diff --git a/.gitignore b/.gitignore
index 5ef6a52..45254b6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,3 +39,5 @@ yarn-error.log*
 # typescript
 *.tsbuildinfo
 next-env.d.ts
+
+/app/generated/prisma
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..9a39dd9
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,54 @@
+# 1. Base image
+FROM node:20-alpine AS base
+
+# 2. Dependencies
+FROM base AS deps
+RUN apk add --no-cache libc6-compat
+WORKDIR /app
+
+# Install dependencies
+COPY package.json package-lock.json* ./
+RUN npm ci --legacy-peer-deps
+
+
+# 3. Builder
+FROM base AS builder
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+
+
+# Environment variables must be present at build time for Next.js
+ENV NEXT_TELEMETRY_DISABLED=1
+
+RUN npm run build
+
+# 4. Runner
+FROM base AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV NEXT_TELEMETRY_DISABLED=1
+
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+COPY --from=builder /app/public ./public
+
+# Set the correct permission for prerender cache
+RUN mkdir .next
+RUN chown nextjs:nodejs .next
+
+# Automatically leverage output traces to reduce image size
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+
+EXPOSE 3000
+
+ENV PORT=3000
+ENV HOSTNAME="0.0.0.0"
+
+CMD ["node", "server.js"]
diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
new file mode 100644
index 0000000..86c9f3d
--- /dev/null
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -0,0 +1,3 @@
+import { handlers } from "@/auth";
+
+export const { GET, POST } = handlers;
diff --git a/app/api/domains/[domain]/route.ts b/app/api/domains/[domain]/route.ts
new file mode 100644
index 0000000..4ec9df6
--- /dev/null
+++ b/app/api/domains/[domain]/route.ts
@@ -0,0 +1,18 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { deleteDomain } from "@/lib/mailcow";
+
+// DELETE /api/domains/[domain] — super admin only
+export async function DELETE(
+  _req: NextRequest,
+  { params }: { params: Promise<{ domain: string }> }
+) {
+  const session = await auth();
+  if (!session || session.user.role !== "SUPER_ADMIN") {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  const { domain } = await params;
+  const result = await deleteDomain(decodeURIComponent(domain));
+  return NextResponse.json(result.data, { status: result.ok ? 200 : 502 });
+}
diff --git a/app/api/domains/route.ts b/app/api/domains/route.ts
new file mode 100644
index 0000000..557fed6
--- /dev/null
+++ b/app/api/domains/route.ts
@@ -0,0 +1,34 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { getDomains, createDomain } from "@/lib/mailcow";
+import { canAccessDomain } from "@/lib/users";
+
+// GET /api/domains — list domains (filtered by session)
+export async function GET() {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const allDomains = await getDomains();
+  const userDomains = session.user.domains ?? [];
+
+  // Super admin sees all, domain admin only sees their domains
+  const visible = allDomains.filter((d) => canAccessDomain(userDomains, d.domain_name));
+
+  return NextResponse.json(visible);
+}
+
+// POST /api/domains — create domain (super admin only)
+export async function POST(req: NextRequest) {
+  const session = await auth();
+  if (!session || session.user.role !== "SUPER_ADMIN") {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  const body = await req.json();
+  const { domain, description, mailboxes, quota, maxquota } = body;
+
+  if (!domain) return NextResponse.json({ error: "domain gerekli" }, { status: 400 });
+
+  const result = await createDomain({ domain, description, mailboxes, quota, maxquota });
+  return NextResponse.json(result.data, { status: result.ok ? 200 : 502 });
+}
diff --git a/app/api/mail/auth/route.ts b/app/api/mail/auth/route.ts
new file mode 100644
index 0000000..10e24f0
--- /dev/null
+++ b/app/api/mail/auth/route.ts
@@ -0,0 +1,49 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { getMailSession, setMailSession, clearMailSession } from "@/lib/mail-session";
+import { listFolders } from "@/lib/imap";
+
+// POST /api/mail/auth — login to mailbox (store creds in cookie)
+export async function POST(req: NextRequest) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const { email, password } = await req.json();
+  if (!email || !password) {
+    return NextResponse.json({ error: "Email ve şifre gerekli" }, { status: 400 });
+  }
+
+  // Test the credentials by listing folders
+  try {
+    await listFolders({ email, password });
+  } catch (err: any) {
+    return NextResponse.json(
+      { error: "IMAP bağlantısı başarısız: " + (err?.message ?? "Bilinmeyen hata") },
+      { status: 401 }
+    );
+  }
+
+  await setMailSession({ email, password });
+  return NextResponse.json({ success: true, email });
+}
+
+// GET /api/mail/auth — check if mail session exists
+export async function GET() {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const mailSession = await getMailSession();
+  if (!mailSession) {
+    return NextResponse.json({ connected: false });
+  }
+  return NextResponse.json({ connected: true, email: mailSession.email });
+}
+
+// DELETE /api/mail/auth — logout from mailbox
+export async function DELETE() {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  await clearMailSession();
+  return NextResponse.json({ success: true });
+}
diff --git a/app/api/mail/folders/route.ts b/app/api/mail/folders/route.ts
new file mode 100644
index 0000000..be4874c
--- /dev/null
+++ b/app/api/mail/folders/route.ts
@@ -0,0 +1,23 @@
+import { NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { getMailSession } from "@/lib/mail-session";
+import { listFolders } from "@/lib/imap";
+
+// GET /api/mail/folders
+export async function GET() {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const creds = await getMailSession();
+  if (!creds) return NextResponse.json({ error: "Mail oturumu yok" }, { status: 401 });
+
+  try {
+    const folders = await listFolders(creds);
+    return NextResponse.json(folders);
+  } catch (err: any) {
+    return NextResponse.json(
+      { error: "Klasörler alınamadı: " + (err?.message ?? "") },
+      { status: 502 }
+    );
+  }
+}
diff --git a/app/api/mail/messages/[uid]/attachments/route.ts b/app/api/mail/messages/[uid]/attachments/route.ts
new file mode 100644
index 0000000..479fa30
--- /dev/null
+++ b/app/api/mail/messages/[uid]/attachments/route.ts
@@ -0,0 +1,44 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { getMailSession } from "@/lib/mail-session";
+import { getAttachment } from "@/lib/imap";
+
+// GET /api/mail/messages/[uid]/attachments?folder=INBOX&filename=doc.pdf
+export async function GET(
+  req: NextRequest,
+  { params }: { params: Promise<{ uid: string }> }
+) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const creds = await getMailSession();
+  if (!creds) return NextResponse.json({ error: "Mail oturumu yok" }, { status: 401 });
+
+  const { uid } = await params;
+  const folder = req.nextUrl.searchParams.get("folder") ?? "INBOX";
+  const filename = req.nextUrl.searchParams.get("filename");
+
+  if (!filename) {
+    return NextResponse.json({ error: "Dosya adı gerekli" }, { status: 400 });
+  }
+
+  try {
+    const att = await getAttachment(creds, folder, parseInt(uid), filename);
+    if (!att) {
+      return NextResponse.json({ error: "Ek bulunamadı" }, { status: 404 });
+    }
+
+    return new NextResponse(att.content, {
+      headers: {
+        "Content-Type": att.contentType,
+        "Content-Disposition": `attachment; filename="${encodeURIComponent(filename)}"`,
+        "Content-Length": String(att.content.length),
+      },
+    });
+  } catch (err: any) {
+    return NextResponse.json(
+      { error: "Ek indirilemedi: " + (err?.message ?? "") },
+      { status: 502 }
+    );
+  }
+}
diff --git a/app/api/mail/messages/[uid]/route.ts b/app/api/mail/messages/[uid]/route.ts
new file mode 100644
index 0000000..a15908f
--- /dev/null
+++ b/app/api/mail/messages/[uid]/route.ts
@@ -0,0 +1,32 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { getMailSession } from "@/lib/mail-session";
+import { getMessage } from "@/lib/imap";
+
+// GET /api/mail/messages/[uid]?folder=INBOX
+export async function GET(
+  req: NextRequest,
+  { params }: { params: Promise<{ uid: string }> }
+) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const creds = await getMailSession();
+  if (!creds) return NextResponse.json({ error: "Mail oturumu yok" }, { status: 401 });
+
+  const { uid } = await params;
+  const folder = req.nextUrl.searchParams.get("folder") ?? "INBOX";
+
+  try {
+    const message = await getMessage(creds, folder, parseInt(uid));
+    if (!message) {
+      return NextResponse.json({ error: "Mesaj bulunamadı" }, { status: 404 });
+    }
+    return NextResponse.json(message);
+  } catch (err: any) {
+    return NextResponse.json(
+      { error: "Mesaj alınamadı: " + (err?.message ?? "") },
+      { status: 502 }
+    );
+  }
+}
diff --git a/app/api/mail/messages/route.ts b/app/api/mail/messages/route.ts
new file mode 100644
index 0000000..a0fc29d
--- /dev/null
+++ b/app/api/mail/messages/route.ts
@@ -0,0 +1,59 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { getMailSession } from "@/lib/mail-session";
+import { listMessages, deleteMessage, moveMessage, toggleFlag } from "@/lib/imap";
+
+// GET /api/mail/messages?folder=INBOX&page=1
+export async function GET(req: NextRequest) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const creds = await getMailSession();
+  if (!creds) return NextResponse.json({ error: "Mail oturumu yok" }, { status: 401 });
+
+  const folder = req.nextUrl.searchParams.get("folder") ?? "INBOX";
+  const page = parseInt(req.nextUrl.searchParams.get("page") ?? "1");
+
+  try {
+    const result = await listMessages(creds, folder, page, 50);
+    return NextResponse.json(result);
+  } catch (err: any) {
+    return NextResponse.json(
+      { error: "Mesajlar alınamadı: " + (err?.message ?? "") },
+      { status: 502 }
+    );
+  }
+}
+
+// POST /api/mail/messages — actions: delete, move, flag
+export async function POST(req: NextRequest) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const creds = await getMailSession();
+  if (!creds) return NextResponse.json({ error: "Mail oturumu yok" }, { status: 401 });
+
+  const { action, folder, uid, toFolder, flag, add } = await req.json();
+
+  try {
+    switch (action) {
+      case "delete":
+        await deleteMessage(creds, folder, uid);
+        break;
+      case "move":
+        await moveMessage(creds, folder, uid, toFolder);
+        break;
+      case "flag":
+        await toggleFlag(creds, folder, uid, flag, add);
+        break;
+      default:
+        return NextResponse.json({ error: "Bilinmeyen işlem" }, { status: 400 });
+    }
+    return NextResponse.json({ success: true });
+  } catch (err: any) {
+    return NextResponse.json(
+      { error: "İşlem başarısız: " + (err?.message ?? "") },
+      { status: 502 }
+    );
+  }
+}
diff --git a/app/api/mail/send/route.ts b/app/api/mail/send/route.ts
new file mode 100644
index 0000000..1d55e1d
--- /dev/null
+++ b/app/api/mail/send/route.ts
@@ -0,0 +1,64 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { getMailSession } from "@/lib/mail-session";
+import { sendMail } from "@/lib/smtp";
+
+// POST /api/mail/send — supports both JSON and FormData (for attachments)
+export async function POST(req: NextRequest) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const creds = await getMailSession();
+  if (!creds) return NextResponse.json({ error: "Mail oturumu yok" }, { status: 401 });
+
+  const contentType = req.headers.get("content-type") ?? "";
+
+  let to: string, cc: string | undefined, subject: string, html: string, text: string | undefined;
+  let attachments: { filename: string; content: Buffer; contentType?: string }[] = [];
+
+  if (contentType.includes("multipart/form-data")) {
+    // FormData — with attachments
+    const formData = await req.formData();
+    to = formData.get("to") as string;
+    cc = (formData.get("cc") as string) || undefined;
+    subject = formData.get("subject") as string;
+    html = (formData.get("html") as string) || "";
+    text = (formData.get("text") as string) || undefined;
+
+    const files = formData.getAll("attachments") as File[];
+    for (const file of files) {
+      const buffer = Buffer.from(await file.arrayBuffer());
+      attachments.push({
+        filename: file.name,
+        content: buffer,
+        contentType: file.type || undefined,
+      });
+    }
+  } else {
+    // JSON — simple message
+    const body = await req.json();
+    to = body.to;
+    cc = body.cc || undefined;
+    subject = body.subject;
+    html = body.html || `<p>${body.text || ""}</p>`;
+    text = body.text || undefined;
+  }
+
+  if (!to || !subject) {
+    return NextResponse.json({ error: "Alıcı ve konu gerekli" }, { status: 400 });
+  }
+
+  const result = await sendMail(creds, {
+    to,
+    cc,
+    subject,
+    html,
+    text,
+    attachments: attachments.length > 0 ? attachments : undefined,
+  });
+
+  if (result.success) {
+    return NextResponse.json({ success: true, messageId: result.messageId });
+  }
+  return NextResponse.json({ error: result.error }, { status: 502 });
+}
diff --git a/app/api/mailboxes/[email]/route.ts b/app/api/mailboxes/[email]/route.ts
new file mode 100644
index 0000000..2fe3c9b
--- /dev/null
+++ b/app/api/mailboxes/[email]/route.ts
@@ -0,0 +1,55 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { deleteMailbox, editMailbox, getMailboxes } from "@/lib/mailcow";
+import { canAccessDomain } from "@/lib/users";
+
+async function checkAccess(session: Awaited<ReturnType<typeof auth>>, email: string) {
+  if (!session) return false;
+  const domain = email.split("@")[1];
+  return canAccessDomain(session.user.domains ?? [], domain);
+}
+
+// DELETE /api/mailboxes/[email]
+export async function DELETE(
+  _req: NextRequest,
+  { params }: { params: Promise<{ email: string }> }
+) {
+  const session = await auth();
+  const { email } = await params;
+  const decoded = decodeURIComponent(email);
+
+  if (!(await checkAccess(session, decoded))) {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  const result = await deleteMailbox([decoded]);
+  return NextResponse.json(result.data, { status: result.ok ? 200 : 502 });
+}
+
+// PATCH /api/mailboxes/[email] — password change or toggle active
+export async function PATCH(
+  req: NextRequest,
+  { params }: { params: Promise<{ email: string }> }
+) {
+  const session = await auth();
+  const { email } = await params;
+  const decoded = decodeURIComponent(email);
+
+  if (!(await checkAccess(session, decoded))) {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  const body = await req.json();
+  const attr: Parameters<typeof editMailbox>[1] = {};
+
+  if (body.password) {
+    attr.password = body.password;
+    attr.password2 = body.password;
+  }
+  if (typeof body.active === "number") {
+    attr.active = body.active;
+  }
+
+  const result = await editMailbox([decoded], attr);
+  return NextResponse.json(result.data, { status: result.ok ? 200 : 502 });
+}
diff --git a/app/api/mailboxes/route.ts b/app/api/mailboxes/route.ts
new file mode 100644
index 0000000..c4e068a
--- /dev/null
+++ b/app/api/mailboxes/route.ts
@@ -0,0 +1,40 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { getMailboxes, createMailbox } from "@/lib/mailcow";
+import { canAccessDomain } from "@/lib/users";
+
+// GET /api/mailboxes?domain=example.com
+export async function GET(req: NextRequest) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const domain = req.nextUrl.searchParams.get("domain");
+  if (!domain) return NextResponse.json({ error: "domain parametresi gerekli" }, { status: 400 });
+
+  if (!canAccessDomain(session.user.domains ?? [], domain)) {
+    return NextResponse.json({ error: "Bu domaine erişim yetkiniz yok" }, { status: 403 });
+  }
+
+  const mailboxes = await getMailboxes(domain);
+  return NextResponse.json(mailboxes);
+}
+
+// POST /api/mailboxes
+export async function POST(req: NextRequest) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const body = await req.json();
+  const { local_part, domain, name, password, quota } = body;
+
+  if (!local_part || !domain || !name || !password) {
+    return NextResponse.json({ error: "Eksik alan" }, { status: 400 });
+  }
+
+  if (!canAccessDomain(session.user.domains ?? [], domain)) {
+    return NextResponse.json({ error: "Bu domaine erişim yetkiniz yok" }, { status: 403 });
+  }
+
+  const result = await createMailbox({ local_part, domain, name, password, quota });
+  return NextResponse.json(result.data, { status: result.ok ? 200 : 502 });
+}
diff --git a/app/api/users/route.ts b/app/api/users/route.ts
new file mode 100644
index 0000000..345d4d7
--- /dev/null
+++ b/app/api/users/route.ts
@@ -0,0 +1,21 @@
+import { NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { getUsers } from "@/lib/users";
+
+// GET /api/users — super admin only, lists env-defined users (no passwords)
+export async function GET() {
+  const session = await auth();
+  if (!session || session.user.role !== "SUPER_ADMIN") {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  const users = getUsers().map(({ id, name, email, role, domains }) => ({
+    id,
+    name,
+    email,
+    role,
+    domains,
+  }));
+
+  return NextResponse.json(users);
+}
diff --git a/app/dashboard/domains/page.tsx b/app/dashboard/domains/page.tsx
new file mode 100644
index 0000000..b22ba4e
--- /dev/null
+++ b/app/dashboard/domains/page.tsx
@@ -0,0 +1,232 @@
+"use client";
+
+import { useState, useEffect, useTransition } from "react";
+import { formatBytes } from "@/lib/format";
+
+interface Domain {
+  domain_name: string;
+  description: string;
+  active: string;
+  mboxes_in_domain: number;
+  mboxes_left: number;
+  max_num_mboxes_for_domain: number;
+  aliases_in_domain: number;
+  quota_used_in_domain: string;
+  max_quota_for_domain: number;
+}
+
+export default function DomainsPage() {
+  const [domains, setDomains] = useState<Domain[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [showModal, setShowModal] = useState(false);
+  const [isPending, startTransition] = useTransition();
+  const [search, setSearch] = useState("");
+  const [form, setForm] = useState({ domain: "", description: "", mailboxes: "10", quota: "10240", maxquota: "10240" });
+  const [formError, setFormError] = useState("");
+
+  const fetchDomains = async () => {
+    setLoading(true);
+    const res = await fetch("/api/domains");
+    if (res.ok) setDomains(await res.json());
+    setLoading(false);
+  };
+
+  useEffect(() => { fetchDomains(); }, []);
+
+  const handleCreate = (e: React.FormEvent) => {
+    e.preventDefault();
+    setFormError("");
+    startTransition(async () => {
+      const res = await fetch("/api/domains", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          domain: form.domain,
+          description: form.description,
+          mailboxes: parseInt(form.mailboxes),
+          quota: parseInt(form.quota),
+          maxquota: parseInt(form.maxquota),
+        }),
+      });
+      if (res.ok) {
+        setShowModal(false);
+        setForm({ domain: "", description: "", mailboxes: "10", quota: "10240", maxquota: "10240" });
+        fetchDomains();
+      } else {
+        const data = await res.json();
+        const msg = Array.isArray(data) ? data.map((d: { msg?: string }) => d.msg).join(", ") : (data?.error ?? "Bir hata oluştu");
+        setFormError(String(msg));
+      }
+    });
+  };
+
+  const handleDelete = (domain: string) => {
+    if (!confirm(`"${domain}" domainini Mailcow'dan silmek istediğinizden emin misiniz?\n\nBu işlem geri alınamaz!`)) return;
+    startTransition(async () => {
+      await fetch(`/api/domains/${encodeURIComponent(domain)}`, { method: "DELETE" });
+      fetchDomains();
+    });
+  };
+
+  const filtered = domains.filter(
+    (d) =>
+      d.domain_name.toLowerCase().includes(search.toLowerCase()) ||
+      d.description?.toLowerCase().includes(search.toLowerCase())
+  );
+
+  return (
+    <>
+      <div className="page-header">
+        <div>
+          <h1 className="page-title">Domainler</h1>
+          <p className="page-subtitle">Mailcow üzerindeki tüm domainleri yönetin</p>
+        </div>
+        <button className="btn btn-primary" onClick={() => setShowModal(true)}>
+          <PlusIcon /> Domain Ekle
+        </button>
+      </div>
+
+      <div className="page-body">
+        <div className="search-bar">
+          <div className="search-input-wrap">
+            <span className="search-icon"><SearchIcon /></span>
+            <input
+              type="text"
+              className="input search-input"
+              placeholder="Domain veya açıklama ara..."
+              value={search}
+              onChange={(e) => setSearch(e.target.value)}
+            />
+          </div>
+          <button className="btn btn-ghost" onClick={fetchDomains}>
+            <RefreshIcon /> Yenile
+          </button>
+        </div>
+
+        <div className="table-wrap">
+          {loading ? (
+            <div className="empty-state"><span className="spinner" style={{ width: 24, height: 24 }} /></div>
+          ) : filtered.length === 0 ? (
+            <div className="empty-state">
+              <div className="empty-icon"><GlobeIcon size={24} /></div>
+              <div style={{ fontWeight: 600 }}>Domain bulunamadı</div>
+              <div style={{ fontSize: 12 }}>Mailcow&apos;a domain eklemek için &quot;Domain Ekle&quot; butonuna tıklayın.</div>
+            </div>
+          ) : (
+            <table>
+              <thead>
+                <tr>
+                  <th>Domain</th>
+                  <th>Mail Kutuları</th>
+                  <th>Alias</th>
+                  <th>Kota</th>
+                  <th>Durum</th>
+                  <th>İşlemler</th>
+                </tr>
+              </thead>
+              <tbody>
+                {filtered.map((d) => {
+                  const quotaUsed = Number(d.quota_used_in_domain);
+                  const quotaTotal = d.max_quota_for_domain;
+                  const pct = quotaTotal > 0 ? Math.min((quotaUsed / quotaTotal) * 100, 100) : 0;
+                  return (
+                    <tr key={d.domain_name}>
+                      <td>
+                        <div style={{ display: "flex", alignItems: "center", gap: 8 }}>
+                          <div style={{ width: 28, height: 28, borderRadius: 6, background: "var(--accent-dim)", display: "flex", alignItems: "center", justifyContent: "center", color: "var(--accent-hover)", flexShrink: 0 }}>
+                            <GlobeIcon />
+                          </div>
+                          <div>
+                            <div style={{ fontWeight: 500 }}>{d.domain_name}</div>
+                            {d.description && <div style={{ fontSize: 11, color: "var(--text-secondary)" }}>{d.description}</div>}
+                          </div>
+                        </div>
+                      </td>
+                      <td>
+                        {d.mboxes_in_domain}
+                        <span style={{ color: "var(--text-muted)", fontSize: 12 }}> / {d.max_num_mboxes_for_domain}</span>
+                      </td>
+                      <td>{d.aliases_in_domain}</td>
+                      <td style={{ minWidth: 140 }}>
+                        <div style={{ fontSize: 11, color: "var(--text-secondary)", marginBottom: 4 }}>
+                          {formatBytes(quotaUsed)} / {formatBytes(quotaTotal)}
+                        </div>
+                        <div style={{ display: "flex", alignItems: "center", gap: 6 }}>
+                          <div className="progress-bar">
+                            <div className={`progress-fill ${pct > 80 ? "danger" : ""}`} style={{ width: `${pct}%` }} />
+                          </div>
+                          <span style={{ fontSize: 11, color: "var(--text-muted)" }}>{Math.round(pct)}%</span>
+                        </div>
+                      </td>
+                      <td>
+                        <span className={`badge ${String(d.active) === "1" ? "badge-green" : "badge-red"}`}>
+                          {String(d.active) === "1" ? "● Aktif" : "● Pasif"}
+                        </span>
+                      </td>
+                      <td>
+                        <button className="btn btn-danger btn-sm" onClick={() => handleDelete(d.domain_name)} disabled={isPending}>
+                          <TrashIcon /> Sil
+                        </button>
+                      </td>
+                    </tr>
+                  );
+                })}
+              </tbody>
+            </table>
+          )}
+        </div>
+      </div>
+
+      {showModal && (
+        <div className="modal-overlay" onClick={(e) => e.target === e.currentTarget && setShowModal(false)}>
+          <div className="modal">
+            <div className="modal-header">
+              <h2 className="modal-title">Mailcow&apos;a Domain Ekle</h2>
+              <button className="modal-close" onClick={() => setShowModal(false)}><XIcon /></button>
+            </div>
+            <form onSubmit={handleCreate}>
+              <div className="modal-body form-group">
+                {formError && <div className="error-msg">{formError}</div>}
+                <div>
+                  <label className="label">Domain Adı</label>
+                  <input type="text" className="input" placeholder="ornek.com" value={form.domain}
+                    onChange={(e) => setForm({ ...form, domain: e.target.value })} required />
+                </div>
+                <div>
+                  <label className="label">Açıklama (isteğe bağlı)</label>
+                  <input type="text" className="input" placeholder="Bu domain hakkında..." value={form.description}
+                    onChange={(e) => setForm({ ...form, description: e.target.value })} />
+                </div>
+                <div className="form-row">
+                  <div>
+                    <label className="label">Maks. Mailbox</label>
+                    <input type="number" className="input" value={form.mailboxes} min={1}
+                      onChange={(e) => setForm({ ...form, mailboxes: e.target.value })} />
+                  </div>
+                  <div>
+                    <label className="label">Toplam Kota (MB)</label>
+                    <input type="number" className="input" value={form.quota} min={1}
+                      onChange={(e) => setForm({ ...form, quota: e.target.value })} />
+                  </div>
+                </div>
+              </div>
+              <div className="modal-footer">
+                <button type="button" className="btn btn-ghost" onClick={() => setShowModal(false)}>İptal</button>
+                <button type="submit" className="btn btn-primary" disabled={isPending}>
+                  {isPending ? <span className="spinner" /> : <PlusIcon />} Ekle
+                </button>
+              </div>
+            </form>
+          </div>
+        </div>
+      )}
+    </>
+  );
+}
+
+function PlusIcon() { return <svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2.5" strokeLinecap="round" strokeLinejoin="round"><path d="M5 12h14"/><path d="M12 5v14"/></svg>; }
+function SearchIcon() { return <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><circle cx="11" cy="11" r="8"/><path d="m21 21-4.3-4.3"/></svg>; }
+function RefreshIcon() { return <svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M3 12a9 9 0 0 1 9-9 9.75 9.75 0 0 1 6.74 2.74L21 8"/><path d="M21 3v5h-5"/><path d="M21 12a9 9 0 0 1-9 9 9.75 9.75 0 0 1-6.74-2.74L3 16"/><path d="M3 21v-5h5"/></svg>; }
+function GlobeIcon({ size = 13 }: { size?: number }) { return <svg width={size} height={size} viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><circle cx="12" cy="12" r="10"/><path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/><path d="M2 12h20"/></svg>; }
+function TrashIcon() { return <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M3 6h18"/><path d="M19 6v14c0 1-1 2-2 2H7c-1 0-2-1-2-2V6"/><path d="M8 6V4c0-1 1-2 2-2h4c1 0 2 1 2 2v2"/></svg>; }
+function XIcon() { return <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M18 6 6 18"/><path d="m6 6 12 12"/></svg>; }
diff --git a/app/dashboard/layout.tsx b/app/dashboard/layout.tsx
new file mode 100644
index 0000000..7382cf8
--- /dev/null
+++ b/app/dashboard/layout.tsx
@@ -0,0 +1,22 @@
+import { auth } from "@/auth";
+import { redirect } from "next/navigation";
+import Providers from "@/components/Providers";
+import Sidebar from "@/components/Sidebar";
+
+export default async function DashboardLayout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  const session = await auth();
+  if (!session) redirect("/login");
+
+  return (
+    <Providers>
+      <div className="app-layout">
+        <Sidebar />
+        <div className="main-content">{children}</div>
+      </div>
+    </Providers>
+  );
+}
diff --git a/app/dashboard/mail/page.tsx b/app/dashboard/mail/page.tsx
new file mode 100644
index 0000000..31274d5
--- /dev/null
+++ b/app/dashboard/mail/page.tsx
@@ -0,0 +1,200 @@
+"use client";
+
+import { useState, useEffect, useCallback } from "react";
+import MailLogin from "@/components/mail/MailLogin";
+import FolderList from "@/components/mail/FolderList";
+import MessageList from "@/components/mail/MessageList";
+import MessageView from "@/components/mail/MessageView";
+import ComposeModal from "@/components/mail/ComposeModal";
+
+export interface MailFolder {
+  name: string;
+  path: string;
+  specialUse?: string;
+  messages: number;
+  unseen: number;
+}
+
+export interface MailEnvelope {
+  uid: number;
+  subject: string;
+  from: { name: string; address: string }[];
+  to: { name: string; address: string }[];
+  date: string;
+  seen: boolean;
+  flagged: boolean;
+  hasAttachments: boolean;
+}
+
+export interface MailMessage extends MailEnvelope {
+  cc: { name: string; address: string }[];
+  html: string;
+  text: string;
+  attachments: { filename: string; contentType: string; size: number }[];
+}
+
+export default function MailPage() {
+  const [connected, setConnected] = useState<boolean | null>(null);
+  const [email, setEmail] = useState("");
+  const [folders, setFolders] = useState<MailFolder[]>([]);
+  const [activeFolder, setActiveFolder] = useState("INBOX");
+  const [messages, setMessages] = useState<MailEnvelope[]>([]);
+  const [selectedUid, setSelectedUid] = useState<number | null>(null);
+  const [openMessage, setOpenMessage] = useState<MailMessage | null>(null);
+  const [loading, setLoading] = useState(false);
+  const [showCompose, setShowCompose] = useState(false);
+  const [replyTo, setReplyTo] = useState<MailMessage | null>(null);
+
+  // Check connection
+  useEffect(() => {
+    fetch("/api/mail/auth")
+      .then((r) => r.json())
+      .then((d) => {
+        setConnected(d.connected);
+        if (d.email) setEmail(d.email);
+      });
+  }, []);
+
+  // Load folders
+  const loadFolders = useCallback(async () => {
+    const res = await fetch("/api/mail/folders");
+    if (res.ok) setFolders(await res.json());
+  }, []);
+
+  // Load messages
+  const loadMessages = useCallback(async (folder: string) => {
+    setLoading(true);
+    const res = await fetch(`/api/mail/messages?folder=${encodeURIComponent(folder)}`);
+    if (res.ok) {
+      const data = await res.json();
+      setMessages(data.messages ?? []);
+    }
+    setLoading(false);
+  }, []);
+
+  useEffect(() => {
+    if (connected) {
+      loadFolders();
+      loadMessages(activeFolder);
+    }
+  }, [connected, activeFolder, loadFolders, loadMessages]);
+
+  // Open message
+  const openMsg = async (uid: number) => {
+    setSelectedUid(uid);
+    const res = await fetch(`/api/mail/messages/${uid}?folder=${encodeURIComponent(activeFolder)}`);
+    if (res.ok) {
+      const msg = await res.json();
+      setOpenMessage(msg);
+      // Mark as read in list
+      setMessages((prev) => prev.map((m) => m.uid === uid ? { ...m, seen: true } : m));
+    }
+  };
+
+  // Delete
+  const handleDelete = async (uid: number) => {
+    await fetch("/api/mail/messages", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ action: "delete", folder: activeFolder, uid }),
+    });
+    setMessages((prev) => prev.filter((m) => m.uid !== uid));
+    if (selectedUid === uid) { setSelectedUid(null); setOpenMessage(null); }
+  };
+
+  // Reply
+  const handleReply = (msg: MailMessage) => {
+    setReplyTo(msg);
+    setShowCompose(true);
+  };
+
+  // Disconnect
+  const handleDisconnect = async () => {
+    await fetch("/api/mail/auth", { method: "DELETE" });
+    setConnected(false);
+    setEmail("");
+    setFolders([]);
+    setMessages([]);
+    setOpenMessage(null);
+  };
+
+  if (connected === null) {
+    return <div className="empty-state"><span className="spinner" style={{ width: 24, height: 24 }} /></div>;
+  }
+
+  if (!connected) {
+    return <MailLogin onSuccess={(e) => { setConnected(true); setEmail(e); }} />;
+  }
+
+  return (
+    <div className="mail-layout">
+      <div className="mail-sidebar">
+        <button className="btn btn-primary" style={{ width: "100%" }} onClick={() => { setReplyTo(null); setShowCompose(true); }}>
+          <ComposeIcon /> Yeni Mail
+        </button>
+        <FolderList
+          folders={folders}
+          active={activeFolder}
+          onSelect={(f) => { setActiveFolder(f); setSelectedUid(null); setOpenMessage(null); }}
+        />
+        <div className="mail-account">
+          <div className="mail-account-email">{email}</div>
+          <button className="btn btn-ghost btn-sm" onClick={handleDisconnect} style={{ fontSize: 11 }}>
+            Çıkış
+          </button>
+        </div>
+      </div>
+
+      <div className="mail-list">
+        <div className="mail-list-header">
+          <h2>
+            {folders.find((f) => f.path === activeFolder)?.name ?? activeFolder}
+          </h2>
+          <button className="btn btn-ghost btn-sm" onClick={() => loadMessages(activeFolder)}>↻</button>
+        </div>
+        <MessageList
+          messages={messages}
+          loading={loading}
+          selectedUid={selectedUid}
+          onSelect={openMsg}
+          onDelete={handleDelete}
+        />
+      </div>
+
+      <div className="mail-detail">
+        {openMessage ? (
+          <MessageView
+            message={openMessage}
+            onReply={() => handleReply(openMessage)}
+            onDelete={() => handleDelete(openMessage.uid)}
+            folder={activeFolder}
+          />
+        ) : (
+          <div className="mail-empty">
+            <div className="mail-empty-icon">
+              <MailBigIcon />
+            </div>
+            <div style={{ fontWeight: 600, fontSize: 14, color: "var(--text-secondary)" }}>Bir mail seçin</div>
+            <div style={{ fontSize: 12 }}>Okumak için soldaki listeden bir mail seçin</div>
+          </div>
+        )}
+      </div>
+
+      {showCompose && (
+        <ComposeModal
+          replyTo={replyTo}
+          onClose={() => { setShowCompose(false); setReplyTo(null); }}
+          onSent={() => { setShowCompose(false); setReplyTo(null); loadMessages(activeFolder); }}
+        />
+      )}
+    </div>
+  );
+}
+
+function MailBigIcon() {
+  return <svg width="28" height="28" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" style={{ opacity: 0.5 }}><rect width="20" height="16" x="2" y="4" rx="2"/><path d="m22 7-8.97 5.7a1.94 1.94 0 0 1-2.06 0L2 7"/></svg>;
+}
+
+function ComposeIcon() {
+  return <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M12 20h9"/><path d="M16.5 3.5a2.121 2.121 0 0 1 3 3L7 19l-4 1 1-4L16.5 3.5z"/></svg>;
+}
diff --git a/app/dashboard/mailboxes/page.tsx b/app/dashboard/mailboxes/page.tsx
new file mode 100644
index 0000000..a513808
--- /dev/null
+++ b/app/dashboard/mailboxes/page.tsx
@@ -0,0 +1,382 @@
+"use client";
+
+import { useState, useEffect, useTransition, useCallback } from "react";
+import { useSession } from "next-auth/react";
+import { formatBytes } from "@/lib/format";
+
+interface Mailbox {
+  username: string;
+  name: string;
+  local_part: string;
+  domain: string;
+  quota: number;
+  quota_used: number;
+  active: string; // "1" | "0"
+}
+
+interface Domain {
+  domain_name: string;
+}
+
+export default function MailboxesPage() {
+  const { data: session } = useSession();
+  const [domains, setDomains] = useState<Domain[]>([]);
+  const [selectedDomain, setSelectedDomain] = useState("");
+  const [mailboxes, setMailboxes] = useState<Mailbox[]>([]);
+  const [loading, setLoading] = useState(false);
+  const [showCreateModal, setShowCreateModal] = useState(false);
+  const [showPasswordModal, setShowPasswordModal] = useState<string | null>(null);
+  const [isPending, startTransition] = useTransition();
+  const [search, setSearch] = useState("");
+  const [createForm, setCreateForm] = useState({ local_part: "", name: "", password: "", quota: 3072 });
+  const [newPassword, setNewPassword] = useState("");
+  const [formError, setFormError] = useState("");
+
+  useEffect(() => {
+    fetch("/api/domains")
+      .then((r) => r.json())
+      .then((data: Domain[]) => {
+        if (Array.isArray(data) && data.length > 0) {
+          setDomains(data);
+          setSelectedDomain(data[0].domain_name);
+        }
+      });
+  }, []);
+
+  const fetchMailboxes = useCallback(async (domain: string) => {
+    if (!domain) return;
+    setLoading(true);
+    const res = await fetch(`/api/mailboxes?domain=${encodeURIComponent(domain)}`);
+    const data = await res.json();
+    setMailboxes(Array.isArray(data) ? data : []);
+    setLoading(false);
+  }, []);
+
+  useEffect(() => {
+    if (selectedDomain) fetchMailboxes(selectedDomain);
+  }, [selectedDomain, fetchMailboxes]);
+
+  const handleCreate = (e: React.FormEvent) => {
+    e.preventDefault();
+    setFormError("");
+    startTransition(async () => {
+      const res = await fetch("/api/mailboxes", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ ...createForm, domain: selectedDomain }),
+      });
+      const data = await res.json();
+      if (res.ok) {
+        setShowCreateModal(false);
+        setCreateForm({ local_part: "", name: "", password: "", quota: 3072 });
+        fetchMailboxes(selectedDomain);
+      } else {
+        const msg = Array.isArray(data)
+          ? data.map((d: { msg?: unknown }) => JSON.stringify(d.msg)).join(", ")
+          : (data?.error ?? "Mailcow bağlantısını kontrol edin");
+        setFormError(String(msg));
+      }
+    });
+  };
+
+  const handleDelete = (username: string) => {
+    if (!confirm(`"${username}" hesabını silmek istediğinizden emin misiniz?`)) return;
+    startTransition(async () => {
+      await fetch(`/api/mailboxes/${encodeURIComponent(username)}`, { method: "DELETE" });
+      setMailboxes((prev) => prev.filter((m) => m.username !== username));
+    });
+  };
+
+  const handleToggle = (username: string, active: string) => {
+    const newActive = String(active) === "1" ? 0 : 1;
+    startTransition(async () => {
+      await fetch(`/api/mailboxes/${encodeURIComponent(username)}`, {
+        method: "PATCH",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ active: newActive }),
+      });
+      setMailboxes((prev) =>
+        prev.map((m) => m.username === username ? { ...m, active: String(newActive) } : m)
+      );
+    });
+  };
+
+  const handlePasswordChange = (e: React.FormEvent) => {
+    e.preventDefault();
+    if (!showPasswordModal) return;
+    startTransition(async () => {
+      await fetch(`/api/mailboxes/${encodeURIComponent(showPasswordModal)}`, {
+        method: "PATCH",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ password: newPassword }),
+      });
+      setShowPasswordModal(null);
+      setNewPassword("");
+    });
+  };
+
+  const filtered = mailboxes.filter(
+    (m) =>
+      m.username.toLowerCase().includes(search.toLowerCase()) ||
+      m.name.toLowerCase().includes(search.toLowerCase())
+  );
+
+  const isSuperAdmin = session?.user?.role === "SUPER_ADMIN";
+
+  return (
+    <>
+      <div className="page-header">
+        <div>
+          <h1 className="page-title">Mail Hesapları</h1>
+          <p className="page-subtitle">
+            {selectedDomain
+              ? `${selectedDomain} — ${mailboxes.length} hesap`
+              : "Domain seçin"}
+          </p>
+        </div>
+        <div style={{ display: "flex", gap: 10, alignItems: "center" }}>
+          <select
+            className="input"
+            style={{ width: "auto", minWidth: 200 }}
+            value={selectedDomain}
+            onChange={(e) => setSelectedDomain(e.target.value)}
+          >
+            {domains.map((d) => (
+              <option key={d.domain_name} value={d.domain_name}>
+                {d.domain_name}
+              </option>
+            ))}
+          </select>
+          <button
+            className="btn btn-ghost"
+            onClick={() => fetchMailboxes(selectedDomain)}
+            disabled={!selectedDomain}
+          >
+            <RefreshIcon />
+          </button>
+          <button
+            className="btn btn-primary"
+            onClick={() => setShowCreateModal(true)}
+            disabled={!selectedDomain}
+          >
+            <PlusIcon /> Hesap Ekle
+          </button>
+        </div>
+      </div>
+
+      <div className="page-body">
+        <div className="search-bar">
+          <div className="search-input-wrap">
+            <span className="search-icon"><SearchIcon /></span>
+            <input
+              type="text"
+              className="input search-input"
+              placeholder="E-posta veya isim ara..."
