackspace Email</displayName>
    <incomingServer type="imap">
      <hostname>mail.email-srvr.com</hostname>
      <port>993</port>
      <socketType>SSL</socketType>
      <authentication>password-cleartext</authentication>
      <username>%EMAILADDRESS%</username>
    </incomingServer>
    <outgoingServer type="smtp">
      <hostname>mail.email-srvr.com</hostname>
      <port>465</port>
      <socketType>SSL</socketType>
      <authentication>password-cleartext</authentication>
      <username>%EMAILADDRESS%</username>
    </outgoingServer>
  </emailProvider>
 </clientConfig>` 200
    }
    # NEU: Apple MobileConfig Route
    # Aufrufbar über: /apple?email=kunde@domain.de
    route /apple {
        # KORREKTUR: Wir müssen Caddy sagen, dass er diesen MIME-Type bearbeiten soll!
        templates {
            mime "application/x-apple-aspen-config"
        }
        # Den richtigen MIME-Type setzen
        header Content-Type "application/x-apple-aspen-config; charset=utf-8"
        # Pfad zur Datei im Container
        root * /etc/caddy
        rewrite * /email.mobileconfig.tpl
        file_server
    }
 }
--- a/certbot/docker-compose.yml
+++ b/certbot/docker-compose.yml
@@ -0,0 +1,10 @@
 services:
  certbot:
    image: certbot/dns-cloudflare
    volumes:
      - ./letsencrypt:/etc/letsencrypt
      - ./cloudflare:/cloudflare
    environment:
      - DOMAIN=${DOMAIN:-mail.haiky.app}
      - EMAIL=${EMAIL:-deine-email@example.com}
    command: certonly --dns-cloudflare --dns-cloudflare-credentials /cloudflare/cloudflare.ini --email ${EMAIL:-deine-email@example.com} --agree-tos --no-eff-email -d ${DOMAIN:-mail.haiky.app}
--- a/certbot/get-certificate.sh
+++ b/certbot/get-certificate.sh
@@ -0,0 +1,11 @@
 #!/bin/bash
 DOMAIN=${1:-mail.haiky.app}
 EMAIL=${2:-deine-email@example.com}
 echo "Generiere Zertifikat für $DOMAIN mit E-Mail $EMAIL"
 docker compose run --rm certbot certonly --dns-cloudflare --dns-cloudflare-credentials /cloudflare/cloudflare.ini --email "$EMAIL" --agree-tos --no-eff-email -d "$DOMAIN"
 echo "Ändere Berechtigungen der generierten Zertifikate"
 sudo chown -R $(id -u):$(id -g) ./letsencrypt
 echo "Fertig! Zertifikate wurden in ./letsencrypt/live/$DOMAIN/ gespeichert"
--- a/dovecot/awsdomain.sh
+++ b/dovecot/awsdomain.sh
@@ -0,0 +1,209 @@
 #!/bin/bash
 # awsdomain.sh - Konfiguriert Cloudflare mit den Amazon SES Angaben
 if [ -z "$DOMAIN_NAME" ]; then
  echo "Fehler: DOMAIN_NAME ist nicht gesetzt."
  echo "Bitte setzen Sie die Variable mit: export DOMAIN_NAME='IhreDomain.de'"
  exit 1  # Skript mit Fehlercode beenden
 fi
 AWS_REGION="us-east-2"
 EMAIL_PREFIX="emails/"
 S3_BUCKET_NAME=$(echo "$DOMAIN_NAME" | tr '.' '-' | awk '{print $0 "-emails"}')
 # Ersetzen Sie alle Punkte durch Bindestriche und erstellen Sie den RULE_NAME
 RULE_NAME="store-$(echo "$DOMAIN_NAME" | tr '.' '-')-to-s3"
 # ------------------------
 # S3 Bucket erstellen
 # ------------------------
 echo "S3 Bucket erstellen..."
 aws s3api create-bucket \
  --bucket ${S3_BUCKET_NAME} \
  --region ${AWS_REGION} \
  --create-bucket-configuration LocationConstraint=${AWS_REGION}
 # Öffentlichen Zugriff blockieren
 aws s3api put-public-access-block \
  --bucket ${S3_BUCKET_NAME} \
  --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
 # Lebenszyklus-Konfiguration hinzufügen
 aws s3api put-bucket-lifecycle-configuration \
  --bucket ${S3_BUCKET_NAME} \
  --lifecycle-configuration '{
    "Rules": [
      {
        "ID": "DeleteOldEmails",
        "Status": "Enabled",
        "Expiration": {
          "Days": 90
        },
        "Filter": {
          "Prefix": ""
        }
      }
    ]
  }'
 echo "S3 Bucket Policy hinzufügen..."
 aws s3api put-bucket-policy \
  --bucket ${S3_BUCKET_NAME} \
  --policy '{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "ses.amazonaws.com"
        },
        "Action": [
          "s3:PutObject",
          "s3:GetBucketLocation",
          "s3:ListBucket"
        ],
        "Resource": [
          "arn:aws:s3:::'${S3_BUCKET_NAME}'",
          "arn:aws:s3:::'${S3_BUCKET_NAME}'/*"
        ]
      }
    ]
  }'
 # ------------------------  
 # SES Domain-Identität erstellen
 # ------------------------
 echo "SES Domain-Identität erstellen..."
 aws sesv2 create-email-identity \
  --email-identity ${DOMAIN_NAME} \
  --region ${AWS_REGION}
 # DKIM-Signierung aktivieren
 aws sesv2 put-email-identity-dkim-attributes \
  --email-identity ${DOMAIN_NAME} \
  --signing-enabled \
  --region ${AWS_REGION}
 # Mail-From-Domain konfigurieren
 aws sesv2 put-email-identity-mail-from-attributes \
  --email-identity ${DOMAIN_NAME} \
  --mail-from-domain "mail.${DOMAIN_NAME}" \
  --behavior-on-mx-failure USE_DEFAULT_VALUE \
  --region ${AWS_REGION}
 # 3. Receipt Rule Set erstellen
 echo "Receipt Rule for bizmatch ruleset erstellen..."
 aws ses create-receipt-rule --rule-set-name "bizmatch-ruleset" --rule '{
  "Name": "'"${RULE_NAME}"'",
  "Enabled": true,
  "ScanEnabled": true,
  "Actions": [{
    "S3Action": {
      "BucketName": "'"${S3_BUCKET_NAME}"'",
      "ObjectKeyPrefix": "emails/"
    }
  }],
  "TlsPolicy": "Require"
 }'
 # --------------------------
 # IAM-User erstellen
 # -------------------------
 USER_NAME="${DOMAIN_NAME//./-}-ses-user"  # Ersetzt Punkte durch Bindestriche für validen IAM-Username
 NODE_SCRIPT_PATH="./generate_ses_smtp_password.js" 
 # Prüfen, ob das Node.js-Script existiert
 if [ ! -f "$NODE_SCRIPT_PATH" ]; then
    echo "Fehler: Das Node.js-Script '$NODE_SCRIPT_PATH' wurde nicht gefunden."
    echo "Bitte stelle sicher, dass das Script im angegebenen Pfad existiert."
    exit 1
 fi
 echo "Erstelle IAM-User: $USER_NAME"
 aws iam create-user --user-name $USER_NAME
 # 2. Policy-Dokument für SES-Vollzugriff erstellen
 POLICY_NAME="${USER_NAME}-SendRawEmailPolicy"
 POLICY_DOCUMENT='{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ses:SendRawEmail",
            "Resource": "*"
        }
    ]
 }'
 echo "Erstelle benutzerdefinierte Policy für SES SendRawEmail"
 POLICY_ARN=$(aws iam create-policy \
  --policy-name $POLICY_NAME \
  --policy-document "$POLICY_DOCUMENT" \
  --query 'Policy.Arn' \
  --output text)
 echo "Hänge Policy an: $POLICY_ARN"
 aws iam attach-user-policy \
  --user-name $USER_NAME \
  --policy-arn $POLICY_ARN
 # 4. Access Key und Secret Key für den User erstellen
 echo "Erstelle Access Key für den User: $USER_NAME"
 KEY_OUTPUT=$(aws iam create-access-key --user-name $USER_NAME)
 # 5. Keys ausgeben (am besten in eine sichere Datei speichern)
 echo "Zugriffsschlüssel wurden erstellt. Bitte sicher aufbewahren:"
 echo "$KEY_OUTPUT" | jq .
 # Optional: Keys in separaten Variablen speichern für weitere Verwendung
 ACCESS_KEY=$(echo "$KEY_OUTPUT" | jq -r .AccessKey.AccessKeyId)
 SECRET_KEY=$(echo "$KEY_OUTPUT" | jq -r .AccessKey.SecretAccessKey)
 echo "ACCESS_KEY: $ACCESS_KEY"
 echo "SECRET_KEY: $SECRET_KEY"
 echo "WICHTIG: Speichere den Secret Key jetzt, da er später nicht mehr abgerufen werden kann!"
 # --------------------------
 # SMTP Passwort generieren
 # --------------------------
 echo -e "\nGeneriere SMTP-Passwort für Region $AWS_REGION..."
 # Führe das Node.js-Script aus, um das SMTP-Passwort zu generieren
 SMTP_PASSWORD=$(node "$NODE_SCRIPT_PATH" "$SECRET_KEY" "$AWS_REGION")
 # Prüfen, ob die Ausführung erfolgreich war
 if [ $? -ne 0 ]; then
    echo "Fehler bei der Generierung des SMTP-Passworts. Bitte überprüfe das Node.js-Script."
    exit 1
 fi
 # SMTP-Benutzername ist der Access Key
 SMTP_USERNAME="$ACCESS_KEY"
 # Ausgabe der SMTP-Anmeldeinformationen
 echo -e "\nSMTP-Anmeldeinformationen für Amazon SES in Region $AWS_REGION:"
 echo "--------------------------------------------------------------"
 echo "SMTP-Server: email-smtp.$AWS_REGION.amazonaws.com"
 echo "SMTP-Port: 587 (TLS) oder 465 (SSL)"
 echo "SMTP-Benutzername: $SMTP_USERNAME"
 echo "SMTP-Passwort: $SMTP_PASSWORD"
 # Speichere die Anmeldeinformationen in einer Datei
 echo -e "\nSpeichere SMTP-Anmeldeinformationen in ses_smtp_credentials.txt"
 cat > "ses_smtp_credentials.txt" << EOF
 SMTP-Server: email-smtp.$AWS_REGION.amazonaws.com
 SMTP-Port: 587 (TLS) oder 465 (SSL)
 SMTP-Benutzername: $SMTP_USERNAME
 SMTP-Passwort: $SMTP_PASSWORD
 EOF
 # Hinweise für die weitere Konfiguration
 echo -e "\nHinweise:"
 echo "1. Stellen Sie sicher, dass Ihre Domains in Amazon SES verifiziert sind."
 echo "2. Bei Bedarf beantragen Sie die Aufhebung der SES-Sandbox-Einschränkungen."
 echo "3. Für SMTP-Anwendungen verwenden Sie die SMTP-Anmeldeinformationen (nicht die IAM-Zugangsdaten)."
 # Format für .env-Datei
 echo -e "\nFür .env-Datei:"
 echo "AWS_SES_SMTP_USERNAME=$SMTP_USERNAME"
 echo "AWS_SES_SMTP_PASSWORD=$SMTP_PASSWORD"
 echo "AWS_SES_SMTP_HOST=email-smtp.$AWS_REGION.amazonaws.com"
 echo "AWS_SES_SMTP_PORT=587"
--- a/dovecot/awsiam.sh
+++ b/dovecot/awsiam.sh
@@ -0,0 +1,127 @@
 #!/bin/bash
 # awsiam.sh - Erstellt einen IAM-Benutzer für Amazon SES mit SMTP-Zugangsdaten
 # Überprüfen, ob die Domain-Variable gesetzt ist
 if [ -z "$DOMAIN_NAME" ]; then
  echo "Fehler: DOMAIN_NAME ist nicht gesetzt."
  echo "Bitte setzen Sie die Variable mit: export DOMAIN_NAME='IhreDomain.de'"
  exit 1
 fi
 # Konfiguration
 AWS_REGION=${AWS_REGION:-"us-east-2"}
 USER_NAME="${DOMAIN_NAME//./-}-ses-user"  # Ersetzt Punkte durch Bindestriche für validen IAM-Username
 NODE_SCRIPT_PATH="./generate_ses_smtp_password.js"
 OUTPUT_FILE="${DOMAIN_NAME//./_}_ses_credentials.txt"  # Sichere Dateibenennung
 # Prüfen, ob das Node.js-Script existiert
 if [ ! -f "$NODE_SCRIPT_PATH" ]; then
    echo "Fehler: Das Node.js-Script '$NODE_SCRIPT_PATH' wurde nicht gefunden."
    echo "Bitte stelle sicher, dass das Script im angegebenen Pfad existiert."
    exit 1
 fi
 echo "=== IAM-Benutzer für SES SMTP-Zugang erstellen ==="
 echo "Domain: $DOMAIN_NAME"
 echo "Region: $AWS_REGION"
 echo "IAM-Benutzername: $USER_NAME"
 # --------------------------
 # IAM-User erstellen
 # --------------------------
 echo "Erstelle IAM-User: $USER_NAME"
 aws iam create-user --user-name $USER_NAME
 # Benutzerdefinierte Policy für SES-Sendeberechtigungen erstellen
 POLICY_NAME="${USER_NAME}-SendRawEmailPolicy"
 POLICY_DOCUMENT='{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ses:SendRawEmail",
            "Resource": "*"
        }
    ]
 }'
 echo "Erstelle benutzerdefinierte Policy für SES SendRawEmail"
 POLICY_ARN=$(aws iam create-policy \
  --policy-name $POLICY_NAME \
  --policy-document "$POLICY_DOCUMENT" \
  --query 'Policy.Arn' \
  --output text)
 echo "Hänge Policy an: $POLICY_ARN"
 aws iam attach-user-policy \
  --user-name $USER_NAME \
  --policy-arn $POLICY_ARN
 # Access Key und Secret Key für den User erstellen
 echo "Erstelle Access Key für den User: $USER_NAME"
 KEY_OUTPUT=$(aws iam create-access-key --user-name $USER_NAME)
 # Keys ausgeben und in Variablen speichern
 echo "Zugriffsschlüssel wurden erstellt. Bitte sicher aufbewahren:"
 echo "$KEY_OUTPUT" | jq .
 ACCESS_KEY=$(echo "$KEY_OUTPUT" | jq -r .AccessKey.AccessKeyId)
 SECRET_KEY=$(echo "$KEY_OUTPUT" | jq -r .AccessKey.SecretAccessKey)
 echo "ACCESS_KEY: $ACCESS_KEY"
 echo "SECRET_KEY: $SECRET_KEY"
 echo "WICHTIG: Speichere den Secret Key jetzt, da er später nicht mehr abgerufen werden kann!"
 # --------------------------
 # SMTP Passwort generieren
 # --------------------------
 echo -e "\nGeneriere SMTP-Passwort für Region $AWS_REGION..."
 # Führe das Node.js-Script aus, um das SMTP-Passwort zu generieren
 SMTP_PASSWORD=$(node "$NODE_SCRIPT_PATH" "$SECRET_KEY" "$AWS_REGION")
 # Prüfen, ob die Ausführung erfolgreich war
 if [ $? -ne 0 ]; then
    echo "Fehler bei der Generierung des SMTP-Passworts. Bitte überprüfe das Node.js-Script."
    exit 1
 fi
 # SMTP-Benutzername ist der Access Key
 SMTP_USERNAME="$ACCESS_KEY"
 # Ausgabe der SMTP-Anmeldeinformationen
 echo -e "\nSMTP-Anmeldeinformationen für Amazon SES in Region $AWS_REGION:"
 echo "--------------------------------------------------------------"
 echo "SMTP-Server: email-smtp.$AWS_REGION.amazonaws.com"
 echo "SMTP-Port: 587 (TLS) oder 465 (SSL)"
 echo "SMTP-Benutzername: $SMTP_USERNAME"
 echo "SMTP-Passwort: $SMTP_PASSWORD"
 # Speichere die Anmeldeinformationen in einer Datei
 echo -e "\nSpeichere SMTP-Anmeldeinformationen in $OUTPUT_FILE"
 cat > "$OUTPUT_FILE" << EOF
 DOMAIN_NAME: $DOMAIN_NAME
 SMTP-Server: email-smtp.$AWS_REGION.amazonaws.com
 SMTP-Port: 587 (TLS) oder 465 (SSL)
 SMTP-Benutzername: $SMTP_USERNAME
 SMTP-Passwort: $SMTP_PASSWORD
 IAM-Benutzer: $USER_NAME
 Access Key ID: $ACCESS_KEY
 Secret Access Key: $SECRET_KEY
 EOF
 chmod 600 "$OUTPUT_FILE"  # Nur für den Besitzer lesbar machen
 # Format für .env-Datei
 echo -e "\nFür .env-Datei:"
 echo "AWS_SES_SMTP_USERNAME=$SMTP_USERNAME"
 echo "AWS_SES_SMTP_PASSWORD=$SMTP_PASSWORD"
 echo "AWS_SES_SMTP_HOST=email-smtp.$AWS_REGION.amazonaws.com"
 echo "AWS_SES_SMTP_PORT=587"
 echo -e "\nHinweise:"
 echo "1. Die SMTP-Anmeldeinformationen wurden in $OUTPUT_FILE gespeichert."
 echo "2. Verwenden Sie diese SMTP-Anmeldeinformationen in Ihrer E-Mail-Anwendung oder Ihrem E-Mail-Server."
 echo "3. Der IAM-Benutzer hat nur die Berechtigung, E-Mails über SES zu senden."
--- a/dovecot/awss3.sh
+++ b/dovecot/awss3.sh
@@ -0,0 +1,85 @@
 #!/bin/bash
 # awss3.sh - Erstellt einen S3-Bucket für Amazon SES E-Mail-Speicherung
 # Überprüfen, ob die Domain-Variable gesetzt ist
 if [ -z "$DOMAIN_NAME" ]; then
  echo "Fehler: DOMAIN_NAME ist nicht gesetzt."
  echo "Bitte setzen Sie die Variable mit: export DOMAIN_NAME='IhreDomain.de'"
  exit 1
 fi
 # Konfiguration
 AWS_REGION=${AWS_REGION:-"us-east-2"}
 EMAIL_PREFIX=${EMAIL_PREFIX:-"emails/"}
 S3_BUCKET_NAME=$(echo "$DOMAIN_NAME" | tr '.' '-' | awk '{print $0 "-emails"}')
 echo "=== S3 Bucket Configuration für $DOMAIN_NAME ==="
 echo "Region: $AWS_REGION"
 echo "Bucket-Name: $S3_BUCKET_NAME"
 echo "E-Mail-Präfix: $EMAIL_PREFIX"
 # ------------------------
 # S3 Bucket erstellen
 # ------------------------
 echo "S3 Bucket erstellen..."
 aws s3api create-bucket \
  --bucket ${S3_BUCKET_NAME} \
  --region ${AWS_REGION} \
  --create-bucket-configuration LocationConstraint=${AWS_REGION}
 # Öffentlichen Zugriff blockieren
 echo "Öffentlichen Zugriff blockieren..."
 aws s3api put-public-access-block \
  --bucket ${S3_BUCKET_NAME} \
  --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
 # Lebenszyklus-Konfiguration hinzufügen
 echo "Lebenszyklus-Konfiguration hinzufügen (E-Mails werden nach 90 Tagen gelöscht)..."
 aws s3api put-bucket-lifecycle-configuration \
  --bucket ${S3_BUCKET_NAME} \
  --lifecycle-configuration '{
    "Rules": [
      {
        "ID": "DeleteOldEmails",
        "Status": "Enabled",
        "Expiration": {
          "Days": 90
        },
        "Filter": {
          "Prefix": ""
        }
      }
    ]
  }'
 echo "S3 Bucket Policy hinzufügen für SES-Zugriff..."
 aws s3api put-bucket-policy \
  --bucket ${S3_BUCKET_NAME} \
  --policy '{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "ses.amazonaws.com"
        },
        "Action": [
          "s3:PutObject",
          "s3:GetBucketLocation",
          "s3:ListBucket"
        ],
        "Resource": [
          "arn:aws:s3:::'${S3_BUCKET_NAME}'",
          "arn:aws:s3:::'${S3_BUCKET_NAME}'/*"
        ]
      }
    ]
  }'
 echo "S3 Bucket $S3_BUCKET_NAME wurde erfolgreich erstellt und konfiguriert."
 echo "Bucket-ARN: arn:aws:s3:::$S3_BUCKET_NAME"
 # Exportiere Variablen für andere Scripte
 echo
 echo "Für die Verwendung in den anderen Scripten setzen Sie:"
 echo "export S3_BUCKET_NAME=$S3_BUCKET_NAME"
--- a/dovecot/awsses.sh
+++ b/dovecot/awsses.sh
@@ -0,0 +1,155 @@
 #!/bin/bash
 # awsses.sh - Konfiguriert Amazon SES für eine Domain und erstellt eine Receipt Rule
 # Überprüfen, ob die Domain-Variable gesetzt ist
 if [ -z "$DOMAIN_NAME" ]; then
  echo "Fehler: DOMAIN_NAME ist nicht gesetzt."
  echo "Bitte setzen Sie die Variable mit: export DOMAIN_NAME='IhreDomain.de'"
  exit 1
 fi
 # Überprüfen, ob S3_BUCKET_NAME gesetzt ist
 if [ -z "$S3_BUCKET_NAME" ]; then
  echo "Warnung: S3_BUCKET_NAME ist nicht gesetzt."
  echo "Wird automatisch aus DOMAIN_NAME generiert, verwenden Sie idealerweise zuerst awss3.sh."
  S3_BUCKET_NAME=$(echo "$DOMAIN_NAME" | tr '.' '-' | awk '{print $0 "-emails"}')
  echo "Generierter Bucket-Name: $S3_BUCKET_NAME"
 fi
 # Konfiguration
 AWS_REGION=${AWS_REGION:-"us-east-2"}
 EMAIL_PREFIX=${EMAIL_PREFIX:-""}
 RULE_NAME="store-$(echo "$DOMAIN_NAME" | tr '.' '-')-to-s3"
 echo "=== SES Konfiguration für $DOMAIN_NAME ==="
 echo "Region: $AWS_REGION"
 echo "S3 Bucket: $S3_BUCKET_NAME"
 echo "Receipt Rule Name: $RULE_NAME"
 # ------------------------  
 # SES Domain-Identität erstellen
 # ------------------------
 echo "SES Domain-Identität erstellen..."
 IDENTITY_RESULT=$(aws sesv2 create-email-identity \
  --email-identity ${DOMAIN_NAME} \
  --region ${AWS_REGION})
 echo "Identity erstellt. Überprüfen Sie die DNS-Einträge für die Domain-Verifizierung."
 echo "$IDENTITY_RESULT" | jq .
 # DKIM-Signierung aktivieren
 echo "DKIM-Signierung aktivieren..."
 aws sesv2 put-email-identity-dkim-attributes \
  --email-identity ${DOMAIN_NAME} \
  --signing-enabled \
  --region ${AWS_REGION}
 # Mail-From-Domain konfigurieren
 echo "Mail-From-Domain konfigurieren..."
 aws sesv2 put-email-identity-mail-from-attributes \
  --email-identity ${DOMAIN_NAME} \
  --mail-from-domain "mail.${DOMAIN_NAME}" \
  --behavior-on-mx-failure USE_DEFAULT_VALUE \
  --region ${AWS_REGION}
 # Überprüfen, ob der Rule Set existiert, sonst erstellen
 echo "Überprüfe oder erstelle Receipt Rule Set..."
 RULESET_EXISTS=$(aws ses describe-receipt-rule-sets --region ${AWS_REGION} | jq -r '.RuleSets[] | select(.Name == "bizmatch-ruleset") | .Name')
 if [ -z "$RULESET_EXISTS" ]; then
  echo "Receipt Rule Set 'bizmatch-ruleset' existiert nicht, wird erstellt..."
  aws ses create-receipt-rule-set --rule-set-name "bizmatch-ruleset" --region ${AWS_REGION}
 else
  echo "Receipt Rule Set 'bizmatch-ruleset' existiert bereits."
 fi
 # Receipt Rule erstellen
 echo "Receipt Rule für E-Mail-Empfang erstellen..."
 aws ses create-receipt-rule --rule-set-name "bizmatch-ruleset" --rule '{
  "Name": "'"${RULE_NAME}"'",
  "Enabled": true,
  "ScanEnabled": true,
  "Actions": [{
    "S3Action": {
      "BucketName": "'"${S3_BUCKET_NAME}"'",
      "ObjectKeyPrefix": "'"${EMAIL_PREFIX}"'"
    }
  }],
  "TlsPolicy": "Require",
  "Recipients": ["'"${DOMAIN_NAME}"'"]
 }' --region ${AWS_REGION}
 # Prüfen, ob der Rule Set aktiv ist
 ACTIVE_RULESET=$(aws ses describe-active-receipt-rule-set --region ${AWS_REGION} | jq -r '.Metadata.Name')
 if [ "$ACTIVE_RULESET" != "bizmatch-ruleset" ]; then
  echo "Aktiviere Rule Set 'bizmatch-ruleset'..."
  aws ses set-active-receipt-rule-set --rule-set-name "bizmatch-ruleset" --region ${AWS_REGION}
 else
  echo "Rule Set 'bizmatch-ruleset' ist bereits aktiv."
 fi
 # ------------------------
 # Lambda-Funktion mit SES verknüpfen
 # ------------------------
 echo "Verknüpfe Lambda-Funktion 'ses-to-sqs' mit SES..."
 # Lambda ARN ermitteln
 LAMBDA_ARN=$(aws lambda get-function \
  --function-name ses-to-sqs \
  --region ${AWS_REGION} \
  --query 'Configuration.FunctionArn' \
  --output text)
 if [ -z "$LAMBDA_ARN" ]; then
  echo "FEHLER: Lambda-Funktion 'ses-to-sqs' nicht gefunden!"
  echo "Bitte zuerst Lambda-Funktion deployen."
  exit 1
 fi
 echo "Lambda ARN: $LAMBDA_ARN"
 # SES Permission für Lambda hinzufügen (falls noch nicht vorhanden)
 echo "Füge SES-Berechtigung zur Lambda-Funktion hinzu..."
 aws lambda add-permission \
  --function-name ses-to-sqs \
  --statement-id "AllowSESInvoke-${DOMAIN_NAME//./}" \
  --action "lambda:InvokeFunction" \
  --principal ses.amazonaws.com \
  --source-account $(aws sts get-caller-identity --query Account --output text) \
  --region ${AWS_REGION} 2>/dev/null || echo "Permission bereits vorhanden"
 # Receipt Rule UPDATE: Lambda Action hinzufügen
 echo "Aktualisiere Receipt Rule mit Lambda Action..."
 aws ses update-receipt-rule --rule-set-name "bizmatch-ruleset" --rule '{
  "Name": "'"${RULE_NAME}"'",
  "Enabled": true,
  "ScanEnabled": true,
  "Actions": [
    {
      "S3Action": {
        "BucketName": "'"${S3_BUCKET_NAME}"'",
        "ObjectKeyPrefix": "'"${EMAIL_PREFIX}"'"
      }
    },
    {
      "LambdaAction": {
        "FunctionArn": "'"${LAMBDA_ARN}"'",
        "InvocationType": "Event"
      }
    }
  ],
  "TlsPolicy": "Require",
  "Recipients": ["'"${DOMAIN_NAME}"'"]
 }' --region ${AWS_REGION}
 echo "✅ Lambda-Funktion erfolgreich mit SES verknüpft!"
 echo "SES-Konfiguration für $DOMAIN_NAME abgeschlossen."
 echo
 echo "WICHTIG: Überprüfen Sie die Ausgabe oben für DNS-Einträge, die Sie bei Ihrem DNS-Provider setzen müssen:"
 echo "1. DKIM-Einträge (3 CNAME-Einträge)"
 echo "2. MAIL FROM MX und TXT-Einträge"
 echo "3. SPF-Eintrag (TXT): v=spf1 include:amazonses.com ~all"
 echo
 echo "Nach dem Setzen der DNS-Einträge kann es bis zu 72 Stunden dauern, bis die Verifizierung abgeschlossen ist."
--- a/dovecot/cloudflareDns.sh
+++ b/dovecot/cloudflareDns.sh
@@ -0,0 +1,160 @@
 #!/bin/bash
 # Cloudflare API-Konfiguration
 # Setze deine API-Schlüssel und Zone-ID als Umgebungsvariablen oder ersetze sie direkt
 # CF_ZONE_ID="1b7756cee93ed8ba8c05bdc3cb0a5da8"     # Die Zone-ID deiner Domain bei Cloudflare
 AWS_REGION="us-east-2"                    # AWS-Region
 if [ -z "$DOMAIN_NAME" ]; then
  echo "Fehler: DOMAIN_NAME ist nicht gesetzt."
  echo "Bitte setzen Sie die Variable mit: export DOMAIN_NAME='IhreDomain.de'"
  exit 1  # Skript mit Fehlercode beenden
 fi
 # Überprüfen, ob der erforderliche API-Token gesetzt ist
 if [ -z "$CF_API_TOKEN" ]; then
    echo "Fehler: Bitte setze CF_API_TOKEN als Umgebungsvariable oder im Skript."
    exit 1
 fi
 # Zone ID basierend auf Domain-Namen abrufen
 echo "Zone ID für $DOMAIN_NAME abrufen..."
 ZONE_RESPONSE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$DOMAIN_NAME" \
    -H "Authorization: Bearer $CF_API_TOKEN" \
    -H "Content-Type: application/json")
 # Überprüfen, ob die Antwort erfolgreich war
 if [ "$(echo $ZONE_RESPONSE | jq -r '.success')" != "true" ]; then
    echo "Fehler beim Abrufen der Zone ID:"
    echo $ZONE_RESPONSE | jq .
    exit 1
 fi
 # Zone ID extrahieren
 CF_ZONE_ID=$(echo $ZONE_RESPONSE | jq -r '.result[0].id')
 # Überprüfen, ob eine Zone ID gefunden wurde
 if [ -z "$CF_ZONE_ID" ] || [ "$CF_ZONE_ID" = "null" ]; then
    echo "Keine Zone ID für $DOMAIN_NAME gefunden. Bitte stelle sicher, dass die Domain bei Cloudflare registriert ist."
    exit 1
 fi
 echo "Zone ID für $DOMAIN_NAME: $CF_ZONE_ID"
 # Hilfsfunktion für DNS-Einträge anlegen
 create_dns_record() {
    local TYPE=$1
    local NAME=$2
    local CONTENT=$3
    local PROXIED=$4
    local TTL=$5
    local PRIORITY=$6  # Neu: MX-Priority
    # Standardwerte für Proxied und TTL setzen, falls nicht angegeben
    if [ -z "$PROXIED" ]; then
        PROXIED="false"
    fi
    if [ -z "$TTL" ]; then
        TTL=3600  # 1 Stunde
    fi
    echo "Erstelle $TYPE-Eintrag für $NAME mit Inhalt $CONTENT..."
    # Json Payload vorbereiten abhängig vom Record-Typ
    local JSON_DATA=""
    if [ "$TYPE" = "MX" ]; then
        # Bei MX-Einträgen müssen wir die Priority separat angeben
        if [ -z "$PRIORITY" ]; then
            PRIORITY=10  # Standard-Priority, falls nicht angegeben
        fi
        JSON_DATA="{
            \"type\": \"$TYPE\",
            \"name\": \"$NAME\",
            \"content\": \"$CONTENT\",
            \"ttl\": $TTL,
            \"priority\": $PRIORITY,
            \"proxied\": $PROXIED
        }"
    elif [ "$TYPE" = "TXT" ]; then
        # Bei TXT-Einträgen müssen wir sicherstellen, dass der Inhalt in Anführungszeichen steht
        # Aber Anführungszeichen innerhalb von JSON müssen escaped werden
        # Wir entfernen zuerst alle vorhandenen Anführungszeichen und fügen sie dann korrekt hinzu
        CONTENT=$(echo "$CONTENT" | sed 's/"//g')
        JSON_DATA="{
            \"type\": \"$TYPE\",
            \"name\": \"$NAME\",
            \"content\": \"\\\"$CONTENT\\\"\",
            \"ttl\": $TTL,
            \"proxied\": $PROXIED
        }"
    else
        # Für alle anderen Record-Typen (z.B. CNAME)
        JSON_DATA="{
            \"type\": \"$TYPE\",
            \"name\": \"$NAME\",
            \"content\": \"$CONTENT\",
            \"ttl\": $TTL,
            \"proxied\": $PROXIED
        }"
    fi
    # API-Aufruf an Cloudflare
    curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/dns_records" \
        -H "Authorization: Bearer $CF_API_TOKEN" \
        -H "Content-Type: application/json" \
        --data "$JSON_DATA" | jq .
 }
 # DKIM-Einträge abrufen und bei Cloudflare eintragen
 echo "DKIM-Tokens abrufen von AWS SES..."
 DKIM_TOKENS=$(aws ses get-identity-dkim-attributes \
    --identities ${DOMAIN_NAME} \
    --region ${AWS_REGION} \
    --query "DkimAttributes.\"${DOMAIN_NAME}\".DkimTokens" \
    --output text)
 # Überprüfen, ob DKIM-Tokens abgerufen wurden
 if [ -z "$DKIM_TOKENS" ]; then
    echo "Fehler: Konnte DKIM-Tokens nicht abrufen. Ist die Domain bei AWS SES verifiziert?"
    exit 1
 fi
 # Domain-Verifizierungstoken abrufen
 VERIFICATION_TOKEN=$(aws ses get-identity-verification-attributes \
    --identities ${DOMAIN_NAME} \
    --region ${AWS_REGION} \
    --query "VerificationAttributes.\"${DOMAIN_NAME}\".VerificationToken" \
    --output text)
 # DKIM-Einträge anlegen
 echo "DKIM-Einträge anlegen bei Cloudflare..."
 for TOKEN in ${DKIM_TOKENS}; do
    create_dns_record "CNAME" "${TOKEN}._domainkey.${DOMAIN_NAME}" "${TOKEN}.dkim.amazonses.com" "false" 3600
 done
 # Domain-Verifizierungs-TXT-Eintrag anlegen
 echo "Domain-Verifizierungs-TXT-Eintrag anlegen bei Cloudflare..."
 create_dns_record "TXT" "_amazonses.${DOMAIN_NAME}" "${VERIFICATION_TOKEN}" "false" 3600
 # MX-Einträge anlegen
 echo "MX-Einträge anlegen bei Cloudflare..."
 create_dns_record "MX" "${DOMAIN_NAME}" "inbound-smtp.${AWS_REGION}.amazonaws.com" "false" 3600 10
 create_dns_record "MX" "mail.${DOMAIN_NAME}" "feedback-smtp.${AWS_REGION}.amazonses.com" "false" 3600 10
 # CNAME für mail.{Domain} anlegen
 echo "CNAME für mail.${DOMAIN_NAME} anlegen bei Cloudflare..."
 create_dns_record "CNAME" "imap.${DOMAIN_NAME}" "${DOMAIN_NAME}" "false" 3600
 # SPF-Eintrag anlegen
 echo "SPF-Eintrag anlegen bei Cloudflare..."
 create_dns_record "TXT" "mail.${DOMAIN_NAME}" "v=spf1 include:amazonses.com ~all" "false" 3600
 # DMARC-Eintrag anlegen
 echo "DMARC-Eintrag anlegen bei Cloudflare..."
 create_dns_record "TXT" "_dmarc.${DOMAIN_NAME}" "v=DMARC1; p=quarantine; pct=100; rua=mailto:postmaster@${DOMAIN_NAME}" "false" 3600
 echo "DNS-Einrichtung abgeschlossen."
 echo "Es kann bis zu 72 Stunden dauern, bis AWS SES die Domain verifiziert hat."
--- a/dovecot/config/dovecot.conf
+++ b/dovecot/config/dovecot.conf
@@ -0,0 +1,52 @@
 # Dovecot Konfiguration mit Plain-Text Passwörtern
 # Für Version 2.3.21.1
 # Protokolle aktivieren
 protocols = imap pop3
 # Logging
 log_path = /var/log/dovecot.log
 info_log_path = /var/log/dovecot-info.log
 debug_log_path = /var/log/dovecot-debug.log
 # Mail-Location
 # Für Benutzer mit @ in der E-Mail-Adresse
 mail_location = maildir:/var/mail/%d/%n
 # Authentifizierung
 auth_mechanisms = plain login
 disable_plaintext_auth = no
 # Benutzerdatenbank (passwd-datei)
 passdb {
  driver = passwd-file
  args = scheme=PLAIN username_format=%u /etc/dovecot/passwd
 }
 userdb {
  driver = passwd-file
  args = username_format=%u /etc/dovecot/passwd
 }
 # Passwort-Schema (plaintext) muss in der passdb definiert werden
 # Die globale Einstellung default_pass_scheme ist nicht verfügbar
 # Mail-Berechtigungen
 mail_uid = vmail
 mail_gid = vmail
 # SSL-Konfiguration
 ssl = yes
 ssl_cert = </etc/dovecot/ssl/imap.bizmatch.net/fullchain1.pem
 ssl_key = </etc/dovecot/ssl/imap.bizmatch.net/privkey1.pem
 # In dovecot.conf hinzufügen
 local_name imap.haiky.app {
  ssl_cert = </etc/dovecot/ssl/imap.haiky.app/fullchain1.pem
  ssl_key = </etc/dovecot/ssl/imap.haiky.app/privkey1.pem
 }
 local_name imap.andreasknuth.de {
  ssl_cert = </etc/dovecot/ssl/imap.andreasknuth.de/fullchain1.pem
  ssl_key = </etc/dovecot/ssl/imap.andreasknuth.de/privkey1.pem
 }
--- a/dovecot/config/dovecot/dovecot.conf
+++ b/dovecot/config/dovecot/dovecot.conf
@@ -0,0 +1,41 @@
 # /etc/dovecot/dovecot.conf (im Container)
 # Grundlegende Einstellungen
 protocols = imap
 listen = *, ::
 # Benutzerauthentifizierung
 auth_mechanisms = plain login
 # Plaintext-Authentifizierung erlauben
 disable_plaintext_auth = no
 passdb {
  driver = passwd-file
  args = /etc/dovecot/users
 }
 userdb {
  driver = passwd-file
  args = /etc/dovecot/users
 }
 # Mail-Speicherort
 mail_location = maildir:/var/mail/%u
 # Da wir hinter Caddy sind, können wir TLS auf Dovecot deaktivieren
 # oder nur intern auf nicht-exponierten Ports aktivieren
 ssl = no
 # Wenn Sie dennoch direkten Zugriff auf Dovecot ermöglichen möchten:
 # ssl = yes
 # ssl_cert = </etc/dovecot/ssl/fullchain.pem
 # ssl_key = </etc/dovecot/ssl/privkey.pem
 # IMAP-Konfiguration
 # protocol imap {
 #   mail_plugins = $mail_plugins
 # }
 # Logging
 log_path = /var/log/dovecot.log
 info_log_path = /var/log/dovecot-info.log
--- a/dovecot/config/dovecot/users
+++ b/dovecot/config/dovecot/users
@@ -0,0 +1,2 @@
 user1:password123
 user2:secret456
--- a/dovecot/config/dovecot24.conf
+++ b/dovecot/config/dovecot24.conf
@@ -0,0 +1,72 @@
 dovecot_config_version = 2.4.0
 dovecot_storage_version = 2.4.0
 # Dovecot 2.4.x Konfiguration
 # Protokolle (korrigiert zurück zu 'imap')
 protocols = imap pop3
 import_environment {
  USER_PASSWORD=%{env:USER_PASSWORD|default('password')}
  DOVEADM_PASSWORD=%{env:DOVEADM_PASSWORD|default('supersecret')}
 }
 # Logging (Block-Syntax)
 log_path = /var/log/dovecot.log
 info_log_path = /var/log/dovecot-info.log
 debug_log_path = /var/log/dovecot-debug.log
 # Mail-Location
 mail_driver=maildir
 mailbox_list_layout=index
 mailbox_list_utf8=yes
 mail_path=~/mail
 mail_home=/var/vmail/%{user | domain }/%{user | username }
 mail_utf8_extensions = yes
 default_internal_user = vmail
 default_login_user = vmail
 default_internal_group = vmail
 mail_uid = vmail
 mail_gid = vmail
 # Authentifizierung
 # auth_mechanisms = plain login
 # auth_allow_cleartext = yes
 # Passwd-Datenbank (mit Namen und korrekter Syntax)
 # passdb passwd-file {
 #   passdb_driver = passwd-file
 #   passdb_args = username_format=%u password_hash=plaintext /etc/dovecot/passwd
 # }
 passdb static {
  password=%{env:USER_PASSWORD}
 }
 # userdb passwd-file {
 #   userdb_driver = passwd-file
 #   userdb_args = username_format=%u uid=vmail gid=vmail /etc/dovecot/passwd
 # }
 ssl = yes
 ssl_server_cert_file = /etc/dovecot/ssl/imap.bizmatch.net/fullchain1.pem
 ssl_server_key_file = /etc/dovecot/ssl/imap.bizmatch.net/privkey1.pem
 # Mail-Berechtigungen (nicht mehr in Service-Blöcken nötig)
 # uid/gid jetzt direkt in userdb definiert
 # SSL-Einstellungen
 # ssl = yes
 # ssl_cert = </etc/dovecot/ssl/imap.bizmatch.net/fullchain1.pem
 # ssl_key = </etc/dovecot/ssl/imap.bizmatch.net/privkey1.pem
 # SNI-Konfiguration (korrigierte Syntax)
 # service imap-login {
 #   ssl_server_name = imap.haiky.app {
 #     ssl_cert = </etc/dovecot/ssl/imap.haiky.app/fullchain1.pem
 #     ssl_key = </etc/dovecot/ssl/imap.haiky.app/privkey1.pem
 #   }
 #   ssl_server_name = imap.andreasknuth.de {
 #     ssl_cert = </etc/dovecot/ssl/imap.andreasknuth.de/fullchain1.pem
 #     ssl_key = </etc/dovecot/ssl/imap.andreasknuth.de/privkey1.pem
 #   }
 # }
--- a/dovecot/config/dovecot241.conf
+++ b/dovecot/config/dovecot241.conf
@@ -0,0 +1,233 @@
 dovecot_config_version = 2.4.0
 dovecot_storage_version = 2.4.0
 base_dir = /run/dovecot
 state_dir = /run/dovecot
 protocols = imap submission lmtp sieve
 import_environment {
  USER_PASSWORD=%{env:USER_PASSWORD|default('password')}
  DOVEADM_PASSWORD=%{env:DOVEADM_PASSWORD|default('supersecret')}
 }
 mail_driver=maildir
 mailbox_list_layout=fs
 mailbox_list_utf8=yes
 mail_path=./
 mail_home=/var/mail/%{user | domain }/%{user | username }
 mail_utf8_extensions = yes
 default_internal_user = vmail
 default_login_user = vmail
 default_internal_group = vmail
 mail_uid = vmail
 mail_gid = vmail
 passdb static {
  password=%{env:USER_PASSWORD}
 }
 # namespace inbox {
 #  inbox = yes
 #  separator = /
 # }
 ssl_server {
  cert_file = /etc/dovecot/ssl/imap.bizmatch.net/fullchain1.pem
  key_file = /etc/dovecot/ssl/imap.bizmatch.net/privkey1.pem
 }
 mail_attribute {
  dict file {
    path = %{home}/dovecot-attributes
  }
 }
 log_path = /dev/stdout
 imap_hibernate_timeout = 5s
 mail_plugins {
  fts = yes
  fts_flatcurve = yes
  mail_log = yes
  notify = yes
 }
 mail_log_events = delete undelete expunge save copy mailbox_create mailbox_delete mailbox_rename flag_change
 fts_autoindex = yes
 fts_autoindex_max_recent_msgs = 999
 fts_search_add_missing = yes
 language_filters = normalizer-icu snowball stopwords
 language_tokenizers = generic email-address
 language_tokenizer_generic_algorithm = simple
 language en {
  default = yes
  filters = lowercase snowball english-possessive stopwords
 }
 fts flatcurve {
  substring_search = yes
 }
 protocol imap {
  mail_plugins {
     imap_sieve = yes
     imap_filter_sieve = yes
  }
 }
 protocol lmtp {
   mail_plugins {
      sieve = yes
   }
 }
 service imap-login {
  process_min_avail = 1
  client_limit = 100
  inet_listener imap {
     port = 31143
  }
  inet_listener imaps {
     port = 31993
  }
 }
 service pop3-login {
  process_min_avail = 1
  client_limit = 100
  inet_listener pop3 {
     port = 31110
  }
  inet_listener pop3s {
     port = 31990
  }
 }
 service submission-login {
  process_min_avail = 1
  client_limit = 100
  inet_listener submission {
    port = 31587
  }
  inet_listener submissions {
    port = 31465
    ssl = yes
  }
 }
 service managesieve-login {
  process_min_avail = 1
  client_limit = 100
  inet_listener sieve {
    port = 34190
  }
 }
 service doveadm {
  inet_listener http {
    port = 8080
    ssl = yes
  }
 }
 service stats {
  process_min_avail = 1
  inet_listener http {
    port = 9090
    ssl = yes
  }
 }
 service lmtp {
   inet_listener lmtps {
     port = 31024
     ssl = yes
   }
 }
 doveadm_password = ${env:DOVEADM_PASSWORD}
 event_exporter log {
   format = json
   time_format = rfc3339
 }
 metric auth_success {
  filter = (event=auth_request_finished AND success=yes)
 }
 metric auth_failure {
  filter = (event=auth_request_finished AND NOT success=yes)
  exporter = log
 }
 metric imap_command {
  filter = event=imap_command_finished
  group_by cmd_name {
    method discrete {
    }
  }
  group_by tagged_reply_state {
    method discrete {
    }
  }
 }
 metric smtp_command {
  filter = event=smtp_server_command_finished and protocol=submission
  group_by cmd_name {
     method discrete {
    }
  }
  group_by status_code {
     method discrete {
    }
  }
  group_by duration {
     method exponential {
       base = 10
       min_magnitude = 1
       max_magnitude = 5
    }
  }
 }
 metric lmtp_command {
  filter = event=smtp_server_command_finished and protocol=lmtp
  group_by cmd_name {
     method discrete {
    }
  }
  group_by status_code {
     method discrete {
    }
  }
  group_by duration {
     method exponential {
       base = 10
       min_magnitude = 1
       max_magnitude = 5
    }
  }
 }
 metric mail_delivery {
  filter = event=mail_delivery_finished
  group_by duration {
     method exponential {
       base = 10
       min_magnitude = 1
       max_magnitude = 5
     }
  }
 }
 !include_try conf.d/*.conf
--- a/dovecot/config/passwd
+++ b/dovecot/config/passwd
@@ -0,0 +1,6 @@
 # Format: Benutzername:Passwort:UID:GID:Benutzerinfo:Home-Verzeichnis:Shell
 # Für Plaintext-Passwörter
 user1:{PLAIN}geheim:1000:1000::/var/mail/user1:/bin/false
 bizmatch.net:{PLAIN}passwort123:1001:1000::/var/mail/bizmatch.net:/bin/false
 info@bizmatch.net:{PLAIN}passwort123:1001:1000::/var/mail/bizmatch.net/info:/bin/false
 aknuth@haiky.app:{PLAIN}passwort123:1001:1000::/var/mail/haiky.app/aknuth:/bin/false
--- a/dovecot/docker-compose.yml
+++ b/dovecot/docker-compose.yml
@@ -0,0 +1,25 @@
 services:
  dovecot:
    image: dovecot/dovecot:2.3.21.1
    container_name: dovecot
    restart: unless-stopped
    ports:
      - "143:143"   # IMAP
      - "993:993"   # IMAPS
      - "110:110"   # POP3
      - "995:995"   # POP3S
    volumes:
      - ./config:/etc/dovecot
      - ./ssl:/etc/dovecot/ssl
      - ./mail:/var/mail
      - ./log:/var/log
      - ./entrypoint.sh:/entrypoint.sh  # Custom Entrypoint-Script
    environment:
      - UMASK=002         # Wird von unserem Entrypoint verwendet
    # entrypoint: ["/bin/sh", "/entrypoint.sh"]
    networks:
      - mail_network
 networks:
  mail_network:
    driver: bridge
--- a/dovecot/docker-compose24.yml
+++ b/dovecot/docker-compose24.yml
@@ -0,0 +1,24 @@
 services:
  dovecot:
    image: dovecot/dovecot:2.4-latest  # Oder spezifische 2.4.x Version
    container_name: dovecot24
    restart: unless-stopped
    ports:
      - "143:143"   # IMAP
      - "993:31993"   # IMAPS (SSL/TLS)
      - "110:110"   # POP3
      - "995:995"   # POP3S (SSL/TLS)
    volumes:
      - ./config/dovecot241.conf:/etc/dovecot/dovecot.conf  # Pfad zur Konfig
      - ./ssl:/etc/dovecot/ssl
      - ./mail:/var/mail
      - ./log:/var/log
    environment:
      - USER_PASSWORD=SUPERSECRET
    command: ["dovecot", "-F"]  # Foreground mit eigener Konfig
    networks:
      - mail_network
 networks:
  mail_network:
    driver: bridge
--- a/dovecot/dovecot_passwd_manager.py
+++ b/dovecot/dovecot_passwd_manager.py
@@ -0,0 +1,354 @@
 #!/usr/bin/env python3
 """
 Dovecot Passwd Manager
 Verwaltet Benutzerkonten in der Dovecot passwd-Datei basierend auf den konfigurierten
 E-Mail-Domains und Benutzernamen. Das Script liest die gleichen Umgebungsvariablen wie
 der s3_email_downloader.py und kann separat ausgeführt werden.
 Nutzung:
    python3 dovecot_passwd_manager.py           # Nur Überprüfung, keine Änderungen
    python3 dovecot_passwd_manager.py update    # Aktualisiert die passwd-Datei
    python3 dovecot_passwd_manager.py force     # Erzwingt Aktualisierung auch ohne Änderungen
 """
 import os
 import sys
 import json
 import logging
 import datetime
 import subprocess
 import filecmp
 import shutil
 from pathlib import Path
 from tempfile import NamedTemporaryFile
 from dotenv import load_dotenv
 # .env-Datei laden
 load_dotenv()
 # Logging konfigurieren
 logging.basicConfig(
    level=logging.INFO,
    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
    handlers=[
        logging.FileHandler('dovecot_passwd_manager.log'),
        logging.StreamHandler()
    ]
 )
 logger = logging.getLogger("dovecot-passwd-manager")
 # Konfiguration
 MAIL_DIR = os.environ.get('MAIL_DIR', './mail')
 DOVECOT_PASSWD_FILE = os.environ.get('DOVECOT_PASSWD_FILE', './config/passwd')
 DOVECOT_PASSWD_BACKUP = os.environ.get('DOVECOT_PASSWD_BACKUP', './config/passwd.bak')
 DOVECOT_CONTAINER = os.environ.get('DOVECOT_CONTAINER', 'dovecot')
 DEFAULT_PASSWORD_PATTERN = os.environ.get('DEFAULT_PASSWORD_PATTERN', '{domain}{year}!')
 UID = os.environ.get('MAIL_UID', '1001')
 GID = os.environ.get('MAIL_GID', '1000')
 AWS_REGION = os.environ.get('AWS_REGION', 'us-east-2')
 # Domains-Konfiguration
 DOMAINS_CONFIG_FILE = os.environ.get('DOMAINS_CONFIG_FILE', 'domains_config.json')
 def load_domains_config():
    """Lädt die Domain-Konfiguration aus einer JSON-Datei oder aus Umgebungsvariablen"""
    domains = {}
    # Versuchen, Konfiguration aus JSON-Datei zu laden
    config_file = Path(DOMAINS_CONFIG_FILE)
    if config_file.exists():
        try:
            with open(config_file, 'r') as f:
                domains = json.load(f)
            logger.info(f"Domain-Konfiguration aus {DOMAINS_CONFIG_FILE} geladen")
            return domains
        except Exception as e:
            logger.error(f"Fehler beim Laden der Domain-Konfiguration aus {DOMAINS_CONFIG_FILE}: {str(e)}")
    # Fallback: Konfiguration aus Umgebungsvariablen
    domain_index = 1
    while True:
        domain_key = f"DOMAIN_{domain_index}"
        domain_name = os.environ.get(domain_key)
        if not domain_name:
            break  # Keine weitere Domain-Definition gefunden
        bucket = os.environ.get(f"{domain_key}_BUCKET", "")
        prefix = os.environ.get(f"{domain_key}_PREFIX", "emails/")
        usernames = os.environ.get(f"{domain_key}_USERNAMES", "")
        region = os.environ.get(f"{domain_key}_REGION", AWS_REGION)
        if domain_name and usernames:
            domains[domain_name] = {
                "bucket": bucket,
                "prefix": prefix,
                "usernames": usernames.split(','),
                "region": region
            }
            logger.info(f"Domain {domain_name} aus Umgebungsvariablen konfiguriert")
        else:
            logger.warning(f"Unvollständige Konfiguration für {domain_name}, wird übersprungen")
        domain_index += 1
    # Fallback für Abwärtskompatibilität
    if not domains:
        old_domain = os.environ.get('VALID_DOMAIN', '')
        old_bucket = os.environ.get('S3_BUCKET', '')
        old_prefix = os.environ.get('EMAIL_PREFIX', 'emails/')
        old_usernames = os.environ.get('VALID_USERNAMES', '')
        if old_domain and old_usernames:
            domains[old_domain] = {
                "bucket": old_bucket,
                "prefix": old_prefix,
                "usernames": old_usernames.split(','),
                "region": AWS_REGION
            }
            logger.info(f"Alte Konfiguration für Domain {old_domain} geladen")
    return domains
 def generate_password(domain):
    """Generiert ein Passwort nach dem Muster {domain}{year}!"""
    current_year = datetime.datetime.now().year
    domain_prefix = domain.split('.')[0]  # Nur den ersten Teil der Domain verwenden
    return DEFAULT_PASSWORD_PATTERN.replace('{domain}', domain_prefix).replace('{year}', str(current_year))
 def get_required_emails(domains_config):
    """
    Ermittelt eine Liste aller E-Mail-Adressen, die in der passwd-Datei
    vorhanden sein sollten, basierend auf der Domain-Konfiguration.
    """
    required_emails = []
    for domain, config in domains_config.items():
        for username in config["usernames"]:
            email = f"{username}@{domain}"
            required_emails.append(email)
    return sorted(required_emails)
 def get_existing_emails(passwd_file):
    """
    Liest die bestehende passwd-Datei und gibt eine Liste aller
    bereits konfigurierten E-Mail-Adressen zurück.
    """
    existing_emails = []
    if os.path.exists(passwd_file):
        try:
            with open(passwd_file, 'r') as f:
                for line in f:
                    if line.strip() and ':' in line:
                        email = line.strip().split(':')[0]
                        existing_emails.append(email)
        except Exception as e:
            logger.error(f"Fehler beim Lesen der passwd-Datei: {str(e)}")
    return sorted(existing_emails)
 def read_existing_entries(passwd_file):
    """
    Liest alle bestehenden Einträge aus der passwd-Datei und
    gibt ein Dictionary mit E-Mail-Adressen als Schlüssel zurück.
    """
    existing_entries = {}
    if os.path.exists(passwd_file):
        try:
            with open(passwd_file, 'r') as f:
                for line in f:
                    if line.strip() and ':' in line:
                        parts = line.strip().split(':')
                        email = parts[0]
                        existing_entries[email] = line.strip()
        except Exception as e:
            logger.error(f"Fehler beim Lesen der passwd-Datei: {str(e)}")
    return existing_entries
 def update_dovecot_passwd(domains_config, force=False):
    """
    Aktualisiert die Dovecot-Passwortdatei basierend auf der Domain-Konfiguration.
    Erstellt eine neue temporäre Datei und vergleicht sie mit der vorhandenen,
    um festzustellen, ob ein Reload von Dovecot erforderlich ist.
    Returns:
        bool: True, wenn Änderungen vorgenommen wurden, sonst False
    """
    logger.info("Überprüfe Dovecot-Passwortdatei...")
    # Prüfen, ob Aktualisierung überhaupt notwendig ist
    required_emails = get_required_emails(domains_config)
    existing_emails = get_existing_emails(DOVECOT_PASSWD_FILE)
    # Prüfen auf fehlende oder überflüssige E-Mail-Adressen
    missing_emails = [email for email in required_emails if email not in existing_emails]
    surplus_emails = [email for email in existing_emails if email not in required_emails]
    if not missing_emails and not surplus_emails and not force:
        logger.info("Alle erforderlichen E-Mail-Adressen sind bereits konfiguriert, keine Änderung notwendig")
        return False
    if missing_emails:
        logger.info(f"Fehlende E-Mail-Adressen: {', '.join(missing_emails)}")
    if surplus_emails:
        logger.info(f"Überflüssige E-Mail-Adressen: {', '.join(surplus_emails)}")
    logger.info("Aktualisiere Dovecot-Passwortdatei...")
    # Temporäre Datei für die neue Passwd erstellen
    temp_passwd = NamedTemporaryFile(delete=False, mode='w')
    temp_passwd_path = temp_passwd.name
    try:
        # Bestehende Einträge einlesen
        existing_entries = read_existing_entries(DOVECOT_PASSWD_FILE)
        # Neue Einträge generieren
        new_entries = {}
        for domain, config in domains_config.items():
            domain_password = generate_password(domain)
            for username in config["usernames"]:
                email = f"{username}@{domain}"
                # Wenn der Eintrag bereits existiert, verwenden wir diesen (damit Passwörter erhalten bleiben)
                if email in existing_entries:
                    new_entries[email] = existing_entries[email]
                else:
                    # Format: email:{PLAIN}password:uid:gid::/var/mail/domain/username:/bin/false
                    new_entry = f"{email}:{{PLAIN}}{domain_password}:{UID}:{GID}::/var/mail/{domain}/{username}:/bin/false"
                    new_entries[email] = new_entry
                    logger.info(f"Neuer E-Mail-Account erstellt: {email} mit Standardpasswort")
        # Sortierte Einträge in die temporäre Datei schreiben
        for email in sorted(new_entries.keys()):
            temp_passwd.write(f"{new_entries[email]}\n")
        temp_passwd.close()
        # Prüfen, ob Änderungen vorgenommen wurden
        if os.path.exists(DOVECOT_PASSWD_FILE) and filecmp.cmp(temp_passwd_path, DOVECOT_PASSWD_FILE):
            logger.info("Keine inhaltlichen Änderungen an der passwd-Datei erforderlich")
            os.unlink(temp_passwd_path)
            return False
        # Sicherungskopie erstellen
        if os.path.exists(DOVECOT_PASSWD_FILE):
            try:
                shutil.copy2(DOVECOT_PASSWD_FILE, DOVECOT_PASSWD_BACKUP)
                logger.info(f"Sicherungskopie erstellt: {DOVECOT_PASSWD_BACKUP}")
            except Exception as e:
                logger.warning(f"Konnte keine Sicherungskopie erstellen: {str(e)}")
        # Neue Datei aktivieren
        try:
            # Stellen Sie sicher, dass das Verzeichnis existiert
            passwd_dir = os.path.dirname(DOVECOT_PASSWD_FILE)
            if passwd_dir and not os.path.exists(passwd_dir):
                os.makedirs(passwd_dir, exist_ok=True)
            shutil.move(temp_passwd_path, DOVECOT_PASSWD_FILE)
            # Berechtigungen setzen
            os.chmod(DOVECOT_PASSWD_FILE, 0o600)  # Nur Besitzer darf lesen/schreiben
            logger.info(f"Neue passwd-Datei aktiviert: {DOVECOT_PASSWD_FILE}")
            return True
        except Exception as e:
            logger.error(f"Fehler beim Aktivieren der neuen passwd-Datei: {str(e)}")
            return False
    except Exception as e:
        logger.error(f"Fehler bei der Aktualisierung der passwd-Datei: {str(e)}")
        if os.path.exists(temp_passwd_path):
            os.unlink(temp_passwd_path)
        return False
 def reload_dovecot():
    """
    Führt einen Reload von Dovecot durch, um die neue Passwortdatei zu aktivieren,
    ohne den Container neu starten zu müssen.
    """
    try:
        logger.info(f"Führe Dovecot-Reload durch...")
        result = subprocess.run(
            ["docker", "exec", DOVECOT_CONTAINER, "doveadm", "reload"],
            capture_output=True,
            text=True,
            check=False
        )
        if result.returncode == 0:
            logger.info("Dovecot-Reload erfolgreich durchgeführt")
            return True
        else:
            logger.error(f"Dovecot-Reload fehlgeschlagen: {result.stderr}")
            return False
    except Exception as e:
        logger.error(f"Fehler beim Dovecot-Reload: {str(e)}")
        return False
 def main():
    """Hauptfunktion"""
    logger.info("Dovecot Passwd Manager gestartet")
    # Kommandozeilenargumente prüfen
    update_mode = False
    force_mode = False
    if len(sys.argv) > 1:
        if sys.argv[1].lower() == "update":
            update_mode = True
        elif sys.argv[1].lower() == "force":
            update_mode = True
            force_mode = True
    try:
        # Domain-Konfigurationen laden
        domains_config = load_domains_config()
        if not domains_config:
            logger.error("Keine Domain-Konfigurationen gefunden. Bitte konfigurieren Sie mindestens eine Domain.")
            return
        logger.info(f"Folgende Domains werden verarbeitet: {', '.join(domains_config.keys())}")
        # Im Nur-Prüfungs-Modus zeigen wir einfach die erforderlichen Änderungen an
        if not update_mode:
            required_emails = get_required_emails(domains_config)
            existing_emails = get_existing_emails(DOVECOT_PASSWD_FILE)
            missing_emails = [email for email in required_emails if email not in existing_emails]
            surplus_emails = [email for email in existing_emails if email not in required_emails]
            if not missing_emails and not surplus_emails:
                logger.info("Alle erforderlichen E-Mail-Adressen sind bereits konfiguriert")
            else:
                if missing_emails:
                    logger.info(f"Fehlende E-Mail-Adressen: {', '.join(missing_emails)}")
                if surplus_emails:
                    logger.info(f"Überflüssige E-Mail-Adressen: {', '.join(surplus_emails)}")
                logger.info("Verwenden Sie 'update' als Parameter, um die Änderungen anzuwenden")
            return
        # Im Update-Modus führen wir die Änderungen durch
        changes_made = update_dovecot_passwd(domains_config, force=force_mode)
        if changes_made:
            reload_dovecot()
        else:
            logger.info("Keine Änderungen vorgenommen, Dovecot-Reload nicht erforderlich")
    except Exception as e:
        logger.error(f"Fehler: {str(e)}")
        import traceback
        logger.error(traceback.format_exc())
 if __name__ == "__main__":
    main()
--- a/dovecot/entrypoint.sh
+++ b/dovecot/entrypoint.sh
@@ -0,0 +1,34 @@
 #!/bin/sh
 # entrypoint.sh - Custom entrypoint für Dovecot mit UMASK-Einstellung
 # UMASK aus Umgebungsvariable setzen (Standard ist 002, wenn nicht anders angegeben)
 CUSTOM_UMASK=${UMASK:-002}
 echo "Setting umask to $CUSTOM_UMASK"
 umask $CUSTOM_UMASK
 # UMASK auch in /etc/login.defs setzen für zukünftige Logins
 sed -i "s/^UMASK\s*[0-9]\+/UMASK $CUSTOM_UMASK/" /etc/login.defs
 # Falls UMASK noch nicht existiert, hinzufügen
 grep -q "^UMASK" /etc/login.defs || echo "UMASK $CUSTOM_UMASK" >> /etc/login.defs
 # Dovecot-Einstellungen anwenden (falls nötig)
 if [ -n "$DOVECOT_UID" ] && [ -n "$DOVECOT_GID" ]; then
  echo "Configuring Dovecot with UID=$DOVECOT_UID, GID=$DOVECOT_GID"
  sed -i "s/^mail_uid\s*=.*/mail_uid = $DOVECOT_UID/" /etc/dovecot/dovecot.conf
  sed -i "s/^mail_gid\s*=.*/mail_gid = $DOVECOT_GID/" /etc/dovecot/dovecot.conf
 fi
 # Wenn nicht genügend Berechtigungen für Mail-Verzeichnisse, automatisch korrigieren
 echo "Checking mail directory permissions..."
 find /var/mail -type d -exec chmod 775 {} \; 2>/dev/null || true
 find /var/mail -type f -exec chmod 664 {} \; 2>/dev/null || true
 # Original Docker-Entrypoint ausführen 
 # oder direkter Start von Dovecot, je nach Image
 if [ -f "/docker-entrypoint.sh" ]; then
  echo "Executing original docker-entrypoint.sh"
  exec /docker-entrypoint.sh "$@"
 else
  echo "Starting dovecot"
  exec dovecot -F
 fi
--- a/dovecot/generate_ses_smtp_password.js
+++ b/dovecot/generate_ses_smtp_password.js
@@ -0,0 +1,71 @@
 #!/usr/bin/env node
 /**
 * Obtaining Amazon SES SMTP credentials by converting existing AWS credentials
 *
 * Script based on:
 * https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html
 */
 const crypto = require('crypto');
 const SMTP_REGIONS = [
  'us-east-2', // US East (Ohio)
  'us-east-1', // US East (N. Virginia)
  'us-west-2', // US West (Oregon)
  'ap-south-1', // Asia Pacific (Mumbai)
  'ap-northeast-2', // Asia Pacific (Seoul)
  'ap-southeast-1', // Asia Pacific (Singapore)
  'ap-southeast-2', // Asia Pacific (Sydney)
  'ap-northeast-1', // Asia Pacific (Tokyo)
  'ca-central-1', // Canada (Central)
  'eu-central-1', // Europe (Frankfurt)
  'eu-west-1', // Europe (Ireland)
  'eu-west-2', // Europe (London)
  'sa-east-1', // South America (Sao Paulo)
  'us-gov-west-1', // AWS GovCloud (US)
 ];
 // These values are required to calculate the signature. Do not change them.
 const DATE = '11111111';
 const SERVICE = 'ses';
 const MESSAGE = 'SendRawEmail';
 const TERMINAL = 'aws4_request';
 const VERSION = [0x04];
 function sign(key, msg) {
  return crypto.createHmac('sha256', key).update(msg).digest();
 }
 function calculate_key(secret_access_key, region) {
  if (!SMTP_REGIONS.includes(region)) {
    throw new Error(`The ${region} Region doesn't have an SMTP endpoint`);
  }
  let signature;
  signature = sign(`AWS4${secret_access_key}`, DATE);
  signature = sign(signature, region);
  signature = sign(signature, SERVICE);
  signature = sign(signature, TERMINAL);
  signature = sign(signature, MESSAGE);
  const signature_and_version = Buffer.concat([
    Buffer.from(VERSION),
    signature,
  ]);
  const smtp_password = Buffer.from(signature_and_version).toString('base64');
  return smtp_password;
 }
 function main() {
  const [secret, region] = process.argv.slice(2);
  console.log(calculate_key(secret, region));
 }
 if (require.main === module) {
  main();
 }
--- a/dovecot/s3_email_processor_api.py
+++ b/dovecot/s3_email_processor_api.py
@@ -0,0 +1,717 @@
 #!/usr/bin/env python3
 """
 Optimierte S3 E-Mail Processor REST API
 Mit Kompression, verbesserter Fehlerbehandlung und Request-Tracking
 """
 import os
 import time
 import logging
 import json
 import re
 import hashlib
 import base64
 import gzip
 import boto3
 from pathlib import Path
 from email.parser import BytesParser
 from email import policy
 from dotenv import load_dotenv
 from flask import Flask, request, jsonify, abort
 from functools import wraps
 # .env-Datei laden
 load_dotenv()
 # Flask-App initialisieren
 app = Flask(__name__)
 # Logging konfigurieren mit Request-ID-Support
 class RequestIDFilter(logging.Filter):
    def filter(self, record):
        from flask import g
        record.request_id = getattr(g, 'request_id', 'no-request')
        return True
 logging.basicConfig(
    level=logging.INFO,
    format='%(asctime)s - [%(request_id)s] - %(name)s - %(levelname)s - %(message)s',
    handlers=[
        logging.FileHandler('s3_email_processor_api.log'),
        logging.StreamHandler()
    ]
 )
 logger = logging.getLogger("s3-email-processor-api")
 logger.addFilter(RequestIDFilter())
 # Konfiguration
 MAIL_DIR = os.environ.get('MAIL_DIR', './mail')
 API_TOKEN = os.environ.get('API_TOKEN')
 # Request-Tracking für Duplikat-Erkennung
 processed_requests = {}
 REQUEST_CACHE_SIZE = 1000
 REQUEST_CACHE_TTL = 3600  # 1 Stunde
 def require_token(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        auth_header = request.headers.get('Authorization')
        if not auth_header or not auth_header.startswith('Bearer '):
            logger.warning("Fehlender Authorization-Header")
            abort(401, description="Fehlender Authorization-Header")
        token = auth_header[7:]
        if not API_TOKEN or token != API_TOKEN:
            logger.warning("Ungültiger API-Token")
            abort(403, description="Ungültiger API-Token")
        return f(*args, **kwargs)
    return decorated_function
 def setup_request_context():
    """Setzt Request-Kontext für Logging auf"""
    from flask import g
    g.request_id = request.headers.get('X-Request-ID', f'req-{int(time.time())}-{id(request)}')
@app.before_request
 def before_request():
    setup_request_context()
 def is_duplicate_request(request_id, etag):
    """Prüft, ob Request bereits verarbeitet wurde"""
    if not request_id or not etag:
        return False
    key = f"{request_id}:{etag}"
    current_time = time.time()
    # Cache cleanup
    if len(processed_requests) > REQUEST_CACHE_SIZE:
        cutoff_time = current_time - REQUEST_CACHE_TTL
        processed_requests.clear()  # Einfache Lösung: kompletten Cache leeren
    # Duplikat-Check
    if key in processed_requests:
        last_processed = processed_requests[key]
        if current_time - last_processed < REQUEST_CACHE_TTL:
            return True
    # Request als verarbeitet markieren
    processed_requests[key] = current_time
    return False
 def load_domains_config():
    """Lädt die Domain-Konfiguration aus Umgebungsvariablen"""
    domains = {}
    domain_index = 1
    while True:
        domain_key = f"DOMAIN_{domain_index}"
        domain_name = os.environ.get(domain_key)
        if not domain_name:
            break
        bucket = os.environ.get(f"{domain_key}_BUCKET", "")
        prefix = os.environ.get(f"{domain_key}_PREFIX", "emails/")
        usernames = os.environ.get(f"{domain_key}_USERNAMES", "")
        region = os.environ.get(f"{domain_key}_REGION", "us-east-2")
        if bucket and usernames:
            domains[domain_name.lower()] = {
                "bucket": bucket,
                "prefix": prefix,
                "usernames": usernames.split(','),
                "region": region
            }
            logger.info(f"Domain {domain_name} konfiguriert")
        else:
            logger.warning(f"Unvollständige Konfiguration für {domain_name}")
        domain_index += 1
    return domains
 def extract_email_address(address):
    """Extrahiert die E-Mail-Adresse aus einem komplexen Adressformat"""
    if not address:
        return None
    if '@' in address and '<' not in address:
        return address.strip()
    match = re.search(r'<([^>]+)>', address)
    if match:
        return match.group(1)
    return address.strip()
 def is_valid_recipient(to_address, domains_config):
    """Prüft, ob die Empfängeradresse gültig ist"""
    email = extract_email_address(to_address)
    if not email or '@' not in email:
        return False, None
    username, domain = email.split('@', 1)
    if domain.lower() in domains_config:
        domain_config = domains_config[domain.lower()]
        if username.lower() in [u.lower() for u in domain_config["usernames"]]:
            return True, domain.lower()
    return False, None
 def get_maildir_path(to_address, mail_dir):
    """Ermittelt den Pfad im Maildir-Format"""
    email = extract_email_address(to_address)
    if '@' in email:
        user, domain = email.split('@', 1)
    else:
        return None
    mail_dir_path = Path(mail_dir)
    domain_dir = mail_dir_path / domain
    user_dir = domain_dir / user
    # Maildir-Struktur erstellen
    for directory in [mail_dir_path, domain_dir, user_dir]:
        directory.mkdir(parents=True, exist_ok=True)
        os.chmod(directory, 0o775)
    # Maildir-Unterverzeichnisse
    for subdir in ['cur', 'new', 'tmp']:
        subdir_path = user_dir / subdir
        subdir_path.mkdir(exist_ok=True)
    return user_dir
 def store_email(email_content, to_address, message_id, s3_key, mail_dir):
    """Speichert eine E-Mail im Maildir-Format"""
    try:
        maildir = get_maildir_path(to_address, mail_dir)
        if not maildir:
            logger.error(f"Konnte Maildir für {to_address} nicht ermitteln")
            return False
        # Eindeutigen Dateinamen generieren
        timestamp = int(time.time())
        hostname = 'mail'
        unique_id = hashlib.md5(f"{s3_key}:{timestamp}".encode()).hexdigest()
        filename = f"{timestamp}.{unique_id}.{hostname}:2,"
        email_path = maildir / 'new' / filename
        with open(email_path, 'wb') as f:
            f.write(email_content)
        os.chmod(email_path, 0o664)
        logger.info(f"E-Mail gespeichert: {email_path} ({len(email_content)} Bytes)")
        return True
    except Exception as e:
        logger.error(f"Fehler beim Speichern der E-Mail {s3_key}: {str(e)}")
        return False
 def process_single_email(email_content, bucket, key, domain_name):
    """Verarbeitet eine einzelne E-Mail mit verbesserter Fehlerbehandlung"""
    try:
        all_domains_config = load_domains_config()
        domain_name = domain_name.lower()
        if domain_name not in all_domains_config:
            logger.error(f"Domain {domain_name} nicht konfiguriert")
            return {
                "action": "error",
                "error": f"Domain {domain_name} nicht konfiguriert",
                "status": "error"
            }
        # Header parsen mit besserer Fehlerbehandlung
        try:
            headers = BytesParser(policy=policy.default).parsebytes(email_content, headersonly=True)
            to_address = headers.get('To', '')
            from_address = headers.get('From', '')
            date = headers.get('Date', '')
            message_id = headers.get('Message-ID', '')
            subject = headers.get('Subject', '')
            # Header-Validierung
            if not to_address:
                logger.warning(f"E-Mail ohne To-Header: {key}")
                return {
                    "action": "invalid",
                    "error": "Fehlender To-Header",
                    "status": "rejected"
                }
            logger.info(f"Verarbeite: '{subject}' von {from_address} an {to_address}")
        except Exception as e:
            logger.error(f"Fehler beim Parsen der E-Mail-Header {key}: {str(e)}")
            return {
                "action": "invalid",
                "error": f"Header-Parsing-Fehler: {str(e)}",
                "status": "error"
            }
        # Empfänger validieren
        is_valid, recipient_domain = is_valid_recipient(to_address, all_domains_config)
        if not is_valid:
            logger.info(f"Ungültige Empfängeradresse: {to_address}")
            return {
                "action": "invalid",
                "message": f"Ungültige Empfängeradresse: {to_address}",
                "status": "rejected",
                "recipient": to_address,
                "reason": "invalid_recipient"
            }
        # Domain-Zugehörigkeit prüfen
        if recipient_domain != domain_name:
            logger.info(f"E-Mail gehört zu Domain {recipient_domain}, nicht zu {domain_name}")
            return {
                "action": "wrong_domain",
                "message": f"E-Mail gehört zu Domain {recipient_domain}",
                "status": "skipped",
                "expected_domain": domain_name,
                "actual_domain": recipient_domain
            }
        # E-Mail speichern
        if store_email(email_content, to_address, message_id, key, MAIL_DIR):
            logger.info(f"E-Mail erfolgreich gespeichert für {to_address}")
            return {
                "action": "stored",
                "message": f"E-Mail erfolgreich gespeichert",
                "status": "success",
                "recipient": to_address,
                "sender": from_address,
                "subject": subject,
                "size": len(email_content)
            }
        else:
            return {
                "action": "error",
                "error": "Fehler beim Speichern der E-Mail",
                "status": "error"
            }
    except Exception as e:
        logger.error(f"Unerwarteter Fehler bei E-Mail {key}: {str(e)}", exc_info=True)
        return {
            "action": "error",
            "error": str(e),
            "status": "error"
        }
 # API-Endpunkte
@app.route('/health', methods=['GET'])
 def health_check():
    """Erweiterte Gesundheitsprüfung"""
    from flask import g
    # Basis-Gesundheitscheck
    health_status = {
        "status": "OK",
        "message": "S3 E-Mail Processor API ist aktiv",
        "timestamp": int(time.time()),
        "version": "2.0",
        "request_id": getattr(g, 'request_id', 'health-check')
    }
    # Erweiterte Checks
    try:
        # Maildir-Zugriff prüfen
        mail_path = Path(MAIL_DIR)
        if mail_path.exists() and mail_path.is_dir():
            health_status["mail_dir"] = "accessible"
        else:
            health_status["mail_dir"] = "not_accessible"
            health_status["status"] = "WARNING"
        # Domain-Konfiguration prüfen
        domains = load_domains_config()
        health_status["configured_domains"] = len(domains)
        health_status["domains"] = list(domains.keys())
        # Cache-Status
        health_status["request_cache_size"] = len(processed_requests)
    except Exception as e:
        health_status["status"] = "ERROR"
        health_status["error"] = str(e)
    return jsonify(health_status)
@app.route('/process/<domain>', methods=['POST'])
@require_token
 def process_email(domain):
    """Verarbeitet eine einzelne E-Mail mit verbesserter Fehlerbehandlung"""
    from flask import g
    start_time = time.time()
    try:
        # JSON-Payload validieren
        if not request.is_json:
            return jsonify({"error": "Content-Type muss application/json sein"}), 400
        data = request.get_json()
        # Erforderliche Felder prüfen
        required_fields = ['bucket', 'key', 'email_content', 'domain']
        missing_fields = [field for field in required_fields if field not in data]
        if missing_fields:
            return jsonify({
                "error": f"Fehlende Felder: {', '.join(missing_fields)}"
            }), 400
        # Duplikat-Check
        request_id = data.get('request_id', g.request_id)
        etag = data.get('etag')
        if is_duplicate_request(request_id, etag):
            logger.info(f"Duplikat-Request erkannt: {request_id}:{etag}")
            return jsonify({
                "action": "duplicate",
                "message": "Request bereits verarbeitet",
                "status": "skipped",
                "request_id": request_id
            })
        # E-Mail-Content dekodieren
        try:
            email_base64 = data['email_content']
            # Kompression-Support
            if data.get('compressed', False):
                compressed_data = base64.b64decode(email_base64)
                email_content = gzip.decompress(compressed_data)
                logger.info(f"E-Mail dekomprimiert: {data.get('compressed_size', 0)} -> {len(email_content)} Bytes")
            else:
                email_content = base64.b64decode(email_base64)
        except Exception as e:
            logger.error(f"Fehler beim Dekodieren des E-Mail-Contents: {str(e)}")
            return jsonify({
                "error": f"Content-Dekodierung fehlgeschlagen: {str(e)}"
            }), 400
        # Größen-Validierung
        email_size = len(email_content)
        max_size = 25 * 1024 * 1024  # 25MB
        if email_size > max_size:
            logger.warning(f"E-Mail zu groß: {email_size} Bytes")
            return jsonify({
                "action": "too_large",
                "error": f"E-Mail zu groß: {email_size} Bytes (max: {max_size})",
                "status": "rejected"
            }), 413
        # E-Mail verarbeiten
        logger.info(f"Verarbeite E-Mail: {data['key']} ({email_size} Bytes)")
        result = process_single_email(
            email_content=email_content,
            bucket=data['bucket'],
            key=data['key'],
            domain_name=domain
        )
        # Performance-Metriken hinzufügen
        processing_time = time.time() - start_time
        result.update({
            "processing_time_ms": round(processing_time * 1000, 2),
            "request_id": request_id,
            "email_size": email_size
        })
        # Log-Level basierend auf Ergebnis
        if result.get("status") == "success":
            logger.info(f"E-Mail erfolgreich verarbeitet in {processing_time:.2f}s")
        elif result.get("status") in ["rejected", "skipped"]:
            logger.info(f"E-Mail {result.get('action')}: {result.get('message')}")
        else:
            logger.error(f"E-Mail-Verarbeitung fehlgeschlagen: {result.get('error')}")
        # HTTP-Status basierend auf Ergebnis
        if result.get("status") == "error":
            return jsonify(result), 500
        elif result.get("action") == "too_large":
            return jsonify(result), 413
        else:
            return jsonify(result), 200
    except Exception as e:
        processing_time = time.time() - start_time
        logger.error(f"Unerwarteter Fehler nach {processing_time:.2f}s: {str(e)}", exc_info=True)
        return jsonify({
            "error": "Interner Server-Fehler",
            "details": str(e),
            "processing_time_ms": round(processing_time * 1000, 2),
            "request_id": getattr(g, 'request_id', 'unknown')
        }), 500
@app.route('/retry/<email_id>/<domain>', methods=['GET'])
@require_token
 def retry_single_email(email_id, domain):
    """
    Retry-Endpunkt für einzelne E-Mail basierend auf ID
    Sucht die E-Mail in S3 anhand der ID und verarbeitet sie erneut
    """
    from flask import g
    start_time = time.time()
    logger.info(f"Retry-Request für E-Mail-ID: {email_id} in Domain: {domain}")
    try:
        # Domain-Konfiguration laden
        all_domains_config = load_domains_config()
        domain_name = domain.lower()
        if domain_name not in all_domains_config:
            logger.error(f"Domain {domain_name} nicht konfiguriert")
            return jsonify({
                "error": f"Domain {domain_name} nicht konfiguriert",
                "status": "error",
                "email_id": email_id
            }), 400
        domain_config = all_domains_config[domain_name]
        bucket = domain_config["bucket"]
        prefix = domain_config["prefix"]
        region = domain_config["region"]
        # S3-Client initialisieren
        s3_client = boto3.client('s3', region_name=region)
        # E-Mail anhand der ID suchen
        logger.info(f"Suche E-Mail mit ID {email_id} in Bucket {bucket}")
        try:
            # Paginator für alle Objekte im Bucket
            paginator = s3_client.get_paginator('list_objects_v2')
            pages = paginator.paginate(Bucket=bucket, Prefix=prefix)
            found_key = None
            for page in pages:
                if 'Contents' not in page:
                    continue
                for obj in page['Contents']:
                    key = obj['Key']
                    # Verzeichnisse überspringen
                    if key.endswith('/'):
                        continue
                    # E-Mail-ID aus dem Key extrahieren (oft Teil des Dateinamens)
                    # Verschiedene Möglichkeiten prüfen:
                    # 1. ID ist Teil des Dateinamens
                    if email_id in key:
                        found_key = key
                        break
                    # 2. ID könnte in Message-ID der E-Mail sein - Header laden und prüfen
                    try:
                        # Nur Header laden für Performance
                        response = s3_client.get_object(
                            Bucket=bucket, 
                            Key=key,
                            Range='bytes=0-2048'  # Nur erste 2KB für Header
                        )
                        header_content = response['Body'].read()
                        # Nach Message-ID suchen
                        if email_id.encode() in header_content:
                            found_key = key
                            break
                    except Exception as header_e:
                        # Header-Check fehlgeschlagen, weiter mit nächster E-Mail
                        logger.debug(f"Header-Check für {key} fehlgeschlagen: {str(header_e)}")
                        continue
                if found_key:
                    break
            if not found_key:
                logger.warning(f"E-Mail mit ID {email_id} nicht gefunden")
                return jsonify({
                    "error": f"E-Mail mit ID {email_id} nicht gefunden",
                    "status": "not_found",
                    "email_id": email_id,
                    "searched_bucket": bucket,
                    "searched_prefix": prefix
                }), 404
            logger.info(f"E-Mail gefunden: {found_key}")
        except Exception as search_e:
            logger.error(f"Fehler beim Suchen der E-Mail: {str(search_e)}")
            return jsonify({
                "error": f"Fehler beim Suchen: {str(search_e)}",
                "status": "error",
                "email_id": email_id
            }), 500
        # E-Mail laden und verarbeiten
        try:
            response = s3_client.get_object(Bucket=bucket, Key=found_key)
            email_content = response['Body'].read()
            logger.info(f"E-Mail geladen: {len(email_content)} Bytes")
            # E-Mail verarbeiten (gleiche Logik wie bei process_email)
            result = process_single_email(
                email_content=email_content,
                bucket=bucket,
                key=found_key,
                domain_name=domain_name
            )
            # Performance-Metriken hinzufügen
            processing_time = time.time() - start_time
            result.update({
                "processing_time_ms": round(processing_time * 1000, 2),
                "request_id": getattr(g, 'request_id', 'retry-request'),
                "email_size": len(email_content),
                "email_id": email_id,
                "s3_key": found_key,
                "retry": True
            })
            # Bei erfolgreichem Processing E-Mail aus S3 löschen
            if result.get('action') == 'stored':
                try:
                    s3_client.delete_object(Bucket=bucket, Key=found_key)
                    logger.info(f"E-Mail nach erfolgreichem Retry aus S3 gelöscht: {found_key}")
                    result["s3_deleted"] = True
                except Exception as delete_e:
                    logger.warning(f"Konnte E-Mail nach Retry nicht löschen: {str(delete_e)}")
                    result["s3_deleted"] = False
            # Logging basierend auf Ergebnis
            if result.get("status") == "success":
                logger.info(f"Retry erfolgreich für E-Mail-ID {email_id} in {processing_time:.2f}s")
            else:
                logger.warning(f"Retry für E-Mail-ID {email_id} nicht erfolgreich: {result.get('message')}")
            # HTTP-Status basierend auf Ergebnis
            if result.get("status") == "error":
                return jsonify(result), 500
            else:
                return jsonify(result), 200
        except Exception as process_e:
            logger.error(f"Fehler beim Laden/Verarbeiten der E-Mail {found_key}: {str(process_e)}")
            return jsonify({
                "error": f"Verarbeitungsfehler: {str(process_e)}",
                "status": "error",
                "email_id": email_id,
                "s3_key": found_key
            }), 500
    except Exception as e:
        processing_time = time.time() - start_time
        logger.error(f"Unerwarteter Fehler bei Retry nach {processing_time:.2f}s: {str(e)}", exc_info=True)
        return jsonify({
            "error": "Interner Server-Fehler beim Retry",
            "details": str(e),
            "processing_time_ms": round(processing_time * 1000, 2),
            "request_id": getattr(g, 'request_id', 'unknown'),
            "email_id": email_id
        }), 500
@app.route('/stats', methods=['GET'])
@require_token
 def get_stats():
    """API-Statistiken und Metriken"""
    try:
        stats = {
            "api_version": "2.0",
            "uptime_seconds": int(time.time() - app.start_time) if hasattr(app, 'start_time') else 0,
            "request_cache": {
                "size": len(processed_requests),
                "max_size": REQUEST_CACHE_SIZE,
                "ttl_seconds": REQUEST_CACHE_TTL
            },
            "configuration": {
                "mail_dir": MAIL_DIR,
                "domains": len(load_domains_config())
            }
        }
        # Maildir-Statistiken
        try:
            mail_path = Path(MAIL_DIR)
            if mail_path.exists():
                domain_stats = {}
                for domain_dir in mail_path.iterdir():
                    if domain_dir.is_dir():
                        user_count = len([d for d in domain_dir.iterdir() if d.is_dir()])
                        domain_stats[domain_dir.name] = {"users": user_count}
                stats["maildir_stats"] = domain_stats
        except Exception as e:
            stats["maildir_error"] = str(e)
        return jsonify(stats)
    except Exception as e:
        return jsonify({"error": str(e)}), 500
 # Cache-Cleanup-Task (läuft alle 10 Minuten)
 import threading
 def cleanup_cache():
    """Bereinigt den Request-Cache periodisch"""
    while True:
        try:
            current_time = time.time()
            cutoff_time = current_time - REQUEST_CACHE_TTL
            # Alte Einträge entfernen
            keys_to_remove = [
                key for key, timestamp in processed_requests.items()
                if timestamp < cutoff_time
            ]
            for key in keys_to_remove:
                processed_requests.pop(key, None)
            if keys_to_remove:
                logger.info(f"Cache bereinigt: {len(keys_to_remove)} alte Einträge entfernt")
        except Exception as e:
            logger.error(f"Fehler bei Cache-Bereinigung: {str(e)}")
        # 10 Minuten warten
        time.sleep(600)
 # Hintergrund-Thread für Cache-Bereinigung starten
 cleanup_thread = threading.Thread(target=cleanup_cache, daemon=True)
 cleanup_thread.start()
 if __name__ == "__main__":
    # Start-Zeit für Uptime-Tracking
    app.start_time = time.time()
    # Überprüfungen beim Start
    if not API_TOKEN:
        logger.warning("WARNUNG: Kein API_TOKEN definiert!")
    domains = load_domains_config()
    logger.info(f"API startet mit {len(domains)} konfigurierten Domains")
    # Server starten
    app.run(host='0.0.0.0', port=5000, debug=False)
--- a/dovecot/setup_email_domain.sh
+++ b/dovecot/setup_email_domain.sh
@@ -0,0 +1,38 @@
 #!/bin/bash
 # setup_email_domain.sh - Ein Wrapper-Script, das alle drei Skripte in der richtigen Reihenfolge ausführt
 # Überprüfen, ob die Domain-Variable gesetzt ist
 if [ -z "$1" ]; then
  echo "Fehler: Keine Domain angegeben."
  echo "Verwendung: ./setup_email_domain.sh domain.de [region]"
  exit 1
 fi
 DOMAIN_NAME=$1
 AWS_REGION=${2:-"us-east-2"}
 # Variablen exportieren
 export DOMAIN_NAME
 export AWS_REGION
 echo "=== AWS E-Mail-Infrastruktur für $DOMAIN_NAME einrichten ==="
 echo "AWS-Region: $AWS_REGION"
 echo
 # Skripte nacheinander ausführen
 echo "1. S3-Bucket erstellen..."