+              value={search}
+              onChange={(e) => setSearch(e.target.value)}
+            />
+          </div>
+        </div>
+
+        <div className="table-wrap">
+          {loading ? (
+            <div className="empty-state">
+              <span className="spinner" style={{ width: 24, height: 24 }} />
+            </div>
+          ) : filtered.length === 0 ? (
+            <div className="empty-state">
+              <div className="empty-icon"><MailIcon size={24} /></div>
+              <div style={{ fontWeight: 600 }}>
+                {selectedDomain ? "Bu domainde mail hesabı yok" : "Domain seçin"}
+              </div>
+              <div style={{ fontSize: 12, color: "var(--text-secondary)" }}>
+                {selectedDomain ? '"Hesap Ekle" butonuna tıklayın' : "Sol üstteki listeden domain seçin"}
+              </div>
+            </div>
+          ) : (
+            <table>
+              <thead>
+                <tr>
+                  <th>E-posta</th>
+                  <th>Ad Soyad</th>
+                  <th>Kota</th>
+                  <th>Durum</th>
+                  <th>İşlemler</th>
+                </tr>
+              </thead>
+              <tbody>
+                {filtered.map((m) => {
+                  const usedPct = m.quota > 0 ? Math.min((m.quota_used / m.quota) * 100, 100) : 0;
+                  return (
+                    <tr key={m.username}>
+                      <td>
+                        <div style={{ display: "flex", alignItems: "center", gap: 8 }}>
+                          <div style={{
+                            width: 30, height: 30, borderRadius: 6,
+                            background: "var(--accent-dim)", color: "var(--accent-hover)",
+                            display: "flex", alignItems: "center", justifyContent: "center",
+                            flexShrink: 0, fontSize: 13, fontWeight: 700,
+                          }}>
+                            {m.local_part[0]?.toUpperCase()}
+                          </div>
+                          <span style={{ fontWeight: 500 }}>{m.username}</span>
+                        </div>
+                      </td>
+                      <td style={{ color: "var(--text-secondary)" }}>{m.name}</td>
+                      <td style={{ minWidth: 160 }}>
+                        <div style={{ fontSize: 11, color: "var(--text-secondary)", marginBottom: 4 }}>
+                          {formatBytes(m.quota_used)} / {formatBytes(m.quota)}
+                        </div>
+                        <div style={{ display: "flex", alignItems: "center", gap: 6 }}>
+                          <div className="progress-bar">
+                            <div className={`progress-fill ${usedPct > 80 ? "danger" : ""}`} style={{ width: `${usedPct}%` }} />
+                          </div>
+                          <span style={{ fontSize: 11, color: "var(--text-muted)", flexShrink: 0 }}>{Math.round(usedPct)}%</span>
+                        </div>
+                      </td>
+                      <td>
+                        <span className={`badge ${String(m.active) === "1" ? "badge-green" : "badge-red"}`}>
+                          {String(m.active) === "1" ? "● Aktif" : "● Pasif"}
+                        </span>
+                      </td>
+                      <td>
+                        <div style={{ display: "flex", gap: 6 }}>
+                          <button
+                            className="btn btn-ghost btn-sm"
+                            onClick={() => setShowPasswordModal(m.username)}
+                            title="Şifre Değiştir"
+                          >
+                            <KeyIcon />
+                          </button>
+                          <button
+                            className={`btn btn-sm ${String(m.active) === "1" ? "btn-ghost" : "btn-success"}`}
+                            onClick={() => handleToggle(m.username, m.active)}
+                            title={String(m.active) === "1" ? "Pasife Al" : "Aktif Et"}
+                          >
+                            {String(m.active) === "1" ? <PauseIcon /> : <PlayIcon />}
+                          </button>
+                          <button
+                            className="btn btn-danger btn-sm"
+                            onClick={() => handleDelete(m.username)}
+                            title="Sil"
+                          >
+                            <TrashIcon />
+                          </button>
+                        </div>
+                      </td>
+                    </tr>
+                  );
+                })}
+              </tbody>
+            </table>
+          )}
+        </div>
+      </div>
+
+      {/* Create Modal */}
+      {showCreateModal && (
+        <div className="modal-overlay" onClick={(e) => e.target === e.currentTarget && setShowCreateModal(false)}>
+          <div className="modal">
+            <div className="modal-header">
+              <h2 className="modal-title">Yeni Mail Hesabı</h2>
+              <button className="modal-close" onClick={() => setShowCreateModal(false)}><XIcon /></button>
+            </div>
+            <form onSubmit={handleCreate}>
+              <div className="modal-body form-group">
+                {formError && <div className="error-msg">{formError}</div>}
+                <div>
+                  <label className="label">Kullanıcı Adı</label>
+                  <div style={{ display: "flex" }}>
+                    <input
+                      type="text" className="input"
+                      style={{ borderRadius: "var(--radius) 0 0 var(--radius)" }}
+                      placeholder="info"
+                      value={createForm.local_part}
+                      onChange={(e) => setCreateForm({ ...createForm, local_part: e.target.value })}
+                      required
+                    />
+                    <span style={{
+                      background: "var(--bg-hover)", border: "1px solid var(--border)", borderLeft: "none",
+                      padding: "8px 12px", borderRadius: "0 var(--radius) var(--radius) 0",
+                      color: "var(--text-secondary)", fontSize: 13, whiteSpace: "nowrap",
+                    }}>
+                      @{selectedDomain}
+                    </span>
+                  </div>
+                </div>
+                <div>
+                  <label className="label">Ad Soyad</label>
+                  <input type="text" className="input" placeholder="Emina Karabudak"
+                    value={createForm.name}
+                    onChange={(e) => setCreateForm({ ...createForm, name: e.target.value })}
+                    required />
+                </div>
+                <div>
+                  <label className="label">Şifre</label>
+                  <input type="password" className="input" placeholder="Güçlü bir şifre"
+                    value={createForm.password}
+                    onChange={(e) => setCreateForm({ ...createForm, password: e.target.value })}
+                    required />
+                </div>
+                <div>
+                  <label className="label">Kota (MB)</label>
+                  <input type="number" className="input" value={createForm.quota} min={100} max={102400}
+                    onChange={(e) => setCreateForm({ ...createForm, quota: parseInt(e.target.value) || 3072 })} />
+                </div>
+              </div>
+              <div className="modal-footer">
+                <button type="button" className="btn btn-ghost" onClick={() => setShowCreateModal(false)}>İptal</button>
+                <button type="submit" className="btn btn-primary" disabled={isPending}>
+                  {isPending ? <span className="spinner" /> : <PlusIcon />} Oluştur
+                </button>
+              </div>
+            </form>
+          </div>
+        </div>
+      )}
+
+      {/* Password Modal */}
+      {showPasswordModal && (
+        <div className="modal-overlay" onClick={(e) => e.target === e.currentTarget && setShowPasswordModal(null)}>
+          <div className="modal">
+            <div className="modal-header">
+              <h2 className="modal-title">Şifre Değiştir</h2>
+              <button className="modal-close" onClick={() => setShowPasswordModal(null)}><XIcon /></button>
+            </div>
+            <form onSubmit={handlePasswordChange}>
+              <div className="modal-body form-group">
+                <div style={{ fontSize: 13, color: "var(--text-secondary)" }}>
+                  <strong style={{ color: "var(--text-primary)" }}>{showPasswordModal}</strong> için yeni şifre
+                </div>
+                <div>
+                  <label className="label">Yeni Şifre</label>
+                  <input type="password" className="input" placeholder="Yeni şifre"
+                    value={newPassword}
+                    onChange={(e) => setNewPassword(e.target.value)}
+                    required autoFocus />
+                </div>
+              </div>
+              <div className="modal-footer">
+                <button type="button" className="btn btn-ghost" onClick={() => setShowPasswordModal(null)}>İptal</button>
+                <button type="submit" className="btn btn-primary" disabled={isPending}>
+                  {isPending ? <span className="spinner" /> : <KeyIcon />} Güncelle
+                </button>
+              </div>
+            </form>
+          </div>
+        </div>
+      )}
+    </>
+  );
+}
+
+// Icons
+function PlusIcon() { return <svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2.5" strokeLinecap="round" strokeLinejoin="round"><path d="M5 12h14"/><path d="M12 5v14"/></svg>; }
+function SearchIcon() { return <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><circle cx="11" cy="11" r="8"/><path d="m21 21-4.3-4.3"/></svg>; }
+function RefreshIcon() { return <svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M3 12a9 9 0 0 1 9-9 9.75 9.75 0 0 1 6.74 2.74L21 8"/><path d="M21 3v5h-5"/><path d="M21 12a9 9 0 0 1-9 9 9.75 9.75 0 0 1-6.74-2.74L3 16"/><path d="M3 21v-5h5"/></svg>; }
+function MailIcon({ size = 13 }: { size?: number }) { return <svg width={size} height={size} viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><rect width="20" height="16" x="2" y="4" rx="2"/><path d="m22 7-8.97 5.7a1.94 1.94 0 0 1-2.06 0L2 7"/></svg>; }
+function TrashIcon() { return <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M3 6h18"/><path d="M19 6v14c0 1-1 2-2 2H7c-1 0-2-1-2-2V6"/><path d="M8 6V4c0-1 1-2 2-2h4c1 0 2 1 2 2v2"/></svg>; }
+function KeyIcon() { return <svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><circle cx="7.5" cy="15.5" r="5.5"/><path d="m21 2-9.6 9.6"/><path d="m15.5 7.5 3 3L22 7l-3-3"/></svg>; }
+function PauseIcon() { return <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><rect x="6" y="4" width="4" height="16"/><rect x="14" y="4" width="4" height="16"/></svg>; }
+function PlayIcon() { return <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><polygon points="5 3 19 12 5 21 5 3"/></svg>; }
+function XIcon() { return <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M18 6 6 18"/><path d="m6 6 12 12"/></svg>; }
diff --git a/app/dashboard/page.tsx b/app/dashboard/page.tsx
new file mode 100644
index 0000000..1357455
--- /dev/null
+++ b/app/dashboard/page.tsx
@@ -0,0 +1,211 @@
+import { auth } from "@/auth";
+import { getDomains } from "@/lib/mailcow";
+import { canAccessDomain } from "@/lib/users";
+import { formatBytes } from "@/lib/format";
+
+export default async function DashboardPage() {
+  const session = await auth();
+  const role = session?.user?.role;
+  const userDomains = session?.user?.domains ?? [];
+
+  const allDomains = await getDomains();
+  const visibleDomains = allDomains.filter((d) => canAccessDomain(userDomains, d.domain_name));
+
+  const totalMailboxes = visibleDomains.reduce((sum, d) => sum + d.mboxes_in_domain, 0);
+  const totalAliases = visibleDomains.reduce((sum, d) => sum + d.aliases_in_domain, 0);
+
+  return (
+    <>
+      <div className="page-header">
+        <div>
+          <h1 className="page-title">Dashboard</h1>
+          <p className="page-subtitle">Hoş geldiniz, {session?.user?.name} 👋</p>
+        </div>
+      </div>
+
+      <div className="page-body">
+        <div className="stats-grid">
+          <StatCard
+            label="Toplam Domain"
+            value={visibleDomains.length}
+            color="var(--accent)"
+            icon={<GlobeIcon />}
+          />
+          <StatCard
+            label="Mail Kutuları"
+            value={totalMailboxes}
+            color="var(--success)"
+            icon={<MailIcon />}
+          />
+          <StatCard
+            label="Alias"
+            value={totalAliases}
+            color="var(--warning)"
+            icon={<AtIcon />}
+          />
+          {role === "SUPER_ADMIN" && (
+            <StatCard
+              label="Tanımlı Kullanıcı"
+              value={"—"}
+              sub="Kullanıcılar .env'den yönetilir"
+              color="var(--text-muted)"
+              icon={<UsersIcon />}
+            />
+          )}
+        </div>
+
+        {/* Domain durum tablosu */}
+        {visibleDomains.length > 0 && (
+          <div className="card" style={{ padding: 0, overflow: "hidden" }}>
+            <div style={{ padding: "16px 20px", borderBottom: "1px solid var(--border)" }}>
+              <h2 style={{ fontSize: 14, fontWeight: 700, color: "var(--text-primary)" }}>
+                Domain Durumu
+              </h2>
+            </div>
+            <div className="table-wrap" style={{ border: "none", borderRadius: 0 }}>
+              <table>
+                <thead>
+                  <tr>
+                    <th>Domain</th>
+                    <th>Mail Kutuları</th>
+                    <th>Kota Kullanımı</th>
+                    <th>Durum</th>
+                  </tr>
+                </thead>
+                <tbody>
+                  {visibleDomains.map((d) => {
+                    const quotaUsed = Number(d.quota_used_in_domain);
+                    const quotaTotal = d.max_quota_for_domain;
+                    const pct = quotaTotal > 0 ? Math.min((quotaUsed / quotaTotal) * 100, 100) : 0;
+                    return (
+                      <tr key={d.domain_name}>
+                        <td>
+                          <div style={{ display: "flex", alignItems: "center", gap: 8 }}>
+                            <div style={{ width: 28, height: 28, borderRadius: 6, background: "var(--accent-dim)", display: "flex", alignItems: "center", justifyContent: "center", color: "var(--accent-hover)", flexShrink: 0 }}>
+                              <GlobeIcon />
+                            </div>
+                            <span style={{ fontWeight: 500 }}>{d.domain_name}</span>
+                          </div>
+                        </td>
+                        <td>
+                          <span>{d.mboxes_in_domain}</span>
+                          <span style={{ color: "var(--text-muted)", fontSize: 12 }}> / {d.max_num_mboxes_for_domain}</span>
+                        </td>
+                        <td style={{ minWidth: 160 }}>
+                          <div style={{ fontSize: 11, color: "var(--text-secondary)", marginBottom: 4 }}>
+                            {formatBytes(quotaUsed)} / {formatBytes(quotaTotal)}
+                          </div>
+                          <div style={{ display: "flex", alignItems: "center", gap: 8 }}>
+                            <div className="progress-bar">
+                              <div className={`progress-fill ${pct > 80 ? "danger" : ""}`} style={{ width: `${pct}%` }} />
+                            </div>
+                            <span style={{ fontSize: 11, color: "var(--text-muted)", flexShrink: 0 }}>{Math.round(pct)}%</span>
+                          </div>
+                        </td>
+                        <td>
+                          <span className={`badge ${String(d.active) === "1" ? "badge-green" : "badge-red"}`}>
+                            {String(d.active) === "1" ? "● Aktif" : "● Pasif"}
+                          </span>
+                        </td>
+                      </tr>
+                    );
+                  })}
+                </tbody>
+              </table>
+            </div>
+          </div>
+        )}
+
+        {/* Quick actions */}
+        <div className="card">
+          <h2 style={{ fontSize: 14, fontWeight: 700, marginBottom: 16, color: "var(--text-primary)" }}>
+            Hızlı İşlemler
+          </h2>
+          <div style={{ display: "flex", flexDirection: "column", gap: 10 }}>
+            {role === "SUPER_ADMIN" && (
+              <QuickItem
+                href="/dashboard/domains"
+                icon={<GlobeIcon />}
+                title="Domain Yönetimi"
+                desc="Domain ekle, sil, yönet"
+                color="var(--accent)"
+              />
+            )}
+            <QuickItem
+              href="/dashboard/mailboxes"
+              icon={<MailIcon />}
+              title="Mail Hesapları"
+              desc="Yeni hesap oluştur, şifre değiştir, sil"
+              color="var(--success)"
+            />
+            {role === "SUPER_ADMIN" && (
+              <QuickItem
+                href="/dashboard/users"
+                icon={<UsersIcon />}
+                title="Kullanıcılar"
+                desc=".env'den tanımlı panel kullanıcılarını görüntüle"
+                color="var(--warning)"
+              />
+            )}
+          </div>
+        </div>
+      </div>
+    </>
+  );
+}
+
+function StatCard({ label, value, sub, color, icon }: {
+  label: string;
+  value: number | string;
+  sub?: string;
+  color: string;
+  icon: React.ReactNode;
+}) {
+  return (
+    <div className="stat-card">
+      <div className="stat-icon" style={{ background: `${color}20`, color }}>
+        {icon}
+      </div>
+      <div className="stat-label">{label}</div>
+      <div className="stat-value">{value}</div>
+      {sub && <div style={{ fontSize: 11, color: "var(--text-muted)" }}>{sub}</div>}
+    </div>
+  );
+}
+
+function QuickItem({ href, icon, title, desc, color }: {
+  href: string;
+  icon: React.ReactNode;
+  title: string;
+  desc: string;
+  color: string;
+}) {
+  return (
+    <a
+      href={href}
+      style={{
+        display: "flex", alignItems: "center", gap: 14, padding: 14,
+        borderRadius: "var(--radius)", border: "1px solid var(--border)",
+        background: "var(--bg)", textDecoration: "none",
+        transition: "all 0.15s ease",
+      }}
+    >
+      <div style={{ width: 36, height: 36, borderRadius: 8, background: `${color}20`, color, display: "flex", alignItems: "center", justifyContent: "center", flexShrink: 0 }}>
+        {icon}
+      </div>
+      <div style={{ flex: 1 }}>
+        <div style={{ fontSize: 13, fontWeight: 600, color: "var(--text-primary)" }}>{title}</div>
+        <div style={{ fontSize: 12, color: "var(--text-secondary)", marginTop: 2 }}>{desc}</div>
+      </div>
+      <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="var(--text-muted)" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+        <path d="m9 18 6-6-6-6" />
+      </svg>
+    </a>
+  );
+}
+
+// Icons
+function GlobeIcon() { return <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><circle cx="12" cy="12" r="10"/><path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/><path d="M2 12h20"/></svg>; }
+function MailIcon() { return <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><rect width="20" height="16" x="2" y="4" rx="2"/><path d="m22 7-8.97 5.7a1.94 1.94 0 0 1-2.06 0L2 7"/></svg>; }
+function AtIcon() { return <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><circle cx="12" cy="12" r="4"/><path d="M16 8v5a3 3 0 0 0 6 0v-1a10 10 0 1 0-3.92 7.94"/></svg>; }
+function UsersIcon() { return <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M16 21v-2a4 4 0 0 0-4-4H6a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/><path d="M22 21v-2a4 4 0 0 0-3-3.87"/><path d="M16 3.13a4 4 0 0 1 0 7.75"/></svg>; }
diff --git a/app/dashboard/users/page.tsx b/app/dashboard/users/page.tsx
new file mode 100644
index 0000000..de6dda2
--- /dev/null
+++ b/app/dashboard/users/page.tsx
@@ -0,0 +1,142 @@
+"use client";
+
+import { useState, useEffect } from "react";
+
+interface User {
+  id: string;
+  name: string;
+  email: string;
+  role: string;
+  domains: string[];
+}
+
+export default function UsersPage() {
+  const [users, setUsers] = useState<User[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [search, setSearch] = useState("");
+
+  useEffect(() => {
+    fetch("/api/users")
+      .then((r) => r.json())
+      .then((data) => {
+        setUsers(Array.isArray(data) ? data : []);
+        setLoading(false);
+      })
+      .catch(() => setLoading(false));
+  }, []);
+
+  const filtered = users.filter(
+    (u) =>
+      u.name.toLowerCase().includes(search.toLowerCase()) ||
+      u.email.toLowerCase().includes(search.toLowerCase())
+  );
+
+  return (
+    <>
+      <div className="page-header">
+        <div>
+          <h1 className="page-title">Kullanıcılar</h1>
+          <p className="page-subtitle">Panel kullanıcıları .env dosyasından yönetilir</p>
+        </div>
+      </div>
+
+      <div className="page-body">
+        {/* Info card */}
+        <div className="card" style={{ display: "flex", gap: 14, alignItems: "flex-start", border: "1px solid var(--accent-dim)", background: "var(--accent-dim)" }}>
+          <div style={{ color: "var(--accent-hover)", flexShrink: 0, paddingTop: 2 }}>
+            <InfoIcon />
+          </div>
+          <div>
+            <div style={{ fontWeight: 600, color: "var(--accent-hover)", marginBottom: 6 }}>Kullanıcı yönetimi hakkında</div>
+            <div style={{ fontSize: 13, color: "var(--text-secondary)", lineHeight: 1.7 }}>
+              Kullanıcılar <code style={{ background: "var(--bg)", padding: "1px 6px", borderRadius: 4, fontSize: 12 }}>.env</code> dosyasındaki{" "}
+              <code style={{ background: "var(--bg)", padding: "1px 6px", borderRadius: 4, fontSize: 12 }}>USER_0_*</code>,{" "}
+              <code style={{ background: "var(--bg)", padding: "1px 6px", borderRadius: 4, fontSize: 12 }}>USER_1_*</code>… değişkenleriyle tanımlanır.
+              Yeni kullanıcı eklemek için .env dosyasını düzenleyip uygulamayı yeniden başlatın.
+            </div>
+            <div style={{ marginTop: 12, padding: "10px 14px", background: "var(--bg)", borderRadius: "var(--radius)", fontSize: 12, fontFamily: "monospace", color: "var(--text-secondary)", lineHeight: 2 }}>
+              USER_2_NAME=&quot;Ahmet Yılmaz&quot;<br />
+              USER_2_EMAIL=&quot;ahmet@ayristech.com&quot;<br />
+              USER_2_PASSWORD=&quot;güçlü-şifre&quot;<br />
+              USER_2_ROLE=&quot;DOMAIN_ADMIN&quot;<br />
+              USER_2_DOMAINS=&quot;yenidomain.com&quot;
+            </div>
+          </div>
+        </div>
+
+        <div className="search-bar">
+          <div className="search-input-wrap">
+            <span className="search-icon"><SearchIcon /></span>
+            <input
+              type="text"
+              className="input search-input"
+              placeholder="İsim veya e-posta ara..."