 ./awss3.sh
 echo
 echo "2. SES-Konfiguration einrichten..."
 export S3_BUCKET_NAME=$(echo "$DOMAIN_NAME" | tr '.' '-' | awk '{print $0 "-emails"}')
 ./awsses.sh
 echo
 echo "3. IAM-Benutzer und SMTP-Zugangsdaten erstellen..."
 ./awsiam.sh
 echo
 echo "=== Setup abgeschlossen ==="
 echo "Alle Schritte wurden abgeschlossen. Bitte überprüfen Sie die Ausgaben der einzelnen Skripte."
 echo "Vergessen Sie nicht, die benötigten DNS-Einträge für Ihre Domain zu setzen, um die SES-Verifizierung abzuschließen."
--- a/dovecot/start_email_api.sh
+++ b/dovecot/start_email_api.sh
@@ -0,0 +1,75 @@
 #!/bin/bash
 # start_email_api.sh
 # Dieses Script startet die S3 Email Downloader REST API in einer virtuellen Python-Umgebung
 # Verzeichnis, in dem sich das Script befindet
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 cd "$SCRIPT_DIR"
 # Name der virtuellen Umgebung
 VENV_NAME="venv"
 # Python-Executable (falls spezifische Version benötigt wird)
 PYTHON_EXEC="python3"
 # API Port
 PORT=${EMAIL_API_PORT:-5000}
 # Umgebungsvariablen Datei
 ENV_FILE=".env"
 # Prüfen, ob virtuelle Umgebung existiert
 if [ ! -d "$VENV_NAME" ]; then
    echo "Virtuelle Umgebung wird erstellt..."
    $PYTHON_EXEC -m venv "$VENV_NAME"
    if [ $? -ne 0 ]; then
        echo "Fehler beim Erstellen der virtuellen Umgebung!"
        exit 1
    fi
 fi
 # Virtuelle Umgebung aktivieren
 source "$VENV_NAME/bin/activate"
 # Abhängigkeiten installieren, falls erforderlich
 echo "Abhängigkeiten werden installiert..."
 pip install --upgrade pip
 pip install boto3 flask python-dotenv gunicorn
 # Prüfen, ob .env-Datei existiert
 if [ ! -f "$ENV_FILE" ]; then
    echo "WARNUNG: $ENV_FILE nicht gefunden!"
    echo "Bitte erstellen Sie eine .env-Datei mit den erforderlichen Konfigurationen."
    echo "Beispiel:"
    echo "API_TOKEN=ihr_geheimer_token"
    echo "MAIL_DIR=./mail"
    echo "AWS_REGION=us-east-2"
    echo "AWS_ACCESS_KEY_ID=your_access_key"
    echo "AWS_SECRET_ACCESS_KEY=your_secret_key"
    echo "DOMAIN_1=example.com"
    echo "DOMAIN_1_BUCKET=example-bucket"
    echo "DOMAIN_1_USERNAMES=user1,user2,user3"
    exit 1
 fi
 # Überprüfen, ob API_TOKEN in der .env-Datei gesetzt ist
 if ! grep -q "API_TOKEN" "$ENV_FILE"; then
    echo "WARNUNG: API_TOKEN nicht in $ENV_FILE gefunden!"
    echo "Die API wird ohne Token-Schutz gestartet. Dies ist unsicher für Produktionsumgebungen."
    read -p "Möchten Sie fortfahren? (j/n): " choice
    if [[ ! "$choice" =~ ^[jJyY]$ ]]; then
        echo "Abbruch."
        exit 1
    fi
 fi
 # Prüfen, ob das Python-Script existiert
 API_SCRIPT="s3_email_processor_api.py"
 if [ ! -f "$API_SCRIPT" ]; then
    echo "Fehler: $API_SCRIPT nicht gefunden!"
    exit 1
 fi
 # API im Produktionsmodus mit Gunicorn starten
 echo "Starte S3 Email Downloader API auf Port $PORT..."
 exec gunicorn --bind "0.0.0.0:$PORT" --workers 2 "s3_email_processor_api:app"
--- a/email_api/docker-compose-python.yml
+++ b/email_api/docker-compose-python.yml
@@ -0,0 +1,21 @@
 services:
  email-api:
    container_name: email-api
    image: python:3.12-slim
    restart: unless-stopped
    network_mode: host
    volumes:
      - ./email_api:/app
      - /var/mail:/var/mail  # Maildir-Zugriff für Health-Check
    working_dir: /app
    env_file:
      - .env
    environment:
      - API_TOKEN=${API_TOKEN}
      - AWS_REGION=${AWS_REGION}
      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
    command: >
      bash -c "pip install --upgrade pip && 
               pip install flask python-dotenv boto3 requests && 
               python app.py"
--- a/email_api/docker-compose.yml
+++ b/email_api/docker-compose.yml
@@ -0,0 +1,50 @@
 version: '3.8'
 services:
  email-api:
    container_name: email-api
    image: node:22-slim
    restart: unless-stopped
    network_mode: host
    volumes:
      - ./email_api:/app
      - /var/mail:/var/mail  # Maildir access for health check
    working_dir: /app
    env_file:
      - .env
    environment:
      - API_TOKEN=${API_TOKEN}
      - AWS_REGION=${AWS_REGION}
      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
      - SMTP_HOST=${SMTP_HOST:-localhost}
      - SMTP_PORT=${SMTP_PORT:-25}
      - MAILCOW_API_KEY=${MAILCOW_API_KEY}
      - MAILCOW_API=${MAILCOW_API}
      - PGHOST=postgres
      - PGUSER=${PGUSER:-email_user}
      - PGPASSWORD=${PGPASSWORD:-email_password}
      - PGDATABASE=${PGDATABASE:-email_db}
      - PGPORT=${PGPORT:-5433}
    command: >
      bash -c "npm install && node app.js"
    depends_on:
      - postgres
  postgres:
    container_name: email-api-postgres
    image: postgres:16
    restart: unless-stopped
    network_mode: host
    environment:
      - POSTGRES_USER=${PGUSER:-email_user}
      - POSTGRES_PASSWORD=${PGPASSWORD:-email_password}
      - POSTGRES_DB=${PGDATABASE:-email_db}
    volumes:
      - email_postgres_data:/var/lib/postgresql/data
      - ./init.sql:/docker-entrypoint-initdb.d/init.sql
    command: >
      postgres -c port=${PGPORT:-5433}      
 volumes:
  email_postgres_data:
--- a/email_api/email_api/app.js
+++ b/email_api/email_api/app.js
@@ -0,0 +1,300 @@
 import express from 'express';
 import { Pool } from 'pg';
 import AWS from 'aws-sdk';
 import nodemailer from 'nodemailer';
 import { simpleParser } from 'mailparser';
 import { Base64 } from 'js-base64';
 import { createGzip, gunzipSync } from 'zlib';
 import { createLogger, format, transports } from 'winston';
 import { config } from 'dotenv';
 // Load environment variables
 config();
 // Check Node.js version
 const [major] = process.versions.node.split('.').map(Number);
 if (major < 22) {
  throw new Error('Node.js 22 or higher required');
 }
 // Logger setup
 const logger = createLogger({
  level: 'info',
  format: format.combine(
    format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }),
    format.printf(({ timestamp, level, message }) => `${timestamp} ${level.toUpperCase()} ${message}`)
  ),
  transports: [new transports.Console()]
 });
 const app = express();
 app.use(express.json({ limit: '20mb' }));
 app.use(express.urlencoded({ limit: '20mb', extended: true }));
 const SMTP_HOST = process.env.SMTP_HOST || 'localhost';
 const SMTP_PORT = parseInt(process.env.SMTP_PORT || '25', 10);
 const API_TOKEN = process.env.API_TOKEN;
 const AWS_REGION = process.env.AWS_REGION || 'us-east-1';
 const API_KEY = process.env.MAILCOW_API_KEY;
 const MAILCOW_API = process.env.MAILCOW_API;
 // PostgreSQL client
 const pool = new Pool({
  user: process.env.PGUSER || 'email_user',
  password: process.env.PGPASSWORD || 'email_password',
  host: process.env.PGHOST || 'postgres',
  database: process.env.PGDATABASE || 'email_db',
  port: parseInt(process.env.PGPORT || '5433', 10)
 });
 // AWS S3 client
 const s3Client = new AWS.S3({ region: AWS_REGION });
 // Nodemailer transporter
 const transporter = nodemailer.createTransport({
  host: SMTP_HOST,
  port: SMTP_PORT,
  secure: false, // Adjust if SMTP requires TLS
  tls: {
    rejectUnauthorized: false
  }
 });
 // Utility to check if domain exists
 async function domainExists(domain) {
  try {
    const response = await fetch(`${MAILCOW_API}/get/domain/all`, {
      headers: { 'X-API-Key': API_KEY },
      signal: AbortSignal.timeout(5000)
    });
    if (!response.ok) throw new Error(`HTTP ${response.status}`);
    const domains = await response.json();
    return domains.some(d => d.domain_name?.toLowerCase() === domain.toLowerCase());
  } catch (error) {
    logger.error(`Error checking domain '${domain}': ${error.message}`);
    throw error;
  }
 }
 // Utility to check if inbox exists
 async function inboxExists(domain, localPart) {
  if (!(await domainExists(domain))) {
    logger.info(`Domain '${domain}' unknown – skip mailbox lookup`);
    return false;
  }
  try {
    const response = await fetch(`${MAILCOW_API}/get/mailbox/all/${domain}`, {
      headers: { 'X-API-Key': API_KEY },
      signal: AbortSignal.timeout(5000)
    });
    if (!response.ok) throw new Error(`HTTP ${response.status}`);
    const mailboxes = await response.json();
    return mailboxes.some(m => m.local_part?.toLowerCase() === localPart.toLowerCase());
  } catch (error) {
    logger.error(`Error checking inbox '${localPart}@${domain}': ${error.message}`);
    throw error;
  }
 }
 // Utility to mark email as processed in PostgreSQL
 async function markEmailAsProcessed(domain, key, status, processor = 'rest-api', fromAddr = null, toAddrs = []) {
  try {
    await pool.query(
      `INSERT INTO email_statuses (domain, s3_key, status, timestamp, processor, from_addr, to_addrs)
       VALUES ($1, $2, $3, $4, $5, $6, $7)
       ON CONFLICT (domain, s3_key) DO UPDATE SET
         status = EXCLUDED.status,
         timestamp = EXCLUDED.timestamp,
         processor = EXCLUDED.processor,
         from_addr = EXCLUDED.from_addr,
         to_addrs = EXCLUDED.to_addrs`,
      [domain, key, status, Math.floor(Date.now() / 1000), processor, fromAddr, toAddrs]
    );
    logger.info(`Marked ${domain}/${key} as ${status} in database`);
    return true;
  } catch (error) {
    logger.error(`Error marking ${domain}/${key} in database: ${error.message}`);
    return false;
  }
 }
 // Process endpoint
 app.post('/process/:domain', async (req, res) => {
  const { domain } = req.params;
  const auth = req.headers['authorization']; // Fixed: Use req.headers['authorization'] instead of req.headers.get
  if (auth !== `Bearer ${API_TOKEN}`) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  const data = req.body;
  if (!data) {
    return res.status(400).json({ error: 'Invalid payload' });
  }
  const requestId = data.request_id || 'no-request-id';
  const payloadSummary = Object.fromEntries(
    Object.entries(data)
      .filter(([k, v]) => k !== 'email_content' || typeof v === 'string')
      .map(([k, v]) => [k, k === 'email_content' ? v.length : v])
  );
  logger.info(`[${requestId}] INCOMING POST /process/${domain}: payload_summary=${JSON.stringify(payloadSummary)}`);
  let recipients = [];
  let parser;       
  let fromAddr = `lambda@${req.params.domain}`;
  try {
    // Decode and parse email
    const content = data.email_content;
    const compressed = data.compressed || false;
    const raw = Base64.decode(content);
    const emailBytes = compressed ? gunzipSync(Buffer.from(raw, 'binary')).toString('binary') : raw;
    const emailBuffer = Buffer.from(emailBytes, 'binary');
    parser = await simpleParser(emailBuffer);
    fromAddr = parser.from?.value[0]?.address || `lambda@${domain}`;
    recipients = [
      ...(parser.to?.value || []),
      ...(parser.cc?.value || []),
      ...(parser.bcc?.value || [])
    ].map(addr => addr.address).filter(Boolean);
    if (!recipients.length) {
      await markEmailAsProcessed(domain, data.s3_key, 'noRecipients', 'rest-api', fromAddr, []);
      return res.status(400).json({ error: 'No recipients' });
    }
    // Filter valid recipients
    const validRecipients = [];
    for (const addr of recipients) {
      const [local, dom] = addr.split('@');
      if (!dom || dom.toLowerCase() !== domain.toLowerCase()) {
        continue;
      }
      if (await inboxExists(domain, local)) {
        validRecipients.push(addr);
      } else {
        logger.info(`Skipping non-existent inbox: ${addr}`);
      }
    }
    if (!validRecipients.length) {
      logger.info(`[${requestId}] No valid inboxes for ${domain} – skip.`);
      await markEmailAsProcessed(domain, data.s3_key, 'unknownUser', 'rest-api', fromAddr, recipients);
      return res.status(404).json({ message: 'No valid inboxes – skipped' });
    }
    // Send email
    await transporter.sendMail({
      from: fromAddr,
      to: validRecipients,
      raw: emailBytes
    });
    // Mark as processed
    await markEmailAsProcessed(domain, data.s3_key, 'true', 'rest-api', fromAddr, validRecipients);
    res.status(200).json({
      message: 'Email forwarded',
      forwarded_to: validRecipients
  });
  } catch (error) {
    logger.error(`[${requestId}] Error in /process/${domain}: ${error.message}`);
    await markEmailAsProcessed(domain, data.s3_key, 'error', 'rest-api', parser?.from?.value[0]?.address || `lambda@${domain}`, recipients);
    res.status(500).json({ error: 'Internal server error' });
  }
 });
 // Stats endpoint
 app.get('/stats/:domain', async (req, res) => {
  const { domain } = req.params;
  const auth = req.headers['authorization']; // Fixed: Use req.headers['authorization'] instead of req.headers.get
  if (auth !== `Bearer ${API_TOKEN}`) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  const bucket = domain.replace(/\./g, '-') + '-emails';
  let total = 0;
  const counts = { true: 0, unknownDomain: 0, unknownUser: 0, noRecipients: 0, error: 0 };
  const details = { unknownDomain: [], unknownUser: [], noRecipients: [], error: [] };
  try {
    // Fetch statuses from database
    const { rows: domainStatuses } = await pool.query(
      'SELECT s3_key, status, from_addr, to_addrs FROM email_statuses WHERE domain = $1',
      [domain]
    );
    const statusMap = domainStatuses.reduce((acc, row) => {
      acc[row.s3_key] = { status: row.status, from: row.from_addr, to: row.to_addrs || [] };
      return acc;
    }, {});
    // List S3 objects
    let continuationToken;
    do {
      const params = { Bucket: bucket, ContinuationToken: continuationToken };
      const data = await s3Client.listObjectsV2(params).promise();
      continuationToken = data.NextContinuationToken;
      for (const obj of data.Contents || []) {
        const key = obj.Key;
        total += 1;
        const statusInfo = statusMap[key] || { status: 'none' };
        const status = statusInfo.status;
        if (status in counts) {
          counts[status] += 1;
        }
        if (status in details) {
          try {
            const objData = await s3Client.getObject({ Bucket: bucket, Key: key }).promise();
            const parser = new MailParser();
            await new Promise((resolve, reject) => {
              parser.on('error', reject);
              parser.on('end', resolve);
              parser.write(objData.Body);
              parser.end();
            });
            const fromAddr = parser.from?.value[0]?.address || null;
            const toAddrs = [
              ...(parser.to?.value || []),
              ...(parser.cc?.value || []),
              ...(parser.bcc?.value || [])
            ].map(addr => addr.address).filter(Boolean);
            details[status].push({
              key,
              from: statusInfo.from || fromAddr,
              to: statusInfo.to || toAddrs
            });
          } catch (error) {
            logger.error(`Error parsing ${bucket}/${key}: ${error.message}`);
          }
        }
      }
    } while (continuationToken);
    const result = {
      domain,
      total_messages: total,
      successful: counts.true,
      wrong_domain: counts.unknownDomain,
      unknown_user: counts.unknownUser,
      no_recipients: counts.noRecipients,
      errors: counts.error,
      details
    };
    logger.info(`Stats for ${domain}: ${JSON.stringify(result)}`);
    res.status(200).json(result);
  } catch (error) {
    logger.error(`Error in /stats/${domain}: ${error.message}`);
    res.status(500).json({ error: 'Internal server error' });
  }
 });
 // Start server
 app.listen(5000, '0.0.0.0', () => {
  logger.info('Server running on http://0.0.0.0:5000');
 });
--- a/email_api/email_api/app.py
+++ b/email_api/email_api/app.py
@@ -0,0 +1,359 @@
 import sys
 from flask import Flask, request, jsonify
 import smtplib
 import base64
 import gzip
 import logging
 import os
 import time
 import boto3
 from email.parser import BytesParser
 from email.policy import default
 from email.utils import getaddresses
 import requests
 if sys.version_info < (3, 12):
    raise RuntimeError("Python 3.12 oder höher erforderlich")
 # --- Logging mit Timestamp ---
 logging.basicConfig(
    level=logging.INFO,
    format="%(asctime)s %(levelname)s %(message)s",
    datefmt="%Y-%m-%d %H:%M:%S"
 )
 logger = logging.getLogger(__name__)
 load_dotenv = None
 try:
    from dotenv import load_dotenv as _ld
    load_dotenv = _ld
 except ImportError:
    pass
 if load_dotenv:
    load_dotenv()
 app = Flask(__name__)
 SMTP_HOST = "localhost"
 SMTP_PORT = 25
 API_TOKEN = os.environ.get('API_TOKEN')
 AWS_REGION = os.environ.get('AWS_REGION', 'us-east-1')
 API_KEY = os.environ['MAILCOW_API_KEY']
 MAILCOW_API = os.environ['MAILCOW_API']
 s3_client = boto3.client('s3', region_name=AWS_REGION)
 def domain_exists(domain):
    """
    Prüft per /get/domain/all, ob `domain` im System ist.
    """
    url = f"{MAILCOW_API}/get/domain/all"
    headers = {'X-API-Key': API_KEY}
    resp = requests.get(url, headers=headers, timeout=5)
    resp.raise_for_status()
    domains = resp.json()
    return any(d.get('domain_name', '').lower() == domain.lower() for d in domains)
 def inbox_exists(domain, local_part):
    """
    Liefert True, wenn domain im System ist UND local_part@domain ein Postfach hat.
    """
    # 1) Domain-Check
    if not domain_exists(domain):
        logger.info(f"Domain '{domain}' unknown – skip mailbox lookup")
        return False
    # 2) Nur dann Mailbox-Listing holen
    url = f"{MAILCOW_API}/get/mailbox/all/{domain}"
    headers = {'X-API-Key': API_KEY}
    resp = requests.get(url, headers=headers, timeout=5)
    resp.raise_for_status()
    mailboxes = resp.json()
    return any(m.get('local_part', '').lower() == local_part.lower() for m in mailboxes)
 def mark_email_as_processed(bucket, key, status, processor='rest-api'):
    """Setzt processed-Metadaten auf einen beliebigen Status."""
    try:
        s3_client.copy_object(
            Bucket=bucket,
            Key=key,
            CopySource={'Bucket': bucket, 'Key': key},
            Metadata={
                'processed': status,
                'processed_timestamp': str(int(time.time())),
                'processor': processor
            },
            MetadataDirective='REPLACE'
        )
        return True
    except Exception as e:
        logger.error(f"Fehler beim Markieren {bucket}/{key}: {e}")
        return False
@app.route('/stats/<domain>', methods=['GET'])
 def stats_domain(domain):
    # Auth
    auth = request.headers.get('Authorization')
    if auth != f'Bearer {API_TOKEN}':
        return jsonify({'error': 'Unauthorized'}), 401
    bucket = domain.replace('.', '-') + '-emails'
    paginator = s3_client.get_paginator('list_objects_v2')
    total = 0
    counts = {
        'true': 0,
        'unknownDomain': 0,
        'unknownUser': 0
    }
    details = {
        'unknownDomain': [],
        'unknownUser': []
    }
    for page in paginator.paginate(Bucket=bucket):
        for obj in page.get('Contents', []):
            key = obj['Key']
            total += 1
            head = s3_client.head_object(Bucket=bucket, Key=key)
            meta = head.get('Metadata', {})
            status = meta.get('processed', 'none')
            if status in counts:
                counts[status] += 1
            else:
                # wir ignorieren andere Status
                continue
            # Für unknownDomain und unknownUser zusätzlich E-Mail parsen
            if status in ('unknownDomain', 'unknownUser'):
                body = s3_client.get_object(Bucket=bucket, Key=key)['Body'].read()
                try:
                    msg = BytesParser(policy=default).parsebytes(body)
                    from_addr = getaddresses(msg.get_all('from', []))[0][1] if msg.get_all('from') else None
                    to_addrs = [addr for _n, addr in getaddresses(msg.get_all('to', []))]
                except Exception as e:
                    logger.error(f"Fehler beim Parsen {bucket}/{key}: {e}")
                    from_addr = None
                    to_addrs = []
                details[status].append({
                    'key': key,
                    'from': from_addr,
                    'to': to_addrs
                })
    result = {
        'domain': domain,
        'total_messages': total,
        'successful': counts['true'],
        'wrong_domain': counts['unknownDomain'],
        'unknown_user': counts['unknownUser'],
        'details': details
    }
    logger.info(f"Stats for {domain}: {result}")
    return jsonify(result), 200
@app.route('/process/<domain>', methods=['POST'])
 def process_email(domain):
    auth = request.headers.get('Authorization')
    if auth != f'Bearer {API_TOKEN}':
        return jsonify({'error': 'Unauthorized'}), 401
    data = request.get_json()
    if not data:
        return jsonify({'error': 'Invalid payload'}), 400
    request_id = data.get('request_id', 'no-request-id')
    payload_summary = {
        k: (len(v) if k == 'email_content' else v)
        for k, v in data.items()
        if k != 'email_content' or isinstance(v, (str, bytes))
    }
    logger.info(
        f"[{request_id}] INCOMING POST /process/{domain}: "
        f"payload_summary={payload_summary}"
    )
    # 1) E-Mail decodieren und parsen wie gehabt
    content = data.get('email_content')
    compressed = data.get('compressed', False)
    raw = base64.b64decode(content)
    email_bytes = gzip.decompress(raw) if compressed else raw
    msg = BytesParser(policy=default).parsebytes(email_bytes)
    from_addr = getaddresses(msg.get_all('from', []))[0][1] if msg.get_all('from') else f'lambda@{domain}'
    recipients = []
    for hdr in ('to','cc','bcc'):
        recipients += [addr for _n, addr in getaddresses(msg.get_all(hdr, []))]
    if not recipients:
        return jsonify({'error': 'No recipients'}), 400
    # 2) Filter: nur Postfächer der angefragten Domain, die auch existieren
    valid_recipients = []
    for addr in recipients:
        try:
            local, dom = addr.split('@', 1)
        except ValueError:
            continue
        if dom.lower() != domain.lower():
            # andere Domain: überspringen
            continue
        if inbox_exists(domain, local):
            valid_recipients.append(addr)
        else:
            logger.info(f"Skipping non-existent inbox: {addr}")
    if not valid_recipients:
        logger.info(f"[{request_id}] Keine gültigen Inboxes für {domain} – skip.")
        return jsonify({'message': 'No valid inboxes – skipped'}), 404
    # 3) Senden an die gefilterten Adressen
    with smtplib.SMTP(SMTP_HOST, SMTP_PORT) as smtp:
        smtp.sendmail(from_addr, valid_recipients, email_bytes)
    return jsonify({
        'message': 'Email forwarded',
        'forwarded_to': valid_recipients
    }), 200
@app.route('/retry/<domain>', methods=['GET'])
 def retry_domain_emails(domain):
    auth = request.headers.get('Authorization')
    if auth != f'Bearer {API_TOKEN}':
        return jsonify({'error': 'Unauthorized'}), 401
    # 1) Domain-Check ganz am Anfang
    if not domain_exists(domain):
        logger.info(f"Retry aborted: unknown domain '{domain}'")
        return jsonify({'error': f"Unknown domain '{domain}'"}), 404
    bucket = domain.replace('.', '-') + '-emails'
    paginator = s3_client.get_paginator('list_objects_v2')
    # 2) alle unprocessed Keys sammeln
    unprocessed = []
    for page in paginator.paginate(Bucket=bucket):
        for obj in page.get('Contents', []):
            head = s3_client.head_object(Bucket=bucket, Key=obj['Key'])
            if head.get('Metadata', {}).get('processed') != 'true':
                unprocessed.append(obj['Key'])
    request_id = f"retry-{domain}-{int(time.time())}"
    logger.info(f"[{request_id}] RETRY for domain={domain}, keys={unprocessed}")
    results = {'processed': [], 'failed': []}
    for key in unprocessed:
        try:
            body = s3_client.get_object(Bucket=bucket, Key=key)['Body'].read()
            msg = BytesParser(policy=default).parsebytes(body)
            from_addr = (
                getaddresses(msg.get_all('from', []))[0][1]
                if msg.get_all('from') else f'retry@{domain}'
            )
            # Sammle alle To/Cc/Bcc
            recipients = []
            for hdr in ('to', 'cc', 'bcc'):
                recipients += [addr for _n, addr in getaddresses(msg.get_all(hdr, []))]
            if not recipients:
                # gar keine Adressen → überspringen
                mark_email_as_processed(bucket, key, 'unknownDomain')
                results['processed'].append(key)
                results['failed'].append({
                    'key': key,
                    'status': 'unknownDomain',
                    'reason': 'no recipients'
                })
                continue
            # 3) Domain-Match: nur Mails, die an die angefragte Domain adressiert sind
            domains_in_mail = {addr.split('@')[-1].lower() for addr in recipients if '@' in addr}
            if domain.lower() not in domains_in_mail:
                mark_email_as_processed(bucket, key, 'unknownDomain')
                results['processed'].append(key)
                results['failed'].append({
                    'key': key,
                    'status': 'unknownDomain',
                    'from': from_addr,
                    'to': recipients
                })
                continue
            # 4) Inbox-Check: nur existierende Postfächer zulassen
            valid_recipients = []
            for addr in recipients:
                try:
                    local, dom = addr.split('@', 1)
                except ValueError:
                    continue
                if dom.lower() == domain.lower() and inbox_exists(domain, local):
                    valid_recipients.append(addr)
                else:
                    logger.info(f"Skipping non-existent inbox: {addr}")
            if not valid_recipients:
                mark_email_as_processed(bucket, key, 'unknownUser')
                results['processed'].append(key)
                results['failed'].append({
                    'key': key,
                    'status': 'unknownUser',
                    'from': from_addr,
                    'to': recipients
                })
                continue
            # 5) Versand an die validierten Adressen
            try:
                with smtplib.SMTP(SMTP_HOST, SMTP_PORT) as smtp:
                    smtp.sendmail(from_addr, valid_recipients, body)
                mark_email_as_processed(bucket, key, 'true')
                results['processed'].append(key)
            except smtplib.SMTPRecipientsRefused as e:
                # falls Mailcow einzelne Adressen ablehnt
                mark_email_as_processed(bucket, key, 'unknownUser')
                refused = {
                    addr: {'code': code, 'message': msg.decode('utf-8','ignore') if isinstance(msg, bytes) else str(msg)}
                    for addr, (code, msg) in e.recipients.items()
                }
                results['processed'].append(key)
                results['failed'].append({
                    'key': key,
                    'status': 'unknownUser',
                    'from': from_addr,
                    'to': valid_recipients,
                    'refused': refused
                })
            except Exception as e:
                # alle anderen SMTP-Fehler behandeln wir als unknownDomain
                mark_email_as_processed(bucket, key, 'unknownDomain')
                results['processed'].append(key)
                results['failed'].append({
                    'key': key,
                    'status': 'unknownDomain',
                    'from': from_addr,
                    'to': valid_recipients,
                    'error': str(e)
                })
        except Exception as e:
            # Parsing- oder S3-Fehler
            results['failed'].append({'key': key, 'error': str(e)})
    return jsonify(results), 200
@app.route('/health', methods=['GET'])
 def health_check():
    return jsonify({'status': 'OK'}), 200
 if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000)
--- a/email_api/email_api/package.json
+++ b/email_api/email_api/package.json
@@ -0,0 +1,15 @@
 {
  "name": "email-api",
  "version": "1.0.0",
  "type": "module",
  "dependencies": {
    "express": "^4.19.2",
    "aws-sdk": "^2.1650.0",
    "nodemailer": "^6.9.14",
    "mailparser": "^3.7.1",
    "js-base64": "^3.7.7",
    "winston": "^3.13.1",
    "dotenv": "^16.4.5",
    "pg": "^8.12.0"
  }
 }
--- a/email_api/init.sql
+++ b/email_api/init.sql
@@ -0,0 +1,11 @@
 CREATE TABLE email_statuses (
  id SERIAL PRIMARY KEY,
  domain VARCHAR(255) NOT NULL,
  s3_key VARCHAR(1024) NOT NULL,
  status VARCHAR(50) NOT NULL,
  timestamp BIGINT NOT NULL,
  processor VARCHAR(50) NOT NULL,
  from_addr TEXT,
  to_addrs TEXT[],
  UNIQUE (domain, s3_key)
 );
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@@ -20,7 +20,7 @@ services:
    volumes:
      - gitea-data:/data
      #- ./gitea/gitea-ssh:/data/git/.ssh
-      - /home/git/.ssh/:/data/git/.ssh
+      #- /home/git/.ssh/:/data/git/.ssh
    ports:
      - "3500:3500"
      - "2222:22"
--- a/haikydb_backup.sql
+++ b/haikydb_backup.sql
--- a/keycloak/docker-compose.yml
+++ b/keycloak/docker-compose.yml
@@ -1,62 +0,0 @@
 version: '3.8'
 services:
  postgres:
      container_name: postgres_keycloak
      image: postgres:15.7-alpine3.19
      volumes:
        - postgres_volume:/var/lib/postgresql/data
        # - ./pg_hba.conf:/var/lib/postgresql/data/pg_hba.conf
      environment:
        POSTGRES_DB: ${POSTGRES_DB}
        POSTGRES_USER: ${POSTGRES_USER}
        POSTGRES_PASSWORD: "test1234"
      # ports:
        #- "2345:5432"
      networks:
        - keycloak
  auth:
    container_name: keycloak
    image: quay.io/keycloak/keycloak:23.0.7
      # restart: unless-stopped
    ports:
      - "8080:8080"
    environment:
      - KC_DB=postgres
      - KC_DB_URL_HOST=${DB_HOST}
      - KC_DB_URL_DATABASE=${POSTGRES_DB}
      - KC_DB_USERNAME=${POSTGRES_USER}
      - KC_DB_PASSWORD=test1234
      - KC_PROXY=edge
      - KC_HOSTNAME=${HOSTNAME}
      - KC_HOSTNAME_ADMIN=${HOSTNAME}
      # - KC_TRANSACTION_XA_ENABLED=false
      - KC_METRICS_ENABLED=true
      - KC_HEALTH_ENABLED=true
      - KC_HOSTNAME_STRICT=false
      - KC_HTTP_ENABLED=true
      - KC_HOSTNAME_STRICT_HTTPS=false
        # - PROXY_ADDRESS_FORWARDING=true
      - KC_LOG_LEVEL=INFO
    depends_on:
      - postgres
        # entrypoint: ["/opt/keycloak/wait-for-postgres.sh", "postgres_keycloak", "/opt/keycloak/bin/kc.sh", "start"]
        # entrypoint: ["/opt/keycloak/bin/kc.sh", "start", "--db-password='test1234'"]
    entrypoint: ["/opt/keycloak/bin/kc.sh", "start"]
    volumes:
      - ./auth/import:/opt/keycloak/data/import
      - ./keywind.jar:/opt/keycloak/providers/keywind.jar
      - ./redirect-uri-authenticator-1.0.0.jar:/opt/keycloak/providers/redirect-uri-authenticator-1.0.0.jar
      - ./wait-for-postgres.sh:/opt/keycloak/wait-for-postgres.sh
    networks:
      - keycloak
 networks:
  keycloak:
    external: true
 volumes:
  postgres_volume:
    external: true
--- a/mailcow-configs/docker-compose.yml
+++ b/mailcow-configs/docker-compose.yml
@@ -0,0 +1,689 @@
 services:
    unbound-mailcow:
      image: ghcr.io/mailcow/unbound:1.24
      environment:
        - TZ=${TZ}
        - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}
      volumes:
        - ./data/hooks/unbound:/hooks:Z
        - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
      restart: always
      tty: true
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
          aliases:
            - unbound
    mysql-mailcow:
      image: mariadb:10.11
      depends_on:
        - unbound-mailcow
        - netfilter-mailcow
      stop_grace_period: 45s
      volumes:
        - mysql-vol-1:/var/lib/mysql/
        - mysql-socket-vol-1:/var/run/mysqld/
        - ./data/conf/mysql/:/etc/mysql/conf.d/:ro,Z
      environment:
        - TZ=${TZ}
        - MYSQL_ROOT_PASSWORD=${DBROOT}
        - MYSQL_DATABASE=${DBNAME}
        - MYSQL_USER=${DBUSER}
        - MYSQL_PASSWORD=${DBPASS}
        - MYSQL_INITDB_SKIP_TZINFO=1
      restart: always
      ports:
        - "${SQL_PORT:-127.0.0.1:13306}:3306"
      networks:
        mailcow-network:
          aliases:
            - mysql
    redis-mailcow:
      image: redis:7.4.2-alpine
      entrypoint: ["/bin/sh","/redis-conf.sh"]
      volumes:
        - redis-vol-1:/data/
        - ./data/conf/redis/redis-conf.sh:/redis-conf.sh:z
      restart: always
      depends_on:
        - netfilter-mailcow
      ports:
        - "${REDIS_PORT:-127.0.0.1:7654}:6379"
      environment:
        - TZ=${TZ}
        - REDISPASS=${REDISPASS}
        - REDISMASTERPASS=${REDISMASTERPASS:-}
      sysctls:
        - net.core.somaxconn=4096
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.249
          aliases:
            - redis
    clamd-mailcow:
      image: ghcr.io/mailcow/clamd:1.70
      restart: always
      depends_on:
        unbound-mailcow:
          condition: service_healthy
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
        - TZ=${TZ}
        - SKIP_CLAMD=${SKIP_CLAMD:-n}
      volumes:
        - ./data/conf/clamav/:/etc/clamav/:Z
        - clamd-db-vol-1:/var/lib/clamav
      networks:
        mailcow-network:
          aliases:
            - clamd
    rspamd-mailcow:
      image: ghcr.io/mailcow/rspamd:2.2
      stop_grace_period: 30s
      depends_on:
        - dovecot-mailcow
        - clamd-mailcow
      environment:
        - TZ=${TZ}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - REDISPASS=${REDISPASS}
        - SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
      volumes:
        - ./data/hooks/rspamd:/hooks:Z
        - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
        - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:Z
        - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:Z
        - ./data/conf/rspamd/plugins.d/:/etc/rspamd/plugins.d:Z
        - ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro,Z
        - ./data/conf/rspamd/rspamd.conf.local:/etc/rspamd/rspamd.conf.local:Z
        - ./data/conf/rspamd/rspamd.conf.override:/etc/rspamd/rspamd.conf.override:Z
        - rspamd-vol-1:/var/lib/rspamd
      restart: always
      hostname: rspamd
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      networks:
        mailcow-network:
          aliases:
            - rspamd
    php-fpm-mailcow:
      image: ghcr.io/mailcow/phpfpm:1.93
      command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
      depends_on:
        - redis-mailcow
      volumes:
        - ./data/hooks/phpfpm:/hooks:Z
        - ./data/web:/web:z
        - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
        - ./data/conf/rspamd/custom/:/rspamd_custom_maps:z
        - ./data/conf/dovecot/auth/mailcowauth.php:/mailcowauth/mailcowauth.php:z
        - ./data/web/inc/functions.inc.php:/mailcowauth/functions.inc.php:z
        - ./data/web/inc/functions.auth.inc.php:/mailcowauth/functions.auth.inc.php:z
        - ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
        - ./data/web/inc/functions.mailbox.inc.php:/mailcowauth/functions.mailbox.inc.php:z
        - ./data/web/inc/functions.ratelimit.inc.php:/mailcowauth/functions.ratelimit.inc.php:z
        - ./data/web/inc/functions.acl.inc.php:/mailcowauth/functions.acl.inc.php:z
        - rspamd-vol-1:/var/lib/rspamd
        - mysql-socket-vol-1:/var/run/mysqld/
        - ./data/conf/sogo/:/etc/sogo/:z
        - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
        - ./data/conf/phpfpm/crons:/crons:z
        - ./data/conf/phpfpm/sogo-sso/:/etc/sogo-sso/:z
        - ./data/conf/phpfpm/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf:Z
        - ./data/conf/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:Z
        - ./data/conf/phpfpm/php-conf.d/upload.ini:/usr/local/etc/php/conf.d/upload.ini:Z
        - ./data/conf/phpfpm/php-conf.d/other.ini:/usr/local/etc/php/conf.d/zzz-other.ini:Z
        - ./data/conf/dovecot/global_sieve_before:/global_sieve/before:z
        - ./data/conf/dovecot/global_sieve_after:/global_sieve/after:z
        - ./data/assets/templates:/tpls:z
        - ./data/conf/nginx/:/etc/nginx/conf.d/:z
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - REDISPASS=${REDISPASS}
        - LOG_LINES=${LOG_LINES:-9999}
        - TZ=${TZ}
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
        - IMAP_PORT=${IMAP_PORT:-143}
        - IMAPS_PORT=${IMAPS_PORT:-993}
        - POP_PORT=${POP_PORT:-110}
        - POPS_PORT=${POPS_PORT:-995}
        - SIEVE_PORT=${SIEVE_PORT:-4190}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
        - SUBMISSION_PORT=${SUBMISSION_PORT:-587}
        - SMTPS_PORT=${SMTPS_PORT:-465}
        - SMTP_PORT=${SMTP_PORT:-25}
        - API_KEY=${API_KEY:-invalid}
        - API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
        - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
        - SKIP_FTS=${SKIP_FTS:-y}
        - SKIP_CLAMD=${SKIP_CLAMD:-n}
        - SKIP_OLEFY=${SKIP_OLEFY:-n}
        - SKIP_SOGO=${SKIP_SOGO:-n}
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
        - MASTER=${MASTER:-y}
        - DEV_MODE=${DEV_MODE:-n}
        - DEMO_MODE=${DEMO_MODE:-n}
        - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
        - CLUSTERMODE=${CLUSTERMODE:-}
        - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
      restart: always
      labels:
        ofelia.enabled: "true"
        ofelia.job-exec.phpfpm_keycloak_sync.schedule: "@every 1m"
        ofelia.job-exec.phpfpm_keycloak_sync.no-overlap: "true"
        ofelia.job-exec.phpfpm_keycloak_sync.command: "/bin/bash -c \"php /crons/keycloak-sync.php || exit 0\""
        ofelia.job-exec.phpfpm_ldap_sync.schedule: "@every 1m"
        ofelia.job-exec.phpfpm_ldap_sync.no-overlap: "true"
        ofelia.job-exec.phpfpm_ldap_sync.command: "/bin/bash -c \"php /crons/ldap-sync.php || exit 0\""
      networks:
        mailcow-network:
          aliases:
            - phpfpm
    sogo-mailcow:
      image: ghcr.io/mailcow/sogo:1.133
      environment:
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - TZ=${TZ}
        - LOG_LINES=${LOG_LINES:-9999}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
        - ACL_ANYONE=${ACL_ANYONE:-disallow}
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - SOGO_EXPIRE_SESSION=${SOGO_EXPIRE_SESSION:-480}
        - SKIP_SOGO=${SKIP_SOGO:-n}
        - MASTER=${MASTER:-y}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - REDISPASS=${REDISPASS}
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      volumes:
        - ./data/hooks/sogo:/hooks:Z
        - ./data/conf/sogo/:/etc/sogo/:z
        - ./data/web/inc/init_db.inc.php:/init_db.inc.php:z
        - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
        - ./data/conf/sogo/custom-shortlogo.svg:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-compact.svg:z
        - ./data/conf/sogo/custom-fulllogo.svg:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg:z
        - ./data/conf/sogo/custom-fulllogo.png:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-logo.png:z
        - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
        - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
        - mysql-socket-vol-1:/var/run/mysqld/
        - sogo-web-vol-1:/sogo_web
        - sogo-userdata-backup-vol-1:/sogo_backup
      labels:
        ofelia.enabled: "true"
        ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
        ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool -v expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
        ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
        ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/cron.creds || exit 0\""
        ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
        ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/cron.creds || exit 0\""
        ofelia.job-exec.sogo_backup.schedule: "@every 24h"
        ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
      restart: always
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.248
          aliases:
            - sogo
    dovecot-mailcow:
      image: ghcr.io/mailcow/dovecot:2.33
      depends_on:
        - mysql-mailcow
        - netfilter-mailcow
        - redis-mailcow
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      cap_add:
        - NET_BIND_SERVICE
      volumes:
        - ./data/hooks/dovecot:/hooks:Z
        - ./data/conf/dovecot:/etc/dovecot:z
        - ./data/assets/ssl:/etc/ssl/mail/:ro,z
        - ./data/conf/sogo/:/etc/sogo/:z
        - ./data/conf/phpfpm/sogo-sso/:/etc/phpfpm/:z
        - vmail-vol-1:/var/vmail
        - vmail-index-vol-1:/var/vmail_index
        - crypt-vol-1:/mail_crypt/
        - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
        - ./data/assets/templates:/templates:z
        - rspamd-vol-1:/var/lib/rspamd
        - mysql-socket-vol-1:/var/run/mysqld/
      environment:
        - DOVECOT_MASTER_USER=${DOVECOT_MASTER_USER:-}
        - DOVECOT_MASTER_PASS=${DOVECOT_MASTER_PASS:-}
        - MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
        - DOVEADM_REPLICA_PORT=${DOVEADM_REPLICA_PORT:-}
        - LOG_LINES=${LOG_LINES:-9999}
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - TZ=${TZ}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
        - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
        - ACL_ANYONE=${ACL_ANYONE:-disallow}
        - SKIP_FTS=${SKIP_FTS:-y}
        - FTS_HEAP=${FTS_HEAP:-512}
        - FTS_PROCS=${FTS_PROCS:-3}
        - MAILDIR_SUB=${MAILDIR_SUB:-}
        - MASTER=${MASTER:-y}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - REDISPASS=${REDISPASS}
        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
      ports:
        - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
        - "${IMAP_PORT:-143}:143"
        - "${IMAPS_PORT:-993}:993"
        - "${POP_PORT:-110}:110"
        - "${POPS_PORT:-995}:995"
        - "${SIEVE_PORT:-4190}:4190"
      restart: always
      tty: true
      labels:
        ofelia.enabled: "true"
        ofelia.job-exec.dovecot_imapsync_runner.schedule: "@every 1m"
        ofelia.job-exec.dovecot_imapsync_runner.no-overlap: "true"
        ofelia.job-exec.dovecot_imapsync_runner.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu nobody /usr/local/bin/imapsync_runner.pl || exit 0\""
        ofelia.job-exec.dovecot_trim_logs.schedule: "@every 1m"
        ofelia.job-exec.dovecot_trim_logs.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/trim_logs.sh || exit 0\""
        ofelia.job-exec.dovecot_quarantine.schedule: "@every 20m"
        ofelia.job-exec.dovecot_quarantine.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/quarantine_notify.py || exit 0\""
        ofelia.job-exec.dovecot_clean_q_aged.schedule: "@every 24h"
        ofelia.job-exec.dovecot_clean_q_aged.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/clean_q_aged.sh || exit 0\""
        ofelia.job-exec.dovecot_maildir_gc.schedule: "@every 30m"
        ofelia.job-exec.dovecot_maildir_gc.command: "/bin/bash -c \"source /source_env.sh ; /usr/local/bin/gosu vmail /usr/local/bin/maildir_gc.sh\""
        ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
        ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
        ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
        ofelia.job-exec.dovecot_fts.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/optimize-fts.sh\""
        ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
        ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
      ulimits:
        nproc: 65535
        nofile:
          soft: 20000
          hard: 40000
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
          aliases:
            - dovecot
    postfix-mailcow:
      image: ghcr.io/mailcow/postfix:1.80
      depends_on:
        mysql-mailcow:
          condition: service_started
        unbound-mailcow:
          condition: service_healthy
      volumes:
        - ./data/hooks/postfix:/hooks:Z
        - ./data/conf/postfix:/opt/postfix/conf:z
        - ./data/assets/ssl:/etc/ssl/mail/:ro,z
        - postfix-vol-1:/var/spool/postfix
        - crypt-vol-1:/var/lib/zeyple
        - rspamd-vol-1:/var/lib/rspamd
        - mysql-socket-vol-1:/var/run/mysqld/
      environment:
        - LOG_LINES=${LOG_LINES:-9999}
        - TZ=${TZ}
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - REDISPASS=${REDISPASS}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
      cap_add:
        - NET_BIND_SERVICE
      ports:
        - "${SMTP_PORT:-25}:25"
        - "${SMTPS_PORT:-465}:465"
        - "${SUBMISSION_PORT:-587}:587"
      restart: always
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
          aliases:
            - postfix
    memcached-mailcow:
      image: memcached:alpine
      restart: always
      environment:
        - TZ=${TZ}
      networks:
        mailcow-network:
          aliases:
            - memcached
    nginx-mailcow:
      depends_on:
        - redis-mailcow
        - php-fpm-mailcow
        - sogo-mailcow
        - rspamd-mailcow
      image: ghcr.io/mailcow/nginx:1.03
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
        - HTTPS_PORT=${HTTPS_PORT:-8443}
        - HTTP_PORT=${HTTP_PORT:-8080}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
        - TZ=${TZ}
        - SKIP_SOGO=${SKIP_SOGO:-n}
        - SKIP_RSPAMD=${SKIP_RSPAMD:-n}
        - DISABLE_IPv6=${DISABLE_IPv6:-n}
        - HTTP_REDIRECT=${HTTP_REDIRECT:-n}
        - PHPFPMHOST=${PHPFPMHOST:-}
        - SOGOHOST=${SOGOHOST:-}
        - RSPAMDHOST=${RSPAMDHOST:-}
        - REDISHOST=${REDISHOST:-}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - NGINX_USE_PROXY_PROTOCOL=${NGINX_USE_PROXY_PROTOCOL:-n}
        - TRUSTED_PROXIES=${TRUSTED_PROXIES:-}
      volumes:
        - ./data/web:/web:ro,z
        - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
        - ./data/assets/ssl/:/etc/ssl/mail/:ro,z
        - ./data/conf/nginx/:/etc/nginx/conf.d/:z
        - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
        - ./data/conf/dovecot/auth/mailcowauth.php:/mailcowauth/mailcowauth.php:z
        - ./data/web/inc/functions.inc.php:/mailcowauth/functions.inc.php:z
        - ./data/web/inc/functions.auth.inc.php:/mailcowauth/functions.auth.inc.php:z
        - ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
        - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
      ports:
        - "${HTTPS_BIND:-}:${HTTPS_PORT:-8443}:${HTTPS_PORT:-8443}"
        - "${HTTP_BIND:-}:${HTTP_PORT:-8080}:${HTTP_PORT:-8080}"
      restart: always
      networks:
        mailcow-network:
          aliases:
            - nginx
        mail_network: {}
    acme-mailcow:
      depends_on:
        nginx-mailcow:
          condition: service_started
        unbound-mailcow:
          condition: service_healthy
      image: ghcr.io/mailcow/acme:1.92
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
        - LOG_LINES=${LOG_LINES:-9999}
        - ACME_CONTACT=${ACME_CONTACT:-}
        - ADDITIONAL_SAN=${ADDITIONAL_SAN}
        - AUTODISCOVER_SAN=${AUTODISCOVER_SAN:-y}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
        - DIRECTORY_URL=${DIRECTORY_URL:-}
        - ENABLE_SSL_SNI=${ENABLE_SSL_SNI:-n}
        - SKIP_IP_CHECK=${SKIP_IP_CHECK:-n}
        - SKIP_HTTP_VERIFICATION=${SKIP_HTTP_VERIFICATION:-n}
        - ONLY_MAILCOW_HOSTNAME=${ONLY_MAILCOW_HOSTNAME:-n}
        - LE_STAGING=${LE_STAGING:-n}
        - TZ=${TZ}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - REDISPASS=${REDISPASS}
        - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
        - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
      volumes:
        - ./data/web/.well-known/acme-challenge:/var/www/acme:z
        - ./data/assets/ssl:/var/lib/acme/:z
        - ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
        - mysql-socket-vol-1:/var/run/mysqld/
      restart: always
      networks:
        mailcow-network:
          aliases:
            - acme
    netfilter-mailcow:
      image: ghcr.io/mailcow/netfilter:1.61
      stop_grace_period: 30s
      restart: always
      privileged: true
      environment:
        - TZ=${TZ}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
        - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
        - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - REDISPASS=${REDISPASS}
        - MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
        - DISABLE_NETFILTER_ISOLATION_RULE=${DISABLE_NETFILTER_ISOLATION_RULE:-n}
      network_mode: "host"
      volumes:
        - /lib/modules:/lib/modules:ro
    watchdog-mailcow:
      image: ghcr.io/mailcow/watchdog:2.08
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      tmpfs:
        - /tmp
      volumes:
        - rspamd-vol-1:/var/lib/rspamd
        - mysql-socket-vol-1:/var/run/mysqld/
        - postfix-vol-1:/var/spool/postfix
        - ./data/assets/ssl:/etc/ssl/mail/:ro,z
      restart: always
      depends_on:
        - postfix-mailcow
        - dovecot-mailcow
        - mysql-mailcow
        - acme-mailcow
        - redis-mailcow
      environment:
        - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
        - LOG_LINES=${LOG_LINES:-9999}
        - TZ=${TZ}
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - DBROOT=${DBROOT}
        - USE_WATCHDOG=${USE_WATCHDOG:-n}
        - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL:-}
        - WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
        - WATCHDOG_NOTIFY_START=${WATCHDOG_NOTIFY_START:-y}
        - WATCHDOG_SUBJECT=${WATCHDOG_SUBJECT:-Watchdog ALERT}
        - WATCHDOG_NOTIFY_WEBHOOK=${WATCHDOG_NOTIFY_WEBHOOK:-}
        - WATCHDOG_NOTIFY_WEBHOOK_BODY=${WATCHDOG_NOTIFY_WEBHOOK_BODY:-}
        - WATCHDOG_EXTERNAL_CHECKS=${WATCHDOG_EXTERNAL_CHECKS:-n}
        - WATCHDOG_MYSQL_REPLICATION_CHECKS=${WATCHDOG_MYSQL_REPLICATION_CHECKS:-n}
        - WATCHDOG_VERBOSE=${WATCHDOG_VERBOSE:-n}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0}
        - CHECK_UNBOUND=${CHECK_UNBOUND:-1}
        - SKIP_CLAMD=${SKIP_CLAMD:-n}
        - SKIP_OLEFY=${SKIP_OLEFY:-n}
        - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
        - SKIP_SOGO=${SKIP_SOGO:-n}
        - HTTPS_PORT=${HTTPS_PORT:-8443}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - REDISPASS=${REDISPASS}
        - EXTERNAL_CHECKS_THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD:-1}
        - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
        - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
        - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
        - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
        - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
        - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
        - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
        - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
        - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
        - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
        - PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5}
        - RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
        - FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
        - ACME_THRESHOLD=${ACME_THRESHOLD:-1}
        - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
        - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
        - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
        - MAILQ_CRIT=${MAILQ_CRIT:-30}
      networks:
        mailcow-network:
          aliases:
            - watchdog
    dockerapi-mailcow:
      image: ghcr.io/mailcow/dockerapi:2.11
      security_opt:
        - label=disable
      restart: always
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
        - DBROOT=${DBROOT}
        - TZ=${TZ}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - REDISPASS=${REDISPASS}
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
      networks:
        mailcow-network:
          aliases:
            - dockerapi
    olefy-mailcow:
      image: ghcr.io/mailcow/olefy:1.15
      restart: always
      environment:
        - TZ=${TZ}
        - OLEFY_BINDADDRESS=0.0.0.0
        - OLEFY_BINDPORT=10055
        - OLEFY_TMPDIR=/tmp
        - OLEFY_PYTHON_PATH=/usr/bin/python3
        - OLEFY_OLEVBA_PATH=/usr/bin/olevba
        - OLEFY_LOGLVL=20
        - OLEFY_MINLENGTH=500
        - OLEFY_DEL_TMP=1
        - SKIP_OLEFY=${SKIP_OLEFY:-n}
      networks:
        mailcow-network:
          aliases:
            - olefy
    ofelia-mailcow:
      image: mcuadros/ofelia:latest
      restart: always
      command: daemon --docker -f label=com.docker.compose.project=${COMPOSE_PROJECT_NAME}
      environment:
        - TZ=${TZ}
        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME}
      depends_on:
        - sogo-mailcow
        - dovecot-mailcow
      labels:
        ofelia.enabled: "true"
      security_opt:
        - label=disable
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
      networks:
        mailcow-network:
          aliases:
            - ofelia
    ipv6nat-mailcow:
      depends_on:
        - unbound-mailcow
        - mysql-mailcow
        - redis-mailcow
        - clamd-mailcow
        - rspamd-mailcow
        - php-fpm-mailcow
        - sogo-mailcow
        - dovecot-mailcow
        - postfix-mailcow
        - memcached-mailcow
        - nginx-mailcow
        - acme-mailcow
        - netfilter-mailcow
        - watchdog-mailcow
        - dockerapi-mailcow
      environment:
        - TZ=${TZ}
      image: robbertkl/ipv6nat
      security_opt:
        - label=disable
      restart: always
      privileged: true
      network_mode: "host"
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - /lib/modules:/lib/modules:ro
 networks:
  mailcow-network:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: br-mailcow
    enable_ipv6: true
    ipam:
      driver: default
      config:
        - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
        - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
  mail_network:
    external: true
 volumes:
  vmail-vol-1:
  vmail-index-vol-1:
  mysql-vol-1:
  mysql-socket-vol-1:
  redis-vol-1:
  rspamd-vol-1:
  postfix-vol-1:
  crypt-vol-1:
  sogo-web-vol-1:
  sogo-userdata-backup-vol-1:
  clamd-db-vol-1:
--- a/mailcow-configs/mailcow.conf
+++ b/mailcow-configs/mailcow.conf
@@ -0,0 +1,300 @@
 # ------------------------------
 # mailcow web ui configuration
 # ------------------------------
 # example.org is _not_ a valid hostname, use a fqdn here.
 # Default admin user is "admin"
 # Default password is "moohoo"
 MAILCOW_HOSTNAME=mail.andreasknuth.de
 # Password hash algorithm
 # Only certain password hash algorithm are supported. For a fully list of supported schemes,
 # see https://docs.mailcow.email/models/model-passwd/
 MAILCOW_PASS_SCHEME=BLF-CRYPT
 # ------------------------------
 # SQL database configuration
 # ------------------------------
 DBNAME=mailcow
 DBUSER=mailcow
 # Please use long, random alphanumeric strings (A-Za-z0-9)
 DBPASS=KGekNNga7WLZvNwr2eAYiMhU7aUG
 DBROOT=gSeRDgCUmndjb38kpEf919naoklx
 # ------------------------------
 # REDIS configuration
 # ------------------------------
 REDISPASS=LsamNIsi3taCxMgOva0iVfcXOV5O
 # ------------------------------
 # HTTP/S Bindings
 # ------------------------------
 # You should use HTTPS, but in case of SSL offloaded reverse proxies:
 # Might be important: This will also change the binding within the container.
 # If you use a proxy within Docker, point it to the ports you set below.
 # Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
 # IMPORTANT: Do not use port 8081, 9081, 9082 or 65510!
 # Example: HTTP_BIND=1.2.3.4
 # For IPv4 leave it as it is: HTTP_BIND= & HTTPS_PORT=
 # For IPv6 see https://docs.mailcow.email/post_installation/firststeps-ip_bindings/
 HTTP_PORT=80
 HTTP_BIND=127.0.0.1
 HTTPS_PORT=8443
 HTTPS_BIND=127.0.0.1
 # Redirect HTTP connections to HTTPS - y/n
 HTTP_REDIRECT=n
 # ------------------------------
 # Other bindings
 # ------------------------------
 # You should leave that alone
 # Format: 11.22.33.44:25 or 12.34.56.78:465 etc.
 SMTP_PORT=25
 SMTPS_PORT=465
 SUBMISSION_PORT=587
 IMAP_PORT=143
 IMAPS_PORT=993
 POP_PORT=110
 POPS_PORT=995
 SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
 SQL_PORT=127.0.0.1:13306
 REDIS_PORT=127.0.0.1:7654
 # Your timezone
 # See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
 # Use the column named 'TZ identifier' + pay attention for the column named 'Notes'
 TZ=America/Chicago
 # Fixed project name
 # Please use lowercase letters only
 COMPOSE_PROJECT_NAME=mailcowdockerized
 # Used Docker Compose version
 # Switch here between native (compose plugin) and standalone
 # For more informations take a look at the mailcow docs regarding the configuration options.
 # Normally this should be untouched but if you decided to use either of those you can switch it manually here.
 # Please be aware that at least one of those variants should be installed on your machine or mailcow will fail.
 DOCKER_COMPOSE_VERSION=native
 # Set this to "allow" to enable the anyone pseudo user. Disabled by default.
 # When enabled, ACL can be created, that apply to "All authenticated users"
 # This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
 # Otherwise a user might share data with too many other users.
 ACL_ANYONE=disallow
 # Garbage collector cleanup
 # Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
 # How long should objects remain in the garbage until they are being deleted? (value in minutes)
 # Check interval is hourly
 MAILDIR_GC_TIME=7200
 # Additional SAN for the certificate
 #
 # You can use wildcard records to create specific names for every domain you add to mailcow.
 # Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
 #ADDITIONAL_SAN=imap.*,smtp.*
 # This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "smtp.example.net"
 # plus every domain you add in the future.
 #
 # You can also just add static names...
 #ADDITIONAL_SAN=srv1.example.net
 # ...or combine wildcard and static names:
 #ADDITIONAL_SAN=imap.*,srv1.example.com
 #
 ADDITIONAL_SAN=
 # Obtain certificates for autodiscover.* and autoconfig.* domains.
 # This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.
 # There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs
 # between services. So acme-mailcow obtains for maildomains and all web-things get handled
 # in the reverse proxy.
 AUTODISCOVER_SAN=y
 # Additional server names for mailcow UI
 #
 # Specify alternative addresses for the mailcow UI to respond to
 # This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.
 # If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.
 # You can understand this as server_name directive in Nginx.
 # Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f
 ADDITIONAL_SERVER_NAMES=autoconfig.mail.andreasknuth.de autodiscover.mail.andreasknuth.de
 # Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
 SKIP_LETS_ENCRYPT=y
 # Create seperate certificates for all domains - y/n
 # this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
 # see https://doc.dovecot.org/admin_manual/ssl/sni_support
 ENABLE_SSL_SNI=n
 # Skip IPv4 check in ACME container - y/n
 SKIP_IP_CHECK=n
 # Skip HTTP verification in ACME container - y/n
 SKIP_HTTP_VERIFICATION=n
 # Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n
 SKIP_UNBOUND_HEALTHCHECK=n
 # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
 SKIP_CLAMD=n
 # Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n
 SKIP_OLEFY=n
 # Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n
 SKIP_SOGO=n
 # Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.
 # Dovecot inside mailcow use Flatcurve as FTS Backend.
 SKIP_FTS=n
 # Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.
 # Flatcurve (Xapian backend) is used as the FTS Indexer. It is supposed to be efficient in CPU and RAM consumption.
 # However: Please always monitor your Resource consumption!
 FTS_HEAP=128
 # Controls how many processes the Dovecot indexing process can spawn at max.
 # Too many indexing processes can use a lot of CPU and Disk I/O.
 # Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations
 FTS_PROCS=1
 # Allow admins to log into SOGo as email user (without any password)
 ALLOW_ADMIN_EMAIL_LOGIN=n
 # Enable watchdog (watchdog-mailcow) to restart unhealthy containers
 USE_WATCHDOG=y
 # Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
 # CAUTION:
 # 1. You should use external recipients
 # 2. Mails are sent unsigned (no DKIM)
 # 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
 # Multiple rcpts allowed, NO quotation marks, NO spaces
 #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
 #WATCHDOG_NOTIFY_EMAIL=
 # Send notifications to a webhook URL that receives a POST request with the content type "application/json".
 # You can use this to send notifications to services like Discord, Slack and others.
 #WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 # JSON body included in the webhook POST request. Needs to be in single quotes.
 # Following variables are available: SUBJECT, BODY
 #WATCHDOG_NOTIFY_WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "****\n"}'
 # Notify about banned IP (includes whois lookup)
 WATCHDOG_NOTIFY_BAN=n
 # Send a notification when the watchdog is started.
 WATCHDOG_NOTIFY_START=y
 # Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.
 #WATCHDOG_SUBJECT=
 # Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
 # https://www.servercow.de/mailcow?lang=en
 # https://www.servercow.de/mailcow?lang=de
 # No data is collected. Opt-in and anonymous.
 # Will only work with unmodified mailcow setups.
 WATCHDOG_EXTERNAL_CHECKS=n
 # Enable watchdog verbose logging
 WATCHDOG_VERBOSE=n
 # Max log lines per service to keep in Redis logs
 LOG_LINES=9999
 # Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
 # Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses
 IPV4_NETWORK=172.22.1
 # Internal IPv6 subnet in fc00::/7
 # Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses
 IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
 # Use this IPv4 for outgoing connections (SNAT)
 #SNAT_TO_SOURCE=
 # Use this IPv6 for outgoing connections (SNAT)
 #SNAT6_TO_SOURCE=
 # Create or override an API key for the web UI
 # You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
 # An API key defined as API_KEY has read-write access
 # An API key defined as API_KEY_READ_ONLY has read-only access
 # Allowed chars for API_KEY and API_KEY_READ_ONLY: a-z, A-Z, 0-9, -
 # You can define API_KEY and/or API_KEY_READ_ONLY
 #API_KEY=
 #API_KEY_READ_ONLY=
 #API_ALLOW_FROM=172.22.1.1,127.0.0.1
 # mail_home is ~/Maildir
 MAILDIR_SUB=Maildir
 # SOGo session timeout in minutes
 SOGO_EXPIRE_SESSION=480
 # DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars.
 # Empty by default to auto-generate master user and password on start.
 # User expands to DOVECOT_MASTER_USER@mailcow.local
 # LEAVE EMPTY IF UNSURE
 DOVECOT_MASTER_USER=
 # LEAVE EMPTY IF UNSURE
 DOVECOT_MASTER_PASS=
 # Let's Encrypt registration contact information
 # Optional: Leave empty for none
 # This value is only used on first order!
 # Setting it at a later point will require the following steps:
 # https://docs.mailcow.email/troubleshooting/debug-reset_tls/
 ACME_CONTACT=
 # WebAuthn device manufacturer verification
 # After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
 # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
 WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 # Spamhaus Data Query Service Key
 # Optional: Leave empty for none
 # Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.
 # If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.
 # Otherwise it will work normally.
 SPAMHAUS_DQS_KEY=
 # Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n
 # CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost
 DISABLE_NETFILTER_ISOLATION_RULE=n
--- a/ses-lambda-new-python/lambda_function.py
+++ b/ses-lambda-new-python/lambda_function.py
@@ -0,0 +1,387 @@
 import os
 import boto3
 import json
 import time
 from email.parser import BytesParser
 from email.policy import SMTP as SMTPPolicy
 s3 = boto3.client('s3')
 sqs = boto3.client('sqs', region_name='us-east-2')
 # AWS Region
 AWS_REGION = 'us-east-2'
 # Metadata Keys
 PROCESSED_KEY = 'processed'
 PROCESSED_VALUE = 'true'
 def domain_to_bucket(domain: str) -> str:
    """Konvertiert Domain zu S3 Bucket Namen"""
    domain = domain.lower()
    return domain.replace('.', '-') + '-emails'
 def domain_to_queue_name(domain: str) -> str:
    """Konvertiert Domain zu SQS Queue Namen"""
    domain = domain.lower()
    return domain.replace('.', '-') + '-queue'
 def get_queue_url_for_domain(domain: str) -> str:
    """Ermittelt SQS Queue URL für Domain"""
    queue_name = domain_to_queue_name(domain)
    try:
        response = sqs.get_queue_url(QueueName=queue_name)
        queue_url = response['QueueUrl']
        print(f"✓ Found queue: {queue_name}")
        return queue_url
    except sqs.exceptions.QueueDoesNotExist:
        raise Exception(
            f"Queue does not exist: {queue_name} "
            f"(for domain: {domain.lower()})"
        )
    except Exception as e:
        raise Exception(f"Error getting queue URL for {domain.lower()}: {e}")
 def is_already_processed(bucket: str, key: str) -> bool:
    """Prüft ob E-Mail bereits verarbeitet wurde"""
    try:
        head = s3.head_object(Bucket=bucket, Key=key)
        metadata = head.get('Metadata', {}) or {}
        if metadata.get(PROCESSED_KEY) == PROCESSED_VALUE:
            processed_at = metadata.get('processed_at', 'unknown')
            print(f"✓ Already processed at {processed_at}")
            return True
        return False
    except s3.exceptions.NoSuchKey:
        print(f"⚠ Object {key} not found in {bucket}")
        return True
    except Exception as e:
        print(f"⚠ Error checking processed status: {e}")
        return False
 def set_processing_lock(bucket: str, key: str) -> bool:
    """
    Setzt Processing Lock um Duplicate Processing zu verhindern
    Returns: True wenn Lock erfolgreich gesetzt, False wenn bereits locked
    """
    try:
        head = s3.head_object(Bucket=bucket, Key=key)
        metadata = head.get('Metadata', {}) or {}
        # Prüfe auf existierenden Lock
        processing_started = metadata.get('processing_started')
        if processing_started:
            lock_age = time.time() - float(processing_started)
            if lock_age < 300:  # 5 Minuten Lock
                print(f"⚠ Processing lock active (age: {lock_age:.0f}s)")
                return False
            else:
                print(f"⚠ Stale lock detected ({lock_age:.0f}s old), overriding")
        # Setze neuen Lock
        new_meta = metadata.copy()
        new_meta['processing_started'] = str(int(time.time()))
        s3.copy_object(
            Bucket=bucket,
            Key=key,
            CopySource={'Bucket': bucket, 'Key': key},
            Metadata=new_meta,
            MetadataDirective='REPLACE'
        )
        print(f"✓ Processing lock set")
        return True
    except Exception as e:
        print(f"⚠ Error setting processing lock: {e}")
        return True
 def mark_as_queued(bucket: str, key: str, queue_name: str):
    """Markiert E-Mail als in Queue eingereiht"""
    try:
        head = s3.head_object(Bucket=bucket, Key=key)
        metadata = head.get('Metadata', {}) or {}
        metadata['queued_at'] = str(int(time.time()))
        metadata['queued_to'] = queue_name
        metadata['status'] = 'queued'
        metadata.pop('processing_started', None)
        s3.copy_object(
            Bucket=bucket,
            Key=key,
            CopySource={'Bucket': bucket, 'Key': key},
            Metadata=metadata,
            MetadataDirective='REPLACE'
        )
        print(f"✓ Marked as queued to {queue_name}")
    except Exception as e:
        print(f"⚠ Failed to mark as queued: {e}")
 def send_to_queue(queue_url: str, bucket: str, key: str, 
                  from_addr: str, recipients: list, domain: str, 
                  subject: str, message_id: str):
    """
    Sendet E-Mail-Job in domain-spezifische SQS Queue
    EINE Message mit ALLEN Recipients für diese Domain
    """
    queue_name = queue_url.split('/')[-1]
    message = {
        'bucket': bucket,
        'key': key,
        'from': from_addr,
        'recipients': recipients,  # Liste aller Empfänger
        'domain': domain,
        'subject': subject,
        'message_id': message_id,
        'timestamp': int(time.time())
    }
    try:
        response = sqs.send_message(
            QueueUrl=queue_url,
            MessageBody=json.dumps(message, ensure_ascii=False),
            MessageAttributes={
                'domain': {
                    'StringValue': domain,
                    'DataType': 'String'
                },
                'bucket': {
                    'StringValue': bucket,
                    'DataType': 'String'
                },
                'recipient_count': {
                    'StringValue': str(len(recipients)),
                    'DataType': 'Number'
                },
                'message_id': {
                    'StringValue': message_id,
                    'DataType': 'String'
                }
            }
        )
        sqs_message_id = response['MessageId']
        print(f"✓ Queued to {queue_name}: SQS MessageId={sqs_message_id}")
        print(f"  Recipients: {len(recipients)} - {', '.join(recipients)}")
        # Als queued markieren
        mark_as_queued(bucket, key, queue_name)
        return sqs_message_id
    except Exception as e:
        print(f"✗ Failed to queue message: {e}")
        raise
 def lambda_handler(event, context):
    """
    Lambda Handler für SES Events
    Eine Domain pro Event = eine Queue Message mit allen Recipients
    """
    print(f"{'='*70}")
    print(f"Lambda invoked: {context.aws_request_id}")
    print(f"Region: {AWS_REGION}")
    print(f"{'='*70}")
    # SES Event parsen
    try:
        record = event['Records'][0]
        ses = record['ses']
    except (KeyError, IndexError) as e:
        print(f"✗ Invalid event structure: {e}")
        return {
            'statusCode': 400,
            'body': json.dumps({'error': 'Invalid SES event'})
        }
    mail = ses['mail']
    receipt = ses['receipt']
    message_id = mail['messageId']
    source = mail['source']
    timestamp = mail.get('timestamp', '')
    recipients = receipt.get('recipients', [])
    # FRÜHES LOGGING: S3 Key und Recipients
    print(f"\n🔑 S3 Key: {message_id}")
    print(f"👥 Recipients ({len(recipients)}): {', '.join(recipients)}")
    if not recipients:
        print(f"✗ No recipients found in event")
        return {
            'statusCode': 400,
            'body': json.dumps({
                'error': 'No recipients in event',
                'message_id': message_id
            })
        }
    # Domain extrahieren (alle Recipients haben gleiche Domain!)
    domain = recipients[0].split('@')[1].lower()
    bucket = domain_to_bucket(domain)
    print(f"\n📧 Email Event:")
    print(f"  MessageId: {message_id}")
    print(f"  From: {source}")
    print(f"  Domain: {domain}")
    print(f"  Bucket: {bucket}")
    print(f"  Timestamp: {timestamp}")
    print(f"  Recipients: {len(recipients)}")
    # Queue für Domain ermitteln
    try:
        queue_url = get_queue_url_for_domain(domain)
        queue_name = queue_url.split('/')[-1]
        print(f"  Queue: {queue_name}")
    except Exception as e:
        print(f"\n✗ ERROR: {e}")
        return {
            'statusCode': 500,
            'body': json.dumps({
                'error': 'queue_not_configured',
                'domain': domain,
                'recipients': recipients,
                'message': str(e)
            })
        }
    # S3 Object finden
    try:
        print(f"\n📦 Searching S3...")
        response = s3.list_objects_v2(
            Bucket=bucket,
            Prefix=message_id,
            MaxKeys=1
        )
        if 'Contents' not in response or not response['Contents']:
            raise Exception(f"No S3 object found for message {message_id}")
        key = response['Contents'][0]['Key']
        size = response['Contents'][0]['Size']
        print(f"  Found: s3://{bucket}/{key}")
        print(f"  Size: {size:,} bytes ({size/1024:.1f} KB)")
    except Exception as e:
        print(f"\n✗ S3 ERROR: {e}")
        return {
            'statusCode': 404,
            'body': json.dumps({
                'error': 's3_object_not_found',
                'message_id': message_id,
                'bucket': bucket,
                'details': str(e)
            })
        }
    # Duplicate Check
    print(f"\n🔍 Checking for duplicates...")
    if is_already_processed(bucket, key):
        print(f"  Already processed, skipping")
        return {
            'statusCode': 200,
            'body': json.dumps({
                'status': 'already_processed',
                'message_id': message_id,
                'recipients': recipients
            })
        }
    # Processing Lock setzen
    print(f"\n🔒 Setting processing lock...")
    if not set_processing_lock(bucket, key):
        print(f"  Already being processed by another instance")
        return {
            'statusCode': 200,
            'body': json.dumps({
                'status': 'already_processing',
                'message_id': message_id,
                'recipients': recipients
            })
        }
    # E-Mail laden um Subject zu extrahieren
    subject = '(unknown)'
    try:
        print(f"\n📖 Reading email for metadata...")
        obj = s3.get_object(Bucket=bucket, Key=key)
        raw_bytes = obj['Body'].read()
        # Nur Headers parsen (schneller)
        parsed = BytesParser(policy=SMTPPolicy).parsebytes(raw_bytes)
        subject = parsed.get('subject', '(no subject)')
        print(f"  Subject: {subject}")
    except Exception as e:
        print(f"  ⚠ Could not parse email (continuing): {e}")
    # In Queue einreihen (EINE Message mit ALLEN Recipients)
    try:
        print(f"\n📤 Queuing to {queue_name}...")
        sqs_message_id = send_to_queue(
            queue_url=queue_url,
            bucket=bucket,
            key=key,
            from_addr=source,
            recipients=recipients,  # ALLE Recipients
            domain=domain,
            subject=subject,
            message_id=message_id
        )
        print(f"\n{'='*70}")
        print(f"✅ SUCCESS - Email queued for delivery")
        print(f"{'='*70}\n")
        return {
            'statusCode': 200,
            'body': json.dumps({
                'status': 'queued',
                'message_id': message_id,
                'sqs_message_id': sqs_message_id,
                'queue': queue_name,
                'domain': domain,
                'recipients': recipients,
                'recipient_count': len(recipients),
                'subject': subject
            })
        }
    except Exception as e:
        print(f"\n{'='*70}")
        print(f"✗ FAILED TO QUEUE")
        print(f"{'='*70}")
        print(f"Error: {e}")
        return {
            'statusCode': 500,
            'body': json.dumps({
                'error': 'failed_to_queue',
                'message': str(e),
                'message_id': message_id,
                'recipients': recipients
            })
        }
--- a/ses-lambda-nodejs/email2json.js
+++ b/ses-lambda-nodejs/email2json.js
@@ -0,0 +1,44 @@
 'use strict';
 if (process.argv.length < 3) {
    process.stdout.write('USAGE: nodejs emailtojson.js filename');
    process.stdout.write('Example: nodejs emailtojson.js emailfile.eml');
    return;
 }
 const fs = require('fs');
 const { MailParser } = require("mailparser");
 const mailpath = process.argv[2];
 let parser = new MailParser();
 let input = fs.createReadStream(mailpath);
 let mailobj = {
    attachments: [],
    text: {}
 };
 parser.on('headers', headers => {
    let headerObj = {};
    for (let [k, v] of headers) {
        // We don’t escape the key '__proto__'
        // which can cause problems on older engines
        headerObj[k] = v;
    }
    mailobj.headers = headerObj;
 });
 parser.on('data', data => {
    if (data.type === 'attachment') {
        mailobj.attachments.push(data);
        data.content.on('readable', () => data.content.read());
        data.content.on('end', () => data.release());
    } else {
        mailobj.text = data;
    }
 });
 parser.on('end', () => {
    process.stdout.write(JSON.stringify(mailobj, (k, v) => (k === 'content' || k === 'release' ? undefined : v), 3));
 });
 input.pipe(parser);
--- a/ses-lambda-nodejs/email2json1.js
+++ b/ses-lambda-nodejs/email2json1.js
@@ -0,0 +1,30 @@
 // simple-emailtojson.mjs
 import fs from 'fs/promises';
 import { simpleParser } from 'mailparser';
 if (process.argv.length < 3) {
  console.error('USAGE: node simple-emailtojson.mjs <emailfile.eml>');
  process.exit(1);
 }
 const mailpath = process.argv[2];
 (async () => {
  const emlBuffer = await fs.readFile(mailpath);
  const mail      = await simpleParser(emlBuffer);
  // Optional: entferne Buffers, die du nicht serialisieren willst
  if (mail.attachments) {
    mail.attachments = mail.attachments.map(att => ({
      filename: att.filename,
      contentType: att.contentType,
      size: att.size,
      // evtl. att.content.toString('base64') oder weglassen
    }));
  }
  console.log(JSON.stringify(mail, null, 2));
 })().catch(err => {
  console.error('Fehler beim Parsen:', err);
  process.exit(1);
 });
--- a/ses-lambda-nodejs/eml/1.eml
+++ b/ses-lambda-nodejs/eml/1.eml
@@ -0,0 +1,68 @@
 Return-Path: <andreas.knuth@gmail.com>
 Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com [209.85.167.54])
 by inbound-smtp.us-east-2.amazonaws.com with SMTP id tl8bodt75rl99agvurj9pt06aaphgs5pj3l7ci01
 for test@bizmatch.net;
 Mon, 07 Jul 2025 22:29:30 +0000 (UTC)
 X-SES-Spam-Verdict: PASS
 X-SES-Virus-Verdict: PASS
 Received-SPF: pass (spfCheck: domain of _spf.google.com designates 209.85.167.54 as permitted sender) client-ip=209.85.167.54; envelope-from=andreas.knuth@gmail.com; helo=mail-lf1-f54.google.com;
 Authentication-Results: amazonses.com;
 spf=pass (spfCheck: domain of _spf.google.com designates 209.85.167.54 as permitted sender) client-ip=209.85.167.54; envelope-from=andreas.knuth@gmail.com; helo=mail-lf1-f54.google.com;
 dkim=pass header.i=@gmail.com;
 dmarc=pass header.from=gmail.com;
 X-SES-RECEIPT: AEFBQUFBQUFBQUFHZ2VxMTdrTDl5UCtYZjRQUHNhL3YwRWo4YXNNbEVYdGdqUTducmt1L25UY0pMNFNqMitXQWZCbnVsYW1seVdseFQzT1lZT2VUVEtCUWl0b2VDVk94SU5xN3p1K1R3d2lOT0hkb2ZIclEvS0JqNVdtRzAvNnJtejlsOE42dTU3ZTV5K2NIQ0lvOEJtQ0hBSkhrZ2JURHJjWXpVYU5EOEZnMnc0SU8xeS9TUVR6OXZxdmt4WVdCMzNuaUJ2TE9xRzN1WHdZM3VFdUcwYzBrZm9OV3BFMEwrZURnb25PY2h2dVExRXV1Q0ZCSzhIeGRsSTZFdXZwUUVzQ2JQUFVzUjFvZnI0U2g4aXBFZDQxQVNFanJLYXdNS2crKzZPanJySHJWckdXQ21hZ2NOQWc9PQ==
 X-SES-DKIM-SIGNATURE: a=rsa-sha256; q=dns/txt; b=A7ZG4osvHSz8Grirn5FNbtnZtZoxA4SwzM4NX2SD3xlmdGZ9gEs7o5QAaexpqFo+tVHGze6kCXShR/m5e+Ccoelv+pYGuQsM0UQukPH567mOTd6DBsUnwgGoWyzkR4LyBMSGKX50m3plpMr7OsfydgTtSgmNqx6TaW2uTqAmHG4=; c=relaxed/simple; s=ndjes4mrtuzus6qxu3frw3ubo3gpjndv; d=amazonses.com; t=1751927370; v=1; bh=kl0ZVgKAgL2tPEaQmtmEdFkMF0Wkh08RlXtja41/naQ=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT;
 Received: by mail-lf1-f54.google.com with SMTP id 2adb3069b0e04-553aba2f99eso547669e87.3
        for <test@bizmatch.net>; Mon, 07 Jul 2025 15:29:29 -0700 (PDT)
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1751927368; x=1752532168; darn=bizmatch.net;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=kl0ZVgKAgL2tPEaQmtmEdFkMF0Wkh08RlXtja41/naQ=;
        b=Dv7XQW93T4nV5kY0HB5qVq0H1iB0cYfdQMzSGyu+chsPKK5N+8INipWr1bulAYA4OM
         UKP7EiY4j3zzrxVLFMjboztDfI4PG2oAYSdxIah+jTdgpliVhIeGqvM87SH4pfSVPnOB
         JygDwwhB25s9wfwM7XDQ+uaAg/Fdwc6kgXf1d2k28gdnV9cuhToWMBAdCZG+0pic969P
         HEJlLY+KJBVIvzl8JcVZ6ReT8FeQWGwKfzdrpG8PXyYO8MH4FtAmfji4Av4PO/Q2Ky/u
         3Razz1QTf8R7dHCndAdXCa5INrMaCQOvXRWMMc22sIfMTtM0RKieL7jfp+T4kzcWd8bp
         F3BA==
 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1751927368; x=1752532168;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=kl0ZVgKAgL2tPEaQmtmEdFkMF0Wkh08RlXtja41/naQ=;
        b=wDGrMTBQxC0PHTqXvyy2DVWa4au/7y1hd7NkSgRoVX/vVKp1ArewmkY1xWPEG4qp6S
         X6B9q/qimOqNHs/me0gke2XOeVfgT0Pw+NMSJMf7mCGLZ2+y6sxRttgrh4u2FTxeY0K1
         RKYdwG7rUcqBYoyU/1h6nJYrotuCs7VYBmWbglChhTJoysmFdnR7eAsD2GnxVM1CDZbI
         XdVsK/+vOhUHw8uyVB8sILrEtpM4+ETz0BnIveqyldnfXTKj1v1gnXUNi2XgaK+K126b
         DsXGAP4SwLXUeCHnwGvEfpqTvdVhhOalwR0uCNFWMSOIOuxJbm6hPdU82oz1G6yEUip1
         pSyw==
 X-Gm-Message-State: AOJu0YwHBQTUiVzyF4Z+W9Nn+X1DjRnb+ExbYEHAl2nHyJxuSHCcO+92
 	BQdv1ZRanXsQ1Lb4d3pzXr5AoeyNsoAyT3H9Xnu0bZO+zSNpvJ44dQY0WwJc1RKk3WFm8C2xxjl
 	FNPLCFUIKOYoBKSue/IhK5RuJEorabq6yCy11zJUvVQ==
 X-Gm-Gg: ASbGnctmha0Sl+6s3+7aqdJp4XfRfVYWw1ijYcCHalIyyYoLNA/scbpX0Eqz6/xkLKz
 	Zk8kZ1s2cvvs0Li8JDtKWndBEfOlH2vObiTf1nOjfUXArElHNcXTLauyTSsQhhnX98yufY/FlMM
 	gBVMpCLdinwI7W73wct+qp6JNzoPTJjMqxxr460ujtFDG0M5f6/edKdGc=
 X-Google-Smtp-Source: AGHT+IGKQO5agz3saT3mvRcQjADlp5mR3Ss7bUoX6CzSwr9FNqw5AekIbPUiMQx0QQJz5SZAtSywG7pqy3jzwJU7gFI=
 X-Received: by 2002:a05:6512:e90:b0:553:29cc:c47a with SMTP id
 2adb3069b0e04-556e76ea8b6mr1397840e87.6.1751927367907; Mon, 07 Jul 2025
 15:29:27 -0700 (PDT)
 MIME-Version: 1.0
 From: Andreas Knuth <andreas.knuth@gmail.com>
 Date: Mon, 7 Jul 2025 17:29:22 -0500
 X-Gm-Features: Ac12FXylATeuoXeS0LgUwAAC4rygTYy_KTtNVnLhQ8Pv-KiTkX5e5F1AlsvpAY8
 Message-ID: <CADfCGtb_G+9W11EgfeQhp+V5vb1_gkeq9ZsfqgvsxC9hMNEfJQ@mail.gmail.com>
 Subject: dsfsd
 To: test@bizmatch.net
 Content-Type: multipart/alternative; boundary="0000000000006fc0ff06395e6090"
 --0000000000006fc0ff06395e6090
 Content-Type: text/plain; charset="UTF-8"
 sdfsdf
 --0000000000006fc0ff06395e6090
 Content-Type: text/html; charset="UTF-8"
 <div dir="ltr">sdfsdf</div>
 --0000000000006fc0ff06395e6090--
--- a/ses-lambda-nodejs/eml/2.eml
+++ b/ses-lambda-nodejs/eml/2.eml
@@ -0,0 +1,68 @@
 Return-Path: <andreas.knuth@gmail.com>
 Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com [209.85.208.181])
 by inbound-smtp.us-east-2.amazonaws.com with SMTP id uiead4igi9ee1cijaffb2dsd0bhkg8ksjr35kp01;
 Mon, 07 Jul 2025 15:15:44 +0000 (UTC)
 X-SES-Spam-Verdict: PASS
 X-SES-Virus-Verdict: PASS
 Received-SPF: pass (spfCheck: domain of _spf.google.com designates 209.85.208.181 as permitted sender) client-ip=209.85.208.181; envelope-from=andreas.knuth@gmail.com; helo=mail-lj1-f181.google.com;
 Authentication-Results: amazonses.com;
 spf=pass (spfCheck: domain of _spf.google.com designates 209.85.208.181 as permitted sender) client-ip=209.85.208.181; envelope-from=andreas.knuth@gmail.com; helo=mail-lj1-f181.google.com;
 dkim=pass header.i=@gmail.com;
 dmarc=pass header.from=gmail.com;
 X-SES-RECEIPT: AEFBQUFBQUFBQUFFVnVnY0k5TFVXcDdiK0FZbmNLbnRMc3d5c2hrWitkN1l4bEhZdnRvQ0NJUGVPcm5qV1hIblA0WDh0ZERsT2xFS01HUFZFOEtPZ29tdW8yQWtkYzlMckxESzR0d1VjMVF0dWw0bXlBVzkrM3BrVCtJZ2xTdm5nU3VMcEgzcVNqRXp0aEZxdks0NzBpN2s3d25jcnJEUi9PL2ZzbGQ3Z1JrRFZTNGp6bDRnS2JZb3EwQXB2bThlMTE2SFBWZitNSlVUSzloRkZyREJRQVdoQmVWMGtXSWZFbndrT0g5cUtnajhQUTA4ZTlQaGdKWXNJbnFRSXVrNkMzenB4Mm1xWXVvVFRHUDdlU2N0cm5XaGtzV1ZaTDVnZG1aVVIyWjB2MkZ6M3dNNlNDWmNDeXc9PQ==
 X-SES-DKIM-SIGNATURE: a=rsa-sha256; q=dns/txt; b=DqDTEo6krNCKrTt6VBWj6WkxPHgAqraQunr2h6nI/95ooZ2H4qZ/4Ts5uMU13PJV449VQYWMUL1qX5qbjq0UqKHGjry7RlMmOWxxJY0SRl8Eye6HN0UMAwJibEb0K6piljG9oYAbIigE5e8D63ESnPkuiEeIqztkUg7ngVvDFiE=; c=relaxed/simple; s=ndjes4mrtuzus6qxu3frw3ubo3gpjndv; d=amazonses.com; t=1751901344; v=1; bh=+4eu3AqIZQTs7Asy6nycJyqaDVkIYEQ7Wt4fZW12bas=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT;
 Received: by mail-lj1-f181.google.com with SMTP id 38308e7fff4ca-32b4483cd3cso1203521fa.3;
        Mon, 07 Jul 2025 08:15:43 -0700 (PDT)
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1751901342; x=1752506142; darn=bizmatch.net;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=+4eu3AqIZQTs7Asy6nycJyqaDVkIYEQ7Wt4fZW12bas=;
        b=LgkJUkx/JjaJyQr6qBsVw28Vwcr8g27WAFJXWlIPJ5CEewRfkIT337505lkC3BD85J
         OlgjVzXj7MjD3bF64ltxJOKRWoXWzk9F9eMQYHYpfkAk5iAoVHQutXw4u1wYZBQH2iCc
         BH2YapjsD4vO0exwYlJBbMP4Tq6N1Wu1XTdTtJTuPpynNnwB0hjnnJdlNj5jisLRtJe/
         RSUPTpAQU9Hqxgt7R/1yNUjG5I807hzceJuSs0LW7BQPJwZIK6ZI+EvX88FKo4wjKrDf
         pWoVTu3iwszFCDFBHZ2LGF4cXggnyiRS/5bZot9WhU59zOmgYJHfhjfZokfihsPqdWdl
         EHzQ==
 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1751901342; x=1752506142;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=+4eu3AqIZQTs7Asy6nycJyqaDVkIYEQ7Wt4fZW12bas=;
        b=m2xoHX0bVq6CGVKxnGFuWZy9tEjQ/ONvZhhl7uOVZQ7vTaS67YXsLydSk2F8c0c8vY
         P/s6wy4sDmTOpWISBM04zRWqRvsaHQonyualsQd7U02Zsp/tI0mqdIJ/ni3MsC8G03GL
         wWWN2e6V6QBG+rAhau2BXGBao+baQSTjSvgefvYDzuWg5ugfdexXhJ7efRcWHQqPb5KU
         mEjmkLDt5DTBhR091i01YxrrC7Ny3RlEPMqbyq+nwvmDFm5ACNdq9aMaEujVRB1+a3ei
         BhLrtMRybBlGJPgpCV7IOdA9WRyJyNMR7qbeREz3joz1Errsab/Oa9VYhWqFl5dPLEt8
         hZzw==
 X-Forwarded-Encrypted: i=1; AJvYcCXI0RBO9KQUyKzy0MqDnS9enil+Kp0jSrcSTlRViDgsyZLMSUi6TJ5BX9yrcJmHLdEB069pDCoD@bizmatch.net
 X-Gm-Message-State: AOJu0YysUzHz3l+r4XYKaoIqIKrS6dUxH8itmcz0lOP+MF+FcieWd0V4
 	D3/aLVsWV48ZOfaA0uoEw/lJ1AQC81NVUTAAu29+H/WmFIAD5qOqhAQ2JkiffPJe26VJ4eDTz9e
 	LZoi5HSO+CmLcSML1iUvE0Rd03QjVG85uwNJ8cPQAhpZK
 X-Gm-Gg: ASbGncurPvR6Brs7OGpPmZ3/vpAbCMXuujgejGh/xAmeSHObnMZSBQnW6wbOzHhmjUn
 	mv90GEruVA4Ru81mpcqOCAjUD7wut8PtZwtavp4RGbRpTEMtetsFEuHxSULHc7fvCdqMHxbDhtK
 	U+JDIDpBXBf9nLjX/9Ia1MHszsdoxH6r2MmQpZpiWk++VE
 X-Google-Smtp-Source: AGHT+IE+PQnE0dCTFWNExgYOZKVZ7/J425p7hNVhw1g9pL6JkbRpiUfxAw0iO0Y0Bf90ZvQ1b9I9rJjrkK0b/NkUYs8=
 X-Received: by 2002:a05:6512:6cd:b0:553:2bf7:77bf with SMTP id
 2adb3069b0e04-556e7bc6d1dmr1353763e87.8.1751901341859; Mon, 07 Jul 2025
 08:15:41 -0700 (PDT)
 MIME-Version: 1.0
 From: Andreas Knuth <andreas.knuth@gmail.com>
 Date: Mon, 7 Jul 2025 10:15:33 -0500
 X-Gm-Features: Ac12FXwNFaB1vrcboxVGo5_EQvpg1Kc37eKOdlZdqKdeMb2z20e0CP6o69Pq8k4
 Message-ID: <CADfCGtYpG78F7DKCWj8DQXsqTteOyg3=Jqw9rgwE2AXZ4YEJ3Q@mail.gmail.com>
 Subject: info,support - knuth
 To: info@bizmatch.net, support@bizmatch.net, knuth@andreasknuth.de
 Content-Type: multipart/alternative; boundary="00000000000029c44406395851f8"
 --00000000000029c44406395851f8
 Content-Type: text/plain; charset="UTF-8"
 info,support - knuth
 --00000000000029c44406395851f8
 Content-Type: text/html; charset="UTF-8"
 <div dir="ltr">info,support - knuth</div>
 --00000000000029c44406395851f8--
--- a/ses-lambda-nodejs/eml/3.eml
+++ b/ses-lambda-nodejs/eml/3.eml
@@ -0,0 +1,182 @@
 Return-Path: <pradeepkumar200w@outlook.com>
 Received: from SEYPR02CU001.outbound.protection.outlook.com (mail-koreacentralazolkn19013080.outbound.protection.outlook.com [52.103.74.80])
 by inbound-smtp.us-east-2.amazonaws.com with SMTP id qchs4km8p1vevgfk9l2j0hh04706mhi4jd2tjpo1
 for support@bizmatch.net;
 Tue, 24 Jun 2025 16:33:44 +0000 (UTC)
 X-SES-Spam-Verdict: PASS
 X-SES-Virus-Verdict: PASS
 Received-SPF: pass (spfCheck: domain of outlook.com designates 52.103.74.80 as permitted sender) client-ip=52.103.74.80; envelope-from=pradeepkumar200w@outlook.com; helo=SEYPR02CU001.outbound.protection.outlook.com;
 Authentication-Results: amazonses.com;
 spf=pass (spfCheck: domain of outlook.com designates 52.103.74.80 as permitted sender) client-ip=52.103.74.80; envelope-from=pradeepkumar200w@outlook.com; helo=SEYPR02CU001.outbound.protection.outlook.com;
 dkim=pass header.i=@outlook.com;
 dmarc=pass header.from=outlook.com;
 X-SES-RECEIPT: AEFBQUFBQUFBQUFFMlhQMUNyaFlTZkpkTFZLRVhscVZwVjlXOWZ2L3hWOHU0UXJDbE1YRWlkbWZPWXR2b2dxWmpjL1VPUTVEc05qVHpxbFpFZmlDcU1iNC9mU0dwNVl0dDFuSVlFTGk2UmdTUUt3bGNvdmI1QUFoTndzd1pSdVJ1ZjAzbithRm9mcDM3eWRadUJidjdGaVVmeEZ2RVZiajRhUlk1MUhua3MvL2plKytCUjdUY0hEMEd1QjFJd2hDMzRZcmRRY1pEZHVtMzFaNUIzVUM0MGVUSk80dmJxZWhSbUdaYWI5bnRIYktLMndSUzdaVjh4Z3U0Z1ZybldXWGxYeEx2YnBXd21NVGNFTGI3REFEbTFyTzA0YW9DS215SXJJL0Z4Y0VVVGw5MURCNEs0QUJDTWc9PQ==
 X-SES-DKIM-SIGNATURE: a=rsa-sha256; q=dns/txt; b=3vPX1a0N+3QUAXXTHFMuvn/FNmc7EPbUvsTd/22aVOpM1vTUq5iHJsB/xlkw3ZArE5CZv4BMEX8vo02wDt9BUdtoLX0+7Yg6KFHTod5sZtota+retIgCAJsL4ZsbVsrsuJe//T6crx7y6e8GR0yCOnJI7W6skPgBubEqoAYxUL4=; c=relaxed/simple; s=ndjes4mrtuzus6qxu3frw3ubo3gpjndv; d=amazonses.com; t=1750782825; v=1; bh=g+9PG3WYMx3Sc8zRsKmZM6AKdWg1fMBV5IpRVhFdquA=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT;
 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=BTWCUxEqn+to6x1qM6mq3CVd3ujLguc64BtxCZlNFSfq0/WGv2BWX+LJ9JJ1edebSdewRyDEEdIZ+jTfdk74K1ArW4y29EkzVkihr5B5/tPTqt+Aa4ledzchK/M8DI937Bs68r1UKY7RdgzhfIIiCC8X0r1a+deRIfKCUMqkvJygpKG1qh3OPbAQksZnaI9yBcZF51ddkPoHyErNqeKBpufRE8O1EF5JUiaWfX/TRkmSAxG9hfUOQXzpBnrq1zCIPlUxME5DNWRaJgiJMjMzcfgdGg5SY/gzqTgA63x0DlK7L1LF1EOTBDjjCMAIEYPnLRuIcAb2f7m1RWeQWEa0xg==
 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=g+9PG3WYMx3Sc8zRsKmZM6AKdWg1fMBV5IpRVhFdquA=;
 b=J6RpWVzs/O2uHbi6iYdAtURortYRRdAQE0FgtVPBgDs1TEwgllTnDHnZ3Ee9gqkCl2N5zrNBxPp1Tr0giZe09QhZy77fDATXPV/VWOBikGX5Y7Udyixdr2H4xnVTs24qVz0t1EueJwK8mPxc0XN2PJqgEFzaJNmOXhXe27b0lJ9OYE0RIVX4Sov3mQeUziTFJnmGfmMm/IdUNhimeZZN1xkx2y3wNQYvvJkOmHE2QVltH92gWWmyokW0ETvArswPlrkGE32lOYhZyfzBHMAEmOheiU78MhDbQVKtavt3MedkkgtQiaf5TjUtEuEVkb53YvAZ3WMk5PY6XrWSyTu5vw==
 ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=g+9PG3WYMx3Sc8zRsKmZM6AKdWg1fMBV5IpRVhFdquA=;
 b=d1/pYYSuAkgUYS0TLWHcVe3omzNmJjGQCkpBZfAmvA8MVfnE7aFlk748X6sZtRhTbpBT0Dcr/dvSkhJurZIxaqJlhYyQwrBsJENi2FyfeZBsrdNAuRyrAIFr75aOIVE5ij512zr9Gr6CBqx6F1AzNiYDirgqR8vCxg3f+PGtpqim3V0kIXPy3dvqtm0cEdPoC15Pojkot1eW+xZ0pdHXfQcQMyw7KGJxioGrl4U9gYO8auOw8elO0zdOmlefWWXUz42tJZ/OpyfcOaVfgz+QLW/nutZ0ldwjH/Jwzf4RauWEtMVwrWjJK4vcr/ckg0MHGsA9UmLMvVgSasEDB9ZvzA==
 Received: from TYZPR03MB6645.apcprd03.prod.outlook.com (2603:1096:400:1ff::12)
 by SI6PR03MB8610.apcprd03.prod.outlook.com (2603:1096:4:244::5) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8857.21; Tue, 24 Jun
 2025 16:32:54 +0000
 Received: from TYZPR03MB6645.apcprd03.prod.outlook.com
 ([fe80::2ede:ba06:80a0:91e8]) by TYZPR03MB6645.apcprd03.prod.outlook.com
 ([fe80::2ede:ba06:80a0:91e8%4]) with mapi id 15.20.8857.025; Tue, 24 Jun 2025
 16:32:54 +0000
 From: pradeep kumar <pradeepkumar200w@outlook.com>
 Subject: Re: looking for SEO
 Thread-Topic: looking for SEO
 Thread-Index: AQHbzu/TjqB39zoRVEylLcucXwKa6LQSrIR3
 Date: Tue, 24 Jun 2025 16:32:53 +0000
 Message-ID:
 <TYZPR03MB664557FE3274D64FE1ECD7E68E78A@TYZPR03MB6645.apcprd03.prod.outlook.com>
 References:
 <TYZPR03MB664536B9DBBAFC2DA2CE219D8E64A@TYZPR03MB6645.apcprd03.prod.outlook.com>
 In-Reply-To:
 <TYZPR03MB664536B9DBBAFC2DA2CE219D8E64A@TYZPR03MB6645.apcprd03.prod.outlook.com>
 Accept-Language: en-US
 Content-Language: en-US
 X-MS-Has-Attach:
 X-MS-TNEF-Correlator:
 msip_labels:
 x-ms-publictraffictype: Email
 x-ms-traffictypediagnostic: TYZPR03MB6645:EE_|SI6PR03MB8610:EE_
 x-ms-office365-filtering-correlation-id: 5e83163c-354d-4afc-94d8-08ddb33cc499
 x-ms-exchange-slblob-mailprops:
 quCBMN2EvO+3eCjVWNsab2y9cp2aqTLRnXY+dn1RYtLfTylnz7C2Qkw6tbRplokq3/dPa42yatAHZ9P7kIhqgd/w/mEuMzD0r1gJWelOszPqMWzVG8xJMrFua0N6edu9IX//6js6WX+P6WGC1rN926Tnqcmu3Fdq3UobezgXrE8O+jcUWw7f+kGwg7pldDihFU17job4OTxnOUZ+rc5K3hLhfREcgIqGmIsSp2OKcpFRwTQRtwehiye7s3ltvPz2/sk+qcZ9zVtdzBDG3exz8q3yENEoFRBD96woBm338Lo3tsYNxBW8iC49fqrzGGFoU2SbRJ6o/WXvBl4BFCdmdMdb4on5q/7pW+lFjwe3qBisFGtQus+Iir4T/wIXtXwqPjVDjBPcPRNh0PkUesuvF+rpmylqmwOg9uyRRRH8lZt42w3dT/ex1c+SIEZgc1MkYrR/Xkb38lObSg48puyTiFPq71Y7QgDevTyinebLAT0zxH5f9G42gSlTVjHW67HZp0vFxJRfbRNMYdFrSRf9XWCLgP76ZKAB9h1rfRNNbAAWbSCBZ1DfTgqWh7L2Hx4pEooyqVUWr2sS/r+ME0p+YBqpVGPozRTWQ488yZB7nLSAfwJh4U9zshPL4ZzKX++H5wzrCpy1HxeBks2JdrG66ZyGqeaCMSNJs29RGGQlH0nJI63ERVYDM2EZN5a9gioUk93HpJvcELXh2ttXhxeeug==
 x-microsoft-antispam:
 BCL:0;ARA:14566002|19110799006|15030799003|461199028|8060799009|8062599006|15080799009|36102599003|56899033|102099032|51005399003|39105399003|39145399003|40105399003|440099028|41105399003|3412199025|12091999003;
 x-microsoft-antispam-message-info:
 =?Windows-1252?Q?6J4jUzURB6tFqlRVNH94rwJMw2iJ1lkKRN7XCPMOHnTDiUwW7gR2PKoS?=
 =?Windows-1252?Q?t+OSqOP7fg7W8pKb0xgzBKMnj+OU0WmGw+ckciCo7XvoRkjTI/zFdWrB?=
 =?Windows-1252?Q?i7svyWUJQX7d8gfW1eJn4TvGwS6XpIx+ByvDoXXU5EkDS0ziAtDVyQk6?=
 =?Windows-1252?Q?Om9gS+ygZAIgj6XUEl82JXJB1M94Lr83KTfnCZtJOuOpFedx0BYpkRK+?=
 =?Windows-1252?Q?k/g12DCoQPKI9tTiDGY1a4yzmUt5u8UREH8nnXkMnGnztPV5Dm4aOhL9?=
 =?Windows-1252?Q?SSH5GuzhISqUpubAAg97sBMRHYn/mvdgall7S3te6NmAo2qnfxGLHmdi?=
 =?Windows-1252?Q?mOc9g61j67VJjEr19oqg0eFLyymsLHVZD2EodZ21fPvjyX3G0YfAMAZs?=
 =?Windows-1252?Q?oLfZLbnZxnI2ZSrS8VhNwaUIn5X+Xh8Ij0qHG7mogT4kW69/trteRK2I?=
 =?Windows-1252?Q?U14mJi4rSXGQSg4Mywt0XTj8NGDDCBqVy8OKhmt3BTW5L0//cxi8T5gk?=
 =?Windows-1252?Q?wkkdakJThVu71Ome6CceNGcvVEvKpHXNv6LVpdpjhSliLgyFvJ+Ds1bB?=
 =?Windows-1252?Q?PstQ+nrQ+dhNcLU2bQFQ2WlrC1uZpkzmRwZM6d3PYuiE8ULmQwROLwDc?=
 =?Windows-1252?Q?retFeJPpbsnM4wF0bUWHUxnPwc2ZuCbJK0RsW5UpiHljWBrZC53Z6I7v?=
 =?Windows-1252?Q?f/MU8ksCYqhtM87PLgI93sh9RqYiy1mlTnLZrVeqrTcoch/lJDIn7clE?=
 =?Windows-1252?Q?DBsq85olQsdTXWydHoRpMT2yXfEmusPnsT095UjTac4sPrmmOvkWMHtH?=
 =?Windows-1252?Q?3iZc7rGkEPwS5xZzc1SEjhhq1bcDr3PumMj4iwMGwi7yDySg43+P9KAo?=
 =?Windows-1252?Q?kxl4q/hJzKFzYKjd+Dj9BTCYgSXKFPVs8lBQCqhGc2G9i/KJ2fz23FzV?=
 =?Windows-1252?Q?5xRQfvqY8559BtNsw9nNEYXf/UifdiXk9JCHinJBnP4N7SYUD1CnSsIV?=
 =?Windows-1252?Q?xNi0UnC708APiOcnZtBRmQlSYA2swpRmEwwifP50p5TOSNlyY9RsPWkd?=
 =?Windows-1252?Q?CddIMxRNkRrr1qaxjGSAmq5D4JXg+vMK1Pul3yMak3nKIa/do9KFTJUT?=
 =?Windows-1252?Q?m4yZyhP0OFQaoAr+Fqjt6pstOCnI3PUCKJjjeWYonAOOpYs3b3KuVHMu?=
 =?Windows-1252?Q?UcOSYfbs9j1RM2em9dQeBTrxwJT2FLgCGSk/UF8sRx0ci0Xp1tFwNf13?=
 =?Windows-1252?Q?gA9pSGd13kW131UgDOxVskJe6s2G+hyYP1oWllkcXsW96r97nBzITeXd?=
 =?Windows-1252?Q?10M6LX2/ry6EJLzdOFgDyukxIB7CiwOeALMUWLSmXrQLG79DAEWASGQS?=
 =?Windows-1252?Q?22fQCAiLKSxr/U75SPJgTtmyuLWruNhHkcztfmC55ufVT74e1dkPv4+6?=
 =?Windows-1252?Q?54+uJ8OM3VTw2Ap64gpvrg=3D=3D?=
 x-ms-exchange-antispam-messagedata-chunkcount: 1
 x-ms-exchange-antispam-messagedata-0:
 =?Windows-1252?Q?HvICyUpSWzy/QQbj/+YiOsKmtmSeA6C1F2LfQHbLpAkHXo1Fi3V0s/FD?=
 =?Windows-1252?Q?jixCBxRrR4Gh1GTFIXOG44mplT+iFXvsWxQkZSOcQqFRTuWaA8WHK56q?=
 =?Windows-1252?Q?aKupnpXB5oUCQ2F6h4Sy0sHj+RrLqO8vP3AUV1QIWM+qHEYp7oNbR6ss?=
 =?Windows-1252?Q?ZrBV+O6lgiFw/3TLHsJbcwg/uP7Fkyb/37YpYAQPyO3H8RA39KL2468L?=
 =?Windows-1252?Q?mRL+MZuzOKNINqdeGycHVRuZcQJ2mdwtNB0gvkMiDFm/1F4Dgpwi2y0H?=
 =?Windows-1252?Q?f5v/mqpRkrQMdJQfQxDBigbT59Mkl+tbiGgALNXgr0uTpzKxf1juxbqD?=
 =?Windows-1252?Q?7oKa0/uyDqu+ukCd5r78iYOi0KcDpYQvYuqtgU65+Vzk2vzEaKRXVbRK?=
 =?Windows-1252?Q?aSDs+VGHfhVXi5bpT4BtedYpW9Hr17EooUqbIVhz1t/jLJmE6CJIY5/r?=
 =?Windows-1252?Q?rzarSaeCppNqyCs23W/ujPAFTWIxkSvs3EfDGfY6rJIg58cVjfQbvDJP?=
 =?Windows-1252?Q?I43PgcmkkKZ6vMcFvrXyHPMI2g7QN74GaavTRXmWb6JB3zUeSgLcMjZC?=
 =?Windows-1252?Q?SB60vJ2/RvMb0PXPtF8pFGE4kqkkzN1krIpabjEYzEp+lxd+dSzpiww+?=
 =?Windows-1252?Q?UW64TNQX/tPHUehtPFg1UqMzJhY+eQHftbkuwS6GNioYXIRU7cvMzTxB?=
 =?Windows-1252?Q?VAeLVN2YlJZUyT7pHAZ/5DnlWVv9AD4aqAFAjyuUi9rpHDb1kL6VkTcU?=
 =?Windows-1252?Q?XgftUf798WAtZ9WlEuu+dBMY7P7fPpc9ysZ5jqfIq20Sb85pOA576qz5?=
 =?Windows-1252?Q?rZXlfw9Oh6a7pfblNtY+aZWZJuVBTcIJUk8T7QenkPpLkyoNVXX9+5Bk?=
 =?Windows-1252?Q?Ypsle/vbfGvMRwy9l+kP22eF0B+Q8qfp4hdKzEeflQ0j/8ceKZwwMcbp?=
 =?Windows-1252?Q?YKzkn+JD2EiH6gDVWS31fj8D7qAo6/W6tx7X3P8RtQPRLcnyqtBz5bT3?=
 =?Windows-1252?Q?EK1KPhICBx8X9fXeXnk3/SCpjYWorfsEN3Q2JM6mEwdI1mLdRSKCjBXs?=
 =?Windows-1252?Q?EZn5k6tEQFa8iswi13FVVq3HJzZ0BfugfPyYeTLHcs6gLY3D8dXYGSdm?=
 =?Windows-1252?Q?Ba5XjxVPILungkIbzkay46gJwmdPn1cBbODEX2PgupopjBtJM6pOFR6J?=
 =?Windows-1252?Q?nItgP849IbQwRBYFlmnHT3X+xsj3Y6kC68GSlsQZ6DcpQNTxRTR22I6w?=
 =?Windows-1252?Q?bQI+g3OJy4+9deM+KmDEAenkjnxV9dDqSjnqldF0hjsxJtBu9fcdUmqZ?=
 =?Windows-1252?Q?mHkUh86zS+A5kscX6tVEwF8s3xsCyPp5cT0LVId339F/dazlH0nxsaxx?=
 =?Windows-1252?Q?hEpnXiVCjHFS6LUePkgeZHc4KFDQUeZEXeKqZaPZRhc/U7lKrtLC1B5a?=
 Content-Type: multipart/alternative;
 	boundary="_000_TYZPR03MB664557FE3274D64FE1ECD7E68E78ATYZPR03MB6645apcp_"
 MIME-Version: 1.0
 X-OriginatorOrg: outlook.com
 X-MS-Exchange-CrossTenant-AuthAs: Internal
 X-MS-Exchange-CrossTenant-AuthSource: TYZPR03MB6645.apcprd03.prod.outlook.com
 X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
 X-MS-Exchange-CrossTenant-Network-Message-Id: 5e83163c-354d-4afc-94d8-08ddb33cc499
 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jun 2025 16:32:53.3821
 (UTC)
 X-MS-Exchange-CrossTenant-fromentityheader: Hosted
 X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SI6PR03MB8610
 --_000_TYZPR03MB664557FE3274D64FE1ECD7E68E78ATYZPR03MB6645apcp_
 Content-Type: text/plain; charset="Windows-1252"
 Content-Transfer-Encoding: quoted-printable
 Hi,
 Want to rank higher on Google and get more traffic? I offer budget-friendly=
 SEO services including keyword optimization and content strategy.
 Let=92s grow your online presence. May I send you a quote& price? If intere=
 sted.
 Reply if you'd like to see recent results.