+              value={search}
+              onChange={(e) => setSearch(e.target.value)}
+            />
+          </div>
+        </div>
+
+        <div className="table-wrap">
+          {loading ? (
+            <div className="empty-state">
+              <span className="spinner" style={{ width: 24, height: 24 }} />
+            </div>
+          ) : filtered.length === 0 ? (
+            <div className="empty-state">
+              <div className="empty-icon"><UsersIcon /></div>
+              <div style={{ fontWeight: 600 }}>Kullanıcı bulunamadı</div>
+            </div>
+          ) : (
+            <table>
+              <thead>
+                <tr>
+                  <th>Kullanıcı</th>
+                  <th>Rol</th>
+                  <th>İzin Verilen Domainler</th>
+                </tr>
+              </thead>
+              <tbody>
+                {filtered.map((u) => (
+                  <tr key={u.id}>
+                    <td>
+                      <div style={{ display: "flex", alignItems: "center", gap: 10 }}>
+                        <div className="user-avatar" style={{ width: 32, height: 32, fontSize: 13 }}>
+                          {u.name[0]?.toUpperCase()}
+                        </div>
+                        <div>
+                          <div style={{ fontWeight: 500 }}>{u.name}</div>
+                          <div style={{ fontSize: 11, color: "var(--text-secondary)" }}>{u.email}</div>
+                        </div>
+                      </div>
+                    </td>
+                    <td>
+                      <span className={`badge ${u.role === "SUPER_ADMIN" ? "badge-blue" : "badge-green"}`}>
+                        {u.role === "SUPER_ADMIN" ? "★ Süper Admin" : "Domain Admin"}
+                      </span>
+                    </td>
+                    <td>
+                      {u.domains.includes("*") ? (
+                        <span className="badge badge-blue">Tüm domainler</span>
+                      ) : (
+                        <div style={{ display: "flex", flexWrap: "wrap", gap: 4 }}>
+                          {u.domains.map((d) => (
+                            <span key={d} className="badge badge-green">{d}</span>
+                          ))}
+                        </div>
+                      )}
+                    </td>
+                  </tr>
+                ))}
+              </tbody>
+            </table>
+          )}
+        </div>
+      </div>
+    </>
+  );
+}
+
+function SearchIcon() { return <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><circle cx="11" cy="11" r="8"/><path d="m21 21-4.3-4.3"/></svg>; }
+function UsersIcon() { return <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M16 21v-2a4 4 0 0 0-4-4H6a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/><path d="M22 21v-2a4 4 0 0 0-3-3.87"/><path d="M16 3.13a4 4 0 0 1 0 7.75"/></svg>; }
+function InfoIcon() { return <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><circle cx="12" cy="12" r="10"/><path d="M12 16v-4"/><path d="M12 8h.01"/></svg>; }
diff --git a/app/globals.css b/app/globals.css
index a2dc41e..2a7d952 100644
--- a/app/globals.css
+++ b/app/globals.css
@@ -1,26 +1,1107 @@
-@import "tailwindcss";
+@import url("https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap");
+
+*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+html { -webkit-text-size-adjust: 100%; tab-size: 4; }
+body { line-height: 1.5; -webkit-font-smoothing: antialiased; }
+img, svg, video { display: block; max-width: 100%; }
+input, button, textarea, select { font: inherit; }
 
 :root {
-  --background: #ffffff;
-  --foreground: #171717;
+  --bg: #0d1117;
+  --bg-card: #161b22;
+  --bg-hover: #1c2128;
+  --border: #30363d;
+  --border-focus: #388bfd;
+  --text-primary: #e6edf3;
+  --text-secondary: #8b949e;
+  --text-muted: #484f58;
+  --accent: #388bfd;
+  --accent-hover: #58a6ff;
+  --accent-dim: rgba(56, 139, 253, 0.12);
+  --success: #3fb950;
+  --success-dim: rgba(63, 185, 80, 0.12);
+  --warning: #d29922;
+  --warning-dim: rgba(210, 153, 34, 0.12);
+  --danger: #f85149;
+  --danger-hover: #ff7b72;
+  --danger-dim: rgba(248, 81, 73, 0.12);
+  --radius: 8px;
+  --radius-lg: 12px;
+  --shadow: 0 1px 3px rgba(0, 0, 0, 0.4), 0 1px 2px rgba(0, 0, 0, 0.24);
+  --shadow-lg: 0 4px 12px rgba(0, 0, 0, 0.5);
 }
 
-@theme inline {
-  --color-background: var(--background);
-  --color-foreground: var(--foreground);
-  --font-sans: var(--font-geist-sans);
-  --font-mono: var(--font-geist-mono);
+
+
+
+html,
+body {
+  height: 100%;
+  background: var(--bg);
+  color: var(--text-primary);
+  font-family: "Inter", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+  font-size: 14px;
+  line-height: 1.5;
+  -webkit-font-smoothing: antialiased;
 }
 
-@media (prefers-color-scheme: dark) {
-  :root {
-    --background: #0a0a0a;
-    --foreground: #ededed;
+a {
+  color: var(--accent-hover);
+  text-decoration: none;
+}
+
+/* Scrollbar */
+::-webkit-scrollbar {
+  width: 6px;
+  height: 6px;
+}
+::-webkit-scrollbar-track {
+  background: transparent;
+}
+::-webkit-scrollbar-thumb {
+  background: var(--border);
+  border-radius: 3px;
+}
+::-webkit-scrollbar-thumb:hover {
+  background: var(--text-muted);
+}
+
+/* ── Card ── */
+.card {
+  background: var(--bg-card);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-lg);
+  padding: 24px;
+  box-shadow: var(--shadow);
+}
+
+/* ── Button ── */
+.btn {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  padding: 7px 14px;
+  border-radius: var(--radius);
+  font-size: 13px;
+  font-weight: 500;
+  cursor: pointer;
+  border: 1px solid transparent;
+  transition: all 0.15s ease;
+  white-space: nowrap;
+  font-family: inherit;
+}
+
+.btn-primary {
+  background: var(--accent);
+  color: #fff;
+  border-color: var(--accent);
+}
+.btn-primary:hover {
+  background: var(--accent-hover);
+  border-color: var(--accent-hover);
+}
+
+.btn-ghost {
+  background: transparent;
+  color: var(--text-secondary);
+  border-color: var(--border);
+}
+.btn-ghost:hover {
+  background: var(--bg-hover);
+  color: var(--text-primary);
+}
+
+.btn-danger {
+  background: var(--danger-dim);
+  color: var(--danger);
+  border-color: var(--danger);
+}
+.btn-danger:hover {
+  background: var(--danger);
+  color: #fff;
+}
+
+.btn-success {
+  background: var(--success-dim);
+  color: var(--success);
+  border-color: var(--success);
+}
+.btn-success:hover {
+  background: var(--success);
+  color: #fff;
+}
+
+.btn-sm {
+  padding: 4px 10px;
+  font-size: 12px;
+}
+
+.btn:disabled {
+  opacity: 0.5;
+  cursor: not-allowed;
+}
+
+/* ── Input ── */
+.input {
+  width: 100%;
+  background: var(--bg);
+  border: 1px solid var(--border);
+  border-radius: var(--radius);
+  padding: 8px 12px;
+  color: var(--text-primary);
+  font-size: 13px;
+  font-family: inherit;
+  outline: none;
+  transition: border-color 0.15s ease, box-shadow 0.15s ease;
+}
+
+.input:focus {
+  border-color: var(--border-focus);
+  box-shadow: 0 0 0 3px var(--accent-dim);
+}
+
+.input::placeholder {
+  color: var(--text-muted);
+}
+
+select.input {
+  cursor: pointer;
+}
+
+/* ── Label ── */
+.label {
+  display: block;
+  font-size: 12px;
+  font-weight: 500;
+  color: var(--text-secondary);
+  margin-bottom: 6px;
+  text-transform: uppercase;
+  letter-spacing: 0.05em;
+}
+
+/* ── Form group ── */
+.form-group {
+  display: flex;
+  flex-direction: column;
+  gap: 16px;
+}
+
+.form-row {
+  display: grid;
+  grid-template-columns: 1fr 1fr;
+  gap: 12px;
+}
+
+@media (max-width: 600px) {
+  .form-row {
+    grid-template-columns: 1fr;
   }
 }
 
-body {
-  background: var(--background);
-  color: var(--foreground);
-  font-family: Arial, Helvetica, sans-serif;
+/* ── Table ── */
+.table-wrap {
+  overflow-x: auto;
+  border: 1px solid var(--border);
+  border-radius: var(--radius-lg);
+}
+
+table {
+  width: 100%;
+  border-collapse: collapse;
+}
+
+thead {
+  background: var(--bg-hover);
+}
+
+th {
+  padding: 10px 16px;
+  text-align: left;
+  font-size: 11px;
+  font-weight: 600;
+  color: var(--text-secondary);
+  text-transform: uppercase;
+  letter-spacing: 0.05em;
+  border-bottom: 1px solid var(--border);
+  white-space: nowrap;
+}
+
+td {
+  padding: 12px 16px;
+  font-size: 13px;
+  color: var(--text-primary);
+  border-bottom: 1px solid var(--border);
+}
+
+tr:last-child td {
+  border-bottom: none;
+}
+
+tr:hover td {
+  background: var(--bg-hover);
+}
+
+/* ── Badge ── */
+.badge {
+  display: inline-flex;
+  align-items: center;
+  gap: 4px;
+  padding: 2px 8px;
+  border-radius: 20px;
+  font-size: 11px;
+  font-weight: 600;
+}
+
+.badge-green {
+  background: var(--success-dim);
+  color: var(--success);
+}
+
+.badge-red {
+  background: var(--danger-dim);
+  color: var(--danger);
+}
+
+.badge-yellow {
+  background: var(--warning-dim);
+  color: var(--warning);
+}
+
+.badge-blue {
+  background: var(--accent-dim);
+  color: var(--accent-hover);
+}
+
+/* ── Stat Card ── */
+.stat-card {
+  background: var(--bg-card);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-lg);
+  padding: 20px;
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+  transition: border-color 0.15s ease;
+}
+
+.stat-card:hover {
+  border-color: var(--accent);
+}
+
+.stat-label {
+  font-size: 11px;
+  font-weight: 600;
+  color: var(--text-secondary);
+  text-transform: uppercase;
+  letter-spacing: 0.05em;
+}
+
+.stat-value {
+  font-size: 28px;
+  font-weight: 700;
+  color: var(--text-primary);
+  line-height: 1;
+}
+
+.stat-icon {
+  width: 36px;
+  height: 36px;
+  border-radius: var(--radius);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  margin-bottom: 4px;
+}
+
+/* ── Sidebar ── */
+.sidebar {
+  width: 240px;
+  min-height: 100vh;
+  background: var(--bg-card);
+  border-right: 1px solid var(--border);
+  display: flex;
+  flex-direction: column;
+  flex-shrink: 0;
+}
+
+.sidebar-logo {
+  padding: 20px 24px;
+  border-bottom: 1px solid var(--border);
+  display: flex;
+  align-items: center;
+  gap: 10px;
+}
+
+.sidebar-logo-icon {
+  width: 32px;
+  height: 32px;
+  background: linear-gradient(135deg, var(--accent), #7c3aed);
+  border-radius: 8px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  flex-shrink: 0;
+}
+
+.sidebar-logo-text {
+  font-size: 15px;
+  font-weight: 700;
+  color: var(--text-primary);
+}
+
+.sidebar-logo-sub {
+  font-size: 11px;
+  color: var(--text-secondary);
+  line-height: 1.2;
+}
+
+.sidebar-nav {
+  flex: 1;
+  padding: 12px 12px;
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+}
+
+.sidebar-section {
+  padding: 8px 12px 4px;
+  font-size: 10px;
+  font-weight: 700;
+  color: var(--text-muted);
+  text-transform: uppercase;
+  letter-spacing: 0.08em;
+  margin-top: 8px;
+}
+
+.nav-item {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  padding: 8px 12px;
+  border-radius: var(--radius);
+  font-size: 13px;
+  font-weight: 500;
+  color: var(--text-secondary);
+  cursor: pointer;
+  transition: all 0.15s ease;
+  border: none;
+  background: none;
+  width: 100%;
+  text-align: left;
+  text-decoration: none;
+}
+
+.nav-item:hover {
+  background: var(--bg-hover);
+  color: var(--text-primary);
+}
+
+.nav-item.active {
+  background: var(--accent-dim);
+  color: var(--accent-hover);
+}
+
+.sidebar-footer {
+  padding: 16px;
+  border-top: 1px solid var(--border);
+}
+
+.user-info {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+}
+
+.user-avatar {
+  width: 32px;
+  height: 32px;
+  border-radius: 50%;
+  background: linear-gradient(135deg, var(--accent), #7c3aed);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  font-size: 12px;
+  font-weight: 700;
+  color: #fff;
+  flex-shrink: 0;
+}
+
+.user-name {
+  font-size: 13px;
+  font-weight: 500;
+  color: var(--text-primary);
+}
+
+.user-role {
+  font-size: 11px;
+  color: var(--text-secondary);
+}
+
+/* ── Main Layout ── */
+.app-layout {
+  display: flex;
+  min-height: 100vh;
+}
+
+.main-content {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  min-width: 0;
+  overflow: hidden;
+}
+
+/* When mail layout is inside main-content, let it fill */
+.main-content > .mail-layout {
+  flex: 1;
+}
+
+.page-header {
+  padding: 24px 32px;
+  border-bottom: 1px solid var(--border);
+  background: var(--bg-card);
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 16px;
+}
+
+.page-title {
+  font-size: 20px;
+  font-weight: 700;
+  color: var(--text-primary);
+}
+
+.page-subtitle {
+  font-size: 13px;
+  color: var(--text-secondary);
+  margin-top: 2px;
+}
+
+.page-body {
+  padding: 32px;
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  gap: 24px;
+}
+
+/* ── Stats Grid ── */
+.stats-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
+  gap: 16px;
+}
+
+/* ── Modal ── */
+.modal-overlay {
+  position: fixed;
+  inset: 0;
+  background: rgba(0, 0, 0, 0.7);
+  backdrop-filter: blur(4px);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  z-index: 100;
+  padding: 16px;
+  animation: fadeIn 0.15s ease;
+}
+
+.modal {
+  background: var(--bg-card);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-lg);
+  width: 100%;
+  max-width: 480px;
+  box-shadow: var(--shadow-lg);
+  animation: slideUp 0.2s ease;
+}
+
+.modal-header {
+  padding: 20px 24px 16px;
+  border-bottom: 1px solid var(--border);
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+}
+
+.modal-title {
+  font-size: 16px;
+  font-weight: 700;
+  color: var(--text-primary);
+}
+
+.modal-close {
+  background: none;
+  border: none;
+  color: var(--text-secondary);
+  cursor: pointer;
+  padding: 4px;
+  border-radius: 4px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  transition: color 0.15s ease;
+}
+
+.modal-close:hover {
+  color: var(--text-primary);
+}
+
+.modal-body {
+  padding: 24px;
+}
+
+.modal-footer {
+  padding: 16px 24px;
+  border-top: 1px solid var(--border);
+  display: flex;
+  gap: 10px;
+  justify-content: flex-end;
+}
+
+/* ── Login ── */
+.login-page {
+  min-height: 100vh;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  background: var(--bg);
+  background-image: radial-gradient(ellipse at 50% 0%, rgba(56, 139, 253, 0.08) 0%, transparent 60%);
+  padding: 16px;
+}
+
+.login-box {
+  width: 100%;
+  max-width: 400px;
+}
+
+.login-header {
+  text-align: center;
+  margin-bottom: 32px;
+}
+
+.login-logo {
+  width: 52px;
+  height: 52px;
+  background: linear-gradient(135deg, var(--accent), #7c3aed);
+  border-radius: 14px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  margin: 0 auto 16px;
+  box-shadow: 0 8px 24px rgba(56, 139, 253, 0.3);
+}
+
+.login-title {
+  font-size: 22px;
+  font-weight: 700;
+  color: var(--text-primary);
+}
+
+.login-sub {
+  font-size: 13px;
+  color: var(--text-secondary);
+  margin-top: 6px;
+}
+
+.error-msg {
+  background: var(--danger-dim);
+  border: 1px solid var(--danger);
+  border-radius: var(--radius);
+  padding: 10px 14px;
+  color: var(--danger);
+  font-size: 13px;
+}
+
+/* ── Search ── */
+.search-bar {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+}
+
+.search-input-wrap {
+  position: relative;
+  flex: 1;
+}
+
+.search-icon {
+  position: absolute;
+  left: 10px;
+  top: 50%;
+  transform: translateY(-50%);
+  color: var(--text-muted);
+  pointer-events: none;
+}
+
+.search-input {
+  padding-left: 34px;
+}
+
+/* ── Empty state ── */
+.empty-state {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  padding: 60px 20px;
+  gap: 12px;
+  color: var(--text-secondary);
+}
+
+.empty-icon {
+  width: 48px;
+  height: 48px;
+  background: var(--bg-hover);
+  border-radius: 12px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  color: var(--text-muted);
+}
+
+/* ── Progress bar ── */
+.progress-bar {
+  height: 4px;
+  background: var(--border);
+  border-radius: 2px;
+  overflow: hidden;
+  flex: 1;
+}
+
+.progress-fill {
+  height: 100%;
+  background: var(--accent);
+  border-radius: 2px;
+  transition: width 0.3s ease;
+}
+
+.progress-fill.danger {
+  background: var(--danger);
+}
+
+/* ── Animations ── */
+@keyframes fadeIn {
+  from { opacity: 0; }
+  to { opacity: 1; }
+}
+
+@keyframes slideUp {
+  from { opacity: 0; transform: translateY(12px); }
+  to { opacity: 1; transform: translateY(0); }
+}
+
+@keyframes spin {
+  to { transform: rotate(360deg); }
+}
+
+.spinner {
+  width: 16px;
+  height: 16px;
+  border: 2px solid transparent;
+  border-top-color: currentColor;
+  border-radius: 50%;
+  animation: spin 0.6s linear infinite;
+  flex-shrink: 0;
+}
+
+/* ══════════════════════════════════════════════════════════
+   MAIL CLIENT — Gmail-style 3-column
+   ══════════════════════════════════════════════════════════ */
+
+.mail-layout {
+  display: grid;
+  grid-template-columns: 220px 360px 1fr;
+  height: 100%;
+  overflow: hidden;
+}
+
+/* ── Left: Folder Sidebar ── */
+.mail-sidebar {
+  background: var(--bg);
+  border-right: 1px solid var(--border);
+  padding: 16px 10px;
+  display: flex;
+  flex-direction: column;
+  overflow-y: auto;
+  gap: 6px;
+}
+.mail-sidebar .btn-primary {
+  border-radius: 20px;
+  padding: 10px 16px;
+  font-size: 13px;
+  font-weight: 600;
+  gap: 6px;
+  box-shadow: 0 2px 8px rgba(88, 166, 255, 0.25);
+}
+
+.mail-account {
+  margin-top: auto;
+  padding: 12px 8px;
+  border-top: 1px solid var(--border);
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 6px;
+}
+.mail-account-email {
+  font-size: 11px;
+  color: var(--text-muted);
+  max-width: 100%;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+/* Folders */
+.folder-list {
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+  margin-top: 4px;
+}
+.folder-item {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  padding: 9px 12px;
+  border-radius: 20px;
+  border: none;
+  background: none;
+  cursor: pointer;
+  font-size: 13px;
+  color: var(--text-secondary);
+  text-align: left;
+  width: 100%;
+  transition: all 0.15s ease;
+  font-family: inherit;
+}
+.folder-item:hover {
+  background: var(--bg-hover);
+  color: var(--text-primary);
+}
+.folder-item.active {
+  background: var(--accent-dim);
+  color: var(--accent-hover);
+  font-weight: 600;
+}
+.folder-icon { font-size: 15px; flex-shrink: 0; width: 20px; text-align: center; }
+.folder-name { flex: 1; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+.folder-badge {
+  font-size: 10px;
+  font-weight: 700;
+  min-width: 20px;
+  height: 20px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  border-radius: 10px;
+  background: var(--accent);
+  color: #fff;
+  padding: 0 6px;
+  letter-spacing: 0.02em;
+}
+
+/* ── Center: Message List ── */
+.mail-list {
+  border-right: 1px solid var(--border);
+  display: flex;
+  flex-direction: column;
+  overflow: hidden;
+  background: var(--bg);
+}
+.mail-list-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 14px 20px;
+  border-bottom: 1px solid var(--border);
+  background: var(--bg-card);
+}
+.mail-list-header h2 {
+  font-size: 15px;
+  font-weight: 700;
+  color: var(--text-primary);
+  margin: 0;
+}
+.message-list-inner {
+  overflow-y: auto;
+  flex: 1;
+}
+.message-row {
+  display: flex;
+  align-items: flex-start;
+  gap: 12px;
+  padding: 14px 20px;
+  cursor: pointer;
+  border-bottom: 1px solid rgba(48, 54, 61, 0.5);
+  transition: all 0.12s ease;
+  position: relative;
+}
+.message-row:hover {
+  background: var(--bg-hover);
+}
+.message-row.selected {
+  background: var(--accent-dim);
+  border-left: 3px solid var(--accent);
+  padding-left: 17px;
+}
+.message-row.unread::before {
+  content: "";
+  position: absolute;
+  left: 8px;
+  top: 50%;
+  transform: translateY(-50%);
+  width: 6px;
+  height: 6px;
+  border-radius: 50%;
+  background: var(--accent);
+}
+.message-row.unread { padding-left: 22px; }
+.message-row.unread.selected { padding-left: 19px; }
+.message-row.unread .message-sender { font-weight: 700; color: var(--text-primary); }
+.message-row.unread .message-subject { color: var(--text-secondary); font-weight: 500; }
+.message-avatar {
+  width: 36px;
+  height: 36px;
+  border-radius: 50%;
+  background: linear-gradient(135deg, var(--accent-dim), var(--bg-hover));
+  color: var(--accent-hover);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  font-size: 14px;
+  font-weight: 700;
+  flex-shrink: 0;
+  margin-top: 2px;
+}
+.message-content { flex: 1; min-width: 0; }
+.message-top {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  margin-bottom: 3px;
+  gap: 8px;
+}
+.message-sender {
+  font-size: 13px;
+  color: var(--text-secondary);
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  flex: 1;
+}
+.message-time {
+  font-size: 11px;
+  color: var(--text-muted);
+  flex-shrink: 0;
+  font-variant-numeric: tabular-nums;
+}
+.message-subject {
+  font-size: 12px;
+  color: var(--text-muted);
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  line-height: 1.5;
+}
+.message-attach {
+  font-size: 13px;
+  flex-shrink: 0;
+  opacity: 0.6;
+  margin-top: 2px;
+}
+
+/* ── Right: Message Detail ── */
+.mail-detail {
+  overflow-y: auto;
+  background: var(--bg-card);
+}
+.message-view {
+  padding: 28px 32px;
+  max-width: 900px;
+}
+.message-view-header {
+  display: flex;
+  justify-content: space-between;
+  align-items: flex-start;
+  margin-bottom: 24px;
+  gap: 20px;
+}
+.message-view-subject {
+  font-size: 20px;
+  font-weight: 700;
+  color: var(--text-primary);
+  line-height: 1.35;
+  letter-spacing: -0.01em;
+}
+.message-view-actions { display: flex; gap: 8px; flex-shrink: 0; }
+.message-view-meta {
+  display: flex;
+  align-items: center;
+  gap: 14px;
+  padding: 16px 0;
+  border-bottom: 1px solid var(--border);
+  margin-bottom: 20px;
+}
+.message-view-avatar {
+  width: 40px;
+  height: 40px;
+  border-radius: 50%;
+  background: linear-gradient(135deg, var(--accent-dim), var(--bg-hover));
+  color: var(--accent-hover);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  font-size: 16px;
+  font-weight: 700;
+  flex-shrink: 0;
+}
+.message-attachments {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 8px;
+  margin-bottom: 20px;
+  padding: 12px 0;
+  border-bottom: 1px solid var(--border);
+}
+.attachment-chip {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  padding: 7px 12px;
+  border-radius: 8px;
+  background: var(--bg-hover);
+  border: 1px solid var(--border);
+  font-size: 12px;
+  color: var(--text-secondary);
+  transition: border-color 0.12s;
+  cursor: pointer;
+}
+.attachment-chip:hover { border-color: var(--accent); color: var(--text-primary); }
+.message-view-body {
+  min-height: 200px;
+  padding-top: 4px;
+}
+
+/* ── Empty state for mail ── */
+.mail-empty {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  height: 100%;
+  color: var(--text-muted);
+  gap: 12px;
+  padding: 40px;
+}
+.mail-empty-icon {
+  width: 64px;
+  height: 64px;
+  border-radius: 50%;
+  background: var(--bg-hover);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  margin-bottom: 4px;
+}
+
+/* ── Attachment buttons ── */
+.attachment-actions {
+  display: inline-flex;
+  gap: 4px;
+  margin-left: auto;
+}
+.att-btn {
+  background: none;
+  border: 1px solid transparent;
+  border-radius: 4px;
+  cursor: pointer;
+  font-size: 12px;
+  padding: 2px 5px;
+  transition: all 0.12s;
+  color: var(--text-muted);
+}
+.att-btn:hover {
+  border-color: var(--accent);
+  color: var(--accent-hover);
+  background: var(--accent-dim);
+}
+
+/* ── Compose dropzone ── */
+.compose-dropzone {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  gap: 8px;
+  padding: 16px;
+  border: 2px dashed var(--border);
+  border-radius: var(--radius);
+  cursor: pointer;
+  color: var(--text-muted);
+  font-size: 12px;
+  transition: all 0.15s;
+}
+.compose-dropzone:hover {
+  border-color: var(--text-secondary);
+  color: var(--text-secondary);
+  background: var(--bg-hover);
+}
+.compose-dropzone.active {
+  border-color: var(--accent);
+  color: var(--accent-hover);
+  background: var(--accent-dim);
+}
+
+.compose-attachments {
+  display: flex;
+  flex-direction: column;
+  gap: 4px;
+}
+.compose-att-item {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 6px 10px;
+  background: var(--bg-hover);
+  border-radius: var(--radius);
+  font-size: 12px;
+  color: var(--text-secondary);
+}
+.att-remove {
+  margin-left: auto;
+  background: none;
+  border: none;
+  cursor: pointer;
+  color: var(--text-muted);
+  font-size: 12px;
+  padding: 2px 6px;
+  border-radius: 4px;
+  transition: all 0.12s;
+}
+.att-remove:hover {
+  color: var(--danger);
+  background: var(--danger-dim);
+}
+
+/* ── Responsive ── */
+@media (max-width: 1024px) {
+  .mail-layout { grid-template-columns: 60px 280px 1fr; }
+  .mail-sidebar { padding: 12px 6px; }
+  .mail-sidebar .btn-primary { font-size: 0; padding: 10px; justify-content: center; }
+  .folder-name { display: none; }
+  .folder-badge { display: none; }
+  .folder-item { justify-content: center; padding: 8px; border-radius: 12px; }
+  .mail-account-email { display: none; }
+}
+
+@media (max-width: 768px) {
+  .sidebar { display: none; }
+  .mail-layout { grid-template-columns: 1fr; }
+  .mail-sidebar { display: none; }
+  .mail-detail { display: none; }
+  .page-body { padding: 16px; }
+  .page-header { padding: 16px; }
+  .stats-grid { grid-template-columns: 1fr 1fr; }
 }
diff --git a/app/layout.tsx b/app/layout.tsx
index 976eb90..e202888 100644
--- a/app/layout.tsx
+++ b/app/layout.tsx
@@ -1,20 +1,9 @@
 import type { Metadata } from "next";
-import { Geist, Geist_Mono } from "next/font/google";
 import "./globals.css";
 
-const geistSans = Geist({
-  variable: "--font-geist-sans",
-  subsets: ["latin"],
-});
-
-const geistMono = Geist_Mono({
-  variable: "--font-geist-mono",
-  subsets: ["latin"],
-});
-
 export const metadata: Metadata = {
-  title: "Create Next App",
-  description: "Generated by create next app",
+  title: "AyrisMail Central",
+  description: "Multi-tenant Mailcow yönetim paneli — AyrisTech",
 };
 
 export default function RootLayout({
@@ -23,11 +12,8 @@ export default function RootLayout({
   children: React.ReactNode;
 }>) {
   return (
-    <html
-      lang="en"
-      className={`${geistSans.variable} ${geistMono.variable} h-full antialiased`}
-    >
-      <body className="min-h-full flex flex-col">{children}</body>
+    <html lang="tr">
+      <body>{children}</body>
     </html>
   );
 }
diff --git a/app/login/page.tsx b/app/login/page.tsx
new file mode 100644
index 0000000..c256ea1
--- /dev/null
+++ b/app/login/page.tsx
@@ -0,0 +1,90 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { signIn } from "next-auth/react";
+import { useRouter } from "next/navigation";
+
+export default function LoginPage() {
+  const router = useRouter();
+  const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
+  const [error, setError] = useState("");
+  const [isPending, startTransition] = useTransition();
+
+  const handleSubmit = (e: React.FormEvent) => {
+    e.preventDefault();
+    setError("");
+
+    startTransition(async () => {
+      const res = await signIn("credentials", {
+        email,
+        password,
+        redirect: false,
+      });
+
+      if (res?.error) {
+        setError("E-posta veya şifre hatalı.");
+      } else {
+        router.push("/dashboard");
+        router.refresh();
+      }
+    });
+  };
+
+  return (
+    <div className="login-page">
+      <div className="login-box">
+        <div className="login-header">
+          <div className="login-logo">
+            <svg width="28" height="28" viewBox="0 0 24 24" fill="none" stroke="#fff" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+              <rect width="20" height="16" x="2" y="4" rx="2" />
+              <path d="m22 7-8.97 5.7a1.94 1.94 0 0 1-2.06 0L2 7" />
+            </svg>
+          </div>
+          <h1 className="login-title">AyrisMail Central</h1>
+          <p className="login-sub">Mail sunucunuzu kolayca yönetin</p>
+        </div>
+
+        <div className="card">
+          <form onSubmit={handleSubmit} className="form-group">
+            {error && <div className="error-msg">{error}</div>}
+            <div>
+              <label htmlFor="email" className="label">E-posta</label>
+              <input
+                id="email"
+                type="email"
+                className="input"
+                placeholder="admin@ayristech.com"
+                value={email}
+                onChange={(e) => setEmail(e.target.value)}
+                required
+                autoComplete="email"
+              />
+            </div>
+            <div>
+              <label htmlFor="password" className="label">Şifre</label>
+              <input
+                id="password"
+                type="password"
+                className="input"
+                placeholder="••••••••"
+                value={password}
+                onChange={(e) => setPassword(e.target.value)}
+                required
+                autoComplete="current-password"
+              />
+            </div>
+            <button type="submit" className="btn btn-primary" disabled={isPending} style={{ width: "100%", justifyContent: "center", padding: "10px" }}>
+              {isPending ? <span className="spinner" /> : null}
+              {isPending ? "Giriş yapılıyor..." : "Giriş Yap"}
+            </button>
+          </form>
+        </div>
+
+        <p style={{ textAlign: "center", marginTop: "20px", fontSize: "12px", color: "var(--text-muted)" }}>
+          AyrisTech © {new Date().getFullYear()} — Tüm hakları saklıdır.
+        </p>
+      </div>
+    </div>
+  );
+}
diff --git a/app/page.tsx b/app/page.tsx
index 3f36f7c..dc602ef 100644
--- a/app/page.tsx
+++ b/app/page.tsx
@@ -1,65 +1,11 @@
-import Image from "next/image";
+import { redirect } from "next/navigation";
+import { auth } from "@/auth";
 
-export default function Home() {
-  return (
-    <div className="flex flex-col flex-1 items-center justify-center bg-zinc-50 font-sans dark:bg-black">
-      <main className="flex flex-1 w-full max-w-3xl flex-col items-center justify-between py-32 px-16 bg-white dark:bg-black sm:items-start">
-        <Image
-          className="dark:invert"
-          src="/next.svg"
-          alt="Next.js logo"
-          width={100}
-          height={20}
-          priority
-        />
-        <div className="flex flex-col items-center gap-6 text-center sm:items-start sm:text-left">
-          <h1 className="max-w-xs text-3xl font-semibold leading-10 tracking-tight text-black dark:text-zinc-50">
-            To get started, edit the page.tsx file.