 Best,
 Pradeep Kumar,
 --_000_TYZPR03MB664557FE3274D64FE1ECD7E68E78ATYZPR03MB6645apcp_
 Content-Type: text/html; charset="Windows-1252"
 Content-Transfer-Encoding: quoted-printable
 <html>
 <head>
 <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
 252">
 <style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
 ttom:0;} </style>
 </head>
 <body dir=3D"ltr">
 <div class=3D"elementToProof" style=3D"font-family: Aptos, Aptos_EmbeddedFo=
 nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=
 olor: rgb(0, 0, 0);">
 Hi,<br>
 Want to rank higher on Google and get more traffic? I offer budget-friendly=
 SEO services including keyword optimization and content strategy.</div>
 <div id=3D"divRplyFwdMsg"></div>
 <div style=3D"direction: ltr; text-align: left; text-indent: 0px; line-heig=
 ht: 1.8; margin: 0cm 0cm 0.0001pt; font-family: Aptos, Aptos_EmbeddedFont, =
 Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color=
 : rgb(0, 0, 0);">
 Let=92s&nbsp;grow your online presence. May I send you a quote&amp; price? =
 If interested.<br>
 Reply if you'd like to see recent results.<br>
 Best,</div>
 <div style=3D"direction: ltr; text-align: left; text-indent: 0px; line-heig=
 ht: normal; margin: 0cm 0cm 5pt; font-family: Aptos, Aptos_EmbeddedFont, Ap=
 tos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: =
 rgb(0, 0, 0);">
 Pradeep Kumar,</div>
 <div style=3D"direction: ltr; font-family: Aptos, Aptos_EmbeddedFont, Aptos=
 _MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=
 (0, 0, 0);">
 <br>
 </div>
 </body>
 </html>
 --_000_TYZPR03MB664557FE3274D64FE1ECD7E68E78ATYZPR03MB6645apcp_--
--- a/ses-lambda-nodejs/eml/4.eml
+++ b/ses-lambda-nodejs/eml/4.eml
@@ -0,0 +1,68 @@
 Return-Path: <andreas.knuth@gmail.com>
 Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178])
 by inbound-smtp.us-east-2.amazonaws.com with SMTP id 36n4254ephirfcpq0addqo7tfme3fgond15tfq81
 for info1@bizmatch.net;
 Mon, 16 Jun 2025 23:42:27 +0000 (UTC)
 X-SES-Spam-Verdict: PASS
 X-SES-Virus-Verdict: PASS
 Received-SPF: pass (spfCheck: domain of _spf.google.com designates 209.85.208.178 as permitted sender) client-ip=209.85.208.178; envelope-from=andreas.knuth@gmail.com; helo=mail-lj1-f178.google.com;
 Authentication-Results: amazonses.com;
 spf=pass (spfCheck: domain of _spf.google.com designates 209.85.208.178 as permitted sender) client-ip=209.85.208.178; envelope-from=andreas.knuth@gmail.com; helo=mail-lj1-f178.google.com;
 dkim=pass header.i=@gmail.com;
 dmarc=pass header.from=gmail.com;
 X-SES-RECEIPT: AEFBQUFBQUFBQUFIK25KdWc1UzBCdy9QZGZFOVhYSjZMcGF4THdYenQzSjdWV0V4ODRPTGpkRjVmMXhPeS9YSjQvNmY3UjJ2T1A5blEyVURLQy82aGFycXBXdVRtOXJLdzFRajZPNzloRHFUdzZGVWtocXB6aHBXZG0vQVQza0lLbVhZZjJ6c01tdWg5cTZyRWgwQ0tJSS9hV2lBOHhvUWZONDM4emVkcldnampNSStya3pIS2VUK2g5QW4vK1p2ZXFmSnAxK0M4SU55bkMwajg4Q2RHVDk5a0hnUjFKRFNoQkQ3WGNLMVMrMjdBTTcyZW9mN1RSbEx5cmQ4Zjgzd2ZtWVc2UVNwSEt5UzlNbGtKTUhiYUlUWlNaQ2d0MlFhWGtkOTlLQnUvTGJ4QzhpUGFXeFI0cUE9PQ==
 X-SES-DKIM-SIGNATURE: a=rsa-sha256; q=dns/txt; b=2C2LtDXnd2Rgahacofi6r/dkp+j6+wUNdDaHVQkdrDl8fLJdyOWE7ouFdpinT5Yj4Zqn1C7CXc4x6CfVd1iGzGA4crjxp/Saqdnl1yAmqRR7CYhnLqN5JYRU+s2PLeq2aGHyhqMKsExzKEwP6TKGZ8z+8j3o17zKDzP2frrjExo=; c=relaxed/simple; s=ndjes4mrtuzus6qxu3frw3ubo3gpjndv; d=amazonses.com; t=1750117347; v=1; bh=GhseSXuGN9tgXhkzyME5Vy3B+ORZlqe0/mkrwVjb1gs=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT;
 Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-32b3c889cddso4475251fa.1
        for <info1@bizmatch.net>; Mon, 16 Jun 2025 16:42:26 -0700 (PDT)
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1750117345; x=1750722145; darn=bizmatch.net;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=GhseSXuGN9tgXhkzyME5Vy3B+ORZlqe0/mkrwVjb1gs=;
        b=RKJNRI5vZpIscEL5+UwfmGKNRxnvkZtv6IJzX0Y0wTSCm8DFbyGoJ+S5HbaVf8ll6Z
         f2Oe1EfC1EJe/Sdw6JqtNh1L7xPtCEWhjf8eKvrYfp9OssXa7sejFW8ya4GT7SD1V/xV
         bTaeZ0r1yU6ST43JuaH+cua3Peyf0AWTkB22bsllbgmlLcRCNTfx5lcMDIPTRaCvYLqK
         bQxdMlCIydODUeteHgGNcj/oUXgCvbcQgFT59eX8Su7IILe2NxqlhCaKo0GTG2RNWHNY
         fuEE9j0VBSvRXlKYqOY9f+IcMHvo9W7byT6voqF5EwVY6gXbAHIjc1mRu88goAJVgspv
         FB5g==
 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750117345; x=1750722145;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=GhseSXuGN9tgXhkzyME5Vy3B+ORZlqe0/mkrwVjb1gs=;
        b=Ym5RD768CA5BxwJTdC1ML2gfY7n9j8QzCt6B/N6Aln9/RWhvldkXoiaxswQM9MyMd6
         cOluMW41iLzgnB/taM1IQy+VLy4aQw8k2vfDCEo3NPS5/jFZNM9NiqXPnA0umVoHy6x/
         T1HK/+f4y6hpzjS782Zl1NnNXD/EjRHvHdhe0ThisJXFsA/P4JsQNbOSSc+inou7jTOs
         24pKfvdVFXByJB+YJwvt05J16W96ADjYf641C5Zxbw0jASxXZ7wS09bGBKNAwn6/NGR4
         ekWyOVQHPd7fd9S4RzuFS4Xi0HSS74pAqESgMbHdfMVr5vFBOw1IRRZsaIUy1l+r0OSR
         LAKw==
 X-Gm-Message-State: AOJu0Yw5wp5E4tGz30/zaiSpSJ3YuK0o/gb8o/pewmIm/qmBB2rF1G0J
 	9VQQ5HBTezSfU1WZluorBrtWKMtP+JPti+UzsRyEvFh5eFS/zU568gNp1dtY1M0TCDlbYysk+wC
 	kvMu3zTkk7WNUVeLp4NTdmQF/USFdvgDt1FHWhAs=
 X-Gm-Gg: ASbGnctCvyrglWpXoxufwhI/5JUawGElxa4V19xcjZZ6iMb+bkbvYeFtm4jFpa5wahx
 	RRIGY/LgO5e5DUn7E9TbJI0zFaIO1WEq03SFWKettycYPg4XUt/v0QQOHQBYG0r+JMQAJRK49wV
 	FrEpwioG5krLs5B3q2eozzGS9eu+nZ2owEcsrT3ozeYw5+
 X-Google-Smtp-Source: AGHT+IE7UBkVfVljOKTDQeI6kUuT8CjiU45xCwI19ARKkhrlSiOJIb5u8llGPnqA29t1O6znR2vjpcOQjb8amyn/YNI=
 X-Received: by 2002:a05:6512:23a1:b0:54f:c5e7:8f7c with SMTP id
 2adb3069b0e04-553c95f649emr84676e87.16.1750117345191; Mon, 16 Jun 2025
 16:42:25 -0700 (PDT)
 MIME-Version: 1.0
 From: Andreas Knuth <andreas.knuth@gmail.com>
 Date: Mon, 16 Jun 2025 18:42:14 -0500
 X-Gm-Features: AX0GCFtidkvZnLhFoACx19SzatSelvT3f9BT79l90NZuttwS1SlmZtkY52q7Pcw
 Message-ID: <CADfCGta+hvpvnmUXKibbMstBOM1WJWh1WBKtM4Gf6-no5Hcn2Q@mail.gmail.com>
 Subject: asd
 To: info1@bizmatch.net
 Content-Type: multipart/alternative; boundary="000000000000aceb630637b8f21a"
 --000000000000aceb630637b8f21a
 Content-Type: text/plain; charset="UTF-8"
 asda
 --000000000000aceb630637b8f21a
 Content-Type: text/html; charset="UTF-8"
 <div dir="ltr">asda</div>
 --000000000000aceb630637b8f21a--
--- a/ses-lambda-nodejs/eml/5.eml
+++ b/ses-lambda-nodejs/eml/5.eml
--- a/ses-lambda-nodejs/eml/6.eml
+++ b/ses-lambda-nodejs/eml/6.eml
--- a/ses-lambda-nodejs/eml/7.eml
+++ b/ses-lambda-nodejs/eml/7.eml
@@ -0,0 +1,69 @@
 Return-Path: <andreas.knuth@gmail.com>
 Received: from mail-lj1-f174.google.com (mail-lj1-f174.google.com [209.85.208.174])
 by inbound-smtp.us-east-2.amazonaws.com with SMTP id m3eg6h7v3pepnvk6g3mnamc5534m41rd9smb13g1;
 Tue, 08 Jul 2025 15:22:02 +0000 (UTC)
 X-SES-Spam-Verdict: PASS
 X-SES-Virus-Verdict: PASS
 Received-SPF: pass (spfCheck: domain of _spf.google.com designates 209.85.208.174 as permitted sender) client-ip=209.85.208.174; envelope-from=andreas.knuth@gmail.com; helo=mail-lj1-f174.google.com;
 Authentication-Results: amazonses.com;
 spf=pass (spfCheck: domain of _spf.google.com designates 209.85.208.174 as permitted sender) client-ip=209.85.208.174; envelope-from=andreas.knuth@gmail.com; helo=mail-lj1-f174.google.com;
 dkim=pass header.i=@gmail.com;
 dmarc=pass header.from=gmail.com;
 X-SES-RECEIPT: AEFBQUFBQUFBQUFFZmNMTjFMdDNIZmluRHB4RlBVb2RrQmo1bGp4aDFRR1FlMHZ2TmVuMDRuZVJlUE9zb243MVpYU1NUSlNyeC9INld5TGRzbzcwWUI2TXFyYWZzNXlqUHRPVXdCZHowUE01cXg2ZEk0b2c4NzEvbWt5ajFjSHpzR0VCeXFWYm45ZGJLdkVkelZJUnBXc0lWeWpGYzZQcWhic3c5UE9nRmd4V0RwRlEvdVQ4M3lyMW94QkJJRS8yWVFQYUt2aG1sUFFqWmRacyt5YUJnZlcrbTBvb0tYZ21vamRka2YvVzNwVTgxU3dJVDI2VzByUWQydENHRzY2cUtlTXRsOC9maWxqRFdPUHAyQWJNbWtaWC9kRjhET0Z1d2QrVVU4NWFsbUNVb3I1RkVZVjlORnc9PQ==
 X-SES-DKIM-SIGNATURE: a=rsa-sha256; q=dns/txt; b=Ns7PD33ZcMOuMImq8RydmnQQiPQOcMqRNA6+WBVEqOzrnT8Fr/6ovI6LcNjuLMaNlTyzNW6redDOvY1Fnw9d8PS+R7nDf6/0TVG2sMVeAD0BAfFRbIvFxa1ptoIC/A5DwuS1LrezTIBf2eqYvUaT8ezhh0RFhHPlwNfhMBT28ng=; c=relaxed/simple; s=ndjes4mrtuzus6qxu3frw3ubo3gpjndv; d=amazonses.com; t=1751988122; v=1; bh=eKB/IyUxfA241zhlmu1r99BcuvAQxKeIb9t6YTUDyU4=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT;
 Received: by mail-lj1-f174.google.com with SMTP id 38308e7fff4ca-32eaaa0e501so896071fa.1;
        Tue, 08 Jul 2025 08:22:01 -0700 (PDT)
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1751988120; x=1752592920; darn=bizmatch.net;
        h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=eKB/IyUxfA241zhlmu1r99BcuvAQxKeIb9t6YTUDyU4=;
        b=hvsD5eoGlDNXtRwmmBnxsoBSom1j9nCrIed0UHM+KzN0PhnpithS65y5TmC9Uhqq6z
         e18tVyrn7pSNkDhg5an3t0lRYtqH/9THaIr/a6iKUsU1cBLY0YnnMx2pNphCEDlJD/2N
         IpGp5B+/ufie5DVpBZM6cKaH9yhnsM90jzos9/epxfG3uewYbqmWxpl9WSae9PHIkrkq
         PCsQLYmrU6VlkkvZMxAAg1Czls20bknmjYmB4xgwFhYaYtYW1++TFsCe8F+OXjwa57eY
         RxhHoYNWl1FVGrN8+eIvCFpdDqDJU/LBoOAk3DJVUj6yEOFQ75fivYd+Ed2HB/Kyl1W7
         EIRA==
 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1751988120; x=1752592920;
        h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=eKB/IyUxfA241zhlmu1r99BcuvAQxKeIb9t6YTUDyU4=;
        b=qpc7/ecpUw57eIdLO2aVmUr5zxZ5RGQb3pqwoiNjUYJQrlDSiYYuhl7o3KjwKcQHTw
         TBJ2AjAx/K5hpaRAcXdcHSSHwva/oM1OZtFKjPkwEkselRnumSV1x+tqrDcwP4x+Fkwi
         Wi4Fg5fIXpuqDTvzFBCpaypQUszQFbKIdiNaLUpR2i5uMzeaPWvHXbzQ9Cd5dW+A0gaX
         Ep2U+DqipArnieyA2osXjYqO6Sm9T7/qsI7SzqjmEM68FgVarKbACFMBRckR2fcH4otl
         +4EO2NxDmOJFVYsdAlGZn6RUYrNBjGsg+fFsInwJSnYmAbcZpsxFQid8iW219vvAqOwj
         yA6w==
 X-Forwarded-Encrypted: i=1; AJvYcCUgL0vwGzGasuMiUeV58XUd9D4p/+SA8gUHmcJBGicjs4HKE0oXxha/ZpAaHekZMhGJ9D18@bizmatch.net
 X-Gm-Message-State: AOJu0YzQdxzi0FXHJZ5NKpf/4xZmJQ67KmS9/HXwRrA7GaTn4Z6mPlmd
 	YcqUn88N0jED8g0HP9et9mGxd6JVpyl3VhHO9900xd/cqdGrAHoRr+Tz2CwiTXRV7PqY8DInS8A
 	rVnHukdGlNItxRA2zX9HqRpusEfjceDnlaBev53Uj+w==
 X-Gm-Gg: ASbGncuDfEE0HlBTh/2RaT7usIau+7Mp8M5Kbyn2LH1jUA9C1q95IxyMto5pvkcB64c
 	CjTP8ehNu2dFwnO3fO9m4q5T6i2mP57aW9+MHLZ/AS+UzjUfo/2BMDBn6+rkKLycfFBgxMagGJ0
 	Kv/XyhtuVMPEPYuLIh2PIB+J3rHuDCWDsnRutU1RD6pYLo
 X-Google-Smtp-Source: AGHT+IEwHFLwKEd/mVb0yu/gvz3kxVGxEfuH91RsHqyFGR23Pb/RqmQNz0/9QGS4A9tGFPXpXUiJ3k99rBUg8n3wjz8=
 X-Received: by 2002:a2e:bb81:0:b0:32f:3e83:4389 with SMTP id
 38308e7fff4ca-32f3e834936mr1827791fa.7.1751988119805; Tue, 08 Jul 2025
 08:21:59 -0700 (PDT)
 MIME-Version: 1.0
 From: Andreas Knuth <andreas.knuth@gmail.com>
 Date: Tue, 8 Jul 2025 10:21:51 -0500
 X-Gm-Features: Ac12FXy8RY9akza8W7SQgEoROiDhMjmnSP8GeIafKiGU1XrBvx8uVbFKIO6dq08
 Message-ID: <CADfCGtbc-MqHYF=_1BihROBqd07wjnWKBRaR=9v0AODyCUPnwg@mail.gmail.com>
 Subject: test
 To: info1@bizmatch.net
 Cc: support@bizmatch.net, info@bizmatch.net
 Content-Type: multipart/alternative; boundary="00000000000088252706396c85b3"
 --00000000000088252706396c85b3
 Content-Type: text/plain; charset="UTF-8"
 werewr
 --00000000000088252706396c85b3
 Content-Type: text/html; charset="UTF-8"
 <div dir="ltr">werewr</div>
 --00000000000088252706396c85b3--
--- a/ses-lambda-nodejs/eml/nodemailer.eml
+++ b/ses-lambda-nodejs/eml/nodemailer.eml
@@ -0,0 +1,616 @@
 Delivered-To: andris.reinman@gmail.com
 Received: by 10.28.50.2 with SMTP id y2csp233403wmy;
        Thu, 13 Oct 2016 04:39:49 -0700 (PDT)
 X-Received: by 10.25.37.18 with SMTP id l18mr9511740lfl.88.1476358789184;
        Thu, 13 Oct 2016 04:39:49 -0700 (PDT)
 Return-Path: <SRS0=63fc=V7=kreata.ee=andris@srs1.zonevs.eu>
 Received: from srs1.zonevs.eu (srs1.zonevs.eu. [217.146.68.191])
        by mx.google.com with ESMTPS id l202si1012799lfg.293.2016.10.13.04.39.49
        for <andris.reinman@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 13 Oct 2016 04:39:49 -0700 (PDT)
 Received-SPF: pass (google.com: best guess record for domain of srs0=63fc=v7=kreata.ee=andris@srs1.zonevs.eu designates 217.146.68.191 as permitted sender) client-ip=217.146.68.191;
 Authentication-Results: mx.google.com;
       dkim=pass header.i=@srs1.zonevs.eu;
       spf=pass (google.com: best guess record for domain of srs0=63fc=v7=kreata.ee=andris@srs1.zonevs.eu designates 217.146.68.191 as permitted sender) smtp.mailfrom=SRS0=63fc=V7=kreata.ee=andris@srs1.zonevs.eu;
       dmarc=fail (p=NONE dis=NONE) header.from=kreata.ee
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=srs1.zonevs.eu;
 q=dns/txt; s=oct2016; bh=xKHKChGY0vTH8NsecmXwA0OqbinKOXeQbaC2UYp2BAM=;
 h=from:subject:date:message-id:to:mime-version:content-type;
 b=Ve18ogdCAG+7WZYkJPOewe1hKjhN4k9unz7bVHMXd6+1CQDRUkLCArQZJzSKxkM481nzXfjFn
 bI8qOuQL8mRk/8fAjYhxLgnr/3SyVIOhCnXxjdQkRzgouZyl42hqD0gIaCxu9uodtQrp2pbKvyl
 e+3sG+LhcdJmsPguOfILn14j+irinPSWrospC8PBIDTsUwO8DCyPqSlOADbW0B6TRUHWMf4XUX4
 W8TH61H1ZI3Xu3k0bvX7rsGHZjsy8dcshcnfYENLCLep8fsQMaB15EErc3RXycBX7CBd0iU1l50
 pYpUFd6bZehCF0ipTOgA7IJ7ZPafaH0YTU8wRntXOwbg==
 Received: from host29.guest.zone.eu [217.146.66.6]
 by srs1.zonevs.eu (ZoneMTA Forwarder) with ESMTP id 157bdd754f70005750.002
 for <andris.reinman@gmail.com>;
 Thu, 13 Oct 2016 11:39:48 +0000
 Content-Type: multipart/mixed;
 boundary="----sinikael-?=_1-14763587882000.8241290969717285"
 X-Laziness-Level: 1000
 From: Andris Kreata <andris@kreata.ee>
 To: Andris Reinman <andris+123@kreata.ee>, andris.reinman@gmail.com
 Subject: Nodemailer is unicode friendly =?UTF-8?Q?=E2=9C=94?=
 (1476358788189)
 Message-ID: <012d606e-3550-2d94-b566-6cd996de88e3@kreata.ee>
 X-Mailer: nodemailer (2.6.0; +http://nodemailer.com/;
 SMTP/2.7.2[client:2.12.0])
 Date: Thu, 13 Oct 2016 11:39:48 +0000
 MIME-Version: 1.0
 X-Zone-Spam-Resolution: no action
 X-Zone-Spam-Status: No, score=0.408099, required=15, tests=[MIME_GOOD=-0.1,
 R_MISSING_CHARSET=2.5, DMARC_POLICY_SOFTFAIL=0.1, MIME_UNKNOWN=0.1,
 R_DKIM_NA=0, BAYES_HAM=-2.1919]
 X-Original-Sender: andris@kreata.ee
 X-Zone-Forwarded-For: andris@kreata.ee
 X-Zone-Forwarded-To: andris.reinman@gmail.com
 ------sinikael-?=_1-14763587882000.8241290969717285
 Content-Type: multipart/alternative;
 boundary="----sinikael-?=_2-14763587882000.8241290969717285"
 ------sinikael-?=_2-14763587882000.8241290969717285
 Content-Type: text/plain
 Content-Transfer-Encoding: 7bit
 Hello to myself! http://www.nodemailer.com/
 ------sinikael-?=_2-14763587882000.8241290969717285
 Content-Type: text/watch-html
 Content-Transfer-Encoding: 7bit
 <b>Hello</b> to myself
 ------sinikael-?=_2-14763587882000.8241290969717285
 Content-Type: multipart/related; type="text/html";
 boundary="----sinikael-?=_5-14763587882000.8241290969717285"
 ------sinikael-?=_5-14763587882000.8241290969717285
 Content-Type: text/html
 Content-Transfer-Encoding: quoted-printable
 <p><b>Hello</b> to myself <img src=3D"cid:note@example.com"/></p><p>Here's =
 a nyan cat for you as an embedded attachment:<br/><img =
 src=3D"cid:nyan@example.com"/></p>
 ------sinikael-?=_5-14763587882000.8241290969717285
 Content-Type: image/png; name=image.png
 Content-ID: <note@example.com>
 Content-Disposition: attachment; filename=image.png
 Content-Transfer-Encoding: base64
 iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAABlBMVEUAAAD///+l2Z/dAAAAM0lE
 QVR4nGP4/5/h/1+G/58ZDrAz3D/McH8yw83NDDeNGe4Ug9C9zwz3gVLMDA/A6P9/AFGGFyjOXZtQ
 AAAAAElFTkSuQmCC
 ------sinikael-?=_5-14763587882000.8241290969717285
 Content-Type: image/gif; name="nyan cat =?UTF-8?Q?=E2=9C=94=2Egif?="
 Content-ID: <nyan@example.com>
 Content-Disposition: attachment;
 filename*0*=utf-8''nyan%20cat%20%E2%9C%94.gif
 Content-Transfer-Encoding: base64
 R0lGODlh9AFeAaIHAAAAAP+Z/5mZmf/Mmf8zmf+Zmf///wAAACH/C05FVFNDQVBFMi4wAwEAAAAh
 +QQJBwAHACwAAAAA9AFeAUAD/3i63P4wykmrvTjrzbv/YCiOZGmeaKqubOu+cCzPdG3fQK7vfO//
 wKBwSCwaj8ikcsks3p7QqFTSrFqv2Kx2yxVOv+AwiTgom8/otHrNbrvf8Lh8Tq/b7/j4UMzv04x5
 eAGDhIWGh4iJiouMjY6PkJGSk4+BdkZ+mZocgJZ1lKChoqOkpaaGnnSYm6ytVEWpZaeztAEEt7i5
 urW6vQS1wI2xq67Fxp2pwcqgvs28zbjL0oXDTsbXrchtz9C509/g4eKLb8TY533abNzdt+Pv8PG1
 5dbo9mHqa/L7/IhZs+280aJH5IKWewhfkXnTr6EyIwIiSpxIsWJFIw4TEcxisf+jx4nmErLKpyaj
 yVMQP6qkiPEkNTdcVsqUGHJKlywjSKZxqSzgL1opZwpVSUTeRiFDk36sKeUmlpywGPIE5rNWUKVY
 IxaNdzRI1q9a64EhArYjTgs60UxdK+lq2bcgnVaBS9ci0yhk64a9YjCqG7aAHbnVC1buXMJ670LR
 gtiwDzjyAgYWXASx5cuYMy8V+4UxYcc9IMeTPJnRYM2oU6tWqlhTTLpcRJee5vPW6dW4c+u23DrT
 a7hpz0Cq/XM2qNuZDShfzrx53t11m0tn/rxubz+/3wY3M7y28VDIMU8fXx362/HTywPnLJIB6CWy
 v/MLf9nz7iFC7Vtn317BeyX/8cknD328cQQdfjPpBxt//UGlRYACEjcLgRIVYOGFGGaooYbmdZja
 hiCGqOF1DXYQm1QCEiIhSpXNJOKLHHoo42Uw1pghiSWqsB0d3VWVYgAURmRjjfkhmFiL66ln0ZBD
 4pgjCjvO0SNpKQYpAJMvFonUZ0hq16VHWNbo5JMmRBkLdz9a9WVq/7XJxJEFkTmDmzmcaeedeFbj
 1Yx83segnHjRmeeghBYK05Z9JqramICWYCRudEYq6aSUVupUo9ghCqmlnHbq6aecYpqOpgs+hdaa
 XzHaGaqp/umAlSupKqpNpCbJ16lKZiVrU6zq6moDsBL166yjglqmm8Qq1Oax/7cm6+yz0EYr7bTU
 Vmvttdhmq+223Hbr7bfghivuuOSWa+656Kar7rrstuvuu/DGK68roNZr771nzesuvvz2668X+oa7
 kKEEF2zwwQh31UPA1Q6c8MMQRyxxHnsw/KSZdqapMVcI72oxDn4dvPHI4iTs8cc1YAwhyYasCFA7
 I+tZMcojhbwOLS6zrPM+Cv9AczY264OzdzsXzXEbJ/8cQ5RGy/fPKTmb0rMPfZmqdAZMN23c06ZE
 XcrUC+Pa7NVVD7Gy1u8Eu9lWU4G9BJwzX5012vuo7VFLbR+qYFlJ64ivg2ajSLctVLKYa2Zsv+P2
 Dn7Gic/fIsw9uI8T9opZ4v/jLK5D43GvWquXY08g+eBpW24evoqyNGzKBsL93tnfFP6j3anXrlvf
 KewN+n+w0wbzxrTbLjybq/ORHd9b9E56y7UFP/zz0O/VeaC6+/qg4MsvQpzz0XdfO+6sV4/V6NoT
 TTf3WKEn3eHeq+/co6VOD7T4rAVd0iNeG42+Uu5TB7/3E+nfcthnPfn1B1/Ky15bTFcgLJzuc2Zp
 3X4c960T/UVj+QMPAysUJhABEIAdfBH4GmXBbWDQfKWwUgg39EHvrTBEI7SWyrBXPsoJSIUvxJCW
 9uQ6Hu4OghTJ4YZi2DD7CQJ/KHTaBoUkRAvtEAiNWaJMKNTEGxVvXDNMhgL/TSPFCf7LMT0EAtn8
 Y8RCbZGLBGzgFw0TRp/BK1ITi6McB/C/FtoxLhRUGhznyMeH1fGOdyTitf6omTUa8pCIpNMY3QPE
 VlmNAvuTHsCuEUlJBqFsjUyKIOVFSEeGTlmZHMomX1BJATipkqN8Y72Y9R8ZKtJRj1wk4DzFyve4
 Elmw/KQsd8nLXvryl8AMpjCHScxiGvOYyEymMpfJzGY685nQjKY0p0nNalqTmonMpjZxec0cbfOb
 4LxJNy8WznKaswnj9OY518nOPKZzEw7rozznSU+ZufGdtBJCPffJz37KwYD4DF8Q/EnQghYUoAEd
 QxkJdcaGvuRgqZRmFj3h/9CKmuyKCX3VQgdVUYde1J0ZFZs+E9bRhn4UoSGNwERvRrcMikJ2KbLn
 JVOKtY3yaHJJLAVMBSRTMdIUAysVWktzSoqdyqen9/xpBYJ6v6HasGu/0xhSqaZUkQ6UhkUlakm3
 OgjN5aCqVgVCAifhUq521KsAAOtSbToAdkTVrHBFq1ohyVa3dgOueA2AXOcKyqteMK+lu8LLnvo1
 vaGUkbEcJvkA+w2u6VSrotjrWhMrzMUyVhqOzSphSSFZulI2mJa97CRQWQS2oLWUEfVWaEUbCdJi
 7iSn7WKsMKrKeAqVtRpM4xODYFrDOtCLkxwL5EKw2p1tdhSlTNAQjOJbH/+uJrUe4Ncs/WpC0h1X
 FMmd4nKPxobsahek1LPXdMWK1aZdN7edrM924YFWzgXXc+KNXF2Xd97jyNZWQGAu0u6L35k+LpT1
 0yUEiovbRnj3h58aHnRNlN7xffYBBC7wIg6MPHspmLYw0K0mH6xR2zZVwqPlL2pQJ7wFc0KC8Xtd
 eWP31tmJGJAwFhZ4F4Pi/jpmrMEw6ncoHOMWmngD9Cugiv/6Dh1v7cU9TjIeDytQK0SxTTimSour
 hGQlK/nHJzheYZK34oZur8pWDnOK/ZvPGnsSC1G2bvPALOY2n5nMvAqyKLlM5K1+WcNuzjNw4Rze
 39q4CmnGqU94rOdC0wT/w2X2M4LJW+caGpllhLaIAJWDZ+FN2gCVVu6MXbOFPTO6uo0oK6TZnJRL
 Z7p2pm5wgJlsvE6P+dMsDTVkdRbpiqQawM+7tXP/TFVKuprXoeky8+pLslpTRNdQjDGyf/BkVqMD
 gcK+rLGX7OQD4dqUZq6ws88B7UZLeNqHVnRuVG3JJjT7vSXqNqhBDCRSz1ncm9r13bK95U1jq4Sx
 TpGoF4jnKhbA0Obx94WwbA9831bfsw5xv6sIcOgI3EIEfzad1x2hhPOb3FdieMN18/ACRBxQTN0J
 EonNFhw2cbc+OLe8hbzyID7843IKuVpG/mjAmFyIKO+BypMNbB7IpOMw/yeTzIVD8ykfeeEn13TL
 38zzRTN7JUBHtGrZKocpGX02N89hzn3OpVPPW7dRt7e5hv4JuIK73O10N7bFri+y39SsZ1972pHQ
 xl7LjeoZM7valT531Eq9W3s0qODngPGN3+7v6wr84BffXJ0b/nuIV5fiGU/5NBT+8c+NfLomX/nO
 0/HamM882891+Vf3/fSolxQvS9/z1Lv+9V1YPeg9Dfva257DKGO902/P+94fQfZLZzk6w/r01uuA
 22o/pbuDjsXZf1fAEF6+5m3g99EfwLXbXqTu1wb9Dm//ItNvcvA3bH3so1uxzp8t7hH7fdVZ/7/t
 d7+zzc9n9Bsrl60sIv83x7uEbsZXocuifwEIgFbgf6uEf7YkgPlHgFXAVw74gBAYgRI4gRRYgRZ4
 gRiYgRq4gRzYgR74gSAYgiI4giRYgiZ4giiYgiq4gizYgi74gjAYgzI4gzRYgzZ4g8bkezp4LzgY
 XTv4g7TUgycGhERIKUI4hEWYhPt3hJikhE5oGEyoAU84hY4RhTVFhVjIBVa4AB7meV74hRRzfi7Y
 hWBYhma4ODVIhme4hmxYBtlHgmrYhnIIhm84gnE4h3hYeXUogneYh34oeHsYgn34h4TYT4EYgW4n
 JewWMx0TfuOUiFW3iBtzUmL4gJAYB5I4iY34fj91iYGWiS5BifUHgZ7/GG2g2FsQ5YgGOIh5d4o8
 tYmHGFCl6G2uOBmi6FMVmIhqRnKSUHO2mArMV0y6KGi+2ItX9x1TFTa5iHefWHG8GAnFCBjJyAMX
 OIxOFY1W5wuM6AnBSEzWiDb7RlbHaBzTuAPVyIymuDHhaIx3pYncqIrX9I1as47QOI6zUY7HZ4Hy
 aF4WJ47tKFXACI/WFGHsiI21eFSNl1QTSJD1+IwHiZD7xYk0xZDZCA0P2TSdtZDzNVgGeZGlkZES
 SJFF948eyTIgiYgbCTX9WJLkmJB2p5F9aFcWyZIm6ZLKSIEiSZOEkFmjQI+QcJIDli/CmJI6CQk8
 +VIrGQlAGX3rB3yB/0OLRTlhWMCR9kgJS+l9BXhMOVmURxkKPlkJNkmNxNd/WkmUUWlgU6mSDgmW
 ETl/QumNZnmWUilYatmRwhCW5jiWSoBMW8lu9JdfaxFbXvd1sbh5cVmSf/kDqNhdv2Z8XzVGfQli
 iekDi7kGWlZvhYkukflt0vdaJiGY8Udto/gxm1lgk9kDlakGl8l0CvkzpYlbp8kDqWl5jbl7N6lH
 h+mRsbkDs4kGqyl8rUkzr8lau6kDvXkGv+lgEklKwwUCw1kaa0kZg4mZgMleeLk5h7ecLiBd8hWT
 9GWXaBSa5Mdb3GWZe8d3o/kE3ElcuVk00YmW08maslmeqnmez1eJ6v/ZnB/wnJPxnuGZftpWnYpz
 nTngXukJMjzYnU9JcfMInnMpnu9GntbZlgAaoAdKffrpg965iyRpCnHnmeDQXtmZmVCSoQy2ocQ4
 k5UTn8A5nxPKmCzaoreZaMVHe3uplzzQjH5pn7ZZKRemnS0Qo+DXfcDSng8Zd/eZYCUmkPzHdXWX
 BE0IawdHk0iqfvXyoySaZRAablk5WQuab1TKoxbqKViKnwg6fqvWgDi6AzoqmWJKnUpqO92oUluK
 djfqpSMFlRdZpTJ2pUsKpCwgpPKnpnhKXWDKknzKfaBSphcqfubWdbyTjlLWoVQmqKGXOnMalPDW
 o13QppqlommSqJf/ejlMqqDV9qQ34ak9WZWTIaqjqkZmiqGbOqaGoapISak39KavaqC4KFyzCqc3
 JqkyuQvAo6u7Om6lyp6/Kp9OYateyaqB4arHaqMzGmdXsHO1KqxDg6tKZKnT6iGZioTLOp5opq3X
 2A7S+q2YmqwaSm9pegXOyjJ3VqfqmmThyn7jGqHlqqdnNK8VWq95dq9cWJvACmjmCo5r5q0A22MC
 S0ZytnVMEK8k469ourAb17DXR7DMCh8H26CDZqwW2z0Ym5zkCq8dy48fq7AhG0jseqLuWrJWILEj
 Q7FNt7KjirFRehiOCQBR9pWVSq8rsWwpp2yTprI4u6ZJQK05Kqk+/5urKhu0RQu0uSG0joeqeelr
 D4ueUvphjNC03Sq1H0G1TgpIYss4kBqrxfKy+mqoU6oIXrtjIHtsUfuvfFK22Gm1+Yi1aguxS8uv
 hfC2Rwe2HmG3BUq0AmS0LbsCJLu2WytyjgC4WBe3ATS3FTs8hAsA2PqS9KKxMtq3DJoIkFsacXe5
 PUa6Z9uoBXcvMps9H7q36lW5Wcu4wXlAqnuyHdW6+UqqsOu6squ5DaJuh2qaksulpzqiNdqnxWt6
 vku79rK6y4O712ptu5u7MDu77QG8bSu8T4u8Omu8Q5ukj4q3jyl0teu3jAW9yRtvNauo3au81bot
 Bse1zuig/iBF/v9ms2URdlkKchMXvMYRuoWQdS+Ev2Chv2irgCZrvoABwDtpvxpHwFhhwKhLLfHr
 uD/CwIMgwCsEwVkhwb06ddejwGyBwe2GdDjHwUrhwdabLRU8c2lCwhocQiicwi+XuCLRwkT3wkkp
 nRh3vzM8FCq8vNqCw2iiw/6ZCDHcQT8MxDUMqPCLjiJMwoHVww9spevLqXeLxYWrEkH8vobJij27
 wy6RxGHCt1ustGa7sz/XxPuLwI17BxXpDC5mwlqntVWLxllMq9/7EV0slu+yj24rxidBxlhixph7
 ulfcuWnMx2x8wM0HxkwryCZByExiyJl7x3qMyR3Rx1e7L1D8uYj/IMXjQMlDYsmIfLwFu8dg0sgT
 LC6ADLqSnBGkbCOmLL6HrMZQx8ofzC6zCMoNhb46aMva98mWgFfA7HvCDJnEHAjGPLx2envJTDa9
 7L+/7Mxyt4PRfHeQrEVwZ81FmM24uc0UpXfby77IjMfjq81fWjDNXM6Eic3onFa1BWWFWE+Cy8FH
 y79uUs/2TLdLbBc2/MT7zM/zdM8QnM8xJygELU8GTcAITb4DvdB81ND4+9DkFNESLUcUbbMWrU4Y
 ndETs9Er29F6i8rEk4UoPXdOadIjltIuzU4rrcqL8tI0XU4xrcknXdM6nU03Pbait9NAbUg9vcg/
 HdRG3S9Dnccz/33UTG2i4ZzIhdTUUn2AskSvB4G0Z5zJfnwMyXdFxZnOQ1m5hqx8lkrSTLmlZA2h
 Zg0tVv2WfQXV77rL84PWXt2ZbTwvbd2UDqvWAV2i3prW/ky8rTzMYm3HZFmocF29Qsxpf13XZd3X
 X5zYykmk+FrY5rzCvtHV5WfXjlzVgT2ohOpZfO3EZ/rZz7zVosPZg63M98eAoHFLA9ikUBqPVC3b
 4uTGVYiAwzeQtW2qr43bUKjbTLCKn1JLv03Br+Taw03brW3bsQfccmHcy83bze3buY3cS6isXbqF
 3N3d3v3d4B3e4j3e5F3e5n3e6J3e6r3e7N3e7v3e8B3f8j3f9Ctd3/Z93/id3/q93/zd3/793wAe
 4AI+4ARe4AZ+4Aie4Aq+4Aze4A7u4AkAACH5BAkHAAcALAAAAAD0AV4BQAP/eLrc/jDKSau9OOvN
 u/9gKI5kaZ5oqq5s675wLM90bd9Aru987//AoHBILBqPyKRyySzentCoVNKsWq/YrHbLFU6/4DCJ
 OCibz+i0es1uu9/wuHxOr9vv+PhQzO/TjHl4AYOEhYaHiImKi4yNjo+QkZKTj4F2Rn6ZmhyAlnWU
 oKGio6SlpoaedJibrK1URallp7O0AQS3uLm6tbq9BLXAjbGrrsXGnanByqC+zbzNuMvShcNOxtet
 yG3P0LnT3+Dh4otvxNjnfdps3N234++0XPCQ5dZjWejo6mvz/f6i8hq180arHhETWvKd26fmn8OH
 AYYImEixosWLGCcagWdw/48FIxlDihRgTmEUhmkgqpwncaTLixvfdfTyscjLmyTtmTwJ681KaQN/
 sRSCs+hNIrVmXjHKNGPJnTh6uvm5LGi/lk2zVkRa0A0XrWCfSkkYAyUaqminYQXLVmQXLG3jhhTL
 E4sMs2fS6g22Vq7fnG+r/B0M2CMMkH7pbsBrpt/AvbX6Ep5MubJlpzpdIJarWANjWfMeQ54l+bLp
 06i1dkaxOW5gK3BGiwvq7lHr1Lhz67Zs+G7p3Rg/D4BEW6jsb7dPG1jOvLlzIsD/Op/eHPrg3mV/
 R98qdduj4sfBJTdNvbz17W3LUz+fmKaYr5y7rwtPf9D4y1p03w+ehTD2L//wuSYfP/XRt19l+eV2
 oEUJ/vUfVA689kNsBRoC3jsLClDAhhx26OGHIG6I3oiVhWjiiRw+CCEDEvpAYYWEXDhOhijWCCJO
 7MUXhH82uWTjjym6t6IKwslBHG0wSkIjkD/iqJ1qRF3X40hM/qjikPeQEcuRViXJ5UBP4tfimHC1
 dxCWNhQZC2hewhMmb2TG2YSDmaGZHRZr5qnnnnyqkSGJgFK2mp1QaNHnoYgmesmUgTZ62qCEssZo
 W3JWaumlmGaqaZ2RTvGnk5uGKuqopJZ6RKd8fHoUpxC8ydSZneYoIKwRqPoSpKimY6lvleZaQaYj
 XOorNsLeKeewEwArQrH/yDbr7LPQRivttNRWa+212Gar7bbcduvtt+CGK+645JZr7rnopqvuuuy2
 6+678Ma7k6n01msvPvLCe+++/PYrZL7faqnowAQXbPDBaVwJcLMCI+zwwxBHrMq/Cw+p5pptZiyT
 wbhWDMbFW2os8jcHd+yxpwPmMfIiMp4iWpvV0HryJsKx087KOP+jFBAzu1IzLS3nLHQ4O//QczYp
 pzT0ygExEnQpRfuAEL5HL/Dz0iI3zTKSXbVhck12VW110mdhfZyrRsU0TtQ9XGCrS1+De7XZkKE9
 GVezsL3EbnEHTHZedA/SpZtR8j1EUl5tYbjM7M5t9uAYFu6oRvZOzh3j/2NR/YLjgaNl9+L0Wk5R
 3x+8PRLpD3AezsuBfy7668Ch3oHpbrG62N+NhXZz5xFJDvvvjcrOyaRs3fsi71tDzgjtwDcPvMLD
 yxqWvccjn8jTijDv/PaWQ0+k67ipfj3X1mdPPHnqPQf+5Omr7/usPP+xPmriI4J9+YRoD2WZ4Z+P
 Gf9mit97FKejIVQPf8vQX1YalBpVMbCARksVAeEnhAMW6H7SWFKVUMQ97m2wRt6DiqUsWB8MJtB/
 FfkgBzvoPBWeKITYAtlUvkM+rGnQhR8C1Y6ktEM6Se8iOAwRDK8lQ+84woQju2EQOaRDIPCohwF8
 H0aW+KEhWquIlkDgKP/mR0F/vcaHVgwXFgOhRYBIkX5eHBMYKbYuQ0nsjXBkgwJZODnhpcuNccxj
 HudIx+DZDl18HF0aB0nIQtpLbGP74QL/2AAuziWMC3Hk/7wXSMphDpGvUGRTOiZJ/rARS5pc5CVZ
 hMJNMhKTjdyVseJ0RUwFS5Wo/BUsNzdLaSkrBMyKpS53ycte+vKXwAymMIdJzGIa85jITKYyl8nM
 ZjrzmdCMpjSnSc1q6tKQ2Mxmr6xpJ21685tv4WY3wUnOcjZBnGgypzrXeUp0hqFheoynPOcZCEi6
 kwXwpKc+98nPhH3ynjXIZz8HSlA92hOgnsEdn8qIv5K1E6GtUuieGFr/PoeOEqLJkqieKGo9ix4U
 omNUGUd559F/YjSTBgzZ42poCtYlKWYfRWhIlbZS5ZXCpTCCqUlPGlGBCoJuSKQETiuk0yDwNAMz
 LVtNhzoKptanqAI8qix9qlSXsXSkHNXbDqTqNonarBtYDWsAtKoDroItpTOcRVDFStLEXdSsiUSr
 Ea1qU7YWQmtUIWsOphY2RNbPrlfZwhGvSgq9AoCvV0DlXwFLOC0Mtq6jMCxiraBYrzJWJXgdH2RF
 IdkSkMWvlr0scs44PbyJo7NT7eTlYrqtxYr2FKplUBE44tYhVrIwOzWXa19bitiuVgi09dpDD3Bb
 O2ZrtyLbrFpIaxrT/5rCsLdtolH1FVqgOnW5UFTQ4bomxwn27626re5SoRHY7H43CIgT7gPRCN5y
 IVdjys0gc8UEXO6uIUDnzW1ANacZ8fIWGL69W+VeZ1xJ9ZWWVAXcf5UR4CeGjsDD5VViVxkEEi7Y
 FA3m4YNFV+ATfBbBcp0PPK6bswz38cQwifCySvkqFaO0gj7RHVh5Z2IU2xi30z0Mi9Pm4lr5d3W7