-          </h1>
-          <p className="max-w-md text-lg leading-8 text-zinc-600 dark:text-zinc-400">
-            Looking for a starting point or more instructions? Head over to{" "}
-            <a
-              href="https://vercel.com/templates?framework=next.js&utm_source=create-next-app&utm_medium=appdir-template-tw&utm_campaign=create-next-app"
-              className="font-medium text-zinc-950 dark:text-zinc-50"
-            >
-              Templates
-            </a>{" "}
-            or the{" "}
-            <a
-              href="https://nextjs.org/learn?utm_source=create-next-app&utm_medium=appdir-template-tw&utm_campaign=create-next-app"
-              className="font-medium text-zinc-950 dark:text-zinc-50"
-            >
-              Learning
-            </a>{" "}
-            center.
-          </p>
-        </div>
-        <div className="flex flex-col gap-4 text-base font-medium sm:flex-row">
-          <a
-            className="flex h-12 w-full items-center justify-center gap-2 rounded-full bg-foreground px-5 text-background transition-colors hover:bg-[#383838] dark:hover:bg-[#ccc] md:w-[158px]"
-            href="https://vercel.com/new?utm_source=create-next-app&utm_medium=appdir-template-tw&utm_campaign=create-next-app"
-            target="_blank"
-            rel="noopener noreferrer"
-          >
-            <Image
-              className="dark:invert"
-              src="/vercel.svg"
-              alt="Vercel logomark"
-              width={16}
-              height={16}
-            />
-            Deploy Now
-          </a>
-          <a
-            className="flex h-12 w-full items-center justify-center rounded-full border border-solid border-black/[.08] px-5 transition-colors hover:border-transparent hover:bg-black/[.04] dark:border-white/[.145] dark:hover:bg-[#1a1a1a] md:w-[158px]"
-            href="https://nextjs.org/docs?utm_source=create-next-app&utm_medium=appdir-template-tw&utm_campaign=create-next-app"
-            target="_blank"
-            rel="noopener noreferrer"
-          >
-            Documentation
-          </a>
-        </div>
-      </main>
-    </div>
-  );
+export default async function HomePage() {
+  const session = await auth();
+  if (session) {
+    redirect("/dashboard");
+  } else {
+    redirect("/login");
+  }
 }
diff --git a/auth.ts b/auth.ts
new file mode 100644
index 0000000..e88dba6
--- /dev/null
+++ b/auth.ts
@@ -0,0 +1,53 @@
+import NextAuth from "next-auth";
+import Credentials from "next-auth/providers/credentials";
+import { authenticateUser } from "@/lib/users";
+
+export const { handlers, signIn, signOut, auth } = NextAuth({
+  providers: [
+    Credentials({
+      credentials: {
+        email: { label: "E-posta", type: "email" },
+        password: { label: "Şifre", type: "password" },
+      },
+      async authorize(credentials) {
+        const email = credentials?.email as string | undefined;
+        const password = credentials?.password as string | undefined;
+
+        if (!email || !password) return null;
+
+        const user = authenticateUser(email, password);
+        if (!user) return null;
+
+        return {
+          id: user.id,
+          name: user.name,
+          email: user.email,
+          role: user.role,
+          domains: user.domains,
+        };
+      },
+    }),
+  ],
+  callbacks: {
+    async jwt({ token, user }) {
+      if (user) {
+        token.id = user.id;
+        token.role = (user as { role?: string }).role;
+        token.domains = (user as { domains?: string[] }).domains;
+      }
+      return token;
+    },
+    async session({ session, token }) {
+      session.user.id = token.id as string;
+      session.user.role = token.role as string;
+      session.user.domains = token.domains as string[];
+      return session;
+    },
+  },
+  pages: {
+    signIn: "/login",
+  },
+  session: {
+    strategy: "jwt",
+  },
+});
diff --git a/components/Providers.tsx b/components/Providers.tsx
new file mode 100644
index 0000000..0dfb823
--- /dev/null
+++ b/components/Providers.tsx
@@ -0,0 +1,7 @@
+"use client";
+
+import { SessionProvider } from "next-auth/react";
+
+export default function Providers({ children }: { children: React.ReactNode }) {
+  return <SessionProvider>{children}</SessionProvider>;
+}
diff --git a/components/Sidebar.tsx b/components/Sidebar.tsx
new file mode 100644
index 0000000..3aa25cd
--- /dev/null
+++ b/components/Sidebar.tsx
@@ -0,0 +1,148 @@
+"use client";
+
+import { useSession, signOut } from "next-auth/react";
+import Link from "next/link";
+import { usePathname } from "next/navigation";
+
+const navItems = [
+  {
+    section: "GENEL",
+    items: [
+      { href: "/dashboard", label: "Dashboard", icon: HomeIcon, roles: ["SUPER_ADMIN", "DOMAIN_ADMIN"] },
+      { href: "/dashboard/mail", label: "Mail", icon: InboxIcon, roles: ["SUPER_ADMIN", "DOMAIN_ADMIN"] },
+    ],
+  },
+  {
+    section: "YÖNETİM",
+    items: [
+      { href: "/dashboard/domains", label: "Domainler", icon: GlobeIcon, roles: ["SUPER_ADMIN"] },
+      { href: "/dashboard/users", label: "Kullanıcılar", icon: UsersIcon, roles: ["SUPER_ADMIN"] },
+      { href: "/dashboard/mailboxes", label: "Mail Hesapları", icon: MailIcon, roles: ["SUPER_ADMIN", "DOMAIN_ADMIN"] },
+    ],
+  },
+];
+
+export default function Sidebar() {
+  const { data: session } = useSession();
+  const pathname = usePathname();
+  const role = session?.user?.role ?? "";
+  const name = session?.user?.name ?? "";
+  const email = session?.user?.email ?? "";
+
+  return (
+    <aside className="sidebar">
+      <div className="sidebar-logo">
+        <div className="sidebar-logo-icon">
+          <svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#fff" strokeWidth="2.5" strokeLinecap="round" strokeLinejoin="round">
+            <rect width="20" height="16" x="2" y="4" rx="2" />
+            <path d="m22 7-8.97 5.7a1.94 1.94 0 0 1-2.06 0L2 7" />
+          </svg>
+        </div>
+        <div>
+          <div className="sidebar-logo-text">AyrisMail</div>
+          <div className="sidebar-logo-sub">Central</div>
+        </div>
+      </div>
+
+      <nav className="sidebar-nav">
+        {navItems.map((group) => {
+          const visibleItems = group.items.filter((item) => item.roles.includes(role));
+          if (visibleItems.length === 0) return null;
+
+          return (
+            <div key={group.section}>
+              <div className="sidebar-section">{group.section}</div>
+              {visibleItems.map((item) => (
+                <Link
+                  key={item.href}
+                  href={item.href}
+                  className={`nav-item ${pathname === item.href ? "active" : ""}`}
+                >
+                  <item.icon />
+                  {item.label}
+                </Link>
+              ))}
+            </div>
+          );
+        })}
+      </nav>
+
+      <div className="sidebar-footer">
+        <div className="user-info" style={{ marginBottom: "12px" }}>
+          <div className="user-avatar">{name[0]?.toUpperCase()}</div>
+          <div style={{ flex: 1, minWidth: 0 }}>
+            <div className="user-name" style={{ overflow: "hidden", textOverflow: "ellipsis", whiteSpace: "nowrap" }}>{name}</div>
+            <div className="user-role">{role === "SUPER_ADMIN" ? "Süper Admin" : "Domain Admin"}</div>
+          </div>
+        </div>
+        <button
+          className="btn btn-ghost"
+          style={{ width: "100%", justifyContent: "center", fontSize: "12px" }}
+          onClick={() => signOut({ callbackUrl: "/login" })}
+        >
+          <LogOutIcon />
+          Çıkış Yap
+        </button>
+      </div>
+    </aside>
+  );
+}
+
+// Icons
+function HomeIcon() {
+  return (
+    <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+      <path d="m3 9 9-7 9 7v11a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z" />
+      <polyline points="9 22 9 12 15 12 15 22" />
+    </svg>
+  );
+}
+
+function GlobeIcon() {
+  return (
+    <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+      <circle cx="12" cy="12" r="10" />
+      <path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z" />
+      <path d="M2 12h20" />
+    </svg>
+  );
+}
+
+function UsersIcon() {
+  return (
+    <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+      <path d="M16 21v-2a4 4 0 0 0-4-4H6a4 4 0 0 0-4 4v2" />
+      <circle cx="9" cy="7" r="4" />
+      <path d="M22 21v-2a4 4 0 0 0-3-3.87" />
+      <path d="M16 3.13a4 4 0 0 1 0 7.75" />
+    </svg>
+  );
+}
+
+function MailIcon() {
+  return (
+    <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+      <rect width="20" height="16" x="2" y="4" rx="2" />
+      <path d="m22 7-8.97 5.7a1.94 1.94 0 0 1-2.06 0L2 7" />
+    </svg>
+  );
+}
+
+function InboxIcon() {
+  return (
+    <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+      <polyline points="22 12 16 12 14 15 10 15 8 12 2 12" />
+      <path d="M5.45 5.11 2 12v6a2 2 0 0 0 2 2h16a2 2 0 0 0 2-2v-6l-3.45-6.89A2 2 0 0 0 16.76 4H7.24a2 2 0 0 0-1.79 1.11z" />
+    </svg>
+  );
+}
+
+function LogOutIcon() {
+  return (
+    <svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+      <path d="M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4" />
+      <polyline points="16 17 21 12 16 7" />
+      <line x1="21" x2="9" y1="12" y2="12" />
+    </svg>
+  );
+}
diff --git a/components/mail/ComposeModal.tsx b/components/mail/ComposeModal.tsx
new file mode 100644
index 0000000..0fc05dc
--- /dev/null
+++ b/components/mail/ComposeModal.tsx
@@ -0,0 +1,165 @@
+"use client";
+import { useState, useRef, useCallback } from "react";
+import type { MailMessage } from "@/app/dashboard/mail/page";
+import { formatBytes } from "@/lib/format";
+
+interface AttachmentFile {
+  file: File;
+  name: string;
+  size: number;
+}
+
+export default function ComposeModal({ replyTo, onClose, onSent }: {
+  replyTo: MailMessage | null;
+  onClose: () => void;
+  onSent: () => void;
+}) {
+  const [to, setTo] = useState(replyTo ? replyTo.from[0]?.address ?? "" : "");
+  const [cc, setCc] = useState("");
+  const [subject, setSubject] = useState(replyTo ? `Re: ${replyTo.subject.replace(/^Re:\s*/i, "")}` : "");
+  const [body, setBody] = useState(replyTo ? `\n\n---\n${replyTo.text?.slice(0, 500) ?? ""}` : "");
+  const [attachments, setAttachments] = useState<AttachmentFile[]>([]);
+  const [sending, setSending] = useState(false);
+  const [error, setError] = useState("");
+  const [dragOver, setDragOver] = useState(false);
+  const fileInputRef = useRef<HTMLInputElement>(null);
+
+  const addFiles = useCallback((files: FileList | null) => {
+    if (!files) return;
+    const newFiles = Array.from(files).map((f) => ({ file: f, name: f.name, size: f.size }));
+    setAttachments((prev) => [...prev, ...newFiles]);
+  }, []);
+
+  const removeAttachment = (index: number) => {
+    setAttachments((prev) => prev.filter((_, i) => i !== index));
+  };
+
+  const handleDrop = useCallback((e: React.DragEvent) => {
+    e.preventDefault();
+    setDragOver(false);
+    addFiles(e.dataTransfer.files);
+  }, [addFiles]);
+
+  const handleSend = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setSending(true);
+    setError("");
+
+    try {
+      if (attachments.length > 0) {
+        // Use FormData for attachments
+        const formData = new FormData();
+        formData.append("to", to);
+        if (cc) formData.append("cc", cc);
+        formData.append("subject", subject);
+        formData.append("text", body);
+        formData.append("html", `<pre style="font-family:inherit;white-space:pre-wrap">${body.replace(/</g, "&lt;")}</pre>`);
+        attachments.forEach((att) => {
+          formData.append("attachments", att.file, att.name);
+        });
+
+        const res = await fetch("/api/mail/send", { method: "POST", body: formData });
+        const data = await res.json();
+        if (!res.ok) throw new Error(data.error || "Gönderilemedi");
+      } else {
+        // JSON for simple messages
+        const res = await fetch("/api/mail/send", {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            to, cc: cc || undefined, subject, text: body,
+            html: `<pre style="font-family:inherit;white-space:pre-wrap">${body.replace(/</g, "&lt;")}</pre>`,
+          }),
+        });
+        const data = await res.json();
+        if (!res.ok) throw new Error(data.error || "Gönderilemedi");
+      }
+      onSent();
+    } catch (err: any) {
+      setError(err.message);
+    }
+    setSending(false);
+  };
+
+  const totalSize = attachments.reduce((sum, a) => sum + a.size, 0);
+
+  return (
+    <div className="modal-overlay" onClick={(e) => e.target === e.currentTarget && onClose()}>
+      <div className="modal" style={{ maxWidth: 620 }}>
+        <div className="modal-header">
+          <h2 className="modal-title">{replyTo ? "Yanıtla" : "Yeni Mail"}</h2>
+          <button className="modal-close" onClick={onClose}>✕</button>
+        </div>
+        <form onSubmit={handleSend}>
+          <div className="modal-body form-group">
+            {error && <div className="error-msg">{error}</div>}
+            <div>
+              <label className="label">Alıcı</label>
+              <input type="email" className="input" placeholder="alici@domain.com" value={to}
+                onChange={(e) => setTo(e.target.value)} required autoFocus />
+            </div>
+            <div>
+              <label className="label">CC (isteğe bağlı)</label>
+              <input type="text" className="input" placeholder="cc@domain.com" value={cc}
+                onChange={(e) => setCc(e.target.value)} />
+            </div>
+            <div>
+              <label className="label">Konu</label>
+              <input type="text" className="input" value={subject}
+                onChange={(e) => setSubject(e.target.value)} required />
+            </div>
+            <div>
+              <label className="label">Mesaj</label>
+              <textarea className="input" rows={8} value={body}
+                onChange={(e) => setBody(e.target.value)}
+                style={{ resize: "vertical", fontFamily: "inherit" }} />
+            </div>
+
+            {/* Attachment zone */}
+            <div
+              className={`compose-dropzone ${dragOver ? "active" : ""}`}
+              onDragOver={(e) => { e.preventDefault(); setDragOver(true); }}
+              onDragLeave={() => setDragOver(false)}
+              onDrop={handleDrop}
+              onClick={() => fileInputRef.current?.click()}
+            >
+              <input
+                ref={fileInputRef}
+                type="file"
+                multiple
+                style={{ display: "none" }}
+                onChange={(e) => { addFiles(e.target.files); e.target.value = ""; }}
+              />
+              <span style={{ fontSize: 20 }}>📎</span>
+              <span>Dosya sürükleyin veya tıklayın</span>
+            </div>
+
+            {/* Attachment list */}
+            {attachments.length > 0 && (
+              <div className="compose-attachments">
+                {attachments.map((att, i) => (
+                  <div key={i} className="compose-att-item">
+                    <span>📎 {att.name}</span>
+                    <span style={{ color: "var(--text-muted)", fontSize: 11 }}>{formatBytes(att.size)}</span>
+                    <button type="button" className="att-remove" onClick={() => removeAttachment(i)}>✕</button>
+                  </div>
+                ))}
+                <div style={{ fontSize: 11, color: "var(--text-muted)", marginTop: 4 }}>
+                  Toplam: {formatBytes(totalSize)} — {attachments.length} dosya
+                </div>
+              </div>
+            )}
+          </div>
+          <div className="modal-footer">
+            <button type="button" className="btn btn-ghost" onClick={onClose}>İptal</button>
+            <button type="submit" className="btn btn-primary" disabled={sending}>
+              {sending ? <span className="spinner" /> : <SendIcon />} Gönder
+            </button>
+          </div>
+        </form>
+      </div>
+    </div>
+  );
+}
+
+function SendIcon() { return <svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><line x1="22" x2="11" y1="2" y2="13"/><polygon points="22 2 15 22 11 13 2 9 22 2"/></svg>; }
diff --git a/components/mail/FolderList.tsx b/components/mail/FolderList.tsx
new file mode 100644
index 0000000..c954e14
--- /dev/null
+++ b/components/mail/FolderList.tsx
@@ -0,0 +1,66 @@
+"use client";
+import type { MailFolder } from "@/app/dashboard/mail/page";
+
+const FOLDER_ICONS: Record<string, string> = {
+  "\\Inbox": "📥",
+  "\\Sent": "📤",
+  "\\Drafts": "📝",
+  "\\Trash": "🗑️",
+  "\\Junk": "⚠️",
+  "\\Archive": "📦",
+};
+
+const FOLDER_LABELS: Record<string, string> = {
+  INBOX: "Gelen Kutusu",
+  Sent: "Gönderilenler",
+  Drafts: "Taslaklar",
+  Trash: "Çöp Kutusu",
+  Junk: "Spam",
+  Archive: "Arşiv",
+};
+
+function getFolderIcon(folder: MailFolder): string {
+  if (folder.specialUse && FOLDER_ICONS[folder.specialUse]) return FOLDER_ICONS[folder.specialUse];
+  const lower = folder.path.toLowerCase();
+  if (lower === "inbox") return "📥";
+  if (lower.includes("sent")) return "📤";
+  if (lower.includes("draft")) return "📝";
+  if (lower.includes("trash")) return "🗑️";
+  if (lower.includes("junk") || lower.includes("spam")) return "⚠️";
+  if (lower.includes("archive")) return "📦";
+  return "📁";
+}
+
+function getFolderLabel(folder: MailFolder): string {
+  return FOLDER_LABELS[folder.name] ?? FOLDER_LABELS[folder.path] ?? folder.name;
+}
+
+export default function FolderList({ folders, active, onSelect }: {
+  folders: MailFolder[];
+  active: string;
+  onSelect: (path: string) => void;
+}) {
+  const sorted = [...folders].sort((a, b) => {
+    if (a.path === "INBOX") return -1;
+    if (b.path === "INBOX") return 1;
+    if (a.specialUse && !b.specialUse) return -1;
+    if (!a.specialUse && b.specialUse) return 1;
+    return a.name.localeCompare(b.name);
+  });
+
+  return (
+    <div className="folder-list">
+      {sorted.map((f) => (
+        <button
+          key={f.path}
+          className={`folder-item ${active === f.path ? "active" : ""}`}
+          onClick={() => onSelect(f.path)}
+        >
+          <span className="folder-icon">{getFolderIcon(f)}</span>
+          <span className="folder-name">{getFolderLabel(f)}</span>
+          {f.unseen > 0 && <span className="folder-badge">{f.unseen}</span>}
+        </button>
+      ))}
+    </div>
+  );
+}
diff --git a/components/mail/MailLogin.tsx b/components/mail/MailLogin.tsx
new file mode 100644
index 0000000..5660538
--- /dev/null
+++ b/components/mail/MailLogin.tsx
@@ -0,0 +1,60 @@
+"use client";
+import { useState } from "react";
+
+export default function MailLogin({ onSuccess }: { onSuccess: (email: string) => void }) {
+  const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
+  const [error, setError] = useState("");
+  const [loading, setLoading] = useState(false);
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setError("");
+    setLoading(true);
+    const res = await fetch("/api/mail/auth", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email, password }),
+    });
+    const data = await res.json();
+    setLoading(false);
+    if (res.ok) {
+      onSuccess(email);
+    } else {
+      setError(data.error || "Bağlantı başarısız");
+    }
+  };
+
+  return (
+    <div style={{ display: "flex", alignItems: "center", justifyContent: "center", minHeight: "60vh" }}>
+      <div className="card" style={{ maxWidth: 420, width: "100%" }}>
+        <div style={{ textAlign: "center", marginBottom: 24 }}>
+          <div style={{ fontSize: 32, marginBottom: 8 }}>📧</div>
+          <h2 style={{ fontSize: 18, fontWeight: 700, color: "var(--text-primary)" }}>Mail Hesabına Bağlan</h2>
+          <p style={{ fontSize: 13, color: "var(--text-secondary)", marginTop: 4 }}>
+            Mailcow mail hesabınızın bilgilerini girin
+          </p>
+        </div>
+        <form onSubmit={handleSubmit} className="form-group">
+          {error && <div className="error-msg">{error}</div>}
+          <div>
+            <label className="label">E-posta Adresi</label>
+            <input type="email" className="input" placeholder="info@domain.com" value={email}
+              onChange={(e) => setEmail(e.target.value)} required autoFocus />
+          </div>
+          <div>
+            <label className="label">Şifre</label>
+            <input type="password" className="input" placeholder="Mail hesabı şifresi" value={password}
+              onChange={(e) => setPassword(e.target.value)} required />
+          </div>
+          <button type="submit" className="btn btn-primary" style={{ width: "100%" }} disabled={loading}>
+            {loading ? <span className="spinner" /> : "Bağlan"}
+          </button>
+          <p style={{ fontSize: 11, color: "var(--text-muted)", textAlign: "center", marginTop: 8 }}>
+            Şifreniz sunucuda saklanmaz, sadece oturum süresince kullanılır.
+          </p>
+        </form>
+      </div>
+    </div>
+  );
+}
diff --git a/components/mail/MessageList.tsx b/components/mail/MessageList.tsx
new file mode 100644
index 0000000..bb6520e
--- /dev/null
+++ b/components/mail/MessageList.tsx
@@ -0,0 +1,65 @@
+"use client";
+import type { MailEnvelope } from "@/app/dashboard/mail/page";
+
+function timeAgo(dateStr: string): string {
+  const now = new Date();
+  const d = new Date(dateStr);
+  const diff = now.getTime() - d.getTime();
+  const mins = Math.floor(diff / 60000);
+  if (mins < 1) return "şimdi";
+  if (mins < 60) return `${mins}dk`;
+  const hrs = Math.floor(mins / 60);
+  if (hrs < 24) return `${hrs}sa`;
+  const days = Math.floor(hrs / 24);
+  if (days < 7) return `${days}g`;
+  return d.toLocaleDateString("tr-TR", { day: "numeric", month: "short" });
+}
+
+function senderName(msg: MailEnvelope): string {
+  const f = msg.from[0];
+  return f?.name || f?.address || "Bilinmeyen";
+}
+
+export default function MessageList({ messages, loading, selectedUid, onSelect, onDelete }: {
+  messages: MailEnvelope[];
+  loading: boolean;
+  selectedUid: number | null;
+  onSelect: (uid: number) => void;
+  onDelete: (uid: number) => void;
+}) {
+  if (loading) {
+    return <div className="empty-state" style={{ padding: 40 }}><span className="spinner" style={{ width: 20, height: 20 }} /></div>;
+  }
+
+  if (messages.length === 0) {
+    return (
+      <div className="empty-state" style={{ padding: 40 }}>
+        <div style={{ fontSize: 13, color: "var(--text-muted)" }}>Bu klasörde mail yok</div>
+      </div>
+    );
+  }
+
+  return (
+    <div className="message-list-inner">
+      {messages.map((m) => (
+        <div
+          key={m.uid}
+          className={`message-row ${selectedUid === m.uid ? "selected" : ""} ${!m.seen ? "unread" : ""}`}
+          onClick={() => onSelect(m.uid)}
+        >
+          <div className="message-avatar">
+            {senderName(m)[0]?.toUpperCase() ?? "?"}
+          </div>
+          <div className="message-content">
+            <div className="message-top">
+              <span className="message-sender">{senderName(m)}</span>
+              <span className="message-time">{timeAgo(m.date)}</span>
+            </div>
+            <div className="message-subject">{m.subject}</div>
+          </div>
+          {m.hasAttachments && <span className="message-attach" title="Ek var">📎</span>}
+        </div>
+      ))}
+    </div>
+  );
+}
diff --git a/components/mail/MessageView.tsx b/components/mail/MessageView.tsx
new file mode 100644
index 0000000..412b78b
--- /dev/null
+++ b/components/mail/MessageView.tsx
@@ -0,0 +1,147 @@
+"use client";
+import type { MailMessage } from "@/app/dashboard/mail/page";
+import { formatBytes } from "@/lib/format";
+
+function getFileIcon(contentType: string, filename: string): string {
+  if (contentType.startsWith("image/")) return "🖼️";
+  if (contentType === "application/pdf") return "📄";
+  if (contentType.includes("zip") || contentType.includes("rar") || contentType.includes("tar")) return "📦";
+  if (contentType.includes("word") || filename.endsWith(".doc") || filename.endsWith(".docx")) return "📝";
+  if (contentType.includes("sheet") || contentType.includes("excel") || filename.endsWith(".xls")) return "📊";
+  if (contentType.includes("presentation") || filename.endsWith(".ppt")) return "📑";
+  if (contentType.startsWith("video/")) return "🎬";
+  if (contentType.startsWith("audio/")) return "🎵";
+  return "📎";
+}
+
+function canPreview(contentType: string): boolean {
+  return contentType.startsWith("image/") || contentType === "application/pdf";
+}
+
+export default function MessageView({ message, onReply, onDelete, folder }: {
+  message: MailMessage;
+  onReply: () => void;
+  onDelete: () => void;
+  folder: string;
+}) {
+  const from = message.from[0];
+  const date = new Date(message.date).toLocaleString("tr-TR", {
+    day: "numeric", month: "long", year: "numeric", hour: "2-digit", minute: "2-digit",
+  });
+
+  const downloadUrl = (filename: string) =>
+    `/api/mail/messages/${message.uid}/attachments?folder=${encodeURIComponent(folder)}&filename=${encodeURIComponent(filename)}`;
+
+  const handleAttachment = (att: { filename: string; contentType: string }, preview: boolean) => {
+    const url = downloadUrl(att.filename);
+    if (preview && canPreview(att.contentType)) {
+      window.open(url, "_blank");
+    } else {
+      const a = document.createElement("a");
+      a.href = url;
+      a.download = att.filename;
+      a.click();
+    }
+  };
+
+  return (
+    <div className="message-view">
+      {/* Header */}
+      <div className="message-view-header">
+        <h2 className="message-view-subject">{message.subject}</h2>
+        <div className="message-view-actions">
+          <button className="btn btn-ghost btn-sm" onClick={onReply} title="Yanıtla">
+            <ReplyIcon /> Yanıtla
+          </button>
+          <button className="btn btn-danger btn-sm" onClick={onDelete} title="Sil">
+            <TrashIcon /> Sil
+          </button>
+        </div>
+      </div>
+
+      {/* Meta */}
+      <div className="message-view-meta">
+        <div className="message-view-avatar">{(from?.name || from?.address)?.[0]?.toUpperCase() ?? "?"}</div>
+        <div style={{ flex: 1, minWidth: 0 }}>
+          <div style={{ fontWeight: 600, fontSize: 13 }}>{from?.name || from?.address}</div>
+          <div style={{ fontSize: 11, color: "var(--text-muted)" }}>
+            {from?.address}
+            {message.to.length > 0 && <> → {message.to.map((t) => t.address).join(", ")}</>}
+          </div>
+        </div>
+        <div style={{ fontSize: 11, color: "var(--text-muted)", flexShrink: 0 }}>{date}</div>
+      </div>
+
+      {/* Attachments */}
+      {message.attachments.length > 0 && (
+        <div className="message-attachments">
+          <div style={{ width: "100%", fontSize: 12, fontWeight: 600, color: "var(--text-secondary)", marginBottom: 6 }}>
+            📎 {message.attachments.length} ek
+          </div>
+          {message.attachments.map((att, i) => (
+            <div key={i} className="attachment-chip" onClick={() => handleAttachment(att, false)}>
+              <span>{getFileIcon(att.contentType, att.filename)}</span>
+              <span style={{ maxWidth: 160, overflow: "hidden", textOverflow: "ellipsis", whiteSpace: "nowrap" }}>
+                {att.filename}
+              </span>
+              <span style={{ color: "var(--text-muted)", fontSize: 11 }}>{formatBytes(att.size)}</span>
+              <span className="attachment-actions">
+                <button
+                  className="att-btn"
+                  onClick={(e) => { e.stopPropagation(); handleAttachment(att, false); }}
+                  title="İndir"
+                >
+                  ⬇
+                </button>
+                {canPreview(att.contentType) && (
+                  <button
+                    className="att-btn"
+                    onClick={(e) => { e.stopPropagation(); handleAttachment(att, true); }}
+                    title="Önizle"
+                  >
+                    👁
+                  </button>
+                )}
+              </span>
+            </div>
+          ))}
+        </div>
+      )}
+
+      {/* Body */}
+      <div className="message-view-body">
+        {message.html ? (
+          <iframe
+            srcDoc={sanitizeHtml(message.html)}
+            sandbox="allow-same-origin"
+            style={{ width: "100%", border: "none", minHeight: 400 }}
+            onLoad={(e) => {
+              const iframe = e.target as HTMLIFrameElement;
+              if (iframe.contentDocument) {
+                iframe.style.height = iframe.contentDocument.body.scrollHeight + 20 + "px";
+              }
+            }}
+          />
+        ) : (
+          <pre style={{ whiteSpace: "pre-wrap", fontFamily: "inherit", fontSize: 13, color: "var(--text-secondary)" }}>
+            {message.text}
+          </pre>
+        )}
+      </div>
+    </div>
+  );
+}
+
+function sanitizeHtml(html: string): string {
+  const style = `<style>
+    body { font-family: Inter, -apple-system, sans-serif; font-size: 14px; color: #c9d1d9; background: transparent; margin: 0; padding: 8px; line-height: 1.6; }
+    a { color: #58a6ff; }
+    img { max-width: 100%; height: auto; }
+  </style>`;
+  let clean = html.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, "");
+  clean = clean.replace(/\son\w+\s*=\s*["'][^"']*["']/gi, "");
+  return `<!DOCTYPE html><html><head>${style}</head><body>${clean}</body></html>`;
+}
+
+function ReplyIcon() { return <svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><polyline points="9 17 4 12 9 7"/><path d="M20 18v-2a4 4 0 0 0-4-4H4"/></svg>; }
+function TrashIcon() { return <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M3 6h18"/><path d="M19 6v14c0 1-1 2-2 2H7c-1 0-2-1-2-2V6"/><path d="M8 6V4c0-1 1-2 2-2h4c1 0 2 1 2 2v2"/></svg>; }
diff --git a/dev.db b/dev.db
new file mode 100644
index 0000000..1de4b08
Binary files /dev/null and b/dev.db differ
diff --git a/docs/openapi.yaml b/docs/openapi.yaml
new file mode 100644
index 0000000..cf54f6a
--- /dev/null
+++ b/docs/openapi.yaml
@@ -0,0 +1,6180 @@
+openapi: 3.1.0
+info:
+  description: >-
+    mailcow is complete e-mailing solution with advanced antispam, antivirus,
+    nice UI and API.
+
+
+    In order to use this API you have to create a API key and add your IP
+    address to the whitelist of allowed IPs this can be done by logging into the
+    Mailcow UI using your admin account, then go to Configuration > Access >
+    Edit administrator details > API. There you will find a collapsed API menu.
+
+
+    There are two types of API keys
+      - The read only key can only be used for all get endpoints
+      - The read write key can be used for all endpoints
+
+  title: mailcow API
+  version: "1.0.0"
+
+servers:
+  - url: /
+
+components:
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: X-API-Key
+  responses:
+    Unauthorized:
+      description: Unauthorized
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              type:
+                type: string
+                example: error
+              msg:
+                type: string
+                example: authentication failed
+            required:
+              - type
+              - msg
+
+security:
+  - ApiKeyAuth: []
+
+paths:
+  /api/v1/add/alias:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - add
+                        - alias
+                        - active: "1"
+                          address: alias@domain.tld
+                          goto: destination@domain.tld
+                        - null
+                      msg:
+                        - alias_added
+                        - alias@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Aliases
+      description: >-
+        You may create your own mailbox alias using this action. It takes a JSON
+        object containing a domain informations.
+
+        Only one `goto*` option can be used, for ex. if you want learn as spam,
+        then send just `goto_spam = 1` in request body.
+      operationId: Create alias
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                active: "1"
+                address: alias@domain.tld
+                goto: destination@domain.tld
+              properties:
+                active:
+                  description: is alias active or not
+                  type: boolean
+                address:
+                  description: 'alias address, for catchall use "@domain.tld"'
+                  type: string
+                goto:
+                  description: "destination address, comma separated"
+                  type: string
+                goto_ham:
+                  description: learn as ham
+                  type: boolean
+                goto_null:
+                  description: silently ignore
+                  type: boolean
+                goto_spam:
+                  description: learn as spam
+                  type: boolean
+                sogo_visible:
+                  description: toggle visibility as selectable sender in SOGo
+                  type: boolean
+              type: object
+      summary: Create alias
+  /api/v1/add/time_limited_alias:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - add
+                        - time_limited_alias
+                        - address: info@domain.tld
+                          domain: domain.tld
+                        - null
+                      msg:
+                        - mailbox_modified
+                        - info@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Aliases
+      description: >-
+        You may create a time limited alias using this action. It takes a JSON
+        object containing a domain and mailbox informations.
+        Mailcow will generate a random alias.
+      operationId: Create time limited alias
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                username: info@domain.tld
+                domain: domain.tld
+              properties:
+                username:
+                  description: 'the mailbox an alias should be created for'
+                  type: string
+                domain:
+                  description: "the domain"
+                  type: string
+              type: object
+      summary: Create time limited alias
+  /api/v1/add/app-passwd:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - app_passwd
+                        - add
+                        - active: "1"
+                          username: info@domain.tld
+                          app_name: wordpress
+                          app_passwd: keyleudecticidechothistishownsan31
+                          app_passwd2: keyleudecticidechothistishownsan31
+                          protocols:
+                            - imap_access
+                            - dav_access
+                            - smtp_access
+                            - eas_access
+                            - pop3_access
+                            - sieve_access
+                      msg: app_passwd_added
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - App Passwords
+      description: >-
+        Using this endpoint you can create a new app password for a specific
+        mailbox.
+      operationId: Create App Password
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                active: "1"
+                username: info@domain.tld
+                app_name: wordpress
+                app_passwd: keyleudecticidechothistishownsan31
+                app_passwd2: keyleudecticidechothistishownsan31
+                protocols:
+                  - imap_access
+                  - dav_access
+                  - smtp_access
+                  - eas_access
+                  - pop3_access
+                  - sieve_access
+              properties:
+                active:
+                  description: is alias active or not
+                  type: boolean
+                username:
+                  description: mailbox for which the app password should be created
+                  type: string
+                app_name:
+                  description: name of your app password
+                  type: string
+                app_passwd:
+                  description: your app password
+                  type: string
+                app_passwd2:
+                  description: your app password
+                  type: string
+              type: object
+      summary: Create App Password
+  /api/v1/add/bcc:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - bcc
+                        - add
+                        - active: "1"
+                          bcc_dest: bcc@awesomecow.tld
+                          local_dest: mailcow.tld
+                          type: sender
+                        - null
+                      msg: bcc_saved
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Address Rewriting
+      description: >-
+        Using this endpoint you can create a BCC map to forward all mails via a
+        bcc for a given domain.
+      operationId: Create BCC Map
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                active: "1"
+                bcc_dest: bcc@awesomecow.tld
+                local_dest: mailcow.tld
+                type: sender
+              properties:
+                active:
+                  description: 1 for a active user account 0 for a disabled user account
+                  type: number
+                bcc_dest:
+                  description: the email address where all mails should be send to
+                  type: string
+                local_dest:
+                  description: the domain which emails should be forwarded
+                  type: string
+                type:
+                  description: the type of bcc map can be `sender` or `rcpt`
+                  enum: [sender, rcpt]
+                  type: string
+              type: object
+      summary: Create BCC Map
+  /api/v1/add/dkim:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - dkim
+                        - add
+                        - dkim_selector: dkim
+                          domains: hanspeterlol.de
+                          key_size: "2048"
+                      msg:
+                        - dkim_added
+                        - hanspeterlol.de
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - DKIM
+      description: Using this endpoint you can generate new DKIM keys.
+      operationId: Generate DKIM Key
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                dkim_selector: dkim
+                domains: mailcow.tld
+                key_size: "2048"
+              properties:
+                dkim_selector:
+                  description: the DKIM selector default dkim
+                  type: string
+                domains:
+                  description: a list of domains for which a dkim key should be generated
+                  type: string
+                key_size:
+                  description: the key size (1024, 2048, 3072 or 4096)
+                  type: number
+              type: object
+      summary: Generate DKIM Key
+  /api/v1/add/dkim_duplicate:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - dkim
+                        - duplicate
+                        - from_domain: mailcow.tld
+                          to_domain: awesomecow.tld
+                      msg:
+                        - dkim_duplicated
+                        - mailcow.tld
+                        - awesomecow.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - DKIM
+      description: Using this endpoint you can duplicate the DKIM Key of one domain.
+      operationId: Duplicate DKIM Key
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                from_domain: mailcow.tld
+                to_domain: awesomecow.tld
+              properties:
+                fron_domain:
+                  description: the domain where the dkim key should be copied from
+                  type: string
+                to_domain:
+                  description: the domain where the dkim key should be copied to
+                  type: string
+              type: object
+      summary: Duplicate DKIM Key
+  /api/v1/add/domain:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - ratelimit
+                        - edit
+                        - domain
+                        - object: domain.tld
+                          rl_frame: s
+                          rl_value: "10"
+                      msg:
+                        - rl_saved
+                        - domain.tld
+                      type: success
+                    - log:
+                        - mailbox
+                        - add
+                        - domain
+                        - active: "1"
+                          aliases: "400"
+                          restart_sogo: "1"
+                          backupmx: "0"
+                          defquota: "3072"
+                          description: some decsription
+                          domain: domain.tld
+                          mailboxes: "10"
+                          maxquota: "10240"
+                          quota: "10240"
+                          relay_all_recipients: "0"
+                          rl_frame: s
+                          rl_value: "10"
+                          tags: ["tag1", "tag2"]
+                        - null
+                      msg:
+                        - domain_added
+                        - domain.tld
+                      type: success
+              schema:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    log:
+                      description: contains request object
+                      items: {}
+                      type: array
+                    msg:
+                      items: {}
+                      type: array
+                    type:
+                      enum:
+                        - success
+                        - danger
+                        - error
+                      type: string
+          description: OK
+          headers: {}
+      tags:
+        - Domains
+      description: >-
+        You may create your own domain using this action. It takes a JSON object
+        containing a domain informations.
+      operationId: Create domain
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                active: "1"
+                aliases: "400"
+                backupmx: "0"
+                defquota: "3072"
+                description: some decsription
+                domain: domain.tld
+                mailboxes: "10"
+                maxquota: "10240"
+                quota: "10240"
+                relay_all_recipients: "0"
+                rl_frame: s
+                rl_value: "10"
+                restart_sogo: "10"
+                tags: ["tag1", "tag2"]
+              properties:
+                active:
+                  description: is domain active or not
+                  type: boolean
+                aliases:
+                  description: limit count of aliases associated with this domain
+                  type: number
+                backupmx:
+                  description: relay domain or not
+                  type: boolean
+                defquota:
+                  description: predefined mailbox quota in `add mailbox` form
+                  type: number
+                description:
+                  description: Description of domain
+                  type: string
+                domain:
+                  description: Fully qualified domain name
+                  type: string
+                gal:
+                  description: >-
+                    is domain global address list active or not, it enables
+                    shared contacts accross domain in SOGo webmail
+                  type: boolean
+                mailboxes:
+                  description: limit count of mailboxes associated with this domain
+                  type: number
+                maxquota:
+                  description: maximum quota per mailbox
+                  type: number
+                quota:
+                  description: maximum quota for this domain (for all mailboxes in sum)
+                  type: number
+                restart_sogo:
+                  description: restart SOGo to activate the domain in SOGo
+                  type: number
+                relay_all_recipients:
+                  description: >-
+                    if not, them you have to create "dummy" mailbox for each
+                    address to relay
+                  type: boolean
+                relay_unknown_only:
+                  description: Relay non-existing mailboxes only. Existing mailboxes will be delivered locally.
+                  type: boolean
+                rl_frame:
+                  enum:
+                    - s
+                    - m
+                    - h
+                    - d
+                  type: string
+                rl_value:
+                  description: rate limit value
+                  type: number
+                tags:
+                  description: tags for this Domain
+                  type: array
+                  items:
+                    type: string
+              type: object
+      summary: Create domain
+  /api/v1/add/domain-admin:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - domain_admin
+                        - add
+                        - active: "1"
+                          domains: mailcow.tld
+                          password: "*"
+                          password2: "*"
+                          username: testadmin
+                      msg:
+                        - domain_admin_added
+                        - testadmin
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Domain admin
+      description: >-
+        Using this endpoint you can create a new Domain Admin user. This user
+        has full control over a domain, and can create new mailboxes and
+        aliases.
+      operationId: Create Domain Admin user
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                active: "1"
+                domains: mailcow.tld
+                password: supersecurepw
+                password2: supersecurepw
+                username: testadmin
+              properties:
+                active:
+                  description: 1 for a active user account 0 for a disabled user account
+                  type: number
+                domains:
+                  description: the domains the user should be a admin of
+                  type: string
+                password:
+                  description: domain admin user password
+                  type: string
+                password2:
+                  description: domain admin user password
+                  type: string
+                username:
+                  description: the username for the admin user
+                  type: string
+              type: object
+      summary: Create Domain Admin user
+  /api/v1/add/sso/domain-admin:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    token: "591F6D-5C3DD2-7455CD-DAF1C1-AA4FCC"
+          description: OK
+          headers: { }
+      tags:
+        - Single Sign-On
+      description: >-
+        Using this endpoint you can issue a token for Domain Admin user. This token can be used for
+        autologin Domain Admin user by using query_string var sso_token={token}. Token expiration time is 30s
+      operationId: Issue Domain Admin SSO token
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                username: testadmin
+              properties:
+                username:
+                  description: the username for the admin user
+                  type: object
+              type: object
+      summary: Issue Domain Admin SSO token
+  /api/v1/edit/da-acl:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: success
+                      log:
+                        - acl
+                        - edit
+                        - testadmin
+                        - username:
+                            - testadmin
+                          da_acl:
+                            - syncjobs
+                            - quarantine
+                            - login_as
+                            - sogo_access
+                            - app_passwds
+                            - bcc_maps
+                            - pushover
+                            - filters
+                            - ratelimit
+                            - spam_policy
+                            - extend_sender_acl
+                            - unlimited_quota
+                            - protocol_access
+                            - smtp_ip_access
+                            - alias_domains
+                            - domain_desc
+                      msg:
+                        - acl_saved
+                        - testadmin
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Domain admin
+      description: >-
+        Using this endpoint you can edit the ACLs of a Domain Admin user. This user
+        has full control over a domain, and can create new mailboxes and
+        aliases.
+      operationId: Edit Domain Admin ACL
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                items:
+                  - testadmin
+                attr:
+                  da_acl:
+                    - syncjobs
+                    - quarantine
+                    - login_as
+                    - sogo_access
+                    - app_passwds
+                    - bcc_maps
+                    - pushover
+                    - filters
+                    - ratelimit
+                    - spam_policy
+                    - extend_sender_acl
+                    - unlimited_quota
+                    - protocol_access
+                    - smtp_ip_access
+                    - alias_domains
+                    - domain_desc
+              properties:
+                items:
+                  description: contains the domain admin username you want to edit
+                  type: object
+                attr:
+                  properties:
+                    da_acl:
+                      description: contains the list of acl names that are active for this user
+                      type: object
+                  type: object
+      summary: Edit Domain Admin ACL
+  /api/v1/edit/domain-admin:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: success
+                      log:
+                        - domain_admin
+                        - edit
+                        - username: testadmin
+                          active: ["0","1"]
+                          username_new: testadmin
+                          domains: ["domain.tld"]
+                          password: "*"
+                          password2: "*"
+                      msg:
+                        - domain_admin_modified
+                        - testadmin
+              schema:
+                properties:
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Domain admin
+      description: >-
+        Using this endpoint you can edit a existing Domain Admin user. This user
+        has full control over a domain, and can create new mailboxes and
+        aliases.
+      operationId: Edit Domain Admin user
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                items:
+                  - testadmin
+                attr:
+                  active:
+                    - '0'
+                    - '1'
+                  username_new: testadmin
+                  domains: ["domain.tld"]
+                  password: supersecurepassword
+                  password2: supersecurepassword
+              properties:
+                attr:
+                  properties:
+                    active:
+                      description: is the domain admin active or not
+                      type: boolean
+                    username_new:
+                      description: the username of the domain admin, change this to change the username
+                      type: string
+                    domains:
+                      description: a list of all domains managed by this domain admin
+                      type: array
+                      items:
+                        type: string
+                    password:
+                      description: the new domain admin user password
+                      type: string
+                    password2:
+                      description: the new domain admin user password for confirmation
+                      type: string
+                  type: object
+                items:
+                  description: contains the domain admin username you want to edit
+                  type: object
+      summary: Edit Domain Admin user
+  /api/v1/add/domain-policy:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - policy
+                        - add
+                        - domain
+                        - domain: domain.tld
+                          object_from: "*@baddomain.tld"
+                          object_list: bl
+                      msg:
+                        - domain_modified
+                        - domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Domain antispam policies
+      description: >-
+        You may create your own domain policy using this action. It takes a JSON
+        object containing a domain informations.
+      operationId: Create domain policy
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                domain: domain.tld
+                object_from: "*@baddomain.tld"
+                object_list: bl
+              properties:
+                domain:
+                  description: domain name to which policy is associated to
+                  type: string
+                object_from:
+                  description: exact address or use wildcard to match whole domain
+                  type: string
+                object_list:
+                  enum:
+                    - wl
+                    - bl
+                  type: string
+              type: object
+      summary: Create domain policy
+  /api/v1/add/fwdhost:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - fwdhost
+                        - add
+                        - filter_spam: "0"
+                          hostname: hosted.mailcow.de
+                      msg:
+                        - forwarding_host_added
+                        - "5.1.76.202, 2a00:f820:417::202"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Fordwarding Hosts
+      description: >-
+        Add a new Forwarding host to mailcow. You can chose to enable or disable
+        spam filtering of incoming emails by specifing `filter_spam` 0 =
+        inactive, 1 = active.
+      operationId: Add Forward Host
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                filter_spam: "0"
+                hostname: hosted.mailcow.de
+              properties:
+                filter_spam:
+                  description: "1 to enable spam filter, 0 to disable spam filter"
+                  type: number
+                hostname:
+                  description: contains the hostname you want to add
+                  type: string
+              type: object
+      summary: Add Forward Host
+  /api/v1/add/mailbox:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - add
+                        - mailbox
+                        - active: "1"
+                          domain: domain.tld
+                          local_part: info
+                          name: Full name
+                          password: "*"
+                          password2: "*"
+                          quota: "3072"
+                          force_pw_update: "1"
+                          tls_enforce_in: "1"
+                          tls_enforce_out: "1"
+                          tags: ["tag1", "tag2"]
+                        - null
+                      msg:
+                        - mailbox_added
+                        - info@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: >-
+        You may create your own mailbox using this action. It takes a JSON
+        object containing a domain informations.
+      operationId: Create mailbox
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                active: "1"
+                domain: domain.tld
+                local_part: info
+                name: Full name
+                authsource: mailcow
+                password: atedismonsin
+                password2: atedismonsin
+                quota: "3072"
+                force_pw_update: "1"
+                tls_enforce_in: "1"
+                tls_enforce_out: "1"
+                tags: ["tag1", "tag2"]
+              properties:
+                active:
+                  description: is mailbox active or not
+                  type: boolean
+                domain:
+                  description: domain name
+                  type: string
+                local_part:
+                  description: left part of email address
+                  type: string
+                name:
+                  description: Full name of the mailbox user
+                  type: string
+                authsource:
+                  description: Specifies the authentication source for the mailbox.
+                  type: string
+                  enum: [mailcow, ldap, keycloak, generic-oidc]
+                  default: mailcow
+                password2:
+                  description: mailbox password for confirmation
+                  type: string
+                password:
+                  description: mailbox password when using `mailcow` as the authentication source.
+                  type: string
+                quota:
+                  description: mailbox quota
+                  type: number
+                force_pw_update:
+                  description: forces the user to update its password on first login
+                  type: boolean
+                tls_enforce_in:
+                  description: force inbound email tls encryption
+                  type: boolean
+                tls_enforce_out:
+                  description: force oubound tmail tls encryption
+                  type: boolean
+              type: object
+      summary: Create mailbox
+
+  /api/v1/add/oauth2-client:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - oauth2
+                        - add
+                        - client
+                        - redirect_uri: "https://mailcow.tld"
+                      msg: Added client access
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - oAuth Clients
+      description: Using this endpoint you can create a oAuth clients.
+      operationId: Create oAuth Client
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                redirect_uri: "https://mailcow.tld"
+              properties:
+                redirect_uri:
+                  description: the uri where you should be redirected after oAuth
+                  type: string
+              type: object
+      summary: Create oAuth Client
+  /api/v1/add/recipient_map:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - recipient_map
+                        - add
+                        - active: "1"
+                          recipient_map_new: target@mailcow.tld
+                          recipient_map_old: recipient@mailcow.tld
+                        - null
+                      msg:
+                        - recipient_map_entry_saved
+                        - recipient@mailcow.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Address Rewriting
+      description: >-
+        Using this endpoint you can create a recipient map to forward all mails
+        from one email address to another.
+      operationId: Create Recipient Map
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                active: "1"
+                recipient_map_new: target@mailcow.tld
+                recipient_map_old: recipient@mailcow.tld
+              properties:
+                active:
+                  description: 1 for a active user account 0 for a disabled user account
+                  type: number
+                recipient_map_new:
+                  description: the email address that should receive the forwarded emails
+                  type: string
+                recipient_map_old:
+                  description: the email address which emails should be forwarded
+                  type: string
+              type: object
+      summary: Create Recipient Map
+  /api/v1/add/relayhost:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - relayhost
+                        - add
+                        - hostname: "mailcow.tld:25"
+                          password: supersecurepassword
+                          username: testuser
+                      msg:
+                        - relayhost_added
+                        - ""
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Routing
+      description: Using this endpoint you can create Sender-Dependent Transports.
+      operationId: Create Sender-Dependent Transports
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                hostname: "mailcow.tld:25"
+                password: supersecurepassword
+                username: testuser
+              properties:
+                hostname:
+                  description: the hostname of the smtp server with port
+                  type: string
+                password:
+                  description: the password for the smtp user
+                  type: string
+                username:
+                  description: the username used to authenticate
+                  type: string
+              type: object
+      summary: Create Sender-Dependent Transports
+  /api/v1/add/resource:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - add
+                        - resource
+                        - active: "1"
+                          description: test
+                          domain: mailcow.tld
+                          kind: location
+                          multiple_bookings: "0"
+                          multiple_bookings_custom: ""
+                          multiple_bookings_select: "0"
+                        - null
+                      msg:
+                        - resource_added
+                        - mailcow.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Resources
+      description: Using this endpoint you can create Resources.
+      operationId: Create Resources
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                active: "1"
+                description: test
+                domain: mailcow.tld
+                kind: location
+                multiple_bookings: "0"
+                multiple_bookings_custom: ""
+                multiple_bookings_select: "0"
+              properties:
+                active:
+                  description: 1 for a active transport map 0 for a disabled transport map
+                  type: number
+                description:
+                  description: a description of the resource
+                  type: string
+                domain:
+                  description: the domain for which the resource should be
+                  type: string
+                kind:
+                  description: the kind of recouse
+                  enum:
+                    - location
+                    - group
+                    - thing
+                  type: string
+                multiple_bookings:
+                  enum:
+                    - "-1"
+                    - "1"
+                    - custom
+                  type: string
+                multiple_bookings_custom:
+                  description: always empty
+                  type: number
+                multiple_bookings_select:
+                  enum:
+                    - "-1"
+                    - "1"
+                    - custom
+                  type: string
+              type: object
+      summary: Create Resources
+  /api/v1/add/syncjob:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - add
+                        - syncjob
+                        - active: "1"
+                          automap: "1"
+                          custom_params: ""
+                          delete1: "0"
+                          delete2: "0"
+                          delete2duplicates: "1"
+                          enc1: SSL
+                          exclude: (?i)spam|(?i)junk
+                          host1: imap.server.tld
+                          maxage: "0"
+                          maxbytespersecond: "0"
+                          mins_interval: "20"
+                          password1: supersecret
+                          port1: 993
+                          skipcrossduplicates: "0"
+                          subfolder2: External
+                          subscribeall: "1"
+                          timeout1: "600"
+                          timeout2: "600"
+                          user1: username
+                          username: mailbox@domain.tld
+                        - null
+                      msg:
+                        - mailbox_modified
+                        - mailbox@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Sync jobs
+      description: >-
+        You can create new sync job using this action. It takes a JSON object
+        containing a domain informations.
+      operationId: Create sync job
+      summary: Create sync job
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                username: lisa@mailcow.tld
+                host1: mail.mailcow.tld
+                port1: "143"
+                user1: demo@mailcow.tld
+                password1: supersecretpw
+                enc1: TLS
+                mins_interval: "20"
+                subfolder2: "/SyncIntoSubfolder"
+                maxage: "0"
+                maxbytespersecond: "0"
+                timeout1: "600"
+                timeout2: "600"
+                exclude: "(?i)spam|(?i)junk"
+                custom_params: "--dry"
+                delete2duplicates: "1"
+                delete1: "1"
+                delete2: "0"
+                automap: "1"
+                skipcrossduplicates: "0"
+                subscribeall: "0"
+                active: "1"
+              properties:
+                parameters:
+                  description: your local mailcow mailbox
+                  type: string
+                host1:
+                  description: the smtp server where mails should be synced from
+                  type: string
+                port1:
+                  description: the smtp port of the target mail server
+                  type: string
+                user1:
+                  description: the username of the mailbox
+                  type: string
+                password:
+                  description: the password of the mailbox
+                  type: string
+                enc1:
+                  description: the encryption method used to connect to the mailserver
+                  type: string
+                mins_internal:
+                  description: the interval in which messages should be syned
+                  type: number
+                subfolder2:
+                  description: sync into subfolder on destination (empty = do not use subfolder)
+                  type: string
+                maxage:
+                  description: only sync messages up to this age in days
+                  type: number
+                maxbytespersecond:
+                  description: max speed transfer limit for the sync
+                  type: number
+                timeout1:
+                  description: timeout for connection to remote host
+                  type: number
+                timeout2:
+                  description: timeout for connection to local host
+                  type: number
+                exclude:
+                  description: exclude objects (regex)
+                  type: string
+                custom_params:
+                  description: custom parameters
+                  type: string
+                delete2duplicates:
+                  description: delete duplicates on destination (--delete2duplicates)
+                  type: boolean
+                delete1:
+                  description: delete from source when completed (--delete1)
+                  type: boolean
+                delete2:
+                  description: delete messages on destination that are not on source (--delete2)
+                  type: boolean
+                automap:
+                  description: try to automap folders ("Sent items", "Sent" => "Sent" etc.) (--automap)
+                  type: boolean
+                skipcrossduplicates:
+                  description: skip duplicate messages across folders (first come, first serve) (--skipcrossduplicates)
+                  type: boolean
+                subscribeall:
+                  description: subscribe all folders (--subscribeall)
+                  type: boolean
+                active:
+                  description: enables or disables the sync job
+                  type: boolean
+              type: object
+  /api/v1/add/tls-policy-map:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - tls_policy_maps
+                        - add
+                        - parameters: ""
+                          active: "1"
+                          dest: mailcow.tld
+                          policy: encrypt
+                        - null
+                      msg:
+                        - tls_policy_map_entry_saved
+                        - mailcow.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Outgoing TLS Policy Map Overrides
+      description: Using this endpoint you can create a TLS policy map override.
+      operationId: Create TLS Policy Map
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                parameters: ""
+                active: "1"
+                dest: mailcow.tld
+                policy: encrypt
+              properties:
+                parameters:
+                  description: >-
+                    custom parameters you find out more about them
+                    [here](http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps)
+                  type: string
+                active:
+                  description: 1 for a active user account 0 for a disabled user account
+                  type: number
+                dest:
+                  description: the target domain or email address
+                  type: string
+                policy:
+                  description: the policy
+                  enum:
+                    - none
+                    - may
+                    - encrypt
+                    - dane
+                    - "'dane"
+                    - fingerprint
+                    - verify
+                    - secure
+                  type: string
+              type: object
+      summary: Create TLS Policy Map
+  /api/v1/add/transport:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - transport
+                        - add
+                        - active: "1"
+                          destination: example2.org
+                          nexthop: "host:25"
+                          password: supersecurepw
+                          username: testuser
+                      msg:
+                        - relayhost_added
+                        - ""
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Routing
+      description: Using this endpoint you can create Sender-Dependent Transports.
+      operationId: Create Transport Maps
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                active: "1"
+                destination: example.org
+                nexthop: "host:25"
+                password: supersecurepw
+                username: testuser
+              properties:
+                active:
+                  description: 1 for a active transport map 0 for a disabled transport map
+                  type: number
+                destination:
+                  type: string
+                nexthop:
+                  type: string
+                password:
+                  description: the password for the smtp user
+                  type: string
+                username:
+                  description: the username used to authenticate
+                  type: string
+              type: object
+      summary: Create Transport Maps
+  /api/v1/delete/alias:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - delete
+                        - alias
+                        - id:
+                            - "6"
+                            - "9"
+                        - null
+                      msg:
+                        - alias_removed
+                        - alias@domain.tld
+                      type: success
+                    - log:
+                        - mailbox
+                        - delete
+                        - alias
+                        - id:
+                            - "6"
+                            - "9"
+                        - null
+                      msg:
+                        - alias_removed
+                        - alias2@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Aliases
+      description: You can delete one or more aliases.
+      operationId: Delete alias
+      requestBody:
+        content:
+          application/json:
+            schema:
+              items:
+                example: "6"
+                type: string
+              type: array
+      summary: Delete alias
+  /api/v1/delete/app-passwd:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - app_passwd
+                        - delete
+                        - id:
+                            - "2"
+                      msg:
+                        - app_passwd_removed
+                        - "2"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - App Passwords
+      description: Using this endpoint you can delete a single app password.
+      operationId: Delete App Password
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - "1"
+              properties:
+                items:
+                  description: contains list of app passwords you want to delete
+                  type: object
+              type: object
+      summary: Delete App Password
+  /api/v1/delete/bcc:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - bcc
+                        - delete
+                        - id:
+                            - "4"
+                        - null
+                      msg:
+                        - bcc_deleted
+                        - "4"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Address Rewriting
+      description: >-
+        Using this endpoint you can delete a BCC map, for this you have to know
+        its ID. You can get the ID using the GET method.
+      operationId: Delete BCC Map
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - "3"
+              properties:
+                items:
+                  description: contains list of bcc maps you want to delete
+                  type: object
+              type: object
+      summary: Delete BCC Map
+  /api/v1/delete/dkim:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - dkim
+                        - delete
+                        - domains:
+                            - mailcow.tld
+                      msg:
+                        - dkim_removed
+                        - mailcow.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - DKIM
+      description: Using this endpoint a existing DKIM Key can be deleted
+      operationId: Delete DKIM Key
+      requestBody:
+        content:
+          application/json:
+            schema:
+              items:
+                example:
+                  - mailcow.tld
+                type: string
+              type: array
+      summary: Delete DKIM Key
+  /api/v1/delete/domain:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - delete
+                        - domain
+                        - domain:
+                            - domain.tld
+                            - domain2.tld
+                        - null
+                      msg:
+                        - domain_removed
+                        - domain.tld
+                      type: success
+                    - log:
+                        - mailbox
+                        - delete
+                        - domain
+                        - domain:
+                            - domain.tld
+                            - domain2.tld
+                        - null
+                      msg:
+                        - domain_removed
+                        - domain2.tld
+                      type: success
+              schema:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    log:
+                      description: contains request object
+                      items: {}
+                      type: array
+                    msg:
+                      items: {}
+                      type: array
+                    type:
+                      enum:
+                        - success
+                        - danger
+                        - error
+                      type: string
+          description: OK
+          headers: {}
+      tags:
+        - Domains
+      description: You can delete one or more domains.
+      operationId: Delete domain
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              example:
+                - domain.tld
+                - domain2.tld
+              properties:
+                items:
+                  type: array
+                  items:
+                    type: string
+      summary: Delete domain
+  /api/v1/delete/domain-admin:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - domain_admin
+                        - delete
+                        - username:
+                            - testadmin
+                      msg:
+                        - domain_admin_removed
+                        - testadmin
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Domain admin
+      description: Using this endpoint a existing Domain Admin user can be deleted.
+      operationId: Delete Domain Admin
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - testadmin
+              properties:
+                items:
+                  description: contains list of usernames of the users you want to delete
+                  type: object
+              type: object
+      summary: Delete Domain Admin
+  /api/v1/delete/domain-policy:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - policy
+                        - delete
+                        - domain
+                        - prefid:
+                            - "1"
+                            - "2"
+                      msg:
+                        - item_deleted
+                        - "1"
+                      type: success
+                    - log:
+                        - policy
+                        - delete
+                        - domain
+                        - prefid:
+                            - "1"
+                            - "2"
+                      msg:
+                        - item_deleted
+                        - "2"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Domain antispam policies
+      description: You can delete one o more domain policies.
+      operationId: Delete domain policy
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - "1"
+                - "2"
+              properties:
+                items:
+                  description: contains list of domain policys you want to delete
+                  type: object
+              type: object
+      summary: Delete domain policy
+  /api/v1/delete/fwdhost:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - fwdhost
+                        - delete
+                        - forwardinghost:
+                            - 5.1.76.202
+                            - "2a00:f820:417::202"
+                      msg:
+                        - forwarding_host_removed
+                        - 5.1.76.202
+                      type: success
+                    - log:
+                        - fwdhost
+                        - delete
+                        - forwardinghost:
+                            - 5.1.76.202
+                            - "2a00:f820:417::202"
+                      msg:
+                        - forwarding_host_removed
+                        - "2a00:f820:417::202"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Fordwarding Hosts
+      description: >-
+        Using this endpoint you can delete a forwarding host, in order to do so
+        you need to know the IP of the host.
+      operationId: Delete Forward Host
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - 5.1.76.202
+                - "2a00:f820:417::202"
+              properties:
+                ip:
+                  description: contains the ip of the fowarding host you want to delete
+                  type: string
+              type: object
+      summary: Delete Forward Host
+  /api/v1/delete/mailbox:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - delete
+                        - mailbox
+                        - username:
+                            - info@domain.tld
+                            - sales@domain.tld
+                        - null
+                      msg:
+                        - mailbox_removed
+                        - info@domain.tld
+                      type: success
+                    - log:
+                        - mailbox
+                        - delete
+                        - mailbox
+                        - username:
+                            - info@domain.tld
+                            - sales@domain.tld
+                        - null
+                      msg:
+                        - mailbox_removed
+                        - sales@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: You can delete one or more mailboxes.