 61yNb3ziDnc1lDxu71lhnNZ3kBhnQyYyHY28ZPOWll4Wxt9a7bNjKXu5gfpFapelS6osl2/LvUPy
 l9dM36iuWM1kHpWZrYfm6LL5zqvK8SvhnGcsx3ikdR6zdNrHHD6/jv/Qhc4waz1gaO0mOHePfTLy
 7OwSRC+n0ZaztAEwDbcwezjKxfuxZiVNY0H7RdOcdhSqFe3pyf4Awo9mk0AIq0VKj2TV820erq0c
 aj1T2AewDjGBIh1kjtq6dgBkr93WS6lWSzjZV2byXC9sG1NDUDCOXnZ/NBzBATJblMJuCLUjcexH
 Qru5gv52tKUmQXW3ONbDGTckyj1JK+gn3dteI7tRNcI/JwnNpNkxFT2E5xENvEOLRpqc5jwagMNW
 4AcXUcG3E/ENJZwV/W4yjByOYYhHfOIUr/jFh5VUBc86vlnz+MHjzAMHv5rbvLZIxQswcl+VHNIn
 J3WblEhFlu/A5cD/hrkTfSRyZ1Pr5rJ2Gq2hrPKB+1wHQO9B1F9OpaL7Wm4ajcOXir00ni/x6TmY
 +s+FTnWRzLzmuUL6HOQNamSzMwn6dnPjso6xcbfd3G9HQty77S61G8nuuUZQ3uEexau3MQsFTfya
 6A3yLsq9Z3hUvOTxwPjG9xrt44r85Dc/h8pbfn+YF5fmOU/62gb+87HrsbeKO/jWu56QlU11vV9P
 +9qXKvYBtr3udx8q3J++z7wP/r7gCgLWK5m4vwf7YfnNavAaP/TUlb0nbZt84POdUNKf/eNTmX3Z
 Ht/3MTfl8ZtveFCSP7fPN7rYctnfbR7dlW8+ljHZ3wL6Q+uWxa+l/zDtvwL+Owv/paN/weR/KUCA
 yAKAjCaAxLeADNiADviAEBiBEjiBFFiBFniBGJiBGriBHNiBHviBIBiCIjiCJFiCJniCKJiCKriC
 LNiCLviCMBiDMjiDNNhMwneDw1eDCYiDPHh7Ojg7PRiEovKDQCiERgh/RJhQR7iE8peEYsaEUNgi
 TqiEUViFXTCFpCRtpbeFXJgH0DeB8NaFYjiGZ/CFEhiGZJiGXGiGEYiGaviGm8eGEOiGcFiHBSWH
 D0iHdriH+4SHDqiHfBiI8eSH9+R3WidvL8UxqgdSdKdSiFggJVV+DWiIDPeIaBGJ2zeJjZgMlgiJ
 ivh9R0WJ/taJx/+Bidc3h5voCaT4VJ9IiMskihq3ipBhivt2hqkoYljDcTnnDBkDVaeYh7c4bLm4
 dKGgc3vhi7XYhsEobuM1Y2rFdTmVClRWTWoXOLqodM7oJcjYNhRYjdaFcpNgjHqxjTxQgd7YjOQF
 NNBIVNK4iDK1jDQ1jOAoCeKYFuS4Vd0Ij1W1NNeYPOkIM+0Iijz1XluXjbIoMqhli/D2Vf94kAhp
 epLIgARJQ/PokKUIkZkokaImCv1okXmFkb/4hxtZjMTokfSRkMq4kOpYkSZ5jCCZjKioks/IkhSV
 WSuBkrjEX0czkS3ZCDZ5CB2ZCDiZfwdWNTzZk4vwkxZSkpQwlAH/WJQ7OZJIqSSCtYsGCTUvyY1Z
 MmGgJZNTuUVViY31KAxZWY6epZOQJ5VfWW2OZZUN+VxliY9bSVmYdJRraQhKWQhBiQhOuYNcuX5q
 uZbnh14bo17U132/FZHnYpcWOZhAEFzdNX7Wdjru2FqB+ZWO+QOQeV/DlX6KGV5eeZeIkJk+sJl+
 0pmT6Xbqt3qXOZWk2QOm6U+SiZiCJJB+E5qiiZfVdyuzVZiReZi5V5nawpgO+Zo8EJtowEmpiXer
 2S3EeZB3p32waV+n6W6CZ5usiZv8OJYdF35t9pjUKZv5ll+f6V6tmTE0GXDeCSf1lTdxSXjZ1pzc
 8pz0kZ4Pt57X/0mY7mmY54Zu2Omc59km9tmdQwc64Lmfv9mf31me5EKf4TGgvbWbhVea4Zmc3gVm
 /zmfAeolEEoK0Tl9B3oK0LWclyeflqmdQ9OhYImf0XEvsDONe/aX7Rdu8ZibusmiqVcvLyqcBYiW
 /behJvmh4rdh3cOjBiaj9QekHimk70akdWSknwaV+KSkjSmhGOqkjgKj8UeXOoaiNsqkSYalfpSh
 PyqlZUqj+2ij+WOlymYqO0qm32OmcYqmJqema4qjBloqb+qKT4ikU+ql08CdMAKmqJejfIp8tGlJ
 I+egzLCOXcemhco9WvpieNppcBpXWiiM4yCoFUKokRqfDDqXlf9KmZeqAIwqVI46NJ76qVdqoreT
 qDiWkX2aqczoZKkqNKvKqo8CpUcWnKWKqHSKc5t6qyUGqbr6O5PqY7DaYacajsTKdKN6rM6TrD3l
 q34Wi2UUaLAqrWyGeZ5ZZqPIUNqaq9yKrK4aISQKoqVSiZ0zrsZargXnremaYvXCrtbIlHdKrvDK
 YefKfdZqKvb6jTrnefsqqf2ahf+6ruGarfjKZdtasDcmr8tKPQurRe4arWyxawV6YhpbdtemlTH6
 rokJrthqsQ2bZmDasUGHYiordWQnl8/msWMarEnnj886afPaFC3bcja2s2O3dzD7ay5bpIC6lCoK
 rSlraQ+rGz7/C3UvW1byI7KC0pp7yTQ5yxRNG3Y9q7TGuXwzsLQfOyEVaz8n2zpXaxRZCwA3lrZi
 B7Vfq6/MWWFjC5RlSzcESxFsu7WI9rCHiqkyGyjvVbVJdLZFkbcsy7VSO7Jm+baJ27Y8wK6Cm3Jg
 q5rYRp4bS6pL8bR71W7jWaJyW7KyeLeKam+germUOyea67XvdKHrBgQBS22iG6tMcG98Zp1DGpJ1
 0bmtK7agu4qxa7uO+7OWmrlA67arC7zW57pzS4q/q7v+qW0KCnq4WyisK72fO21VOrlxi7qW+7fS
 uTepqyvIy5tF24nNG71TW7vO67kg+zHVC260WqMVErnk1nQ9/wexfnF2Bxul63u714uLG1e3BJpr
 M4e/+Wt1sgohGYe9FyTAEYpkBWzAcaG/oaoQCwzA8+vAHmq/XyfBbUHBCSxClfK6VEG/88bBQeTB
 H4zA07siF6ypGXy0lOB1KazCYAHCLazAI7y8smHCbPkmEWzDWYHDMDlOC8fDDafBKwrEFad8wRu8
 Tlt1Ede3+XCObsmLZkPDOOTEqQvFWivFB0fF+qCPdWqzV4mrKLzFyTu0E8qzxevGZsfCRZydNLt2
 FMmp4aHFLsTFb6y2qRvFcTzF+5t2ZCysZvyWqprGe7zGcBy2wuvIbBwSRNy+WAeIGKwIPuw5iqxC
 fNzGj+x43v8rc3JMybdZx39HbGdcrBDcxIz8yc2Gsacbyik0yosreoVcs5isxPVJG6tqhH1svO0C
 iwz8Wr0shL+8ue8izJdMzI0bpjx4zKobzLdsx7DbzEXhy55MyuqizDDMW8UchNAcL9xcqwv2zT0Y
 ztFnynnCdtasfLWHzsk8zad8Yeb8zNlcy9KMJ4I4ebGLv9QKoPq8z4rXzxD7zxoa0AJ9h4QrxNub
 wwAzegnNTwRdsAZ9olcQ0Yk30fta0cOJeBhNUBoNrxx9XB790f0U0uU60oQ8sVbY0kEIfqa7uy49
 07YH07LcpDSd0zVdlwut0z69012ZsD891Otk0ysLykSd1N//ZNSRzL5KrdQh+K1PndRR3dOoCcsN
 jc9GjNXfq80I27gqDZpC7dCmas2/mgl8e0pSPce/tNZeja5cra5s7cJdC8ypY9VnnS9urdXKGtNO
 zdfmZ9ZqjddibMssDZw37b9zrcOC7XyEPcjystdBS6lN/coVPMaNTUmPfdlBzUpCKyGtZIAYINq7
 RNpn6X7TgoBF2ITEZNqiOiahrYCvytrD5NohSyaxjdpPSdv7J9s9qtvRotrRw9sD6NtH6tnvZ9sZ
 BdzFzdxnitypjYRESdxYWN3Wfd3Ynd3avd3c3d3e/d3gHd7iPd7kXd7mfd7ond7qvd7s3d7u/d7w
 Hd/yPd/0Il3f9n3f+J3f+r3f/N3f/v3fAB7gAj7gBF7gBn7gCM4BCQAAIfkECQcABwAsAAAAAPQB
 XgFAA/94utz+MMpJq7046827/2AojmRpnmiqrmzrvnAsz3Rt33iu73zv/8CgcEgsGo9IHGDJbDqf
 0Kh0Sq1ar9isdsvteq/JsJhmHZjP6LR6zW673/C4fE6v2+/4vLw67vs/ZXqCg4SFhoeIiW58f41/
 WIpwAZOUlZaXmJmam5ydnp+goaKjn5GLYI6pPJCmbaSvsLGys7S1lq1sWKq7OayFtsDBAQTExcbH
 wsfKBMLNnYa6vNJkV4fO16/L2snaxdjfldCo0+Qvvm7c3cbg7O3u75tw0eX0K+euwerI8PzAX1H9
 QMkbF+IflHpD7rEJyLBhLINPPOlbF2ygFRIQnSAUonD/jcOPIANUEUCypMmTKFOStMLQIqMKVlTK
 nFly3kZz1SSF3NlvJM2fKFkGdEnlQkygSFcSvNmioxqe3yYyC+gzqdWZWIQRhXi1q0qbTFk4TQMV
 m1SGVb2qFZC14puMTdbKBRtWxVg0ZfOCSyu3r0y4gJf4Hfx3ad0Ud8/oXeyML+HHgQE/nlzT8OET
 ic0wnMhYmGPKoEOLHv2T7mUNcON0hieVGCgspGPLnk1b7cvTEFLrXN2u9VRPsGsLH0589m0fkZNT
 Uf3JN293wYUbmE69OvXoxQlb3z4dO+HjPZSLh8JcYuvn7bzP5r5dfXa57K277wsehOT3NDMPQM+f
 0nzS//cJ919QcIFWHyAF4odVTm/019+AogVYG4QmSfhdUSVQGNp4UZTnICXO8UNhASSWaOKJKKZI
 ooIsjqbiizCWeKAHGhrI4RMefjjMeSJe8VOMQKbY4pCUBWmkjBjOcOMXFOg3Bygh6viajzQdeSRQ
 NVr1GX1bpmSlkTPiBhODuJAlJVpUFLfkmlxRZpqYIjiJyJloTqEmm3h2YeNFcGKmW5mABipoGlkS
 aehgb/bpAmCDNupoK4UeKqltlim6KJX55anpppx26umnT1iaEKYLgmrqqaimquoUonJEql+JOtDl
 WnxudNRksSoQaaa1toqcpjJs2mqnIwjr6w/GwpCsov/ExgnssdBGK+201FZr7bXYZqvtttx26+23
 4IYr7rjklmvuueimq+667Lbr7rvwxrvBqvTWa+8/8n5777789ntQvtAG8ujABBdssB1hAlyOwAc3
 7PDDAyesMBJyWkPnxfA4muvESpA5CMadRGkLZxeL0yvHvzL8McibiFwLyXSaLDHKNeiXDsws59zQ
 VlLQDITN+fCo89D98ByFz8h6vBDROkdm3llunXIygoBxDDTTLDsdstC2GP2vs1VPfDXWvM1KKRUt
 vVXpA7dCtra+SntE9nNmeyVU0WpPHUHbF+od7thzQ91TmsS1BYzXXtzpN7iAz71Y3fjZO2lli8Ot
 8tL/jncG+XuST87W29427g7Ojm/u+enZbcyt6L3pk7l/hKMuu6GqH/snOq8/Tfomu87uO+ozH3Y7
 Prlz4jLvr/6u/PKU9xyEv1Pk2DLXxWfSe1/xVXe9odlflzysSRab4KSsY3J89ZZsT+v4E37/Fft9
 O48R/LTH/RT60LkPIP2yZWkhouEDm+lwlSfpOeh8e9FfSb4UJOb5joFACh4G1Lc+PBmwPwj8xogg
 CCMHzo6DMJKgCe7VJPvhAUrUY9oGQSik0ijwbFLYk52QwkIViTBD9irh5fSAQsGRbYU1NBGWXmi3
 2LnNiFUK4oluaKmKGQJ/sxjgEaE3HhkGcFxO/AUU/x+CRNpQ8UZWZNW5GAWxMj6Mgh6sX+XapaEv
 uvGNcDQV0ibQxjja8Y54VM4cJYDGCoGOAVIc4hUXFkgXrvEAfWzeIPeoKyJq6Y8LKCSvxGgrSZZK
 YolUyiF9tqxL5WlYnBLfJxnJtmcpy5TMCqUA2UTKVrrylbCMpSxnScta2vKWuMylLnfJy1768pfA
 DKYwh0nMYhrzmMhMpjKXycxm2ieP0Iwmk5zpB2la85qQpObzsMnNbjZBm33wpji5Cc6kLceM6Eyn
 OvXAxHI+85zrjKc850moRboTMVWgpz73mc523lNWJmzFFqGosWxqM4uEGCj+CrpJcCJ0ZQotHkP9
 qf/MhwoiotWbqD3/aVG5BS6Fs9jdh2S20Xt29H4f9eHLXFeyQtTuoAG1Q+YyCAuROoiklPwnQHeY
 h5mCVBY27Q9O5afTBpSvpj/FqEIRp5Gi7jSfuxlZUpW6RaZ+06lGjalmgqZSqkbUqkzAalZ5aiav
 5kVrxpvqK8C6hPmFTWFHNWtD0Dq9rs6CrQBwK1ysptX9yLUsdNUETdeaN4qW8q0Ai+tfm2HJwqBt
 KIUtKSAb+76Gakuxiw0GZVNyN37g1SibJZBls4XZzNoitCfpbMYim1M6otaPo8VWaU1Li9cqEiCQ
 lZoE+QbA2F5rtheza3q6aJwraIW1BlGcYaUFXDr/CZcdtk2K4bqG3H8oV7Kr62vunpvAGQ5nurXA
 ayYf6VtrNfdM3NUgcYnUucm9lLTapS101zuk9pLPoPAlK17k290Yes6+knqvbOPLX2xE1031Op2A
 f0tgfgSVaAdOo4Rhu9xonVeq6ihehCc84QWbt8GsYenrNszhNHq4WhdeaYZzR+ISO/DEcBoe5jA6
 2EqM18U45lJrm5iRC0KxxrDjbY6H/F3sCq/HUY0okCdxYyI7GSkVnoaMPUpjtdrYkU/OcvyOtk07
 +vgSSx4xlifTve6M2XNlNkCTo4xPLye5rg9GX5N/kuY5D6fOZ4aykanh5gY1x8oazvNg8Czk5RH6
 /8BsnmxG/gviAk+p0PtbdJEhLdo2EXDH77R0gBvtaOAIGnySFtCY/wdqoq7Suu7ldKc5YedLJnfS
 piO1jk1dkE+Xek1ffk6Y/UFEJZ5Iy/jxtYkSHUlbzxrXbz4goD3Ta2GvCNjZcTaJiN1ISo9GU7nm
 za5P22xnQzva0qY2Io09lwImG4PL1my3hf3t4ki7AOIGbb10CFUt6k7EP1y3rwWJaPpW0Ls/Cvee
 R5hD1+pXpn9OL8iAuG9D9hvgW45CUt4dbwuQ0OD1TmjC47xwfSuR3/6GocQRHHKTUHzgOJw3xuGp
 8XuvOKUTabFjx2ntIpYXxX1NxKqZXPIN0Zzclf+teIxzPqedyzzoP4d4b4UuppOe0Og9D2PSoSB1
 LpuLjPzM+iBa3e5bYxpeWNe62O/A9a6X++ZYnPLY115dqpt902gXV9jZTnfdRv3too773xw59b77
 HVSzrOPfB0/4JQWe74VPvOIDc/iaf27xkI88Fxpv25c+/OtSvrxkxwvjeHHeoJq3OkIcf5WNfV7v
 7zr9bu8uXaaHJ/S0firrHY5yuKLSk3gCZSdpdHtX7l4svW+6Kms9ylj+3h7Bx02ziJ97sTr/+dCP
 vvSnT/3qW//62M++9rfP/e57//vgD7/4x0/+8pv//OhPv/rXz/72u//98I+//OdP//rb//74z7//
 /vfP//77v5aSF4DD93+yJ4AGyCEEmBsHuIAImIAFyIAQmBEO+IARWIFeMIFjZYEaeIEYWGwb+IFb
 0IEeCIIkiHrjd3B1l4IqaFXvh4Ir+IIwaAauh1UuGIM2WHcz6FQ1eIM8KHY5WFQ72INCqE8/qFNB
 OIRIuE5FaExOdwc7FzON0nnI1IQI94Q6olGYx1FEZzFWOFJRiF/ORIV10IVX+IUmWExiSAdk6IWD
 IoXHlIZPsoZCZYZLaEtwKAdyOIdtCIbNdIfZloc8gYWxB4RbeG46s20upwwYM1SiJ1Zp6FMKNwoc
 xxuM+DXO94iOg4hb83JnUomhAn2YCHP4pmLd/7CILsWHzBSKZKOJacWJUuKJTfV8qog1rAhn29BS
 hOCGTFiIfiaKrkgLk7gasHhVsqhqsVCLgLgYnwWKxohUkZiM/LGMxeiCNzOK0AiFdpeFJtWM2ZBu
 1yiMbfeJ05hxxINhwfiN4JiNg2iE3EgKyIiOOyGNl9iOkuiNERVYUCGPmSaBYkOPovCO1YOPgRiO
 sch8/Gh71AiPvAYYiXiLh0OQxGiQEMFXCamQtSCQYGaPnqCPVLNX/ViRFhlFgdGQy3Bc6tiIHXmQ
 ieWPIdkJGGkJAHkJHMl7iJUvKdaS6TOSm3iOAgGRYSVKHomQ5DhjOPkKL1kJMXkLPtlWQKmSNv/J
 khYJexGRW21geVJpieRyk9B4lU2QNieJlXzElQWZlVCpkGK5BF5ZlaB3lj95dWUJj2yZlrmwlrMH
 ctrYLVqZjHFJlXNpWaRHXnV4E3kJiHuJN18pjvTmX5cWmJUEkkWJCYXpWUuZVxbHlkzplo65ijyp
 bkpXXKpFC+IFdCJ3l9mVmbS4mQupmHlXBSaplrIWG7poO28pJc/IWHW5dI/1kIepJ4WDijhnmkxT
 m8zWmf1jXFHjmvxTnGfoK4OJHsLJmarZPp95V5NZdkhHmtvSnLqGmtxGnLBpnLqJnKG2mrX3YcBJ
 NM+ZmiMHa7lJXbvJBdeFnZc1mzqSnt0ZnYf/AmD56ZvUop1reHRntyoKxp/T4p9kCKD/pioDupy6
 N5RU9piXgKCjiSoLypijR5/XKKE2J6CMxqCiYqBdqKFdoZ9qZKH1AKJWKKKll2AdaqL0gKI9VIos
 dpt4pzyxyZwYGlLWmG/eWaMldqMNynLlGGK/yKP46aM4BqQfmqNAtaNYo6JI6kUEylxMeoxOqkI0
 GqXAM6UWVqXOKKNi1qNa6kFKymPnCQ7cKSVQOqaR5qKEdKZRcaUQlqVsel8eKphI1otVVpvWWafM
 46Y/k6e4o1Rh1qd+aqPleaEQ8YfblW6Geqi+A6jmZBCM+jqFKpqQmqSJeqKCOqQKdal/manA/yap
 KUOphog/oLqmorqf8hkWaldWe3qOj7qqLYqSq3BHlZqUHReq2lFmsyoah0an14mYpQpHuaqRRiqs
 XhGsYjo7zHqkxwaWt9png7qTcipnmHoVz7qeabStbreYtroDeHSs9vmk2WoV3voEHJauTlB1EVms
 b0SuaYqlvDpovnqu78GucUFy69gLuHqqMIms5lqvfqGvTLCu90qwkxSuNKlprOqgKGWtRbpFv/p4
 DuuZsZacAcqwHfCaLDJbuooxFeuxETJqGpug0pqSqGanEAur3ziyJ1uyf0myG8qxHECznOOlmQWz
 4ymlMxuzNZuyDftqLCukRJmh+KpnPYuxd/+HsyvaqpW5tOyls4vFsxernBkrtdFKrBL5BbUaPQD7
 n0lrl17Lns16W2ULrkLbsUCbs3Aqtgq7sSsrnVl7tVs7ll3LrXSLbHpanwIrCwz3cbQqFycHtWMS
 t3J7I5W6GCH7aHXzboNLuAJnuIl5tu4qHourF437CYEbRJG7FoXbrzc7tmTLIZmbF5vraTUHuZ/r
 FaFrs/NCurS3JKdbFqnrkh7nua3bFa+7tqOLuCiruGG7GrfLarlbQ7vLu5MrurELvBNqusPbGcWL
 PKsrbcl7Fb3LtTihcmF5hH1rixPbNMfLQqX7rVOkt7iJvjKRvXi7vfRSuVLAhRILpsnarKz/u7CW
 C5jqe7ftSkPLC7tt9r4rB7b2Nr8OWb/QanLWO7sJHLz9q7bmm0TOZqIX170t64Qbd627+rgLjL8N
 /Lz7CsHq6r8TvKn7qCrw2yFPlMHhmzOdi7wMvL+J+8DnK8Mowb7vekrcuze8WK2tOK/88cLkG8MR
 nL4jLMI0LMHCRsEFZ8FGy0MsTL8Dy8HeRsRHXMNXHHFFvL7/67t20cQ87L0+DL5SHJytAaWSd7nt
 u3diDFGdhsaRp8Y5LHc97MaOBseQJ8dtWS5+GL1mhceLp8eXycd1fFFQl79I/HeCTJmYecGm8ISA
 rHiLjC59/L38FcmJN8lj9KpJOE8VC6ll/5pfi9rJPii7yRvKA9appEyEpry7qMxgqrzKntzKrfvK
 5jnKsrxPn3yotvybuJzL9LTLftrL/cnJwGxGwlynxFygxnzMEJPMbLrMVOp4JVjN3kR5PWfN2nxN
 2Hy22/zN0NTNH6xJ4FzObyTONoy25rzO+4LOW1xp7BzPFQxLgifP9izAxoevVonISku5Y+C88HyX
 qmfCYKfPdDnOI0qqTWGZjBzGlcel7jLQ8smWTAHQqfVHEs28nGTQfqmsAe3FqmDRFLZ5HK3QzCzS
 FrtnFI2nHn3Rh5TRAEwzMA3S1YbQT+vPYoDS5EzSKC3NjJN8X1x8qXR8zdt8+SzUuMdKS4hK1KgB
 1HvE1CgA1XWxfCdseLIk1QSH1EOH1VFr1PTs1FEN1lM9gCpr1Uft1Um9JkGK1kOr1lct1lnN1sLH
 1Ycr16RE103p1mYK112t1CL414Ad2II92IRd2IZ92Iid2Iq92Izd2I792JAd2ZI92ZRd2ZZ92Zid
 2Zq92Zzd2Z792aAd2qJNAgkAACH5BAkHAAcALAAAAAD0AV4BQAP/eLrc/jDKSau9OOvNu/9gKI5k
 aZ5oqq5s675wLM90bd94ru987//AoHBILBqPSBxgyWw6n9CodEqtWq/YrHbL7XqvybCYZh2Yz+i0
 es1uu9/wuHxOr9vv+Ly8Ou77P2V6goOEhYaHiIlufH+Nf1iKcAGTlJWWl5iZmpucnZ6foKGio5+R
 i2COqTyQpm2kr7CxsrO0tZatbFiquzmshbbAwQEExMXGx8LHygTCzZ2GurzSZFeHztevy9rJ2sXY
 35XQqNPkL75u3N3G4Ozt7u+bcNHl9CvnrsHqyPD8wF9R/UDJGzfin5N6Q+6xCciwYSyDTzzpWxds
 oBUTEJkgFKJw/43DjyADVBFAsqTJkyhTksTSzyKjClhUypwpYN5Gc9UkhdzZbyTNnyhZ8nNJ5UJM
 oEht3mzRUQ3PbxOZBfSJtGrSKsKIQrTKdabSpfZyvnmKLSpDql3TnrSS9U3GJmrjriQINmygsWTz
 fkMrt6/Mt4CX+B38l27dFE3T6F3sjC/hx4EBP55c8uvhE4nRMJzIWJhjyqBDix790/JlBZGrxOkM
 LyoxUEdJy55Nu3bXlxtTU1nN2p1rqZ5i2x5OvLhs3D4iQxaL7tPv3u6E1zZAvbr161aMU77O3Xp2
 ysh7KCec+Qyo59DZSafdvf137YTbd3+/fEoN+vBVljeTvj+l9f+zSUYcgPq9BVp4OFGRH037DeCf
 fwSSJuBwEQZlIHhFlVDhbboZxNuDlaAHz4YCFGDiiSimqOKKJi7o4mgsxijjiQgCcsVkHXqoE4iU
 iPgOiTMGuWJV+A32WV8klijkkibW6EGSRBrWQYNznOcaj6IAyeSSUSqI4RQH3vjTlks6yQJgMlCJ
 CJYNHUlbjnCmhqOUOqAZg5rWsDmVl8bF6eeF5NF5WkFv4WLooYi6JeaLjBZn2qB3FpropJQaCmWj
 mAZ6EaQoXArUn6CGKuqopJZqJ6f3LWqkqay26uqrUtRnJqpIeFqaoA7Y6hWuqui666Yw8SmrFLQS
 QWqqoRaL2qj/hIqqLEfMUpOssseKUO2z2Gar7bbcduvtt+CGK+645JZr7rnopqvuuuy26+678MYr
 77z01mvvvfjmqy2s/PbrL6j6rvvvwAQX/E/A3d5V6cIMN+ywHrMiTI/CD1ds8cUPRyxxEngaoufH
 Q1H66MarMDcIyJ34WAtnH4sDLMlBdIwXypqoTAvLerqsMcw2NJgOzjQH3ZBWxPIcs8kL5XOl0EwH
 RHQURh9NcdJNBx2ZREsD8zQUGL3Fs89VWx0Y1mZVpOjL1noNM9hhQ+dmXELBs/UTRqnq18jost02
 a28fh5XZp0xIIa/n6r132T0JO+DfWp8N6OBot2v43ov1vWDB/5muRbi5k1Oel+X5YZ55ZZuX23k7
 QFMO+uisv4h34Uh7FFDqe6/e+u3avQ7WqB96nnLWnfiK+/DE15ThTbzv6DsnNmsivFzycVdk8SZF
 j53tXRYNxHirTi072bQvj8nzcVnvHfasm1/d9Egenyb6kKumPPPAi58J+WoJXtul+nev/fuKw9Tp
 7HcN/KWlfwGy26+28qX/pY19+SNY73jUPHBoiUwzop4GlYRBGe0MAwY0ScEmCKIK7kWBKOlgBjdY
 PBV60H0PhN8CYfik2OXBSohr2wVdqKLsxaqBUQgTBE3CQxZ9sG5D5FDkpmRDPOAwfEzbYRFP5MMg
 AhEKQgTdFP9VdEQNqQ0GMiMEAWkhQ00ZDFRzWmKdvpgg+VFqjLMoo//O6Kc0djFcgMGYHvc4gBCy
 UIClI5cf50LHQhrykIjUyNpQCLdEOvKRkHTV1xgZQTU+YJC6a8QgjWfJXAXwbnfc2CYzeQBMBtIP
 owykHAtDw6hdMlozgCWtrgUCWroSArYEo7OoJUsb7fKWwAymMIdJzGIa85jITKYyl8nMZjrzmdCM
 pjSnSc1qWvOa2MymNrfJzW5685vg1GYkx0lOOIWzV+VMpzohcs5UrPOd8NRCOx0Rz3raE2rzhNZu
 +MjPfvoTYq3MZxul8M+CGvSgawilQGNIUIQ69KH8VOhCIxD/xpPBEY6VIqVAKyqIi2JUZKfMJ0f1
 4NExZjSk8xzpDUtqv5N2cqILUKliKGdCWEDRPzoLKEwZIFPN0LR+N9MHyHJqn51KoKfm+WkOVybU
 lhVCoyJt4h08V9NsNDVnT0VpOwdoU6Cy9KsBmNtBjEpRqSYVGFUFq0kdp1OyctWqS1UrS8XaBLKW
 1XtOkaterva7uM6CrookwalEaVb+6PVzY+vrTWEB2CV0LSOTxOtMD/sUvtLPr7JoLAAey85FStan
 lP3RJ9vHlpAF7oOpfCnsPnvW0LZjlQUqrdzYWtRgJZErUMVjYR3k2uiMVi5xe4dmkQhbzamWc7vt
 rW/BdEUp/7SEtg48KiUPqNVvvTVomFXPbxNIhbacNiN9qq63rkuz7Fpwu37rLuDawL34tTVvyfWd
 eU/I3PCqt3HfZeDijmu6+FJ1sfT9IetEN2DxJsy/yg2wFQs8sNvlFlzkTXAc0Xs5gjnYwNyKsIQf
 QuHQWbh1D7YugltzVc8V948ovgp/BTnidwBYaCdOsYxZKdEDs9aw/Xix2Oo74x4Pq7bv0vDPtrG8
 GPv4yCEmR/Jm9tW0/me6R47yfqM7MVGR0KNOnsQmpcxl6gIZIUtuDlizLBIod/nMoqlxGMKMjzF7
 9X5mBo36qHPb4c3ZAHXG7Xtv0F7SulHMii0xS7cMlDvn+f92hjYy6b4snsD8uKFMvqyOixzn7cz5
 0K1LdIf1zOiSIbCSf25zoNUhV0L/RNM8RjGqBfzoscZS0c2NwpU3HJxK29EgjrL1p4G7Z8TA+tZT
 mDWtOWFqBj1uf7o+9hy5Jq1UA/LGvB12KIo9w3/k+tC7bmSnfanoEc6vhG9WsLNTuEUUodlF5UaR
 ml+J6VsNTNjpIbM/zJxuKp47P/VuUq8zkNp/wRs68raFFLd4b3zne92ebLex3/3tBwW8FgOfYsHh
 k+8CILwB/d63bUPdUeeEe8eWq3gVsRhruJT8CUCp+MV5autPYZjl0K6Sx+eLsogXceQoP7lgdG5y
 mqhc48T/3bSKV45UHI+6Gyamd75x7oQsLrjVJPf5wYFugYxvewNFj/bRiXw41/ya6fcct7ZXzlmD
 AJDjh5K2loXu9LArvNpUXiNkIxXzNan960N3+9tpTHVdzt3vaDeU2sss9jfp3epxV1ceIcp4QlB7
 4mbse5Al1fjK4+HxkAfliuW1eMt7ng6YzzyvNx+vzn/+9NB9uuifTXZe7j22h4+97P8V2W7P/va4
 b1Xt2e7u3Pv+93HafeG9DPzi+wvqdLMm4vG5cd7DnflVfn1KSPlr0pNs+cxu/vA53frttbz3Gq9+
 9zn//YWjtvx8v/ousJ987ecc2Nk/Zi4H6qdnzZ8D9xdm//7P9MtZ9rKG/WdM+2cXAON60xICA2hX
 CriADNiADviAEBiBEjiBFFiBFniBGJiBGriBHNiBHviBIBiCIjiCJFiCJniCKJiCKriCLNiCLviC
 MBiDMjiDNFiDNniDOJiDOriDkmN8PsgvPEgBPziEkhSE0kWESPh/RghzSdiE9beEuOSEUmhOUMhu
 U3iFgVGFVoiFXGh2WohxXRiGB6ODdYd6ZniGuSB5HFiGaNiGaDh+EMiGbjiHnweHDyiHdJiHjGeH
 DoiHeviHB8WHDeiHgFiI/SSI4ZR1Mjd4POJSiBhNiigHjIgljqiGibhbiTCJjQhS1rdVmGh3mohT
 nPiI0P8Uif8WinlRiepnVKbYcKjIGKqYeG71iXnyitARi9A3iLToMbZ4i6NoieCUdf9Fc6MwaZ1B
 VLLIirsYaVXzcFtHEVjleC/XTcKoVMb4RFzHJsiYiwxYjV1HjKJwjYuxjfGni4T4PW3jjJKWjZSY
 VZ14Tt6Yjh8HV0jnVNL4jpd4jnn1jeIIPuy4ifdIis8kZDPXj714jKlXjt3YYrOgjgepF8MVhwwp
 Cw75kGQRkXc4kbFQkRbJExjZhxrZVeDYkQiZX8m4UwTpj6RGktHIXtPITSn5jMowbJaVignZfs3S
 WdcXkvQoaMpVkxd5k66Wk164k9DGkvMGGCpZj/jlkvj/eFc6SVhHiZQQl1jruJJNmYZPGYV/J5WB
 N1lUKQtAmQkciQkfyVBjaJRfCVphyWFKKZP7kJUJ9ZJMWJReuU/M2JajMJaYUJaXcJYIyEYSE5N6
 WQl8eQl+eQtCWVde1JWDyZN6KX6yJVyLGVhCiH7pd5LINZWFCWfbR3z3RZkmyY1Q6XzPp5DsQpgP
 KZmMI5pOeX7SZyFbuS2qeZCsGZruAJil+ZlWkWQ2tpat1ZmWcJtT8FyjiZpcaXuzuS+Q2ZbE6Vym
 9Zrhh5mwB4wZ1pxhiXcuh5u0oFmhN310aX/YCTIj6RmmGXkAsV5aqWyGt5zZUpv+UZ7BoJ3gl55y
 qQZ9/4Zs7okt8Nkf8pmUrDZl0HmfaZCf7SmQuzOeH/OfAneeywYF3iWd+uVeq7hawGl0/MiU/ECf
 5jegtuCd1Dl6CLoU/RlvBlmVvJlmrVkLIBqboGadtKmgesKgKBqgFAqh6jmX2TYavnmdnGmNGjoi
 Dnqgxwdi4WmAeAlowmmYQ8pd/3Jh+ymeP7qkT5aiufNhDDaiyCOjJMmhflakWQqjzDmlVEp4Nsp6
 YDo6PRqjZEqlXiqiaZo5azqmF6p1ZWqmqpcpBKamR1osJdqTyyA+b7p6LjKn78mltnCiPDKohOph
 UYqkweaK7KCoIMKojXqlj+qniMpUWJl0Vnqpf2So/P+5qUHVqarTpKAKpVqaG6TakD6pQ6iaqmFa
 oZtZp5vxqmFjqbJqG6IqpbY6O7haNbq6q0RKqyRqZZI6RmT2ncQaqmJ6BGxGNU02j0zqos16ZquK
 LKByiuKzrCF6rWiWrc32J9y6PN5qreAqZeL6aqFSrvJFrVU6rOmqqqRZDtGKjix1rvI6r7OKk2CG
 rHl5Ufoaq1yxannKQgYbdcjnWFLDni8aqQHbl/BKaehqFQn7fil2sU3Hc/rksKAJsUq6CYlZc9+a
 Fhrbcxl7ac85lMnhaOgJaSFbMxPrO8xaPSpLsPlxskzQdv7aaDvam+M5siBTsyWhszsnY0YLADzL
 sj7/67FK9KtL+Y8eRbQkkbQ9ZrUc27Dg9bKylqyWILQfQ7UCgLVIe7OfmnfIyRT7up1QC5fQ+FVi
 +7NLq7Adam1Zy65ne6NdG7GIObOeOqxyy3M7i7ZfMLeWSXd5y6utmmBx67Qqim2O+7E9S390i6Yg
 K2oW2bhbq7eVm5leYLgMi7dnyih/GlqaO6H6aTuBC7TGihlrW58wi7mrWbJPi2sCaqWrC3ahe3aj
 6zqL+5O0y322y7kYW7eFe7e8e7Ck+7u9dbrDq7iQu7kLu1mNqZz+5rW9AbafYHM8xK+E8XOtG3SJ
 67mv4q6Lob21dlsi571+Ab6ayW/BS0jXy7cA57cN/6q+S8e+feG+9QqA1usv5qsX6Bs8Sldv+ru/
 Uxe+VRe/nDS/MRuf9lujFLa+B6wW/Ju2TFSxDQzA2MsaA0xsBZxuFRwXFzy53IazG9wvAZwXH7wJ
 3OtCunu00wu6KCsTJcy0tcTAohqPVxmkwhrC5RbDSstzNDy4Uldv3cd+OIx/y/jAEkujEALEBEe4
 xfugGwt/ynsSN8yYgqXDdMnDIhvBlSrFEkfFVzzDgivDNpzA7wtCXryfYCyzUNwfL6xCQkzDRazG
 KrHFhxuYGrzDTSy7ckyp6VHHHXTHRJzGQ3zE6ZbEb0x0gSytPSy1UUTGN2fGNWzFmax5WsTG/ZvB
 //+rwEdYp4vott5wqvhrwJhsxGiMxZ1Lbkj8rHU5vtUpyrsZux0XtYEKpOqwtkToyibcC4Kptvro
 RHeHwsJbfMC8xMLsmMRMyqBIk8jMuj64zFzcss7Mf8U8VcdMy5xsfNbcxzswWC7QivRrutMsxLIX
 zrvbtHZZzpFMUt3cu04KztMrznIXlfC8zXYweL48hOxMvfBieobYeGI7r73aXxlR0J530Oma0Cy2
 0AxdeQ4NrhA9LgQ90Q5V0dd60eKS0RodiAw8wuCZqRhNeSG90SNN0sa1rqgC0in9TxzdrB6tWxId
 0wg108Ra05CixGL40/UkfPRcu0Bd1Pck1FksuUb/vdTrhNSv/LBMHdXl5NRVDKdSfdWRRNVn/M1Y
 3dWJpNWbPHZevdT33M7S5NP4vIXe3NKy3LEoTH3TbNKl98jTWbE8Pc503bory8zBhNZmfctJncxt
 jEp53cZ7fc0CWNifDIZ23ac/4NcCfZlrXdK2/Jh/rErxe9f5/NaYPdmyWdkIA9niO9TU3NZa69mL
 BpukTdQYDEwJ6GsH6H8B6L8FiEyv3Smz3dNKyMS5PUy37bqx/dK7jXXD3dfFTYB/4qu1ncO9rX/H
 rQLPnaDNrQG/Ddapoa3JDalP6MfBXUzVXb3ZranTDb/jfUvf3cXdrdvlPdrB94Xu/d7wHd/yPd/0
 L13f9n3f+J3f+r3f/N3f/v3fAB7gAj7gBF7gBn7gCJ7gCr7gDN7gDv7gEB7hyJQAACH5BAkHAAcA
 LAAAAAD0AV4BQAP/eLrc/jDKSau9OOvNu/9gKI5kaZ5oqq5s675wLM90bd94ru987//AoHBILBqP
 SBxgyWw6n9CodEqtWq/YrHbL7XqvybCYZh2Yz+i0es1uu9/wuHxOr9vv+Ly8Ou77P2V6goOEhYaH
 iIlufH+Nf1iKcAGTlJWWl5iZmpucnZ6foKGio5+Ri2COqTyQpm2kr7CxsrO0tZatbFiquzmshbbA
 wQEExMXGx8LHygTCzZ2GurzSZFeHztevy9rJ2sXY35XQqNPkL75u3N3G4Ozt7u+bcNHl9CvnrsHq
 yPD8nl9R/YTJG0fhn5N6qe6xCciwISaDT4DpWxdsoJULEJkgdKRw/43Dj9+qCBhJsqTJkyhHYgGp
 yWJGACljyhQwb6OPjmpY6gwmcqbPkyt33nrzksnPozQJ2lxVTZLQaxOZ8aSCtOpRKwxdUrXKFWXN
 pTtwpnkKdaKwnl3TlsQaUOsUtXC/Mi1adIRYNGTzkkILt69MukX9Co4pNyzgl3abvtHLGBTfwZCT
 HjYYubJkRjCwWP45GWIchmYb+9u6ubTp06iBKm0ROHVawJ9Fu4tKTLPr27hz615LxUTr3ZzpxpbN
 jjYB28CTK1/+uneQzpSvKkb3yThxWchxG9jOvbt3K8wFex/fHXxlzD+g/0N69wwo69dhZb9Nvr75
 8HDrk78PGT3YCf/qQTFcfB/N59pvuBlI2EuW+fdfBAE+MSCBDSmIGoK3WegVg+c596AL7ZlB4SXw
 1aIhSQWkqOKKLLboYor4xVjZizTWqKKDH6YQ4gAjWlIiLSeOZOOQLrL3mGBH+hWkkEQ2mSKOOZ6w
 4xzv0dbjJEs66aSRpPXX5WBLCqBlk1BGaQFsuHh05Vlf5hbhmxBFVpiZIqCZ5lhrTvVWcnD26YWc
 q9F5pp+B3GnooYWEKeOiXl4kqI6EVoHopJTeoSijmMYV6KMAXrFbpKCGKuqopPbJKQqXNlrqqqy2
 6uqpNqU605wNyBrcFGAl2ZejFdi6IK+wpufnDITCGqlvwwYLRLH/MjDL6bElOKvstNRWa+212Gar
 7bbcduvtt+CGK+645JZr7rnopqvuuuy26+678MYr77z0EuHqvfjmi1i94err778Ae8hvsIVWavDB
 CCdcR5kD01OwwhBHLHGlDDecxJSI5KkxP5TSarEOGE+4MSY/1hJanuIA+/FN0w0yMicl03LymilX
 vLINO6Yz88s8Z0XUpjcr0fJC+VjZ89Ft/axy0CAPrSbSsgEmkdHAuCUFRvsyDaHTOUEdNV1TRyWQ
 0jYvUJfWWz9MtNcO6aopW3lZvZ6qAvObM9ttt5lgFT6fwt/eS9N7N96TiK2nFMrBzTHZeqfm8Q3+
 Jqb204T34zZ+//pmStLjOOsruaROVW554zFmrvlldbPm6af5ijybPhtffvrs4XGO7N8Zth46Pzv3
 KDvtwANne7QcZmondaJ3YpyvwTc/e9k1mH4r6IslrzxtzOen33e/A78996SrBT01+HJJPfLXG453
 9mp9X173tLvPHe5Kpv4ooa5nEjPS7DeXEev0SwmGkGQ/QeFvd9bDzurcVDzAwQ91cwMUrto1uCvt
 Tz4LjMmYiOS8DoppgzYa37cq2KMLviJLIKyRB52XwhqJ0FshQ+AmTPi1AJakhTQyH+I6tCcJdg+H
 L3pht2JYPU/QUDQoBCKLdBiFBoXPfz9UIouEeD/hUCqBnHigE/8DFiEfFnBcxzsUFjehRR5yUT1e
 nOAQ7zWxNt6pfyvE1PAIlsHcnfGOeMzjqyhYxwPp8Y+ADOSb3AXHzQGNAYU0CRX7UMbpXW1QNuTK
 HFeWSAg+slORhGIUcvXErgQOApWc5MekZY5kPYuUIUAl2hBpysy00oCqBMQrV0nLWtrylrjMpS53
 ycte+vKXwAymMIdJzGIa85jITKYyl8nMZjrzmdCMpjSnSU1YCvKa2MxaNRmZzW56kwvbfMQ3x0lO
 NYZTDOVMpzqXcM5lnc+N8IynPC31xXaqYHLzzKc+97lIe3oAn/sMqEAl1k9/1opruBijQifRsUMa
 lIiEWKhCG/r/SYMqAKIukygWKVpQaGJUEBrd6KREWc2PUs5rRyRF70ZUs3o+FKF3qFxKR7FSCrXU
 nBY9KEBjSriZiqKmBLrpJXOq03eCtKdUswVQ4yPUTRLVASSUWVJDSlVKyA0KT4UqTN1TNPVV9atX
 fUJWi0qF/MXCp19NXlgPMlazbVVEaYWH1JQ6VVqstQlYy8guoxrXkICNrl6txV01AkmI7PWtPOqr
 O+ZqsrrOYrDsLKxBDrtTrioWSJ2U5BUYA9kspHGodkPsZU2UWasEJW6MixPdcFovvo52FI30yWnJ
 0tlKWtKpDXPta0MR21ltVi+17ePbOgpG0YousJjtIQCn0Lc2/9iWiaBtrXFlutQTlnYzioNHZ4Xn
 0Hfp9mjInUVvCUiF5uZCuI7rbvQ8V6fpIhV2h2vi6aRnPPWSD1+fK6sMdyuK8fqxfPO1L7HYm0r3
 8he21+UugDVH0lLmK79TMOuBO+Hf9C64vhWFVCZLoy8Jf6O6xKlwHEcMXdw6WMSe1F0ReQffPKGY
 xDD+FXE18Fzp4MvD2ABxDXcY4x5/1sQgaiCjwrg2Fqsjdgn2sZL/ImAIfyHARcGx9ZaH3iVbWTcz
 JmsE5WjFFYeUyhu+sphNk2VW/o/BXUbfl7FX5TG7mcMuhVy+Siyg/S4UzC+uivy2E+b47bnPVSmz
 lOZsY6OedP+Gjj1ajX2yZwMA+nSNfnShgdwD+vq2snA1YqJ7tuiZRDrPyvl0kh2J1ecQmtRSkHLh
 Ns2zTstE1ModMax5vFqxKuuAXp6wq2UcHQYCeoD1Y20V+6TquO5agEL+7wOBvas4fwjXatZ1m+F8
 Zl8vO9nBji66vksctI5mw1Jc4puXE+4VCfrWBh6Rtyk87Q+WuwDjJve7C3BuOmI6sWtadxbbPW94
 xzs5/a63sdJNIX2Tkd/z/jfA5y3wU5m0a5oO73WSWG46N2GLtAZTu91d7oaf8t5Uqg6rkYjwd1vc
 KGaU74+h8JOAO7tfiA15xHWsF4qH++RLwLjKa71zDTL85fb/fok1RC5xTo+a5+vMeLMzDPMoX/Gr
 oDZt0m3bYGwR+U5pjXqgp75xnBM2XVdPU9aPrnGug7rqdLrxQNe+XYVD2ePDbhXb5+7crrtdwXC3
 ptzpznc0HPvu4msyDNnY98L/HfApZjq1Dq9Iszv+8aQipN2RDvnKW/4wkpc0eS/P+c6fjV2M543n
 R3/GcIZSvTXOe6XJzmSgn17xTHt92VIPdI6wnteUTlue0S5dzeNe21r1/aWBTw6tw/6ikx9+7Uc5
 S9WZyuGx/Gfzaxn9e04/R9AiQfXRtn1UXf/Z3afx99tK/vKb//zoT7/618/+9rv//fCPv/znT//6
 2//++M+///73z//++///ABiAAjiABFiABniACJiACriADNiADviAEBiBEjiBFEhJpHeBo1KBoISB
 HJh9GmhmHRiCEfKBwSeCJtgZJKhlJ7iCepWCbsWCMNiCLngAMViDkzWDNGiDOghODwhyhfeDQDgH
 qvdUPhiERniEaTCERFWESNiEQaiEOcWETjiFfAeFFiWFVJiFA2WFL6VfWviFR8iFzPRweDBhL8NR
 y1dSMZcxZrgxaChsS7iGQ9eGKDNSgqeGWJhRdEgzdnh850SGPLWHV/KGxHeFcmgIgsiHiMJ7HnWI
 v5CIPUKIuReHeXhUkGhTfSiGvASIlsU2BgczLaaIg8CIz//EiZnmiSOnUqE4iIlyh9RkiviGikUH
 CzTXGE1VauQHi9Q1i9mwipHYin5oeo4YbUjziYh2ZBpzi7aWi8OID3hjjJpQi5wFjJpIWYaWB7so
 jUTXDW5IjWn4igQnC9B4iaLRWebHbarIi+QoiucVjNuEjjSViuv4i35TjboEjz8lj/OIifX4jdOE
 j6EwjvtIW6lViF14jXgSNto4kOVYkJMYheF4Vvq4Pn9Vh/0Ihw/webgEkFWijpXDWOy4BnOkkbfE
 kQyJJRUpVR4pCuYoWf9gjV5IjCd5cEWhkL74WA6JiwWhTSUZkTP5ECk5CwJ5CS3ZKzxpSyZ5kiAp
 lBMJCkX/uZMyuJE++ZOWsJTi2JSlkJPLCJWGdY9TSZWUYJUSuZKh8JSY1JW5lJRtaHy/hVoX2Wub
 54/mopZmyJbZJRTBJXzI5o5g95WXaJd8A1xa2QUrt5WhdW9gGQCAWV6C+ZZblm1yWS50KW2xFpfM
 1Zh1x2yahJHxMpkHtpiX6ZaZiW2Bx5fb5peQqHVeZ14imXxlZ49xF5PO+F7ICAyqOWkAkTSOyXLL
 FZnk4pkEQpaOcXtLF5qLs5tPgHe+WVyIeVwLyW6V6UBSwJpqEHqiB5t6J5tF9ozPuW/RaUfGqV2D
 eXG9yZnwApzxIZyfcJuoFhG6OZrEuZkG6V2ouTHq+W1K/yedudkPbYdlrngu6Hkd9wmd+Qme0/me
 7cierYedEhA57dWc2ciN8cWbaHZhXGaaQfZgD4qQeAGWCgqZrfI8/+l8+LWh2nloDPmhxekqIoqh
 JHovThYFxSaIKjpcLPp2y6lhJVpgEPqTNVqa99KiDKp7MGqiEWZn+/ij8rkqQpqj3qehPMqhnTiT
 Spp4QYqj5jloemmje5drr1Oba1KliMcnI9oB1mlIauel7dCdQiGmY1qe83k7bnpbpTKjXSWhLhaf
 b9qkWSqneqpZaSqTxXGTFDKne2qgfUo8WwqkrmKnNrkMSPadh9pjpCh+i7qkdYqk4MCmO2Gok3oh
 ZcoBmv9ZO2k2m/DAqTrhqZ9KZqG6AaPKHGGXkEaGp2H6p6sqI5WaAa+6HLHaoVWFZ7Z6q1ZWb7ua
 OKW6nRoFrJIqrIdKrKSJOceKonfGZpfKrFfmrNV2oUKnqVikrAVqrXuKraqFYduqpgrlrT0HrpMq
 rnA5ZNEKcVSFrhSqrp86pEQaoriZatyaQPKanLoxa+m6QgA7r6/5kL1warJVn0NJctVqFQPrrzD2
 sE6gczrJMha6oCcKr6A4oIXqmn4hseQZsX8Gmoa5ehf7ezK6r5SwsI1xpgIAsignsvLTsNdpsEJz
 snsppae4sagaYh7bFzCbczEWtDCRchVrslfannVmriT/gpW+87PaM7OqOhhES7ElOxdJm7A9yrOE
 anQ0ixRVO7QjG6wq4aS8AG2meow9u2Nkq7RcAKcBm7PtaplXm50RUmwsyxguW6xG+62qka0Fe7Sx
 ebcq21d7+6ys+muIi6lfN3DEVrjGBrWM+pjKdl18u3WJ+h9oi6yfKbmMuwVwS7AYS7kgWrdp5yeO
 SlWHC7iVu6yNx7qly1ZB9yapG1KrO6766bevi7uBa7pmsrnSulu3O7cWdm2wu6KCC6D1qRd5a3NS
 RK+C4XKZO0LLmxfNW3IVB719Ib1x2nQ6G4sl5LQ0+Tv9pr3b+3PTO3hbq27iqwnOq0TmCxfca7PM
 +b0a/3O94JZw8ZsW85u8c1m9ZIG/5Ku/+8sV/eu7vwnATyHAnVS++QqxlCe0hTmxPnHAsrsuuriN
 Xcu2rstxN/fAFDzBRSvCMSsTFoxXfFSJwdu0HMsS7wtEXme1IRzBIWvC6Nu94JLBM7fBDDvAJgfC
 Ndy7MyzEoosSJ9y46qLD6bO2DPHCOBTDfTvEdBu3JnHEkQV6zci5+tO+Loy9H+y2JUzEYTzFRXwS
 VgwAmfe9MrfEPNyyXvy8QDzGsRvEZAzBPvdu9lp8WbzCPsLFIOHELQTFIizDZVzFN0y/09KrdtCR
 TOzGHZy4o0fCV3yaTjcpY/fI1BbJNIzE/1vJiHLJuv97GhgoyWicxO+aUFDXtl5ndqSMwafcCqBM
 xcXrea1syp4sRqmMydh1gbXcl7dsKLFcyLPceb3MLYEKhm3ksuCaq4tHeMjsRspsrcycyM78zBMT
 zcw6zejWqNaczJ5bwMqXvmvEzd1MUN8Mzijrv5JZzeWsMNgsrNo8u6vSzub8tehcs+JszOxMzwfz
 zrcazxsxvDs40OSUxqoczgSd0Nlk0Lq8yQr90KWXwm4K0RR9TQwdyoRc0Rr9Lxcty5m80SANMB0t
 zB8d0iYtjDRrO7SXz9zU0HE8yWdpqwDtyimNeue8u4isCiSLwCAo060qL7LnbCuNw7bn0mAM0w16
 03TQytOxp9QqrdRoStSNsNMXHNNGnc5MHTRB3adDndMJ0bZ+uNVSbTFijchdrc7SQNUobJQ17aK9
 BycD9nwfJ9cxCh2bOH5PCtfQh9eWqtdeSdcnNkh7DdhRKth/7deuRNi/G366ytda7diKith2O4KR
 bdhpCdnah9kI4YFGGiB3rdgswNixItp5Jdk9Cdr2oNn1wNmFTdk4+NqwHduyPdu0Xdu2fdu4ndu6
 vdu83du+/dvAHdzCPdzEXdzGfdzIndzKvdzM3dzO/dzQHd3SrQIJAAAh+QQJBwAHACwAAAAA9AFe
 AUAD/3i63P4wykmrvTjrzbv/YCiOZGmeaKqubOu+cCzPdG3feK7vfO//wKBwSCwaj0gcYMlsOp/Q
 qHRKrVqv2Kx2y+16r8mwmGYdmM/otHrNbrvf8Lh8Tq/b7/i8vDru+z9leoKDhIWGh4iJbnx/jX9Y
 inABk5SVlpeYmZqbnJ2en6ChoqOfkYtgjqk8kKZtpK+wsbKztLWWrWxYqrs5rIW2wMEBBMTFxsfC
 x8oEws2dhrq80mRXh87Xr8vatl9R2LPQqBXdTtPSvm7J2srf7bXkT+7tcNHj8EvmvOiuwevs8gAx
 VRFAsKDBgwgTEsQScBS9e0wUSpwooF4+IfvYNNzIsf/SQIogETLs5A9ZsIcQAYRcWVHcxSAZ13Sc
 2fAjy5sgrcxEaROnz4MWX/6IqYamUXc9fypdWGXnGyxLowYVk1IG0TRHAZYkJixp1K8KU4oFS1bi
 1DBVY1xFk1XeVmbBvJYtKzbl3LsFz+qAOlfvhrVn2gqOSwWv4cOIE/v0q+TKXcYZAJsZTJmWXMWY
 M2sGC9kGX7p178WZubWyR8ebU6tevZoRxsusE0oeYJr0WwKfUxvYzbu3byux8foe3hs4XtcwYQc3