+      operationId: Delete mailbox
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - info@domain.tld
+                - sales@domain.tld
+              properties:
+                items:
+                  description: contains list of mailboxes you want to delete
+                  type: object
+              type: object
+      summary: Delete mailbox
+  /api/v1/delete/mailq:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    msg: Task completed
+                    type: success
+          description: OK
+          headers: {}
+      tags:
+        - Queue Manager
+      description: >-
+        Using this API you can delete the current mail queue. This will delete
+        all mails in it.
+
+        This API uses the command: `postsuper -d`
+      operationId: Delete Queue
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                action: super_delete
+              properties:
+                action:
+                  description: use super_delete to delete the mail queue
+                  type: string
+              type: object
+      summary: Delete Queue
+  /api/v1/delete/oauth2-client:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - oauth2
+                        - delete
+                        - client
+                        - id:
+                            - "1"
+                      msg:
+                        - items_deleted
+                        - "1"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - oAuth Clients
+      description: >-
+        Using this endpoint you can delete a oAuth client, for this you have to
+        know its ID. You can get the ID using the GET method.
+      operationId: Delete oAuth Client
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - "3"
+              properties:
+                items:
+                  description: contains list of oAuth clients you want to delete
+                  type: object
+              type: object
+      summary: Delete oAuth Client
+  /api/v1/delete/qitem:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - quarantine
+                        - delete
+                        - id:
+                            - "33"
+                      msg:
+                        - item_deleted
+                        - "33"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Quarantine
+      description: >-
+        Using this endpoint you can delete a email from quarantine, for this you
+        have to know its ID. You can get the ID using the GET method.
+      operationId: Delete mails in Quarantine
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - "33"
+              properties:
+                items:
+                  description: contains list of emails you want to delete
+                  type: object
+              type: object
+      summary: Delete mails in Quarantine
+  /api/v1/edit/qitem:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                release:
+                  value:
+                    - log:
+                        - quarantine
+                        - edit
+                        - id:
+                            - "33"
+                          action: release
+                      msg:
+                        - item_released
+                        - "33"
+                      type: success
+                learnham:
+                  value:
+                    - log:
+                        - quarantine
+                        - edit
+                        - id:
+                            - "34"
+                          action: learnham
+                      msg:
+                        - item_learned
+                        - "34"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Quarantine
+      description: >-
+        Using this endpoint you can perform actions on quarantine items. It is possible to release
+        emails from quarantine into to the inbox, or learn them as ham to improve Rspamd filtering.
+        You must provide the quarantine item IDs. You can get the IDs using the GET method.      
+      operationId: Edit mails in Quarantine
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                items:
+                  - "33"
+                  - "34"
+                attr:
+                  action: release
+              properties:
+                items:
+                  description: contains list of quarantine item IDs to release or learn as ham
+                  type: object
+                attr:
+                  description: attributes for the action
+                  type: object
+                  properties:
+                    action:
+                      type: string
+                      enum:
+                        - release
+                        - learnham
+                      description: "release - return email to inbox; learnham - learn as ham to improve filtering"
+              type: object
+      summary: Edit mails in Quarantine
+  /api/v1/delete/recipient_map:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - recipient_map
+                        - delete
+                        - id:
+                            - "1"
+                        - null
+                      msg:
+                        - recipient_map_entry_deleted
+                        - "1"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Address Rewriting
+      description: >-
+        Using this endpoint you can delete a recipient map, for this you have to
+        know its ID. You can get the ID using the GET method.
+      operationId: Delete Recipient Map
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - "1"
+              properties:
+                items:
+                  description: contains list of recipient maps you want to delete
+                  type: object
+              type: object
+      summary: Delete Recipient Map
+  /api/v1/delete/relayhost:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - relayhost
+                        - delete
+                        - id:
+                            - "1"
+                      msg:
+                        - relayhost_removed
+                        - "1"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Routing
+      description: >-
+        Using this endpoint you can delete a Sender-Dependent Transport, for
+        this you have to know its ID. You can get the ID using the GET method.
+      operationId: Delete Sender-Dependent Transports
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - "1"
+              properties:
+                items:
+                  description: >-
+                    contains list of Sender-Dependent Transport you want to
+                    delete
+                  type: object
+              type: object
+      summary: Delete Sender-Dependent Transports
+  /api/v1/delete/resource:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - delete
+                        - resource
+                        - name:
+                            - test@mailcow.tld
+                        - null
+                      msg:
+                        - resource_removed
+                        - test@mailcow.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Resources
+      description: >-
+        Using this endpoint you can delete a Resources, for this you have to
+        know its ID. You can get the ID using the GET method.
+      operationId: Delete Resources
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - test@mailcow.tld
+              properties:
+                items:
+                  description: contains list of Resources you want to delete
+                  type: object
+              type: object
+      summary: Delete Resources
+  /api/v1/delete/syncjob:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    log:
+                      - entity
+                      - action
+                      - object
+                    msg:
+                      - message
+                      - entity name
+                    type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Sync jobs
+      description: You can delete one or more sync jobs.
+      operationId: Delete sync job
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - "6"
+                - "9"
+              properties:
+                items:
+                  description: contains list of aliases you want to delete
+                  type: object
+              type: object
+      summary: Delete sync job
+  /api/v1/delete/tls-policy-map:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - tls_policy_maps
+                        - delete
+                        - id:
+                            - "1"
+                        - null
+                      msg:
+                        - tls_policy_map_entry_deleted
+                        - "1"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Outgoing TLS Policy Map Overrides
+      description: >-
+        Using this endpoint you can delete a TLS Policy Map, for this you have
+        to know its ID. You can get the ID using the GET method.
+      operationId: Delete TLS Policy Map
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - "3"
+              properties:
+                items:
+                  description: contains list of tls policy maps you want to delete
+                  type: object
+              type: object
+      summary: Delete TLS Policy Map
+  /api/v1/delete/transport:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - transport
+                        - delete
+                        - id:
+                            - "1"
+                      msg:
+                        - relayhost_removed
+                        - "1"
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Routing
+      description: >-
+        Using this endpoint you can delete a Transport Maps, for this you have
+        to know its ID. You can get the ID using the GET method.
+      operationId: Delete Transport Maps
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - "1"
+              properties:
+                items:
+                  description: contains list of transport maps you want to delete
+                  type: object
+              type: object
+      summary: Delete Transport Maps
+  "/api/v1/delete/mailbox/tag/{mailbox}":
+    post:
+      parameters:
+        - description: name of mailbox
+          in: path
+          name: mailbox
+          example: info@domain.tld
+          required: true
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - delete
+                        - tags_mailbox
+                        - tags:
+                          - tag1
+                          - tag2
+                          mailbox: info@domain.tld
+                        - null
+                      msg:
+                        - mailbox_modified
+                        - info@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: You can delete one or more mailbox tags.
+      operationId: Delete mailbox tags
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - tag1
+                - tag2
+              properties:
+                items:
+                  description: contains list of mailboxes you want to delete
+                  type: object
+              type: object
+      summary: Delete mailbox tags
+  "/api/v1/delete/domain/tag/{domain}":
+    post:
+      parameters:
+        - description: name of domain
+          in: path
+          name: domain
+          example: domain.tld
+          required: true
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - delete
+                        - tags_domain
+                        - tags:
+                          - tag1
+                          - tag2
+                          domain: domain.tld
+                        - null
+                      msg:
+                        - domain_modified
+                        - domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Domains
+      description: You can delete one or more domain tags.
+      operationId: Delete domain tags
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - tag1
+                - tag2
+              properties:
+                items:
+                  description: contains list of domains you want to delete
+                  type: object
+              type: object
+      summary: Delete domain tags
+  /api/v1/edit/alias:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - edit
+                        - alias
+                        - active: "1"
+                          address: alias@domain.tld
+                          goto: destination@domain.tld
+                          id:
+                            - "6"
+                          private_comment: private comment
+                          public_comment: public comment
+                        - null
+                      msg:
+                        - alias_modified
+                        - alias@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Aliases
+      description: >-
+        You can update one or more aliases per request. You can also send just
+        attributes you want to change
+      operationId: Update alias
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  active: "1"
+                  address: alias@domain.tld
+                  goto: destination@domain.tld
+                  private_comment: private comment
+                  public_comment: public comment
+                items: ["6"]
+              properties:
+                attr:
+                  properties:
+                    active:
+                      description: is alias active or not
+                      type: boolean
+                    address:
+                      description: 'alias address, for catchall use "@domain.tld"'
+                      type: string
+                    goto:
+                      description: "destination address, comma separated"
+                      type: string
+                    goto_ham:
+                      description: learn as ham
+                      type: boolean
+                    goto_null:
+                      description: silently ignore
+                      type: boolean
+                    goto_spam:
+                      description: learn as spam
+                      type: boolean
+                    private_comment:
+                      type: string
+                    public_comment:
+                      type: string
+                    sogo_visible:
+                      description: toggle visibility as selectable sender in SOGo
+                      type: boolean
+                  type: object
+                items:
+                  description: contains list of aliases you want update
+                  type: object
+              type: object
+      summary: Update alias
+  /api/v1/edit/domain:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    log:
+                      type: array
+                      description: contains request object
+                      items: {}
+                    msg:
+                      type: array
+                      items: {}
+                    type:
+                      enum:
+                        - success
+                        - danger
+                        - error
+                      type: string
+          description: OK
+          headers: {}
+      tags:
+        - Domains
+      description: >-
+        You can update one or more domains per request. You can also send just
+        attributes you want to change.
+
+        Example: You can add domain names to items list and in attr object just
+        include `"active": "0"` to deactivate domains.
+      operationId: Update domain
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  active: "1"
+                  aliases: "400"
+                  backupmx: "1"
+                  defquota: "3072"
+                  description: domain description
+                  gal: "1"
+                  mailboxes: "10"
+                  maxquota: "10240"
+                  quota: "10240"
+                  relay_all_recipients: "0"
+                  relayhost: "2"
+                  tags: ["tag3", "tag4"]
+                items: domain.tld
+              properties:
+                attr:
+                  properties:
+                    active:
+                      description: is domain active or not
+                      type: boolean
+                    aliases:
+                      description: limit count of aliases associated with this domain
+                      type: number
+                    backupmx:
+                      description: relay domain or not
+                      type: boolean
+                    defquota:
+                      description: predefined mailbox quota in `add mailbox` form
+                      type: number
+                    description:
+                      description: Description of domain
+                      type: string
+                    gal:
+                      description: >-
+                        is domain global address list active or not, it enables
+                        shared contacts accross domain in SOGo webmail
+                      type: boolean
+                    mailboxes:
+                      description: limit count of mailboxes associated with this domain
+                      type: number
+                    maxquota:
+                      description: maximum quota per mailbox
+                      type: number
+                    quota:
+                      description: maximum quota for this domain (for all mailboxes in sum)
+                      type: number
+                    relay_all_recipients:
+                      description: >-
+                        if not, them you have to create "dummy" mailbox for each
+                        address to relay
+                      type: boolean
+                    relay_unknown_only:
+                      description: Relay non-existing mailboxes only. Existing mailboxes will be delivered locally.
+                      type: boolean
+                    relayhost:
+                      description: id of relayhost
+                      type: number
+                    rl_frame:
+                      enum:
+                        - s
+                        - m
+                        - h
+                        - d
+                      type: string
+                    rl_value:
+                      description: rate limit value
+                      type: number
+                    tags:
+                      description: tags for this Domain
+                      type: array
+                      items:
+                        type: string
+                  type: object
+                items:
+                  description: contains list of domain names you want update
+                  type: array
+                  items:
+                    type: string
+              type: object
+      summary: Update domain
+  /api/v1/edit/domain/footer:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                  - log:
+                      - mailbox
+                      - edit
+                      - domain_wide_footer
+                      - domains:
+                          - mailcow.tld
+                        html: "<br>foo {= foo =}"
+                        plain: "<foo {= foo =}"
+                        mbox_exclude:
+                          - moo@mailcow.tld
+                      - null
+                    msg:
+                      - domain_footer_modified
+                      - mailcow.tld
+                    type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Domains
+      description: >-
+        You can update the footer of one or more domains per request.
+      operationId: Update domain wide footer
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  html: "<br>foo {= foo =}"
+                  plain: "foo {= foo =}"
+                  mbox_exclude:
+                    - moo@mailcow.tld
+                items: mailcow.tld
+              properties:
+                attr:
+                  properties:
+                    html:
+                      description: Footer text in HTML format
+                      type: string
+                    plain:
+                      description: Footer text in PLAIN text format
+                      type: string
+                    mbox_exclude:
+                      description: Array of mailboxes to exclude from domain wide footer
+                      type: object
+                  type: object
+                items:
+                  description: contains a list of domain names where you want to update the footer
+                  type: array
+                  items:
+                    type: string
+              type: object
+      summary: Update domain wide footer
+  /api/v1/edit/fail2ban:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            "*/*":
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Fail2Ban
+      description: >-
+        Using this endpoint you can edit the Fail2Ban config and black or
+        whitelist new ips.
+      operationId: Edit Fail2Ban
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  ban_time: "86400"
+                  ban_time_increment: "1"
+                  blacklist: "10.100.6.5/32,10.100.8.4/32"
+                  max_attempts: "5"
+                  max_ban_time: "86400"
+                  netban_ipv4: "24"
+                  netban_ipv6: "64"
+                  retry_window: "600"
+                  whitelist: mailcow.tld
+                items: none
+              properties:
+                attr:
+                  description: array containing the fail2ban settings
+                  properties:
+                    backlist:
+                      description: the backlisted ips or hostnames separated by comma
+                      type: string
+                    ban_time:
+                      description: the time an ip should be banned
+                      type: number
+                    ban_time_increment:
+                      description: if the time of the ban should increase each time
+                      type: boolean
+                    max_attempts:
+                      description: the maximum numbe of wrong logins before a ip is banned
+                      type: number
+                    max_ban_time:
+                      description: the maximum time an ip should be banned
+                      type: number
+                    netban_ipv4:
+                      description: the networks mask to ban for ipv4
+                      type: number
+                    netban_ipv6:
+                      description: the networks mask to ban for ipv6
+                      type: number
+                    retry_window:
+                      description: >-
+                        the maximum time in which a ip as to login with false
+                        credentials to be banned
+                      type: number
+                    whitelist:
+                      description: whitelisted ips or hostnames sepereated by comma
+                      type: string
+                  type: object
+                items:
+                  description: has to be none
+              type: object
+      summary: Edit Fail2Ban
+  /api/v1/edit/mailbox:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - edit
+                        - mailbox
+                        - active: "1"
+                          force_pw_update: "0"
+                          name: Full name
+                          password: "*"
+                          password2: "*"
+                          quota: "3072"
+                          sender_acl:
+                            - default
+                            - info@domain2.tld
+                            - domain3.tld
+                            - "*"
+                          sogo_access: "1"
+                          username:
+                            - info@domain.tld
+                          tags: ["tag3", "tag4"]
+                        - null
+                      msg:
+                        - mailbox_modified
+                        - info@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: >-
+        You can update one or more mailboxes per request. You can also send just
+        attributes you want to change
+      operationId: Update mailbox
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  active: "1"
+                  force_pw_update: "0"
+                  name: Full name
+                  authsource: mailcow
+                  password: ""
+                  password2: ""
+                  quota: "3072"
+                  sender_acl:
+                    - default
+                    - info@domain2.tld
+                    - domain3.tld
+                    - "*"
+                  sogo_access: "1"
+                  tags: ["tag3", "tag4"]
+                items:
+                  - info@domain.tld
+              properties:
+                attr:
+                  properties:
+                    active:
+                      description: is mailbox active or not
+                      type: boolean
+                    force_pw_update:
+                      description: force user to change password on next login
+                      type: boolean
+                    name:
+                      description: Full name of the mailbox user
+                      type: string
+                    authsource:
+                      description: Specifies the authentication source for the mailbox.
+                      type: string
+                      enum: [mailcow, ldap, keycloak, generic-oidc]
+                    password2:
+                      description: new mailbox password for confirmation
+                      type: string
+                    password:
+                      description: new mailbox password when using `mailcow` as the authentication source.
+                      type: string
+                    quota:
+                      description: mailbox quota
+                      type: number
+                    sender_acl:
+                      description: list of allowed send from addresses
+                      type: object
+                    sogo_access:
+                      description: is access to SOGo webmail active or not
+                      type: boolean
+                  type: object
+                items:
+                  description: contains list of mailboxes you want update
+                  type: object
+              type: object
+      summary: Update mailbox
+  /api/v1/edit/mailbox/custom-attribute:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                  - log:
+                      - mailbox
+                      - edit
+                      - mailbox_custom_attribute
+                      - mailboxes:
+                          - moo@mailcow.tld
+                        attribute:
+                          - role
+                          - foo
+                        value:
+                          - cow
+                          - bar
+                      - null
+                    msg:
+                      - mailbox_modified
+                      - moo@mailcow.tld
+                    type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: >-
+        You can update custom attributes of one or more mailboxes per request.
+      operationId: Update mailbox custom attributes
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  attribute:
+                    - role
+                    - foo
+                  value:
+                    - cow
+                    - bar
+                items:
+                  - moo@mailcow.tld
+              properties:
+                attr:
+                  properties:
+                    attribute:
+                      description: Array of attribute keys
+                      type: object
+                    value:
+                      description: Array of attribute values
+                      type: object
+                  type: object
+                items:
+                  description: contains list of mailboxes you want update
+                  type: object
+              type: object
+      summary: Update mailbox custom attributes
+  /api/v1/edit/mailq:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    msg: Task completed
+                    type: success
+          description: OK
+          headers: {}
+      tags:
+        - Queue Manager
+      description: >-
+        Using this API you can flush the current mail queue. This will try to
+        deliver all mails currently in it.
+
+        This API uses the command: `postqueue -f`
+      operationId: Flush Queue
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                action: flush
+              properties:
+                action:
+                  description: use flush to flush the mail queue
+                  type: string
+              type: object
+      summary: Flush Queue
+  /api/v1/edit/pushover:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - pushover
+                        - edit
+                        - active: "0"
+                          evaluate_x_prio: "0"
+                          key: 21e8918e1jksdjcpis712
+                          only_x_prio: "0"
+                          sound: "pushover"
+                          senders: ""
+                          senders_regex: ""
+                          text: ""
+                          title: Mail
+                          token: 9023e2ohcwed27d1idu2
+                          username:
+                            - info@domain.tld
+                      msg: pushover_settings_edited
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: >-
+        Using this endpoint it is possible to update the pushover settings for
+        mailboxes
+      operationId: Update Pushover settings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  active: "0"
+                  evaluate_x_prio: "0"
+                  key: 21e8918e1jksdjcpis712
+                  only_x_prio: "0"
+                  sound: "pushover"
+                  senders: ""
+                  senders_regex: ""
+                  text: ""
+                  title: Mail
+                  token: 9023e2ohcwed27d1idu2
+                items: info@domain.tld
+              properties:
+                attr:
+                  properties:
+                    active:
+                      description: Enables pushover 1 disable pushover 0
+                      type: number
+                    evaluate_x_prio:
+                      description: Send the Push with High priority
+                      type: number
+                    key:
+                      description: Pushover key
+                      type: string
+                    only_x_prio:
+                      description: Only send push for prio mails
+                      type: number
+                    sound:
+                      description: Set notification sound
+                      type: string
+                    senders:
+                      description: Only send push for emails from these senders
+                      type: string
+                    senders_regex:
+                      description: Regex to match senders for which a push will be send
+                      type: string
+                    text:
+                      description: Custom push noficiation text
+                      type: string
+                    title:
+                      description: Push title
+                      type: string
+                    token:
+                      description: Pushover token
+                      type: string
+                  type: object
+                items:
+                  description: contains list of mailboxes you want to delete
+                  type: object
+              type: object
+      summary: Update Pushover settings
+  /api/v1/edit/quarantine_notification:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: You can update one or more mailboxes per request.
+      operationId: Quarantine Notifications
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  quarantine_notification: hourly
+                items:
+                  anyOf:
+                    - mailbox1@domain.tld
+                    - mailbox2@domain.tld
+              properties:
+                attr:
+                  properties:
+                    quarantine_notification:
+                      description: recurrence
+                      enum:
+                        - hourly
+                        - daily
+                        - weekly
+                        - never
+                      type: string
+                  type: object
+                items:
+                  description: >-
+                    contains list of mailboxes you want set qurantine
+                    notifications
+                  type: object
+              type: object
+      summary: Quarantine Notifications
+  /api/v1/edit/syncjob:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    log:
+                      - entity
+                      - action
+                      - object
+                    msg:
+                      - message
+                      - entity name
+                    type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Sync jobs
+      description: >-
+        You can update one or more sync jobs per request. You can also send just
+        attributes you want to change.
+      operationId: Update sync job
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  active: "1"
+                  automap: "1"
+                  custom_params: ""
+                  delete1: "0"
+                  delete2: "0"
+                  delete2duplicates: "1"
+                  enc1: SSL
+                  exclude: (?i)spam|(?i)junk
+                  host1: imap.server.tld
+                  maxage: "0"
+                  maxbytespersecond: "0"
+                  mins_interval: "20"
+                  password1: supersecret
+                  port1: "993"
+                  skipcrossduplicates: "0"
+                  subfolder2: External
+                  subscribeall: "1"
+                  timeout1: "600"
+                  timeout2: "600"
+                  user1: username
+                items: "1"
+              properties:
+                attr:
+                  properties:
+                    active:
+                      description: Is sync job active
+                      type: boolean
+                    automap:
+                      description: >-
+                        Try to automap folders ("Sent items", "Sent" => "Sent"
+                        etc.)
+                      type: boolean
+                    custom_params:
+                      description: Custom parameters passed to imapsync command
+                      type: string
+                    delete1:
+                      description: Delete from source when completed
+                      type: boolean
+                    delete2:
+                      description: Delete messages on destination that are not on source
+                      type: boolean
+                    delete2duplicates:
+                      description: Delete duplicates on destination
+                      type: boolean
+                    enc1:
+                      description: Encryption
+                      enum:
+                        - TLS
+                        - SSL
+                        - PLAIN
+                      type: string
+                    exclude:
+                      description: Exclude objects (regex)
+                      type: string
+                    host1:
+                      description: Hostname
+                      type: string
+                    maxage:
+                      description: >-
+                        Maximum age of messages in days that will be polled from
+                        remote (0 = ignore age)
+                      type: number
+                    maxbytespersecond:
+                      description: Max. bytes per second (0 = unlimited)
+                      type: number
+                    mins_interval:
+                      description: Interval (min)
+                      type: number
+                    password1:
+                      description: Password
+                      type: string
+                    port1:
+                      description: Port
+                      type: string
+                    skipcrossduplicates:
+                      description: >-
+                        Skip duplicate messages across folders (first come,
+                        first serve)
+                      type: boolean
+                    subfolder2:
+                      description: >-
+                        Sync into subfolder on destination (empty = do not use
+                        subfolder)
+                      type: string
+                    subscribeall:
+                      description: Subscribe all folders
+                      type: boolean
+                    timeout1:
+                      description: Timeout for connection to remote host
+                      type: number
+                    timeout2:
+                      description: Timeout for connection to local host
+                      type: number
+                    user1:
+                      description: Username
+                      type: string
+                  type: object
+                items:
+                  description: contains list of aliases you want update
+                  type: object
+              type: object
+      summary: Update sync job
+  /api/v1/edit/user-acl:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - acl
+                        - edit
+                        - user
+                        - user_acl:
+                            - spam_alias
+                            - tls_policy
+                            - spam_score
+                            - spam_policy
+                            - delimiter_action
+                            - syncjobs
+                            - eas_reset
+                            - quarantine
+                            - sogo_profile_reset
+                            - quarantine_attachments
+                            - quarantine_notification
+                            - app_passwds
+                            - pushover
+                          username:
+                            - info@domain.tld
+                      msg:
+                        - acl_saved
+                        - info@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: Using this endpoints its possible to update the ACL's for mailboxes
+      operationId: Update mailbox ACL
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  user_acl:
+                    - spam_alias
+                    - tls_policy
+                    - spam_score
+                    - spam_policy
+                    - delimiter_action
+                    - syncjobs
+                    - eas_reset
+                    - quarantine
+                    - sogo_profile_reset
+                    - quarantine_attachments
+                    - quarantine_notification
+                    - app_passwds
+                    - pushover
+                items: info@domain.tld
+              properties:
+                attr:
+                  properties:
+                    user_acl:
+                      description: contains a list of active user acls
+                      type: object
+                  type: object
+                items:
+                  description: contains list of mailboxes you want to delete
+                  type: object
+              type: object
+      summary: Update mailbox ACL
+  "/api/v1/get/alias/{id}":
+    get:
+      parameters:
+        - description: id of entry you want to get
+          example: all
+          in: path
+          name: id
+          required: true
+          schema:
+            enum:
+              - all
+              - "1"
+              - "2"
+              - "5"
+              - "10"
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      address: alias@domain.tld
+                      created: "2019-04-04 19:29:49"
+                      domain: domain.tld
+                      goto: destination@domain.tld
+                      id: 6
+                      in_primary_domain: ""
+                      is_catch_all: 0
+                      modified: null
+                      private_comment: null
+                      public_comment: null
+                    - active: "1"
+                      address: "@domain.tld"
+                      created: "2019-04-27 13:42:39"
+                      domain: domain.tld
+                      goto: destination@domain.tld
+                      id: 10
+                      in_primary_domain: ""
+                      is_catch_all: 1
+                      modified: null
+                      private_comment: null
+                      public_comment: null
+          description: OK
+          headers: {}
+      tags:
+        - Aliases
+      description: You can list mailbox aliases existing in system.
+      operationId: Get aliases
+      summary: Get aliases
+  "/api/v1/get/time_limited_aliases/{mailbox}":
+    get:
+      parameters:
+        - description: mailbox you want to get aliasses from
+          example: domain.tld
+          in: path
+          schema:
+            type: string
+          name: mailbox
+          required: true
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - address: alias@domain.tld
+                      goto: destination@domain.tld
+                      validity: 1668251246
+                      created: "2021-11-12 12:07:26"
+                      modified: null
+          description: OK
+          headers: {}
+      tags:
+        - Aliases
+      description: You can list time limited mailbox aliases existing in system.
+      operationId: Get time limited aliases
+      summary: Get time limited aliases
+  "/api/v1/get/app-passwd/all/{mailbox}":
+    get:
+      parameters:
+        - description: mailbox of entry you want to get
+          example: hello@mailcow.email
+          in: path
+          name: mailbox
+          required: true
+          schema:
+            enum:
+              - hello@mailcow.email
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      created: "2019-12-21 16:04:55"
+                      domain: mailcow.email
+                      id: 2
+                      mailbox: hello@mailcow.email
+                      modified: null
+                      name: emclient
+          description: OK
+          headers: {}
+      tags:
+        - App Passwords
+      description: >-
+        Using this endpoint you can get all app passwords from a specific
+        mailbox.
+      operationId: Get App Password
+      summary: Get App Password
+  "/api/v1/get/bcc/{id}":
+    get:
+      parameters:
+        - description: id of entry you want to get
+          example: all
+          in: path
+          name: id
+          required: true
+          schema:
+            enum:
+              - all
+              - "1"
+              - "2"
+              - "5"
+              - "10"
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      bcc_dest: bcc@awesomecow.tld
+                      created: "2019-10-02 21:44:34"
+                      domain: mailcow.tld
+                      id: 3
+                      local_dest: "@mailcow.tld"
+                      modified: null
+                      type: sender
+          description: OK
+          headers: {}
+      tags:
+        - Address Rewriting
+      description: Using this endpoint you can get all BCC maps.
+      operationId: Get BCC Map
+      summary: Get BCC Map
+  "/api/v1/get/dkim/{domain}":
+    get:
+      parameters:
+        - description: name of domain
+          in: path
+          name: domain
+          required: true
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    dkim_selector: dkim
+                    dkim_txt: >-
+                      v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21tUSjyasQy/hJmVjPnlRGfzx6TPhYj8mXY9DVOzSAE64Gddw/GnE/GcCR6WXNT23u9q4zPnz1IPoNt5kFOps8vg/iNqrcH++494noaZuYyFPPFnebkfryO4EvEyxC/c66qts+gnOUml+M8uv5WObBJld2gG12jLwFM0263J/N6J8LuUsaXOB2uCIfx8Nf4zjuJ6Ieez2uyHNK5dXjDLfKA4mTr+EEK6W6e34M4KN1liWM6r9Oy5S1FlLrD42VpURxxBZtBiEtaJPEKSQuk6GQz8ihu7W20Yr53tyCdaORu8dhxXVUWVf+GjuuMEdAmQCjYkarXdYCrt56Psw703kwIDAQAB
+                    length: "2048"
+                    privkey: ""
+                    pubkey: >-
+                      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21tUSjyasQy/hJmVjPnlRGfzx6TPhYj8mXY9DVOzSAE64Gddw/GnE/GcCR6WXNT23u9q4zPnz1IPoNt5kFOps8vg/iNqrcH++494noaZuYyFPPFnebkfryO4EvEyxC/c66qts+gnOUml+M8uv5WObBJld2gG12jLwFM0263J/N6J8LuUsaXOB2uCIfx8Nf4zjuJ6Ieez2uyHNK5dXjDLfKA4mTr+EEK6W6e34M4KN1liWM6r9Oy5S1FlLrD42VpURxxBZtBiEtaJPEKSQuk6GQz8ihu7W20Yr53tyCdaORu8dhxXVUWVf+GjuuMEdAmQCjYkarXdYCrt56Psw703kwIDAQAB
+          description: OK
+          headers: {}
+      tags:
+        - DKIM
+      description: >-
+        Using this endpoint you can get the DKIM public key for a specific
+        domain.
+      operationId: Get DKIM Key
+      summary: Get DKIM Key
+  /api/v1/get/domain-admin/all:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      created: "2019-10-02 10:29:41"
+                      selected_domains:
+                        - mailcow.tld
+                      tfa_active: "0"
+                      unselected_domains:
+                        - awesomemailcow.de
+                        - mailcowisgreat.de
+                      username: testadmin
+          description: OK
+          headers: {}
+      tags:
+        - Domain admin
+      description: ""
+      operationId: Get Domain Admins
+      summary: Get Domain Admins
+  "/api/v1/get/domain/{id}":
+    get:
+      parameters:
+        - description: id of entry you want to get
+          example: all
+          in: path
+          name: id
+          required: true
+          schema:
+            enum:
+              - all
+              - mailcow.tld
+            type: string
+        - description: comma seperated list of tags to filter by
+          example: "tag1,tag2"
+          in: query
+          name: tags
+          required: false
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      aliases_in_domain: 0
+                      aliases_left: 400
+                      backupmx: "0"
+                      bytes_total: "5076666944"
+                      def_new_mailbox_quota: 3221225472
+                      def_quota_for_mbox: 3221225472
+                      description: Some description
+                      domain_name: domain.tld
+                      gal: "0"
+                      max_new_mailbox_quota: 10737418240
+                      max_num_aliases_for_domain: 400
+                      max_num_mboxes_for_domain: 10
+                      max_quota_for_domain: 10737418240
+                      max_quota_for_mbox: 10737418240
+                      mboxes_in_domain: 0
+                      mboxes_left: 10
+                      msgs_total: "172440"
+                      quota_used_in_domain: "0"
+                      relay_all_recipients: "0"
+                      relayhost: "0"
+                      rl: false
+                      tags: ["tag1", "tag2"]
+                    - active: "1"
+                      aliases_in_domain: 0
+                      aliases_left: 400
+                      backupmx: "1"
+                      bytes_total: "5076666944"
+                      def_new_mailbox_quota: 3221225472
+                      def_quota_for_mbox: 3221225472
+                      description: domain description
+                      domain_name: domain2.tld
+                      gal: "0"
+                      max_new_mailbox_quota: 10737418240
+                      max_num_aliases_for_domain: 400
+                      max_num_mboxes_for_domain: 10
+                      max_quota_for_domain: 10737418240
+                      max_quota_for_mbox: 10737418240
+                      mboxes_in_domain: 0
+                      mboxes_left: 10
+                      msgs_total: "172440"
+                      quota_used_in_domain: "0"
+                      relay_all_recipients: "0"
+                      relayhost: "0"
+                      rl: false
+                      tags: ["tag3", "tag4"]
+          description: OK
+          headers: {}
+      tags:
+        - Domains
+      description: You can list all domains existing in system.
+      operationId: Get domains
+      summary: Get domains
+  /api/v1/get/fail2ban:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    ban_time: 604800
+                    ban_time_increment: 1
+                    blacklist: |-
+                      45.82.153.37/32
+                      92.118.38.52/32
+                    max_attempts: 1
+                    max_ban_time: 604800
+                    netban_ipv4: 32
+                    netban_ipv6: 128
+                    perm_bans:
+                      - 45.82.153.37/32
+                      - 92.118.38.52/32
+                    retry_window: 7200
+                    whitelist: 1.1.1.1
+          description: OK
+          headers: {}
+      tags:
+        - Fail2Ban
+      description: Gets the current Fail2Ban configuration.
+      operationId: Get Fail2Ban Config
+      summary: Get Fail2Ban Config
+  /api/v1/get/fwdhost/all:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - host: 5.1.76.202
+                      keep_spam: "yes"
+                      source: hosted.mailcow.de
+                    - host: "2a00:f820:417::202"
+                      keep_spam: "yes"
+                      source: hosted.mailcow.de
+          description: OK
+          headers: {}
+      tags:
+        - Fordwarding Hosts
+      description: You can list all Forwarding Hosts in your mailcow.
+      operationId: Get Forwarding Hosts
+      summary: Get Forwarding Hosts
+  "/api/v1/get/logs/acme/{count}":
+    get:
+      parameters:
+        - description: Number of logs to return
+          in: path
+          name: count
+          required: true
+          schema:
+            type: number
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - message: >-
+                        Certificate validation done, neither changed nor due for
+                        renewal, sleeping for another day.
+                      time: "1569927728"
+          description: OK
+          headers: {}
+      tags:
+        - Logs
+      description: >-
+        This Api endpoint lists all ACME logs from issued Lets Enctypts
+        certificates.
+
+        Tip: You can limit how many logs you want to get by using `/<count>` at
+        the end of the api url.
+      operationId: Get ACME logs
+      summary: Get ACME logs
+  "/api/v1/get/logs/api/{count}":
+    get:
+      parameters:
+        - description: Number of logs to return
+          in: path
+          name: count
+          required: true
+          schema:
+            type: number
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - data: ""
+                      method: GET
+                      remote: 1.1.1.1
+                      time: 1569939001
+                      uri: /api/v1/get/logs/api/2
+          description: OK
+          headers: {}
+      tags:
+        - Logs
+      description: >-
+        This Api endpoint lists all Api logs.
+
+        Tip: You can limit how many logs you want to get by using `/<count>` at
+        the end of the api url.
+      operationId: Get Api logs
+      summary: Get Api logs
+  "/api/v1/get/logs/autodiscover/{count}":
+    get:
+      parameters:
+        - description: Number of logs to return
+          in: path
+          name: count
+          required: true
+          schema:
+            type: number
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - service: activesync
+                      time: 1569684212
+                      ua: >-
+                        Microsoft Office/16.0 (Windows NT 6.2; MAPICPL
+                        16.0.11328; Pro)
+                      user: awesome@mailcow.de
+          description: OK
+          headers: {}
+      tags:
+        - Logs
+      description: >-
+        This Api endpoint lists all Autodiscover logs.
+
+        Tip: You can limit how many logs you want to get by using `/<count>` at
+        the end of the api url.
+      operationId: Get Autodiscover logs
+      summary: Get Autodiscover logs
+  "/api/v1/get/logs/dovecot/{count}":
+    get:
+      parameters:
+        - description: Number of logs to return
+          in: path
+          name: count
+          required: true
+          schema:
+            type: number
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - message: >-
+                        managesieve-login: Disconnected (no auth attempts in 0
+                        secs): user=<>, rip=172.22.1.3, lip=172.22.1.250
+                      priority: info
+                      program: dovecot
+                      time: "1569938740"
+          description: OK
+          headers: {}
+      tags:
+        - Logs
+      description: >-
+        This Api endpoint lists all Dovecot logs.
+
+        Tip: You can limit how many logs you want to get by using `/<count>` at
+        the end of the api url.
+      operationId: Get Dovecot logs
+      summary: Get Dovecot logs
+  "/api/v1/get/logs/netfilter/{count}":
+    get:
+      parameters:
+        - description: Number of logs to return
+          in: path
+          name: count
+          required: true
+          schema:
+            type: number
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - message: "Whitelist was changed, it has 1 entries"
+                      priority: info
+                      time: 1569754911
+                    - message: Add host/network 1.1.1.1/32 to blacklist
+                      priority: crit
+                      time: 1569754911
+          description: OK
+          headers: {}
+      tags:
+        - Logs
+      description: >-
+        This Api endpoint lists all Netfilter logs.
+
+        Tip: You can limit how many logs you want to get by using `/<count>` at
+        the end of the api url.
+      operationId: Get Netfilter logs
+      summary: Get Netfilter logs
+  "/api/v1/get/logs/postfix/{count}":
+    get:
+      parameters:
+        - description: Number of logs to return
+          in: path
+          name: count
+          required: true
+          schema:
+            type: number
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - message: "EF1711500458: removed"
+                      priority: info
+                      program: postfix/qmgr
+                      time: "1569937433"
+          description: OK
+          headers: {}
+      tags:
+        - Logs
+      description: >-
+        This Api endpoint lists all Postfix logs.
+
+        Tip: You can limit how many logs you want to get by using `/<count>` at
+        the end of the api url.
+      operationId: Get Postfix logs
+      summary: Get Postfix logs
+  "/api/v1/get/logs/ratelimited/{count}":
+    get:
+      parameters:
+        - description: Number of logs to return
+          in: path
+          name: count
+          required: true
+          schema:
+            type: number
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - from: awesome@mailcow.email
+                      header_from: '"Awesome" <awesome@mailcow.email>'
+                      header_subject: Mailcow is amazing
+                      ip: 172.22.1.248
+                      message_id: 6a-5d892500-7-240abd80@90879116
+                      qid: E3CF91500458
+                      rcpt: hello@mailcow.email
+                      rl_hash: RLsdz3tuabozgd4oacbdh8kc78
+                      rl_info: mailcow(RLsdz3tuabozgd4oacbdh8kc78)
+                      rl_name: mailcow
+                      time: 1569269003
+                      user: awesome@mailcow.email
+          description: OK
+          headers: {}
+      tags:
+        - Logs
+      description: >-
+        This Api endpoint lists all Ratelimit logs.
+
+        Tip: You can limit how many logs you want to get by using `/<count>` at
+        the end of the api url.
+      operationId: Get Ratelimit logs
+      summary: Get Ratelimit logs
+  "/api/v1/get/logs/rspamd-history/{count}":
+    get:
+      parameters:
+        - description: Number of logs to return
+          in: path
+          name: count
+          required: true
+          schema:
+            type: number
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          description: OK
+          headers: {}
+      tags:
+        - Logs
+      description: >-
+        This Api endpoint lists all Rspamd logs.
+
+        Tip: You can limit how many logs you want to get by using `/<count>` at
+        the end of the api url.
+      operationId: Get Rspamd logs
+      summary: Get Rspamd logs
+  "/api/v1/get/logs/sogo/{count}":
+    get:
+      parameters:
+        - description: Number of logs to return
+          in: path
+          name: count
+          required: true
+          schema:
+            type: number
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - message: >-
+                        [109]:
+                        mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network
+                        "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.005 - - 0
+                      priority: notice
+                      program: sogod
+                      time: "1569938874"
+          description: OK
+          headers: {}
+      tags:
+        - Logs
+      description: >-
+        This Api endpoint lists all SOGo logs.
+
+        Tip: You can limit how many logs you want to get by using `/<count>` at
+        the end of the api url.
+      operationId: Get SOGo logs
+      summary: Get SOGo logs
+  "/api/v1/get/logs/watchdog/{count}":
+    get:
+      parameters:
+        - description: Number of logs to return
+          in: path
+          name: count
+          required: true
+          schema:
+            type: number
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - hpdiff: "0"
+                      hpnow: "1"
+                      hptotal: "1"
+                      lvl: "100"
+                      service: Fail2ban
+                      time: "1569938958"
+                    - hpdiff: "0"
+                      hpnow: "5"
+                      hptotal: "5"
+                      lvl: "100"
+                      service: Rspamd
+                      time: "1569938956"
+          description: OK
+          headers: {}
+      tags:
+        - Logs
+      description: >-
+        This Api endpoint lists all Watchdog logs.
+
+        Tip: You can limit how many logs you want to get by using `/<count>` at
+        the end of the api url.
+      operationId: Get Watchdog logs
+      summary: Get Watchdog logs
+  "/api/v1/get/mailbox/{id}":
+    get:
+      parameters:
+        - description: id of entry you want to get
+          example: all
+          in: path
+          name: id
+          required: true
+          schema:
+            enum:
+              - all
+              - user@domain.tld
+            type: string
+        - description: comma seperated list of tags to filter by
+          example: "tag1,tag2"
+          in: query
+          name: tags
+          required: false
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      attributes:
+                        force_pw_update: "0"
+                        mailbox_format: "maildir:"
+                        quarantine_notification: never
+                        sogo_access: "1"
+                        tls_enforce_in: "0"
+                        tls_enforce_out: "0"
+                      domain: doman3.tld
+                      is_relayed: 0
+                      local_part: info
+                      max_new_quota: 10737418240
+                      messages: 0
+                      name: Full name
+                      percent_class: success
+                      percent_in_use: 0
+                      quota: 3221225472
+                      quota_used: 0
+                      rl: false
+                      spam_aliases: 0
+                      username: info@doman3.tld
+                      tags: ["tag1", "tag2"]
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: You can list all mailboxes existing in system.
+      operationId: Get mailboxes
+      summary: Get mailboxes
+  /api/v1/get/mailq/all:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - arrival_time: 1570091234
+                      message_size: 1848
+                      queue_id: B98C6260CA1
+                      queue_name: incoming
+                      recipients:
+                        - recipient@awesomecow.tld
+                      sender: sender@mailcow.tld
+          description: OK
+          headers: {}
+      tags:
+        - Queue Manager
+      description: Get the current mail queue and everything it contains.
+      operationId: Get Queue
+      summary: Get Queue
+  "/api/v1/get/oauth2-client/{id}":
+    get:
+      parameters:
+        - description: id of entry you want to get
+          example: all
+          in: path
+          name: id
+          required: true
+          schema:
+            enum:
+              - all
+              - "1"
+              - "2"
+              - "5"
+              - "10"
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - client_id: 17c76aaa88c0
+                      client_secret: 73fc668a88147e32a31ff80c
+                      grant_types: null
+                      id: 1
+                      redirect_uri: "https://mailcow.tld"
+                      scope: profile
+                      user_id: null
+          description: OK
+          headers: {}
+      tags:
+        - oAuth Clients
+      description: Using this endpoint you can get all oAuth clients.
+      operationId: Get oAuth Clients
+      summary: Get oAuth Clients
+  "/api/v1/get/policy_bl_domain/{domain}":
+    get:
+      parameters:
+        - description: name of domain
+          in: path
+          name: domain
+          required: true
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - object: domain.tld
+                      prefid: 2
+                      value: "*@baddomain.tld"
+          description: OK
+          headers: {}
+      tags:
+        - Domain antispam policies
+      description: You can list all blacklist policies per domain.
+      operationId: List blacklist domain policy
+      summary: List blacklist domain policy
+  "/api/v1/get/policy_wl_domain/{domain}":
+    get:
+      parameters:
+        - description: name of domain
+          in: path
+          name: domain
+          required: true
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - object: domain.tld
+                      prefid: 1
+                      value: "*@gooddomain.tld"
+          description: OK
+          headers: {}
+      tags:
+        - Domain antispam policies
+      description: You can list all whitelist policies per domain.
+      operationId: List whitelist domain policy
+      summary: List whitelist domain policy
+  /api/v1/get/quarantine/all:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    created: 1572688831
+                    id: 33
+                    notified: 1
+                    qid: 8224615004C1
+                    rcpt: admin@domain.tld
+                    score: 15.48
+                    sender: bounces@send.domain.tld
+                    subject: mailcow is awesome
+                    virus_flag: 0
+          description: OK
+          headers: {}
+      tags:
+        - Quarantine
+      description: Get all mails that are currently in Quarantine.
+      operationId: Get mails in Quarantine
+      summary: Get mails in Quarantine
+  "/api/v1/get/recipient_map/{id}":
+    get:
+      parameters:
+        - description: id of entry you want to get
+          example: all
+          in: path
+          name: id
+          required: true
+          schema:
+            enum:
+              - all
+              - "1"
+              - "2"
+              - "5"
+              - "10"
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      created: "2019-10-02 22:06:29"
+                      id: 3
+                      modified: null
+                      recipient_map_new: target@mailcow.tld
+                      recipient_map_old: recipient@mailcow.tld
+          description: OK
+          headers: {}
+      tags:
+        - Address Rewriting
+      description: Using this endpoint you can get all recipient maps.
+      operationId: Get Recipient Map
+      summary: Get Recipient Map
+  "/api/v1/get/relayhost/{id}":
+    get:
+      parameters:
+        - description: id of entry you want to get
+          example: all
+          in: path
+          name: id
+          required: true
+          schema:
+            enum:
+              - all
+              - "1"
+              - "2"
+              - "5"
+              - "10"
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      hostname: "mailcow.tld:25"
+                      id: 1
+                      password: supersecurepassword
+                      password_short: tes...
+                      used_by_domains: ""
+                      username: testuser
+          description: OK
+          headers: {}
+      tags:
+        - Routing
+      description: Using this endpoint you can get all Sender-Dependent Transports.
+      operationId: Get Sender-Dependent Transports
+      summary: Get Sender-Dependent Transports
+  /api/v1/get/resource/all:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      description: test
+                      domain: mailcow.tld
+                      kind: location
+                      local_part: test
+                      multiple_bookings: 0
+                      name: test@mailcow.tld
+          description: OK
+          headers: {}
+      tags:
+        - Resources
+      description: Using this endpoint you can get all Resources.
+      operationId: Get Resources
+      summary: Get Resources
+  "/api/v1/get/rl-mbox/{mailbox}":
+    get:
+      parameters:
+        - description: name of mailbox or all
+          in: path
+          name: mailbox
+          required: true
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - frame: s
+                      mailbox: leon@mailcow.tld
+                      value: "5"
+                    - frame: s
+                      mailbox: lisa@mailcow.tld
+                      value: "3"
+          description: OK
+          headers: {}
+      tags:
+        - Ratelimits
+      description: >-
+        Using this endpoint you can get the ratelimits for a certain mailbox.
+        You can use all for all mailboxes.
+      operationId: Get mailbox ratelimits
+      summary: Get mailbox ratelimits
+  "/api/v1/get/rl-domain/{domain}":
+    get:
+      parameters:
+        - description: name of domain or all
+          in: path
+          name: domain
+          required: true
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - frame: s
+                      domain: domain.tld
+                      value: "5"
+                    - frame: s
+                      mailbox: domain2.tld
+                      value: "3"
+          description: OK
+          headers: {}
+      tags:
+        - Ratelimits
+      description: >-
+        Using this endpoint you can get the ratelimits for a certain domains.
+        You can use all for all domain.
+      operationId: Get domain ratelimits
+      summary: Get domain ratelimits
+  /api/v1/edit/rl-mbox/:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: success
+                      log:
+                        - ratelimit
+                        - edit
+                        - mailbox
+                        - object:
+                            - info@domain.tld
+                          rl_value: "10"
+                          rl_frame: h
+                      msg:
+                        - rl_saved
+                        - info@domain.tld
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Ratelimits
+      description: >-
+        Using this endpoint you can edit the ratelimits for a certain mailbox.
+      operationId: Edit mailbox ratelimits
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  rl_value: "10"
+                  rl_frame: "h"
+                items:
+                  - info@domain.tld
+              properties:
+                attr:
+                  properties:
+                    rl_frame:
+                      description: contains the frame for the ratelimit h,s,m
+                      type: string
+                    rl_value:
+                      description: contains the rate for the ratelimit 10,20,50,1
+                      type: number
+                  type: object
+                items:
+                  description: contains list of mailboxes you want to edit the ratelimit of
+                  type: object
+              type: object
+      summary: Edit mailbox ratelimits
+  /api/v1/edit/rl-domain/:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: success
+                    - log:
+                        - ratelimit
+                        - edit
+                        - domain
+                        - object:
+                            - domain.tld
+                          rl_value: "50"
+                          rl_frame: "h"
+                      msg:
+                        - rl_saved
+                        - domain.tld
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Ratelimits
+      description: >-
+        Using this endpoint you can edit the ratelimits for a certain domains.
+      operationId: Edit domain ratelimits
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  rl_value: "10"
+                  rl_frame: "h"
+                items:
+                  - domain.tld
+              properties:
+                attr:
+                  properties:
+                    rl_frame:
+                      description: contains the frame for the ratelimit h,s,m
+                      type: string
+                    rl_value:
+                      description: contains the rate for the ratelimit 10,20,50,1
+                      type: number
+                  type: object
+                items:
+                  description: contains list of domains you want to edit the ratelimit of
+                  type: object
+              type: object
+      summary: Edit domain ratelimits
+  /api/v1/get/status/containers:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    acme-mailcow:
+                      container: acme-mailcow
+                      image: "mailcow/acme:1.63"
+                      started_at: "2019-12-22T21:00:08.270660275Z"
+                      state: running
+                      type: info
+                    clamd-mailcow:
+                      container: clamd-mailcow
+                      image: "mailcow/clamd:1.35"
+                      started_at: "2019-12-22T21:00:01.622856172Z"
+                      state: running
+                      type: info
+                    dockerapi-mailcow:
+                      container: dockerapi-mailcow
+                      image: "mailcow/dockerapi:1.36"
+                      started_at: "2019-12-22T20:59:59.984797808Z"
+                      state: running
+                      type: info
+                    dovecot-mailcow:
+                      container: dovecot-mailcow
+                      image: "mailcow/dovecot:1.104"
+                      started_at: "2019-12-22T21:00:08.988680259Z"
+                      state: running
+                      type: info
+                    ipv6nat-mailcow:
+                      container: ipv6nat-mailcow
+                      image: robbertkl/ipv6nat
+                      started_at: "2019-12-22T21:06:37.273225445Z"
+                      state: running
+                      type: info
+                    memcached-mailcow:
+                      container: memcached-mailcow
+                      image: "memcached:alpine"
+                      started_at: "2019-12-22T20:59:58.0907785Z"
+                      state: running
+                      type: info
+                    mysql-mailcow:
+                      container: mysql-mailcow
+                      image: "mariadb:10.3"
+                      started_at: "2019-12-22T21:00:02.201937528Z"
+                      state: running
+                      type: info
+                    netfilter-mailcow:
+                      container: netfilter-mailcow
+                      image: "mailcow/netfilter:1.31"
+                      started_at: "2019-12-22T21:00:09.851559297Z"
+                      state: running
+                      type: info
+                    nginx-mailcow:
+                      container: nginx-mailcow
+                      image: "nginx:mainline-alpine"
+                      started_at: "2019-12-22T21:00:12.9843038Z"
+                      state: running
+                      type: info
+                    olefy-mailcow:
+                      container: olefy-mailcow
+                      image: "mailcow/olefy:1.2"
+                      started_at: "2019-12-22T20:59:59.676259274Z"
+                      state: running
+                      type: info
+                    php-fpm-mailcow:
+                      container: php-fpm-mailcow
+                      image: "mailcow/phpfpm:1.55"
+                      started_at: "2019-12-22T21:00:00.955808957Z"
+                      state: running
+                      type: info
+                    postfix-mailcow:
+                      container: postfix-mailcow
+                      image: "mailcow/postfix:1.44"
+                      started_at: "2019-12-22T21:00:07.186717617Z"
+                      state: running
+                      type: info
+                    redis-mailcow:
+                      container: redis-mailcow
+                      image: "redis:5-alpine"
+                      started_at: "2019-12-22T20:59:56.827166834Z"
+                      state: running
+                      type: info
+                    rspamd-mailcow:
+                      container: rspamd-mailcow
+                      image: "mailcow/rspamd:1.56"
+                      started_at: "2019-12-22T21:00:12.456075355Z"
+                      state: running
+                      type: info
+                    sogo-mailcow:
+                      container: sogo-mailcow
+                      image: "mailcow/sogo:1.65"
+                      started_at: "2019-12-22T20:59:58.382274592Z"
+                      state: running
+                      type: info
+                    unbound-mailcow:
+                      container: unbound-mailcow
+                      image: "mailcow/unbound:1.10"
+                      started_at: "2019-12-22T20:59:58.760595825Z"
+                      state: running
+                      type: info
+                    watchdog-mailcow:
+                      container: watchdog-mailcow
+                      image: "mailcow/watchdog:1.65"
+                      started_at: "2019-12-22T20:59:56.028660382Z"
+                      state: running
+                      type: info
+          description: OK
+          headers: {}
+      tags:
+        - Status
+      description: >-
+        Using this endpoint you can get the status of all containers and when
+        hey where started and a few other details.
+      operationId: Get container status
+      summary: Get container status
+  /api/v1/get/status/vmail:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    disk: /dev/mapper/mail--vg-root
+                    total: 41G
+                    type: info
+                    used: 11G
+                    used_percent: 28%
+          description: OK
+          headers: {}
+      tags:
+        - Status
+      description: >-
+        Using this endpoint you can get the status of the vmail and the amount
+        of used storage.
+      operationId: Get vmail status
+      summary: Get vmail status
+  /api/v1/get/status/version:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    version: "2022-04"
+          description: OK
+          headers: {}
+      tags:
+        - Status
+      description: >-
+        Using this endpoint you can get the current running release of this
+        instance.
+      operationId: Get version status
+      summary: Get version status
+  /api/v1/get/syncjobs/all/no_log:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      authmd51: 0
+                      authmech1: PLAIN
+                      automap: 1
+                      created: "2019-05-22 11:37:25"
+                      custom_params: ""
+                      delete1: 0
+                      delete2: 0
+                      delete2duplicates: 1
+                      domain2: ""
+                      enc1: TLS
+                      exclude: (?i)spam|(?i)junk
+                      host1: imap.server.tld
+                      id: 1
+                      is_running: 0
+                      last_run: "2019-05-22 11:40:02"
+                      log: ""
+                      maxage: 0
+                      maxbytespersecond: "0"
+                      mins_interval: "20"
+                      modified: "2019-05-22 11:40:02"
+                      port1: 993
+                      regextrans2: ""
+                      skipcrossduplicates: 0
+                      subfolder2: External
+                      subscribeall: 1
+                      timeout1: 600
+                      timeout2: 600
+                      user1: username
+                      user2: mailbox@domain.tld
+          description: OK
+          headers: {}
+      tags:
+        - Sync jobs
+      description: You can list all syn jobs existing in system.
+      operationId: Get sync jobs
+      summary: Get sync jobs
+  "/api/v1/get/tls-policy-map/{id}":
+    get:
+      parameters:
+        - description: id of entry you want to get
+          example: all
+          in: path
+          name: id
+          required: true
+          schema:
+            enum:
+              - all
+              - "1"
+              - "2"
+              - "5"
+              - "10"
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - parameters: ""
+                      active: "1"
+                      created: "2019-10-03 08:42:12"
+                      dest: mailcow.tld
+                      id: 1
+                      modified: null
+                      policy: encrypt
+          description: OK
+          headers: {}
+      tags:
+        - Outgoing TLS Policy Map Overrides
+      description: Using this endpoint you can get all TLS policy map override maps.
+      operationId: Get TLS Policy Map
+      summary: Get TLS Policy Map
+  "/api/v1/get/transport/{id}":
+    get:
+      parameters:
+        - description: id of entry you want to get
+          example: all
+          in: path
+          name: id
+          required: true
+          schema:
+            enum:
+              - all
+              - "1"
+              - "2"
+              - "5"
+              - "10"
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      destination: example.org
+                      id: 1
+                      lookup_mx: "0"
+                      nexthop: "host:25"
+                      password: supersecurepw
+                      password_short: sup...
+                      username: testuser
+          description: OK
+          headers: {}
+      tags:
+        - Routing
+      description: Using this endpoint you can get all Transport Maps.
+      operationId: Get Transport Maps
+      summary: Get Transport Maps
+  /api/v1/edit/spam-score/:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: success
+                      log:
+                        - mailbox
+                        - edit
+                        - spam_score
+                        - username:
+                            - info@domain.tld
+                          spam_score: "8,15"
+                      msg:
+                        - mailbox_modified
+                        - info@domain.tld
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: >-
+        Using this endpoint you can edit the spam filter score for a certain mailbox.
+      operationId: Edit mailbox spam filter score
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - items:
+                    - info@domain.tld
+                  attr:
+                    spam_score: "8,15"
+      summary: Edit mailbox spam filter score
+  "/api/v1/get/mailbox/all/{domain}":
+    get:
+      parameters:
+        - description: name of domain
+          in: path
+          name: domain
+          required: true
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      attributes:
+                        force_pw_update: "0"
+                        mailbox_format: "maildir:"
+                        quarantine_notification: never
+                        sogo_access: "1"
+                        tls_enforce_in: "0"
+                        tls_enforce_out: "0"
+                      custom_attributes: {}
+                      domain: domain3.tld
+                      is_relayed: 0
+                      local_part: info
+                      max_new_quota: 10737418240
+                      messages: 0
+                      name: Full name
+                      percent_class: success
+                      percent_in_use: 0
+                      quota: 3221225472
+                      quota_used: 0
+                      rl: false
+                      spam_aliases: 0
+                      username: info@domain3.tld
+                      tags: ["tag1", "tag2"]
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: You can list all mailboxes existing in system for a specific domain.
+      operationId: Get mailboxes of a domain
+      summary: Get mailboxes of a domain
+  /api/v1/edit/cors:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: "success"
+                      log: ["cors", "edit", {"allowed_origins": ["*", "mail.mailcow.tld"], "allowed_methods": ["POST", "GET", "DELETE", "PUT"]}]
+                      msg: "cors_headers_edited"
+          description: OK
+          headers: { }
+      tags:
+        - Cross-Origin Resource Sharing (CORS)
+      description: >-
+        This endpoint allows you to manage Cross-Origin Resource Sharing (CORS) settings for the API.
+        CORS is a security feature implemented by web browsers to prevent unauthorized cross-origin requests.
+        By editing the CORS settings, you can specify which domains and which methods are permitted to access the API resources from outside the mailcow domain.
+      operationId: Edit Cross-Origin Resource Sharing (CORS) settings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  allowed_origins: ["*", "mail.mailcow.tld"]
+                  allowed_methods: ["POST", "GET", "DELETE", "PUT"]
+              properties:
+                attr:
+                  type: object
+                  properties:
+                    allowed_origins:
+                      type: array
+                      items:
+                        type: string
+                    allowed_methods:
+                      type: array
+                      items:
+                        type: string
+      summary: Edit Cross-Origin Resource Sharing (CORS) settings
+  "/api/v1/get/spam-score/{mailbox}":
+    get:
+      parameters:
+        - description: name of mailbox or empty for current user - admin user will retrieve the global spam filter score
+          in: path
+          name: mailbox
+          required: true
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    spam_score: "8,15"
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: >-
+        Using this endpoint you can get the global spam filter score or the spam filter score of a certain mailbox.
+      operationId: Get mailbox or global spam filter score
+      summary: Get mailbox or global spam filter score
+  /api/v1/edit/identity-provider:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: "success"
+                      log:
+                        - "identity_provider"
+                        - "edit"
+                        - authsource: "keycloak"
+                          server_url: "https://auth.mailcow.tld"
+                          realm: "mailcow"
+                          client_id: "mailcow_client"
+                          client_secret: "*"
+                          redirect_url: "https://mail.mailcow.tld"
+                          redirect_url_extra: ["https://extramail.mailcow.tld"]
+                          version: "26.1.3"
+                          default_template: "Default"
+                          mappers:
+                            - "small_mbox"
+                            - "medium_mbox"
+                          templates:
+                            - "small"
+                            - "medium"
+                          ignore_ssl_error: true
+                          mailpassword_flow: true
+                          periodic_sync: true
+                          import_users: true
+                          sync_interval: 30
+                      msg:
+                        - "object_modified"
+                        - ""
+          description: OK
+          headers: { }
+      tags:
+        - Identity Provider
+      description: >-
+        Configure an external Identity Provider to use as user authentication
+      operationId: Edit external Identity Provider settings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              properties:
+                items:
+                  type: array
+                  default: ["identity-provider"]
+                attr:
+                  type: object
+                  properties:
+                    authsource:
+                      description: Specifies the type of the Identity Provider
+                      type: string
+                      enum: [ldap, keycloak, generic-oidc]
+                    server_url:
+                      description: The base URL of your Keycloak server. Required if `authsource` is keycloak.
+                      type: string
+                    realm:
+                      description: The Keycloak realm where the mailcow client is configured. Required if `authsource` is keycloak.
+                      type: string
+                    client_id:
+                      description: The Client ID assigned to mailcow Client in OIDC Provider. Required if `authsource` is keycloak or generic-oidc.
+                      type: string
+                    client_secret:
+                      description: The Client Secret assigned to mailcow Client in OIDC Provider. Required if `authsource` is keycloak or generic-oidc.
+                      type: string
+                    redirect_url:
+                      description: The redirect URL that OIDC Provider will use after authentication. Required if `authsource` is keycloak or generic-oidc.
+                      type: string
+                    redirect_url_extra:
+                      description: Additional redirect URLs that OIDC Provider can use after authentication if valid.
+                      type: array
+                    version:
+                      description: Specifies the Keycloak version. Required if `authsource` is keycloak.
+                      type: string
+                    default_template:
+                      description: (Optional) If no matching Attribute Mapping exists for a User, the default template will be used for creating the mailbox, but not for updating the mailbox.
+                      type: string
+                    mappers:
+                      description: (Optional) Attribute values used to match a mailbox template. Each element corresponds to the respective index in the templates array (i.e., the first element matches the first element of templates, the second matches the second, and so on).
+                      type: array
+                    templates:
+                      description: (Optional) Defines the mailbox templates to be assigned. Each element corresponds to the respective index in the `mappers` array.
+                      type: array
+                    ignore_ssl_error:
+                      description: If enabled, SSL certificate validation is bypassed
+                      type: boolean
+                      default: false
+                    mailpassword_flow:
+                      description: If enabled, mailcow will attempt to validate user credentials using the Keycloak Admin REST API instead of relying solely on the Authorization Code Flow.