 OLt2x9u4UasmTt34crLUiVvvS8VRXe6B3oCC7hxY7s12W0vPCdEw8j7fQYdP94l8+Xfr0bdXv51i
 +sf/3QmlQWhUjHafaeclVMCCDDbo4IMQLnjdhJhFaOGFDL4noD0ERmHggZQliBCGJELIUn9kKaeU
 iCOW6OKCGm7oQnMgbmIffii2+GKJJ6r4k4+L5afQji7GKCMLNNaYyY0BAYlYh1B2CKAVR/ow2xzj
 3aZkLE4eFuWXY4FnZJUm1IWLRlsaxSKFbOpHJZk7mHlmUWnStGabeCbWGZwjdJnSnIAGKugZYBZq
 qFh89uAnRIM26qgih0YqaReJtnDnk5NmqummnBLI3puVGnGpl52WauqpqELx6ZihWinkUnuOGuQU
 R3bZY4Ac2uqfS62+digJmva6gKQzECvsEMaKEOyx/8nC0Oyx0EYr7bTUVmvttdhmq+223Hbr7bfg
 hivuuOSWa+656Kar7rrstuvuu/DGK2+ZqdZr7733zEsuvvz26y+u+k4736MEF2zwwU8BHHCVAyPs
 8MMQA8rqwlRV02idGA/W6J4UN9awHhmLwmQtpYVMSTigdpzcx3mYnOVb6vjj8iQoT6yyx1V8aMvI
 M79SV888KSxBWjfnWqAk/WjZsyw/zxw0rRYQXfQESS4dYmHHXeEJz+Ak/F+KvAZctdWC6TrlFFzL
 8rQUsXHM7thkZ2W2mFI4dUqOmbm9Ltxxq4l1nszdCzhQYaMFkVUWi9f3kiWb9/fgLdkLeV6F7/Uq
 rP+V/5U4fYvL/fjkoE+ut1qXr5j5gJvz0/lRc4fuumajO1v6j/fq3FDjCM7++u68yyb0C7LeWq/t
 AeFeWfC9J++6zTizLXrqaK4u8m3Iz5XdcHgnf/1vrU/E/A3ZU8i39JxAV7188LCG/NfoR+FdmGCz
 jFV9SpN/fvzp87foPe79bjj7UoGeTOgHM/IFYFRE4pHyeJdAEn2PYZEingEtozsBNBBDC2TgBS30
 wG+Nb0tp81kFN2gh4TnvbFHoX/gKQsIIddBbH1RSCEmBwBY+yIQpzNoUVAgkGz7ohd26khxeZrzO
 dY8z/yoUCqHWMSFKkHEFtN/nVJNEJdKNieiS06D/JsiNCmYwebHLolgcxUUcHfGLgAvjtvYHj4i5
 0WFVjGMW3HU/JMrxjnjk16r8NzUH1PEreQykIE+1Ryz2MQJ/9F3KEOlFnADRD2dUpCGH1siQqHFh
 iRTJ6YZVSRw+oVZTtOMkGbnCm1xSbJECVqag9awZpfKQVHulslbJLFnK7lewzKUud8nLXvryl8AM
 pjCHScxiGvOYyEymMpfJzGY685nQjKY0p0nNalrzmtjMZjMHyc1uIkqb7/OmOMe5BXCGk5zoTKf7
 zPkIdbrznQBgp6+m8MZ62vOed3ikPGd5NHz6858AHYA+9wkC+QX0oAh91EAJ+gAnGqKMEN3ExjbJ
 /9ADOPQXEc3oLQZ1ymtelBAaDSnNOEpRhn50ECIN6UQXWVE/CrBlBpxhNkoCtEJ01JonjZ70ZEqK
 ImKsZnxsqUVfiocJ8nQUPq0TUEcpVAXkdIDkO+onmlabpUrhAlLzZQxnGsWUUtVka1un0bohzK32
 tH5eFUtN7/bArPbSrEhFq0i/GrKwQgGrhwsmXFPKtFACUmskkSst7OqFJV5VZXvlKywiqUmdBLar
 tSBsFwwrVoolVrE09GsAHVs+wXaNrfy74mGbSFS2YNYZjDUdFezWhkxijqX6uuxpQ5Fa2q22I5Jt
 QttK2i7Zznaqms1bU3DrtdqakrdvK21gfkuYHf8Gh7MbyW1E1IfclcEDcQZdrlGTyqXgik9woLtp
 88hKuuxOhouQpaBznye58FYXCG5FknLPu12aNveEkMNX6MQLvrzeMmdIq6/M7ptDNBoYU7C1XCmP
 m2DNmZc2zHXceg9MYdFWVlGdLORoCzpfCEfYjAWusIj/2uDx4leUQY1Mhz/cxQmP+MWzWugKXEs4
 ez3RHdz13IJhzGMEb7i8xsXXjduRY9ZluMdIRvFdqbHjlQg5wBspst+anOQqb/bH//WuI2sH5dvZ
 tzY09sn2imPc4IyZN1R2cop7UWbKQmHIGTXfkcFy5t2kGXJ1NsCdNVwOZLXZwm/uMl/lvOev5Ln/
 0Hk6dJtlbKk/t4+egk4poR09EUVr+XWWdjH+LjwUSitZCnCO6KQvrcP8UbGSAPx0n9uZatUCWHFb
 82zfwrzl0J66ya2+MqcrlusY95Nzj5Vyz2jNYFOnZn37cTMTzmlrVQca1sH+svSI7cnC6o/UkTP2
 oz8pLUmF+sM19CGDrLwccTeI0dPwdqRZfJpSmnvc5I7Nu2G0ZjipG9rsvkS4zR1vec8b3dXybWWk
 Clx3z7vaTuBhiLe98CH9u97hEjhlCO6JfYsb4botdcOd/YSQzLsAAKeWxAdD8U5Y3IcYn66yl6Bw
 TSvo4Uw118gFU3JOnNyGKWe5xlW18xM7/N0h/xdYh7FEQGHPzNO7gie1+Quup9Ip1uldHNK9p/Sl
 vzddTp8f1I3usqmbpepz/nqJIz7GhxZd2qvbCrX73fNdz0uLgsq3vsPOduGO/V1wD5TcLbH2ujN8
 yaT908X2Tom++53jq94btgWf0MbrAez46iMbyeH4yuMB8veS/OIZZfnOzwHz9tK8y8PCec+b/vSD
 CLrovV5j0Lt+nHwGPDANn/TX256bsee2Xun+2tv7Po+5T/wvaU/13xtfjsFvwjCJHSvekz7m6cZ2
 zuMZNecH7u6HZH5J+656P49e125vqPUph/3VS7/29eY+xFOx6LaOnynln1orPbAsYc1fvrjcff/+
 Q1D/Xt1/xrY0fAEICLRkfwPYaPvXVAq4gAzYgA74gBAYgRI4gRRYgRZ4gRiYgRq4gRzYgR74gSAY
 giI4giRYgiZ4giiYgiq4gizYgi74gjAYgzI4gzRYgzZ4gziYgzq4g2V1fD5YKjxIAT84hJsShLFE
 hEiYgEbYAEnYhIWyhKTkhFIYGlAIAVN4hXVRheKHhVxIDlroUl0YhpSigw+GemZ4hmjQfRFYhmjY
 hqenhhDIhm44h5UHhw8oh3SYhwdlhw6Ih3r4h/jEhw3oh4BYiG4kiNmUdXdAeGSzUoiYTIpoB4xo
 NY64fvIUiXUwiUtTidDXUphIB5q4VoHCdNL/9IlEF4pgRVLxd4lDhwio6DKciGULaIpD9Ip1pYqP
 iEy0+G22WFW4aIns9IkChna0wHXlYVXhJ1TCGFOyFgvG6BzIKHuD2Iq86DI1F23LIIqCQIrRtIxR
 1Yyw8Iy+SAjcCE3euFPgyFXroI2Pd3XgdI5pl45nNWCwaFPuqE3w2DnXmAl0RRnRqHtC6F8C+GAx
 I45Sp1ZOU1zrF1+7NHNQZJCzhpD1CFqdyAAMqUsOiQn7GDf9+FMKWZGclC/692rARjLyOEEdqVQf
 KYtWKJBatWJJE3UZlZJpIl34UH0iOXswCQwbSTY0uSU2SX1j9QU9SJAxCZFp0n7QVRlBaXWr/6gu
 GXkJPakkSjlc49ha8LNpINlbO9mLm1CVt9VZMhkLTfl+8JeLIteVXsmP52dJgCWWSKkJZYlokgSM
 WKeWazl339d7YWkjJykKcxlk9yhzeJmX7eZziNcEW0eMn4WVveZrW5lcRmmYAtGWyccEi0mPthCY
 lil2aCl0k0mZfNeZWgkFU4kJQblbT3mXoSmahUeaiQkArJULZllsdilGremaBwSbJDYFs7kGxFd8
 n9lthSmarFeX3kBcFImYdjec0RKV7HacjeWbyumY0kl+zslKxUmZ13l91MkRqUldq4mbJKk6ujkJ
 3YmddVOdtEmXfBmZipebrpme05cp+zWYcf/ikghYnjr1jYzZV3v5Xe3FXtlZAheZAtAJImO5WLyJ
 GfrlXuOJYTkJPNvZNwsqQgE6IQ9KoLcpodcFZL9mnv6pmSDGcxyKKvcZoaugn/jHn1DFjP/ZXRl6
 HRuaX/ipYB+aZZCGb+gYoww6o8tRo4NTjtiVoxQqn/oYl2wJpM8FXifKkkhwoCiQoAdyoZnFpIf3
 RUTKT4KpomDook93nruJpVm6QFvKf7XJdFQaYfRZprBzoyrglCG3pszVpm7qoHCKoGmap05VoXlp
 p3eqJ3x6AnLaoVsIplonpoAaqKTipQDonq1nqF8aov2pm4vKqG0njSsKqd6ZKtVYkNvgHMH/ialo
 VKBDxanqiSqfepShCma1SaoiZqqFqqrrhmM+amSoCqsjJqt7amO1SmS3OmWXqqt4wqu5mm2e+qvf
 oKTfMKrECkaSSoDH+mQ8qhXBaiev+qylGq3016vDo6zYwKzY4KwIkWnMqT11dqxnmYyP2qXfWq1u
 ca0zQa4HYa4bpzz2aqKAtmzeR6a3hqimdVqj5q90lq7DGhX52nGZyq/zdK4CCrDahVkD67CIkbAJ
 d2AWm3ErJ5TWRbE06qeiRj3ZChIZq3JoVLI6t7FEoK4bywSrOqIlQa8GgbIqgbEG26DTya5shrM+
 RqkvqlgTe6+KQbMURrQLe5MNK7QP67Nh/wq0IsuyJHuzBAs4Rquy/eqxQQqyEBW0+uom2vamuJZs
 +4q0kJSVvcm0iQqX8tp1I4t+3SCek/e2R8ux8GG24Adq4EoJpwkiMpuqXwC3m9dsf8ewZfuYtrmj
 JemXVjpsbSuc5AC4TGq4kAmQdSu5aoakGvmXbAu1bvu31xa5Yju4ZFu5oXu3HpK3k7C3B9K36yq3
 /xq4X5uYzBa7roa2AYuN62hArIusrntsqFa6stsI8VGapwuvmbu4RzdCB6etYPFxpqpKluuWmCuV
 mmsyN9dCzNu8MAellXJviUt410tC2fsVzsut0XcoL4tZ4btB4xsV5QufMuK9IsqI63tB7f+7FO/L
 vYkiv5UKvsr7bverFPmrs/YWQahbp//LbwHsEwOsqf5nwMabb/XbQNPXcgrbsik7EQ1MuawJsfQV
 MqqLngl8cZc7tY7btcSLwi8HdOYbcFp7HyE8pj7ycRU8txastCy0vQRMdtNbIzE8wQlUwxt7wyqs
 I+b2vEJBp1FWvSY3wihXwlhba1F8uFi7wcLXwbYbsRnzw06Mc1CMw7Y1xfVZsxRhxcrHlT2soExs
 c12MvV9cxKarsWMrxxJhxoQLlS9cHjEMCm06hBhMt6hEiPOrCXvsqiYcm5D3xzeTj4S8xhjTxz+o
 yIhFjQdcyLlzyGf7e5IceB4MimdHokb/xLNhbHybbFmUHMGWYMnHI8qTe3uljEmn/L0PubbWy8pS
 TMpzfMeB3MmniLutOm22TMWunMujS5iMB1KfnLswuwy7S6xnmi15Byia2My6+szYEs1zMs2Nu8DW
 fC3YfCbazLkLzLv6i3dlt0WTSM2w2s3W8s24EM4HW6bs7MLHrHfpvM0BPM98ErdfYIh1KIbfVDT8
 7AX+7HgAHdCLDLuUV9AJddBSKi8D3QUM3dAOPaGTDLqiMdF7WNFGetFTXM8aHYgc7YXyp9DdENIo
 XU9I7NFg7LcEndIw/TArjcWYPMojfdMVpM/jsrs43dOjotPiwtM+PdQZCtQ83J1EndRw/+zSDsxL
 Qq3UUE3GntnC8PLUUZ3Ul1nMb4XPyHnVPZ3VgLzVudp8LDvTRyrGb8zBUSjKRt10ZknWYNnU5hDX
 cj2pNc3Uau3Ub7192WrWrnTXkbrDp1pbbe1Be4196ge/rIbW0huZ2ueob3fYzJPY5bwLdJ3Xh8rW
 g2rOY83XZU3VRXDZV7zWgE3Ogi3QB9gB/dcq/xenqd2Qr+1grU0msz2lsZ1LtY0Bqx0quU0vSijW
 hgK9vb0hwy3cT1iUwd0nBfjAv92ixz2Sz42mk6Kdzd2u0T2Qyc2ltw1B1e3a3Y3b263by83a4e3b
 2f2F6J3e6r3e7N3e7v3e8B3f8j3f9CZd3/Z93/id3/q93/zd3/793wAe4AI+4ARe4AZ+4Aie4Aq+
 4NqUAAA7
 ------sinikael-?=_5-14763587882000.8241290969717285--
 ------sinikael-?=_2-14763587882000.8241290969717285--
 ------sinikael-?=_1-14763587882000.8241290969717285
 Content-Type: text/plain; name=notes.txt
 Content-Disposition: attachment; filename=notes.txt
 Content-Transfer-Encoding: 7bit
 Some notes about this e-mail
 ------sinikael-?=_1-14763587882000.8241290969717285--
--- a/ses-lambda-nodejs/index.js
+++ b/ses-lambda-nodejs/index.js
@@ -0,0 +1,167 @@
 import { S3Client, GetObjectCommand, HeadObjectCommand } from '@aws-sdk/client-s3';
 import { simpleParser } from 'mailparser';
 import { gzipSync } from 'zlib';
 import { Base64 } from 'js-base64';
 import { createLogger, format, transports } from 'winston';
 import { config } from 'dotenv';
 // Load environment variables
 config();
 // Logger setup
 const logger = createLogger({
  level: 'info',
  format: format.combine(
    format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }),
    format.printf(({ timestamp, level, message }) => `${timestamp} ${level.toUpperCase()} ${message}`)
  ),
  transports: [new transports.Console()]
 });
 // Environment variables
 const API_BASE_URL = process.env.API_BASE_URL;
 const API_TOKEN = process.env.API_TOKEN;
 const MAX_EMAIL_SIZE = parseInt(process.env.MAX_EMAIL_SIZE || '10485760', 10);
 const AWS_REGION = process.env.AWS_REGION || 'us-east-1';
 // Log environment variables (omit sensitive values like API_TOKEN)
 logger.info(`Environment: API_BASE_URL=${API_BASE_URL}, AWS_REGION=${AWS_REGION}, MAX_EMAIL_SIZE=${MAX_EMAIL_SIZE}`);
 // Validate environment variables
 if (!API_BASE_URL || !API_TOKEN) {
  logger.error('Missing required environment variables: API_BASE_URL or API_TOKEN');
  throw new Error('Missing required environment variables');
 }
 // S3 client
 const s3Client = new S3Client({ region: AWS_REGION });
 // Utility to convert stream to buffer
 async function streamToBuffer(stream) {
  try {
    const chunks = [];
    for await (const chunk of stream) {
      chunks.push(chunk);
    }
    return Buffer.concat(chunks);
  } catch (error) {
    throw new Error(`Failed to convert stream to buffer: ${error.message}`);
  }
 }
 // Utility to call the REST API
 async function callApiOnce(payload, domain, requestId) {
  const url = `${API_BASE_URL}/process/${domain}`;
  logger.info(
    `[${requestId}] Preparing POST to ${url}: ` +
    `domain=${domain}, key=${payload.s3_key}, bucket=${payload.s3_bucket}, ` +
    `orig_size=${payload.original_size}, comp_size=${payload.compressed_size}`
  );
  try {
    const response = await fetch(url, {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${API_TOKEN}`,
        'Content-Type': 'application/json',
        'X-Request-ID': requestId
      },
      body: JSON.stringify(payload),
      signal: AbortSignal.timeout(25000)
    });
    const responseBody = await response.text();
    logger.info(`[${requestId}] API response: status=${response.status}, body=${responseBody}`);
    if (response.ok) {
      logger.info(`[${requestId}] API call successful`);
      return true;
    } else {
      logger.error(`[${requestId}] API returned ${response.status}: ${responseBody}`);
      return false;
    }
  } catch (error) {
    logger.error(`[${requestId}] API call failed: ${error.message}`);
    return false;
  }
 }
 // Lambda handler
 export const handler = async (event, context) => {
  const reqId = context.awsRequestId;
  logger.info(`[${reqId}] Starting Lambda execution`);
  logger.info(`[${reqId}] Event: ${JSON.stringify(event)}`);
  try {
    const rec = event.Records[0].s3;
    const bucket = rec.bucket.name;
    const key = decodeURIComponent(rec.object.key.replace(/\+/g, ' '));
    logger.info(`[${reqId}] Processing ${bucket}/${key}`);
    // Check email size
    logger.info(`[${reqId}] Fetching object metadata for ${bucket}/${key}`);
    const headCommand = new HeadObjectCommand({ Bucket: bucket, Key: key });
    const head = await s3Client.send(headCommand);
    const size = head.ContentLength;
    logger.info(`[${reqId}] Object size: ${size} bytes`);
    if (size > MAX_EMAIL_SIZE) {
      logger.warning(`[${reqId}] Email too large: ${size} bytes (max: ${MAX_EMAIL_SIZE})`);
      return { statusCode: 413, body: JSON.stringify({ error: 'Email too large' }) };
    }
    // Load email content
    logger.info(`[${reqId}] Fetching object content from ${bucket}/${key}`);
    const getObjectCommand = new GetObjectCommand({ Bucket: bucket, Key: key });
    const { Body } = await s3Client.send(getObjectCommand);
    logger.info(`[${reqId}] Object content retrieved, converting to buffer`);
    const body = await streamToBuffer(Body);
    logger.info(`[${reqId}] Buffer size: ${body.length} bytes`);
    // Parse and log from/to
    let fromAddr = '';
    let toAddrs = [];
    try {
      logger.info(`[${reqId}] Parsing email content`);
      const parser = await simpleParser(body);
      fromAddr = parser.from?.value[0]?.address || '';
      toAddrs = [
        ...(parser.to?.value || []),
        ...(parser.cc?.value || []),
        ...(parser.bcc?.value || [])
      ].map(addr => addr.address).filter(Boolean);
      logger.info(`[${reqId}] Parsed email: from=${fromAddr}, to=${toAddrs}`);
    } catch (error) {
      logger.error(`[${reqId}] Error parsing email: ${error.message}`);
    }
    // Compress and build payload
    logger.info(`[${reqId}] Compressing email content`);
    const compressed = gzipSync(body);
    const payload = {
      s3_bucket: bucket,
      s3_key: key,
      domain: bucket.replace(/-/g, '.').replace('.emails', ''),
      email_content: Base64.encode(compressed.toString('binary')),
      compressed: true,
      etag: head.ETag.replace(/"/g, ''),
      request_id: reqId,
      original_size: body.length,
      compressed_size: compressed.length
    };
    logger.info(`[${reqId}] Payload prepared: domain=${payload.domain}, compressed_size=${payload.compressed_size}`);
    // Send to REST API
    logger.info(`[${reqId}] Sending payload to REST API`);
    const success = await callApiOnce(payload, payload.domain, reqId);
    // Log result
    if (success) {
      logger.info(`[${reqId}] Email processed successfully`);
    } else {
      logger.info(`[${reqId}] Email processing failed, status handled by REST API`);
    }
    logger.info(`[${reqId}] Lambda execution completed`);
    return { statusCode: 200, body: JSON.stringify({ message: 'Done' }) };
  } catch (error) {
    logger.error(`[${reqId}] Error processing event: ${error.message}, stack: ${error.stack}`);
    return { statusCode: 500, body: JSON.stringify({ error: 'Internal server error' }) };
  }
 };
--- a/ses-lambda-nodejs/package-lock.json
+++ b/ses-lambda-nodejs/package-lock.json
--- a/ses-lambda-nodejs/package.json
+++ b/ses-lambda-nodejs/package.json
@@ -0,0 +1,13 @@
 {
  "name": "email-lambda",
  "version": "1.0.0",
  "type": "module",
  "dependencies": {
    "@aws-sdk/client-s3": "^3.658.1",
    "nodemailer": "^6.9.14",
    "mailparser": "^3.7.1",
    "js-base64": "^3.7.7",
    "winston": "^3.13.1",
    "dotenv": "^16.4.5"
  }
 }
--- a/ses-lambda-nodejs/ses-lambda.zip
+++ b/ses-lambda-nodejs/ses-lambda.zip
--- a/ses-lambda-nodejs/test-parser.js
+++ b/ses-lambda-nodejs/test-parser.js
@@ -0,0 +1,101 @@
 /* import { MailParser } from 'mailparser';
 import { createLogger, format, transports } from 'winston';
 const logger = createLogger({
  level: 'info',
  format: format.combine(
    format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }),
    format.printf(({ timestamp, level, message }) => `${timestamp} ${level.toUpperCase()} ${message}`)
  ),
  transports: [new transports.Console()]
 }); */
 const emailContent = `
 Return-Path: <andreas.knuth@gmail.com>
 Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com [209.85.167.54])
 by inbound-smtp.us-east-2.amazonaws.com with SMTP id tl8bodt75rl99agvurj9pt06aaphgs5pj3l7ci01
 for test@bizmatch.net;
 Mon, 07 Jul 2025 22:29:30 +0000 (UTC)
 X-SES-Spam-Verdict: PASS
 X-SES-Virus-Verdict: PASS
 Received-SPF: pass (spfCheck: domain of _spf.google.com designates 209.85.167.54 as permitted sender) client-ip=209.85.167.54; envelope-from=andreas.knuth@gmail.com; helo=mail-lf1-f54.google.com;
 Authentication-Results: amazonses.com;
 spf=pass (spfCheck: domain of _spf.google.com designates 209.85.167.54 as permitted sender) client-ip=209.85.167.54; envelope-from=andreas.knuth@gmail.com; helo=mail-lf1-f54.google.com;
 dkim=pass header.i=@gmail.com;
 dmarc=pass header.from=gmail.com;
 X-SES-RECEIPT: AEFBQUFBQUFBQUFHZ2VxMTdrTDl5UCtYZjRQUHNhL3YwRWo4YXNNbEVYdGdqUTducmt1L25UY0pMNFNqMitXQWZCbnVsYW1seVdseFQzT1lZT2VUVEtCUWl0b2VDVk94SU5xN3p1K1R3d2lOT0hkb2ZIclEvS0JqNVdtRzAvNnJtejlsOE42dTU3ZTV5K2NIQ0lvOEJtQ0hBSkhrZ2JURHJjWXpVYU5EOEZnMnc0SU8xeS9TUVR6OXZxdmt4WVdCMzNuaUJ2TE9xRzN1WHdZM3VFdUcwYzBrZm9OV3BFMEwrZURnb25PY2h2dVExRXV1Q0ZCSzhIeGRsSTZFdXZwUUVzQ2JQUFVzUjFvZnI0U2g4aXBFZDQxQVNFanJLYXdNS2crKzZPanJySHJWckdXQ21hZ2NOQWc9PQ==
 X-SES-DKIM-SIGNATURE: a=rsa-sha256; q=dns/txt; b=A7ZG4osvHSz8Grirn5FNbtnZtZoxA4SwzM4NX2SD3xlmdGZ9gEs7o5QAaexpqFo+tVHGze6kCXShR/m5e+Ccoelv+pYGuQsM0UQukPH567mOTd6DBsUnwgGoWyzkR4LyBMSGKX50m3plpMr7OsfydgTtSgmNqx6TaW2uTqAmHG4=; c=relaxed/simple; s=ndjes4mrtuzus6qxu3frw3ubo3gpjndv; d=amazonses.com; t=1751927370; v=1; bh=kl0ZVgKAgL2tPEaQmtmEdFkMF0Wkh08RlXtja41/naQ=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT;
 Received: by mail-lf1-f54.google.com with SMTP id 2adb3069b0e04-553aba2f99eso547669e87.3
        for <test@bizmatch.net>; Mon, 07 Jul 2025 15:29:29 -0700 (PDT)
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1751927368; x=1752532168; darn=bizmatch.net;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=kl0ZVgKAgL2tPEaQmtmEdFkMF0Wkh08RlXtja41/naQ=;
        b=Dv7XQW93T4nV5kY0HB5qVq0H1iB0cYfdQMzSGyu+chsPKK5N+8INipWr1bulAYA4OM
         UKP7EiY4j3zzrxVLFMjboztDfI4PG2oAYSdxIah+jTdgpliVhIeGqvM87SH4pfSVPnOB
         JygDwwhB25s9wfwM7XDQ+uaAg/Fdwc6kgXf1d2k28gdnV9cuhToWMBAdCZG+0pic969P
         HEJlLY+KJBVIvzl8JcVZ6ReT8FeQWGwKfzdrpG8PXyYO8MH4FtAmfji4Av4PO/Q2Ky/u
         3Razz1QTf8R7dHCndAdXCa5INrMaCQOvXRWMMc22sIfMTtM0RKieL7jfp+T4kzcWd8bp
         F3BA==
 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1751927368; x=1752532168;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=kl0ZVgKAgL2tPEaQmtmEdFkMF0Wkh08RlXtja41/naQ=;
        b=wDGrMTBQxC0PHTqXvyy2DVWa4au/7y1hd7NkSgRoVX/vVKp1ArewmkY1xWPEG4qp6S
         X6B9q/qimOqNHs/me0gke2XOeVfgT0Pw+NMSJMf7mCGLZ2+y6sxRttgrh4u2FTxeY0K1
         RKYdwG7rUcqBYoyU/1h6nJYrotuCs7VYBmWbglChhTJoysmFdnR7eAsD2GnxVM1CDZbI
         XdVsK/+vOhUHw8uyVB8sILrEtpM4+ETz0BnIveqyldnfXTKj1v1gnXUNi2XgaK+K126b
         DsXGAP4SwLXUeCHnwGvEfpqTvdVhhOalwR0uCNFWMSOIOuxJbm6hPdU82oz1G6yEUip1
         pSyw==
 X-Gm-Message-State: AOJu0YwHBQTUiVzyF4Z+W9Nn+X1DjRnb+ExbYEHAl2nHyJxuSHCcO+92
    BQdv1ZRanXsQ1Lb4d3pzXr5AoeyNsoAyT3H9Xnu0bZO+zSNpvJ44dQY0WwJc1RKk3WFm8C2xxjl
    FNPLCFUIKOYoBKSue/IhK5RuJEorabq6yCy11zJUvVQ==
 X-Gm-Gg: ASbGnctmha0Sl+6s3+7aqdJp4XfRfVYWw1ijYcCHalIyyYoLNA/scbpX0Eqz6/xkLKz
    Zk8kZ1s2cvvs0Li8JDtKWndBEfOlH2vObiTf1nOjfUXArElHNcXTLauyTSsQhhnX98yufY/FlMM
    gBVMpCLdinwI7W73wct+qp6JNzoPTJjMqxxr460ujtFDG0M5f6/edKdGc=
 X-Google-Smtp-Source: AGHT+IGKQO5agz3saT3mvRcQjADlp5mR3Ss7bUoX6CzSwr9FNqw5AekIbPUiMQx0QQJz5SZAtSywG7pqy3jzwJU7gFI=
 X-Received: by 2002:a05:6512:e90:b0:553:29cc:c47a with SMTP id
 2adb3069b0e04-556e76ea8b6mr1397840e87.6.1751927367907; Mon, 07 Jul 2025
 15:29:27 -0700 (PDT)
 MIME-Version: 1.0
 From: Andreas Knuth <andreas.knuth@gmail.com>
 Date: Mon, 7 Jul 2025 17:29:22 -0500
 X-Gm-Features: Ac12FXylATeuoXeS0LgUwAAC4rygTYy_KTtNVnLhQ8Pv-KiTkX5e5F1AlsvpAY8
 Message-ID: <CADfCGtb_G+9W11EgfeQhp+V5vb1_gkeq9ZsfqgvsxC9hMNEfJQ@mail.gmail.com>
 Subject: dsfsd
 To: test@bizmatch.net
 Content-Type: multipart/alternative; boundary="0000000000006fc0ff06395e6090"
 --0000000000006fc0ff06395e6090
 Content-Type: text/plain; charset="UTF-8"
 sdfsdf
 --0000000000006fc0ff06395e6090
 Content-Type: text/html; charset="UTF-8"
 <div dir="ltr">sdfsdf</div>
 --0000000000006fc0ff06395e6090--
 `;
 const { simpleParser } = require("mailparser");
 // Callback style
 simpleParser(source, options, (err, mail) => {
  if (err) throw err;
  console.log(mail.subject);
 });
 // Promise style
 simpleParser(source, options)
  .then((mail) => console.log(mail.subject))
  .catch(console.error);
 // async/await
 //const mail = await simpleParser(source, options);
 (async () => {
  await simpleParser(source, options);
 })
--- a/ses-lambda-python/lambda_function.py
+++ b/ses-lambda-python/lambda_function.py
@@ -0,0 +1,152 @@
 import os
 import boto3
 import smtplib
 import time
 import requests
 from email.parser import BytesParser
 from email.policy import default
 from email.utils import getaddresses
 s3 = boto3.client('s3')
 MAILCOW_HOST = os.environ['MAILCOW_SMTP_HOST']
 MAILCOW_PORT = int(os.environ.get('MAILCOW_SMTP_PORT', 587))
 SMTP_USER    = os.environ.get('MAILCOW_SMTP_USER')
 SMTP_PASS    = os.environ.get('MAILCOW_SMTP_PASS')
 MAILCOW_API_KEY = os.environ.get('MAILCOW_API_KEY')
 def domain_to_bucket(domain):
    return domain.replace('.', '-') + '-emails'
 def bucket_to_domain(bucket):
    return bucket.replace('-emails', '').replace('-', '.')
 def get_valid_inboxes():
    url = 'https://mail.email-srvr.com/api/v1/get/mailbox/all'
    headers = {'X-API-Key': MAILCOW_API_KEY}
    try:
        response = requests.get(url, headers=headers, timeout=10)
        response.raise_for_status()
        mailboxes = response.json()
        return {mb['username'].lower() for mb in mailboxes if mb['active_int'] == 1}
    except requests.RequestException as e:
        print(f"Fehler beim Abrufen der Postfächer: {e}")
        raise Exception("Konnte gültige Postfächer nicht abrufen")
 def lambda_handler(event, context):
    rec = event['Records'][0]
    if 'ses' in rec:
        ses = rec['ses']
        msg_id = ses['mail']['messageId']
        recipients = ses['receipt']['recipients']
        first_recipient = recipients[0]
        domain = first_recipient.split('@')[1]
        bucket = domain_to_bucket(domain)
        prefix = f"emails/{msg_id}"
        print(f"SES-Receipt erkannt, domain={domain}, bucket={bucket}, prefix={prefix}")
        resp_list = s3.list_objects_v2(Bucket=bucket, Prefix=prefix)
        if 'Contents' not in resp_list or not resp_list['Contents']:
            raise Exception(f"Kein Objekt unter Prefix {prefix} in Bucket {bucket} gefunden")
        key = resp_list['Contents'][0]['Key']
    elif 's3' in rec:
        s3info = rec['s3']
        bucket = s3info['bucket']['name']
        key = s3info['object']['key']
        print("S3-Put erkannt, bucket =", bucket, "key =", key)
        recipients = []
    else:
        raise Exception("Unbekannter Event-Typ")
    # Prüfen, ob das Objekt bereits verarbeitet wurde
    try:
        resp = s3.head_object(Bucket=bucket, Key=key)
        if resp.get('Metadata', {}).get('processed') == 'true':
            print(f"Objekt {key} bereits verarbeitet (processed=true), überspringe Verarbeitung")
            return {
                'statusCode': 200,
                'body': f"Objekt {key} bereits verarbeitet, keine erneute Weiterleitung"
            }
    except Exception as e:
        print(f"Fehler beim Prüfen der Metadaten: {e}")
    # Raw-Mail aus S3 holen
    resp = s3.get_object(Bucket=bucket, Key=key)
    raw_bytes = resp['Body'].read()
    print(f"E-Mail geladen: {len(raw_bytes)} Bytes")
    # Parsen für Logging
    parsed = BytesParser(policy=default).parsebytes(raw_bytes)
    subj = parsed.get('subject', '(kein Subject)')
    frm_addr = getaddresses(parsed.get_all('from', []))[0][1]
    print(f"Parsed: From={frm_addr} Subject={subj}")
    # Empfänger aus Headern ziehen, falls nicht aus SES
    if not recipients:
        to_addrs = [addr for _name, addr in getaddresses(parsed.get_all('to', []))]
        cc_addrs = [addr for _name, addr in getaddresses(parsed.get_all('cc', []))]
        bcc_addrs = [addr for _name, addr in getaddresses(parsed.get_all('bcc', []))]
        recipients = to_addrs + cc_addrs + bcc_addrs
        print("Empfänger aus Headern:", recipients)
        # Im S3-Flow nur Empfänger mit passender Domain behalten
        expected_domain = bucket_to_domain(bucket)
        recipients = [rcpt for rcpt in recipients if rcpt.lower().split('@')[1] == expected_domain]
        print(f"Empfänger nach Domain-Filter ({expected_domain}): {recipients}")
    if not recipients:
        print("Keine Empfänger gefunden, setze Metadatum und überspringe SMTP")
    else:
        # Gültige Postfächer abrufen und Empfänger filtern
        valid_inboxes = get_valid_inboxes()
        valid_recipients = [rcpt for rcpt in recipients if rcpt.lower() in valid_inboxes]
        print(f"Gültige Empfänger: {valid_recipients}")
        if valid_recipients:
            # SMTP-Verbindung und Envelope
            start = time.time()
            print("=== SMTP: Verbinde zu", MAILCOW_HOST, "Port", MAILCOW_PORT)
            with smtplib.SMTP(MAILCOW_HOST, MAILCOW_PORT, timeout=30) as smtp:
                smtp.ehlo()
                smtp.starttls()
                smtp.ehlo()
                if SMTP_USER and SMTP_PASS:
                    smtp.login(SMTP_USER, SMTP_PASS)
                print("=== SMTP: MAIL FROM", frm_addr)
                smtp.mail(frm_addr)
                for rcpt in valid_recipients:
                    print("=== SMTP: RCPT TO", rcpt)
                    smtp.rcpt(rcpt)
                smtp.data(raw_bytes)
            print(f"SMTP-Transfer in {time.time()-start:.2f}s abgeschlossen ...")
        else:
            print("Keine gültigen Postfächer für die Empfänger gefunden, setze Metadatum und überspringe SMTP")
    # Metadatum "processed": "true" hinzufügen
    try:
        resp = s3.head_object(Bucket=bucket, Key=key)
        current_metadata = resp.get('Metadata', {})
        new_metadata = current_metadata.copy()
        new_metadata['processed'] = 'true'
        s3.copy_object(
            Bucket=bucket,
            Key=key,
            CopySource={'Bucket': bucket, 'Key': key},
            Metadata=new_metadata,
            MetadataDirective='REPLACE'
        )
        print("Metadatum 'processed:true' hinzugefügt.")
    except Exception as e:
        print(f"Fehler beim Schreiben des Metadatums: {e}")
        raise
    return {
        'statusCode': 200,
        'body': f"E-Mail verarbeitet für {bucket}, SMTP-Weiterleitung: {bool(valid_recipients)}"
    }