+                      type: boolean
+                      default: false
+                    periodic_sync:
+                      description: If enabled, mailcow periodically performs a full sync of all users from Keycloak or LDAP.
+                      type: boolean
+                      default: false
+                    import_users:
+                      description: If enabled, new users are automatically imported from Keycloak or LDAP into mailcow.
+                      type: boolean
+                      default: false
+                    sync_interval:
+                      description: Defines the time interval (in minutes) for periodic synchronization and user imports.
+                      type: number
+                      default: 15
+                    host:
+                      description: The address of your LDAP server. You can provide a single hostname or a comma-separated list of hosts for fallback in case the primary server is unreachable. Required if `authsource` is ldap.
+                      type: string
+                    port:
+                      description: The port used to connect to the LDAP server. Required if `authsource` is ldap.
+                      type: string
+                    use_ssl:
+                      description: enable LDAPS connection. If Port is set to 389 it will be overriden to 636.
+                      type: boolean
+                      default: false
+                    use_tls:
+                      description: enable TLS connection. TLS is recommended over SSL. SSL Ports cannot be used.
+                      type: boolean
+                      default: false
+                    basedn:
+                      description: The Distinguished Name (DN) from which searches will be performed. Required if `authsource` is ldap.
+                      type: string
+                    username_field:
+                      description: The LDAP attribute used to identify users during authentication. Required if `authsource` is ldap.
+                      type: string
+                      default: mail
+                    filter:
+                      description: An optional LDAP search filter to refine which users can authenticate.
+                      type: string
+                    attribute_field:
+                      description: Specifies an LDAP attribute that holds a specific value which can be mapped to a mailbox template using the Attribute Mapping section. Required if `authsource` is ldap.
+                      type: string
+                    binddn:
+                      description: The Distinguished Name (DN) of the LDAP user that will be used to authenticate and perform LDAP searches. This account should have sufficient permissions to read the required attributes. Required if `authsource` is ldap.
+                      type: string
+                    bindpass:
+                      description: The password for the Bind DN user. It is required for authentication when connecting to the LDAP server. Required if `authsource` is ldap.
+                      type: string
+                    authorize_url:
+                      description: The OIDC provider's authorization server URL. Required if `authsource` is generic-oidc.
+                      type: string
+                    token_url:
+                      description: The OIDC provider's token server URL. Required if `authsource` is generic-oidc.
+                      type: string
+                    userinfo_url:
+                      description: The OIDC provider's user info server URL. Required if `authsource` is generic-oidc.
+                      type: string
+                    client_scopes:
+                      description: Specifies the OIDC scopes requested during authentication.
+                      type: string
+                      default: "openid profile email mailcow_template"
+            examples:
+              keycloak:
+                value:
+                  items:
+                    - "identity-provider"
+                  attr:
+                    authsource: "keycloak"
+                    server_url: "https://auth.mailcow.tld"
+                    realm: "mailcow"
+                    client_id: "mailcow_client"
+                    client_secret: "Xy7GdPqvJ9m3R8sT2LkVZ5W1oNbCaYQf"
+                    redirect_url: "https://mail.mailcow.tld"
+                    redirect_url_extra: ["https://extramail.mailcow.tld"]
+                    version: "26.1.3"
+                    default_template: "Default"
+                    mappers: ["small_mbox", "medium_mbox"]
+                    templates: ["small", "medium"]
+                    ignore_ssl_error: true
+                    mailpassword_flow: true
+                    periodic_sync: true
+                    import_users: true
+                    sync_interval: 30
+              ldap:
+                value:
+                  items:
+                    - "identity-provider"
+                  attr:
+                    authsource: "ldap"
+                    host: "127.0.0.1"
+                    port: "389"
+                    use_ssl: false
+                    use_tls: false
+                    ignore_ssl_error: false
+                    basedn: "DC=mailcow,DC=local"
+                    username_field: "mail"
+                    filter: "(memberOf:1.2.840.113556.1.4.1941:=DC=mailcow,DC=local)"
+                    attribute_field: "othermailbox"
+                    binddn: "CN=LDAP Read Only,CN=Users,DC=mailcow,DC=local"
+                    bindpass: "moohoo"
+                    default_template: "Default"
+                    mappers: ["small_mbox", "medium_mbox"]
+                    templates: ["small", "medium"]
+                    periodic_sync: true
+                    import_users: true
+                    sync_interval: 30
+              generic-oidc:
+                value:
+                  items:
+                    - "identity-provider"
+                  attr:
+                    authsource: "generic-oidc"
+                    authorize_url: "https://auth.mailcow.tld/application/o/authorize/"
+                    token_url: "https://auth.mailcow.tld/application/o/token/"
+                    userinfo_url: "https://auth.mailcow.tld/application/o/userinfo/"
+                    client_id: "mailcow_client"
+                    client_secret: "Xy7GdPqvJ9m3R8sT2LkVZ5W1oNbCaYQf"
+                    redirect_url: "https://mail.mailcow.tld"
+                    redirect_url_extra: ["https://extramail.mailcow.tld"]
+                    client_scopes: "openid profile email mailcow_template"
+                    default_template: "Default"
+                    mappers: ["small_mbox", "medium_mbox"]
+                    templates: ["small", "medium"]
+                    ignore_ssl_error: true
+      summary: Edit external Identity Provider
+
+tags:
+  - name: Domains
+    description: You can create antispam whitelist and blacklist policies
+  - name: Domain antispam policies
+    description: You can edit the Domain Antispam policies
+  - name: Mailboxes
+    description: You can manage mailboxes
+  - name: Aliases
+    description: You can manage aliases
+  - name: Sync jobs
+    description: Using Syncjobs you can sync your mails with other email servers
+  - name: Fordwarding Hosts
+    description: Forwarding Hosts enable you to send mail using a relay
+  - name: Logs
+    description: Get all mailcow system logs
+  - name: Queue Manager
+    description: Manage the postfix mail queue
+  - name: Quarantine
+    description: Check what emails went to quarantine
+  - name: Fail2Ban
+    description: Manage the Netfilter fail2ban options
+  - name: DKIM
+    description: Manage DKIM keys
+  - name: Domain admin
+    description: Create or udpdate domain admin users
+  - name: Single Sign-On
+    description: Issue tokens for users
+  - name: Address Rewriting
+    description: Create BCC maps or recipient maps
+  - name: Outgoing TLS Policy Map Overrides
+    description: Force global TLS policys
+  - name: oAuth Clients
+    description: Use mailcow as a oAuth server
+  - name: Routing
+    description: Define your own email routes
+  - name: Resources
+    description: Manage ressources
+  - name: App Passwords
+    description: Create mailbox app passwords
+  - name: Status
+    description: Get the status of your cow
+  - name: Ratelimits
+    description: Edit domain ratelimits
+  - name: Cross-Origin Resource Sharing (CORS)
+    description: Manage Cross-Origin Resource Sharing (CORS) settings
+  - name: Identity Provider
+    description: Manage external Identity Provider settings
diff --git a/docs/prd.md b/docs/prd.md
new file mode 100644
index 0000000..5c551b3
--- /dev/null
+++ b/docs/prd.md
@@ -0,0 +1,62 @@
+🚀 Ürün Gereksinim Dokümanı (PRD): AyrisMail Central
+1. Ürün Özeti
+AyrisMail Central, Mailcow API’sini kullanarak birden fazla domaini ve bu domainlere bağlı mail hesaplarını yönetmeye yarayan, Next.js tabanlı bir "Multi-Tenant" (Çoklu Kiracılı) yönetim panelidir. Kullanıcılar, teknik bilgiye ihtiyaç duymadan kendi domainleri altında mail hesabı açıp kapatabilirler.
+
+2. Kullanıcı Rolleri ve Yetkiler
+Süper Admin (Mustafa): * Tüm domainleri ekler/siler.
+
+Domain Admin’leri oluşturur.
+
+Sunucu genel kotasını ve API anahtarlarını yönetir.
+
+Domain Admin (Örn: Emina Hanım):
+
+Sadece kendisine atanmış olan domaini (örn: aveminakarabudak.com) görür.
+
+Yeni mail kutusu oluşturabilir, mevcut olanları silebilir.
+
+Kullanıcıların şifrelerini sıfırlayabilir ve kotalarını güncelleyebilir.
+
+3. Temel Özellikler (MVP)
+A. Dashboard & Auth
+
+Güvenli Giriş: NextAuth.js ile e-posta ve şifre tabanlı giriş sistemi.
+
+Hızlı Özet: Aktif mail kutusu sayısı, kullanılan toplam disk alanı ve domain sağlık durumu (SPF/DKIM/MX) göstergeleri.
+
+B. Domain Yönetimi (Süper Admin)
+
+Domain Listesi: Tüm kayıtlı domainlerin tablosu.
+
+Domain Atama: Hangi domainin hangi kullanıcı tarafından yönetileceğinin belirlenmesi.
+
+C. Mail Hesabı Yönetimi (Domain Admin)
+
+Hesap Oluşturma Formu: * local_part (isim), name (Ad Soyad), password ve quota (MB) girişleri.
+
+Hesap Listeleme: Mevcut mail hesaplarının (örn: info@domain.com) tablo halinde gösterimi.
+
+Hızlı İşlemler: Tek tıkla şifre güncelleme veya hesabı pasife alma.
+
+4. Teknik Altyapı (Tech Stack)
+Framework: Next.js 14+ (App Router)
+
+Stil: Tailwind CSS + Shadcn/UI (Karanlık Mod desteği dahil)
+
+State Management: TanStack Query (API verilerini anlık çekmek için)
+
+API Entegrasyonu: Mailcow API (Server-side fetch işlemleri)
+
+Veritabanı (Küçük bir DB): Kullanıcı rolleri ve domain atamalarını tutmak için (Supabase veya Prisma/Postgres).
+
+5. UI/UX Tasarım Konsepti
+Temiz Arayüz: Mailcow’un binlerce ayarı yerine sadece "Mail Ekle", "Şifre Değiştir", "Sil" butonlarının olduğu minimalist bir tasarım.
+
+White-Label: Giriş ekranında AyrisTech logosu, içeride ise ilgili domainin başlığı.
+
+Mobil Uyum: Telefon üzerinden kolayca yeni mail açabilme yeteneği.
+
+6. Başarı Kriterleri
+Bir domain admininin sisteme girip yeni bir mail hesabı oluşturma süresinin 15 saniyenin altında olması.
+
+Süper adminin sunucu terminaline veya ana Mailcow paneline girmeden tüm günlük işlerini Next.js üzerinden yapabilmesi.
\ No newline at end of file
diff --git a/docs/prd2.md b/docs/prd2.md
new file mode 100644
index 0000000..e1cad8c
--- /dev/null
+++ b/docs/prd2.md
@@ -0,0 +1,49 @@
+📧 Ürün Gereksinim Dokümanı (PRD): AyrisMail Web Client Modülü
+1. Ürün Özeti
+AyrisMail Web Client, AyrisMail Central ekosisteminin içine entegre edilmiş, modern, hızlı ve minimalist bir e-posta okuma/yazma modülüdür. Kullanıcıların Mailcow sunucusu üzerindeki e-postalarına IMAP/SMTP protokolleri üzerinden tarayıcı tabanlı erişimini sağlar.
+
+2. Kullanıcı Deneyimi (UX) Hedefleri
+Gmail Tarzı Akış: Hızlı geçişler, klavye kısayolları ve temiz bir okuma alanı.
+
+Zero-Refresh: Next.js ve TanStack Query kullanarak sayfa yenilenmeden mail okuma ve klasörler arası geçiş.
+
+Responsive: Masaüstünde üç sütunlu (Klasörler - Liste - Detay), mobilde ise liste odaklı tasarım.
+
+3. Temel Özellikler (MVP)
+A. Gelen Kutusu ve Klasör Yönetimi
+
+Liste Görünümü: Okunmamış maillerin kalın fontla vurgulandığı, gönderen adı, konu ve tarihin görüldüğü liste alanı.
+
+Klasör Desteği: Gelen Kutusu (Inbox), Taslaklar (Drafts), Gönderilenler (Sent), Çöp Kutusu (Trash) ve Arşiv arasında geçiş.
+
+Arama: Gönderen adına veya konu başlığına göre hızlı filtreleme.
+
+B. Okuma ve Yanıtlama
+
+Rich Text Okuma: HTML formatındaki maillerin güvenli bir şekilde (XSS korumalı) görüntülenmesi.
+
+Ekleri Görüntüleme: Gelen eklerin (PDF, Görsel) tarayıcı içinde önizlenmesi veya indirilmesi.
+
+Yanıtla/İlet: Mailleri yanıtlama veya başkasına iletme fonksiyonları.
+
+C. Mail Yazma (Compose)
+
+Zengin Metin Editörü: Bold, Italic, Liste gibi temel formatlama özelliklerine sahip editör.
+
+Dosya Eki: Drag-and-drop (sürükle-bırak) yöntemiyle dosya ekleme.
+
+4. Teknik Mimari ve Protokoller
+IMAP Entegrasyonu: Sunucu tarafında imapflow kütüphanesi ile mail içeriklerinin çekilmesi.
+
+SMTP Entegrasyonu: nodemailer ile güvenli mail gönderimi.
+
+Frontend UI: shadcn/ui'ın Mail component şablonu (Bu şablon doğrudan Gmail arayüzünü referans alır).
+
+Güvenlik: Kullanıcı şifreleri veritabanında saklanmaz; oturum bazlı (session) olarak IMAP bağlantısı için kullanılır.
+
+5. Yol Haritası (Gelecek Özellikler)
+Push Notifications: Yeni mail geldiğinde tarayıcı veya mobil bildirimi.
+
+Otomatik İmza: Kullanıcı bazlı zengin metin imzalar.
+
+Spam Yönetimi: Mailcow API ile entegre "Spam olarak işaretle" butonu.
\ No newline at end of file
diff --git a/lib/format.ts b/lib/format.ts
new file mode 100644
index 0000000..5c12d72
--- /dev/null
+++ b/lib/format.ts
@@ -0,0 +1,13 @@
+/**
+ * Byte cinsinden değeri okunabilir formata çevirir.
+ * Örn: 3221225472 → "3 GB", 524288000 → "500 MB"
+ */
+export function formatBytes(bytes: number): string {
+  if (bytes === 0) return "0 MB";
+  const mb = bytes / (1024 * 1024);
+  if (mb >= 1024) {
+    const gb = mb / 1024;
+    return gb % 1 === 0 ? `${gb} GB` : `${gb.toFixed(1)} GB`;
+  }
+  return mb % 1 === 0 ? `${mb} MB` : `${mb.toFixed(1)} MB`;
+}
diff --git a/lib/imap.ts b/lib/imap.ts
new file mode 100644
index 0000000..c988a30
--- /dev/null
+++ b/lib/imap.ts
@@ -0,0 +1,339 @@
+/**
+ * lib/imap.ts
+ * IMAP client using imapflow — server-side only.
+ * Connects with user's mailbox credentials (from session), never stored in DB.
+ */
+
+import { ImapFlow } from "imapflow";
+import { simpleParser, ParsedMail } from "mailparser";
+
+const IMAP_HOST = process.env.MAILCOW_API_URL
+  ? new URL(process.env.MAILCOW_API_URL).hostname
+  : "localhost";
+const IMAP_PORT = parseInt(process.env.IMAP_PORT ?? "993");
+
+export interface MailCredentials {
+  email: string;
+  password: string;
+}
+
+export interface MailFolder {
+  name: string;
+  path: string;
+  specialUse?: string;
+  messages: number;
+  unseen: number;
+}
+
+export interface MailEnvelope {
+  uid: number;
+  seq: number;
+  subject: string;
+  from: { name: string; address: string }[];
+  to: { name: string; address: string }[];
+  date: string;
+  seen: boolean;
+  flagged: boolean;
+  hasAttachments: boolean;
+  size: number;
+  preview: string;
+}
+
+export interface MailMessage {
+  uid: number;
+  subject: string;
+  from: { name: string; address: string }[];
+  to: { name: string; address: string }[];
+  cc: { name: string; address: string }[];
+  date: string;
+  html: string;
+  text: string;
+  seen: boolean;
+  flagged: boolean;
+  attachments: {
+    filename: string;
+    contentType: string;
+    size: number;
+    cid?: string;
+  }[];
+}
+
+/** Create an IMAP connection for the given credentials */
+async function createConnection(creds: MailCredentials): Promise<ImapFlow> {
+  const client = new ImapFlow({
+    host: IMAP_HOST,
+    port: IMAP_PORT,
+    secure: true,
+    auth: {
+      user: creds.email,
+      pass: creds.password,
+    },
+    logger: false,
+    tls: {
+      rejectUnauthorized: false,
+    },
+  });
+  await client.connect();
+  return client;
+}
+
+/** List all mailbox folders */
+export async function listFolders(creds: MailCredentials): Promise<MailFolder[]> {
+  const client = await createConnection(creds);
+  try {
+    const mailboxes = await client.list();
+    const folders: MailFolder[] = [];
+
+    for (const mb of mailboxes) {
+      try {
+        const status = await client.status(mb.path, {
+          messages: true,
+          unseen: true,
+        });
+        folders.push({
+          name: mb.name,
+          path: mb.path,
+          specialUse: mb.specialUse || undefined,
+          messages: status.messages ?? 0,
+          unseen: status.unseen ?? 0,
+        });
+      } catch {
+        folders.push({
+          name: mb.name,
+          path: mb.path,
+          specialUse: mb.specialUse || undefined,
+          messages: 0,
+          unseen: 0,
+        });
+      }
+    }
+
+    return folders;
+  } finally {
+    await client.logout();
+  }
+}
+
+/** Map imapflow address to our format */
+function mapAddr(
+  addrs: { name?: string; address?: string }[] | undefined
+): { name: string; address: string }[] {
+  if (!addrs) return [];
+  return addrs.map((a) => ({
+    name: a.name ?? "",
+    address: a.address ?? "",
+  }));
+}
+
+/** List messages in a folder (paginated) */
+export async function listMessages(
+  creds: MailCredentials,
+  folder: string,
+  page: number = 1,
+  pageSize: number = 50
+): Promise<{ messages: MailEnvelope[]; total: number }> {
+  const client = await createConnection(creds);
+  try {
+    const lock = await client.getMailboxLock(folder);
+    try {
+      const total = client.mailbox?.exists ?? 0;
+      if (total === 0) return { messages: [], total: 0 };
+
+      // Newest first: fetch from end
+      const end = total;
+      const start = Math.max(1, end - (page * pageSize) + 1);
+      const fetchStart = Math.max(1, end - ((page - 1) * pageSize));
+      const fetchEnd = Math.max(1, end - (page * pageSize) + 1);
+      const range = `${fetchEnd}:${fetchStart}`;
+
+      const messages: MailEnvelope[] = [];
+      for await (const msg of client.fetch(range, {
+        uid: true,
+        envelope: true,
+        flags: true,
+        bodyStructure: true,
+        size: true,
+      })) {
+        const env = msg.envelope;
+        messages.push({
+          uid: msg.uid,
+          seq: msg.seq,
+          subject: env.subject ?? "(Konu yok)",
+          from: mapAddr(env.from),
+          to: mapAddr(env.to),
+          date: env.date?.toISOString() ?? new Date().toISOString(),
+          seen: msg.flags?.has("\\Seen") ?? false,
+          flagged: msg.flags?.has("\\Flagged") ?? false,
+          hasAttachments: hasAttachmentParts(msg.bodyStructure),
+          size: msg.size ?? 0,
+          preview: "",
+        });
+      }
+
+      // Reverse so newest is first
+      messages.reverse();
+      return { messages, total };
+    } finally {
+      lock.release();
+    }
+  } finally {
+    await client.logout();
+  }
+}
+
+/** Check if bodyStructure has attachment parts */
+function hasAttachmentParts(structure: any): boolean {
+  if (!structure) return false;
+  if (structure.disposition === "attachment") return true;
+  if (structure.childNodes) {
+    return structure.childNodes.some((n: any) => hasAttachmentParts(n));
+  }
+  return false;
+}
+
+/** Fetch a single message by UID with full body */
+export async function getMessage(
+  creds: MailCredentials,
+  folder: string,
+  uid: number
+): Promise<MailMessage | null> {
+  const client = await createConnection(creds);
+  try {
+    const lock = await client.getMailboxLock(folder);
+    try {
+      const raw = await client.download(String(uid), undefined, { uid: true });
+      if (!raw?.content) return null;
+
+      const parsed: ParsedMail = await simpleParser(raw.content);
+
+      // Mark as seen
+      await client.messageFlagsAdd(String(uid), ["\\Seen"], { uid: true });
+
+      return {
+        uid,
+        subject: parsed.subject ?? "(Konu yok)",
+        from: parsed.from?.value?.map((a) => ({ name: a.name ?? "", address: a.address ?? "" })) ?? [],
+        to: (Array.isArray(parsed.to) ? parsed.to : parsed.to ? [parsed.to] : [])
+          .flatMap((t) => t.value?.map((a) => ({ name: a.name ?? "", address: a.address ?? "" })) ?? []),
+        cc: (Array.isArray(parsed.cc) ? parsed.cc : parsed.cc ? [parsed.cc] : [])
+          .flatMap((c) => c.value?.map((a) => ({ name: a.name ?? "", address: a.address ?? "" })) ?? []),
+        date: parsed.date?.toISOString() ?? new Date().toISOString(),
+        html: parsed.html || "",
+        text: parsed.text || "",
+        seen: true,
+        flagged: false,
+        attachments: (parsed.attachments ?? []).map((att) => ({
+          filename: att.filename ?? "unnamed",
+          contentType: att.contentType ?? "application/octet-stream",
+          size: att.size ?? 0,
+          cid: att.cid,
+        })),
+      };
+    } finally {
+      lock.release();
+    }
+  } finally {
+    await client.logout();
+  }
+}
+
+/** Download attachment by filename */
+export async function getAttachment(
+  creds: MailCredentials,
+  folder: string,
+  uid: number,
+  filename: string
+): Promise<{ content: Buffer; contentType: string } | null> {
+  const client = await createConnection(creds);
+  try {
+    const lock = await client.getMailboxLock(folder);
+    try {
+      const raw = await client.download(String(uid), undefined, { uid: true });
+      if (!raw?.content) return null;
+
+      const parsed = await simpleParser(raw.content);
+      const att = parsed.attachments?.find((a) => a.filename === filename);
+      if (!att) return null;
+
+      return {
+        content: att.content,
+        contentType: att.contentType ?? "application/octet-stream",
+      };
+    } finally {
+      lock.release();
+    }
+  } finally {
+    await client.logout();
+  }
+}
+
+/** Move message to another folder */
+export async function moveMessage(
+  creds: MailCredentials,
+  fromFolder: string,
+  uid: number,
+  toFolder: string
+): Promise<void> {
+  const client = await createConnection(creds);
+  try {
+    const lock = await client.getMailboxLock(fromFolder);
+    try {
+      await client.messageMove(String(uid), toFolder, { uid: true });
+    } finally {
+      lock.release();
+    }
+  } finally {
+    await client.logout();
+  }
+}
+
+/** Delete message (move to Trash or permanent delete) */
+export async function deleteMessage(
+  creds: MailCredentials,
+  folder: string,
+  uid: number
+): Promise<void> {
+  const client = await createConnection(creds);
+  try {
+    const lock = await client.getMailboxLock(folder);
+    try {
+      // If already in Trash, permanently delete
+      if (folder.toLowerCase().includes("trash")) {
+        await client.messageFlagsAdd(String(uid), ["\\Deleted"], { uid: true });
+        await client.expunge();
+      } else {
+        // Move to Trash
+        await client.messageMove(String(uid), "Trash", { uid: true });
+      }
+    } finally {
+      lock.release();
+    }
+  } finally {
+    await client.logout();
+  }
+}
+
+/** Toggle flag on a message */
+export async function toggleFlag(
+  creds: MailCredentials,
+  folder: string,
+  uid: number,
+  flag: string,
+  add: boolean
+): Promise<void> {
+  const client = await createConnection(creds);
+  try {
+    const lock = await client.getMailboxLock(folder);
+    try {
+      if (add) {
+        await client.messageFlagsAdd(String(uid), [flag], { uid: true });
+      } else {
+        await client.messageFlagsRemove(String(uid), [flag], { uid: true });
+      }
+    } finally {
+      lock.release();
+    }
+  } finally {
+    await client.logout();
+  }
+}
diff --git a/lib/mail-session.ts b/lib/mail-session.ts
new file mode 100644
index 0000000..1773363
--- /dev/null
+++ b/lib/mail-session.ts
@@ -0,0 +1,56 @@
+/**
+ * lib/mail-session.ts
+ * Stores/retrieves mail credentials in an encrypted httpOnly cookie.
+ * Credentials never hit the database.
+ */
+
+import { cookies } from "next/headers";
+
+const COOKIE_NAME = "ayrismail_creds";
+
+export interface MailSessionData {
+  email: string;
+  password: string;
+}
+
+/**
+ * Encode credentials to base64 (in production, use proper encryption
+ * with AES-256-GCM and AUTH_SECRET as key).
+ */
+function encode(data: MailSessionData): string {
+  return Buffer.from(JSON.stringify(data)).toString("base64");
+}
+
+function decode(token: string): MailSessionData | null {
+  try {
+    return JSON.parse(Buffer.from(token, "base64").toString("utf-8"));
+  } catch {
+    return null;
+  }
+}
+
+/** Save mail credentials to cookie */
+export async function setMailSession(data: MailSessionData): Promise<void> {
+  const cookieStore = await cookies();
+  cookieStore.set(COOKIE_NAME, encode(data), {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    sameSite: "lax",
+    maxAge: 60 * 60 * 24, // 24 hours
+    path: "/",
+  });
+}
+
+/** Get mail credentials from cookie */
+export async function getMailSession(): Promise<MailSessionData | null> {
+  const cookieStore = await cookies();
+  const cookie = cookieStore.get(COOKIE_NAME);
+  if (!cookie?.value) return null;
+  return decode(cookie.value);
+}
+
+/** Clear mail credentials cookie */
+export async function clearMailSession(): Promise<void> {
+  const cookieStore = await cookies();
+  cookieStore.delete(COOKIE_NAME);
+}
diff --git a/lib/mailcow.ts b/lib/mailcow.ts
new file mode 100644
index 0000000..8820303
--- /dev/null
+++ b/lib/mailcow.ts
@@ -0,0 +1,211 @@
+/**
+ * lib/mailcow.ts
+ * Mailcow API client — server-side only.
+ * Uses the single super-admin API key from .env.
+ */
+
+const BASE = process.env.MAILCOW_API_URL?.replace(/\/$/, "") ?? "";
+const KEY = process.env.MAILCOW_API_KEY ?? "";
+
+async function mfetch(path: string, options: RequestInit = {}) {
+  const url = `${BASE}/api/v1${path}`;
+  const res = await fetch(url, {
+    ...options,
+    headers: {
+      "Content-Type": "application/json",
+      "X-API-Key": KEY,
+      ...options.headers,
+    },
+    // Don't cache — always fresh
+    cache: "no-store",
+  });
+  return res;
+}
+
+// ─── Types ─────────────────────────────────────────────────
+
+export interface MailcowDomain {
+  domain_name: string;
+  description: string;
+  active: string;        // "1" | "0"
+  mboxes_in_domain: number;
+  mboxes_left: number;
+  max_num_mboxes_for_domain: number;
+  quota_used_in_domain: string;
+  max_quota_for_domain: number;
+  max_quota_for_mbox: number;
+  aliases_in_domain: number;
+  aliases_left: number;
+}
+
+export interface MailcowMailbox {
+  username: string;      // full email e.g. info@domain.com
+  name: string;          // display name
+  local_part: string;
+  domain: string;
+  quota: number;         // bytes
+  quota_used: number;    // bytes
+  active: string;        // "1" | "0"
+  created: string;
+  modified: string;
+}
+
+export interface MailcowDomainAdmin {
+  username: string;
+  active: string;
+  domains: string[];
+  created: string;
+  modified: string;
+}
+
+// ─── Domains ────────────────────────────────────────────────
+
+export async function getDomains(): Promise<MailcowDomain[]> {
+  const res = await mfetch("/get/domain/all");
+  if (!res.ok) return [];
+  const data = await res.json();
+  return Array.isArray(data) ? data : [];
+}
+
+export async function getDomain(domain: string): Promise<MailcowDomain | null> {
+  const res = await mfetch(`/get/domain/${domain}`);
+  if (!res.ok) return null;
+  const data = await res.json();
+  return Array.isArray(data) ? data[0] ?? null : data ?? null;
+}
+
+export async function createDomain(payload: {
+  domain: string;
+  description?: string;
+  aliases?: number;
+  mailboxes?: number;
+  defquota?: number;
+  maxquota?: number;
+  quota?: number;
+  active?: number;
+}) {
+  const body = {
+    active: 1,
+    aliases: 400,
+    mailboxes: 10,
+    defquota: 3072,
+    maxquota: 10240,
+    quota: 10240,
+    ...payload,
+  };
+  const res = await mfetch("/add/domain", { method: "POST", body: JSON.stringify(body) });
+  const data = await res.json();
+  return { ok: res.ok, data };
+}
+
+export async function deleteDomain(domain: string) {
+  const res = await mfetch("/delete/domain", {
+    method: "POST",
+    body: JSON.stringify([domain]),
+  });
+  const data = await res.json();
+  return { ok: res.ok, data };
+}
+
+// ─── Domain Admins ──────────────────────────────────────────
+
+export async function getDomainAdmins(): Promise<MailcowDomainAdmin[]> {
+  const res = await mfetch("/get/domain-admin/all");
+  if (!res.ok) return [];
+  const data = await res.json();
+  return Array.isArray(data) ? data : Object.values(data);
+}
+
+export async function createDomainAdmin(payload: {
+  username: string;
+  password: string;
+  domains: string;   // comma-separated or single domain
+  active?: number;
+}) {
+  const body = {
+    active: 1,
+    password2: payload.password,
+    ...payload,
+  };
+  const res = await mfetch("/add/domain-admin", { method: "POST", body: JSON.stringify(body) });
+  const data = await res.json();
+  return { ok: res.ok, data };
+}
+
+export async function deleteDomainAdmin(username: string) {
+  const res = await mfetch("/delete/domain-admin", {
+    method: "POST",
+    body: JSON.stringify([username]),
+  });
+  const data = await res.json();
+  return { ok: res.ok, data };
+}
+
+// ─── Mailboxes ──────────────────────────────────────────────
+
+export async function getMailboxes(domain: string): Promise<MailcowMailbox[]> {
+  const res = await mfetch(`/get/mailbox/all/${domain}`);
+  if (!res.ok) return [];
+  const data = await res.json();
+  return Array.isArray(data) ? data : [];
+}
+
+export async function createMailbox(payload: {
+  local_part: string;
+  domain: string;
+  name: string;
+  password: string;
+  quota?: number;
+  active?: number;
+}) {
+  const body = {
+    quota: 3072,
+    active: 1,
+    password2: payload.password,
+    ...payload,
+  };
+  const res = await mfetch("/add/mailbox", { method: "POST", body: JSON.stringify(body) });
+  const data = await res.json();
+  return { ok: res.ok, data };
+}
+
+export async function deleteMailbox(emails: string[]) {
+  const res = await mfetch("/delete/mailbox", {
+    method: "POST",
+    body: JSON.stringify(emails),
+  });
+  const data = await res.json();
+  return { ok: res.ok, data };
+}
+
+export async function editMailbox(
+  emails: string[],
+  attr: {
+    password?: string;
+    password2?: string;
+    active?: number;
+    quota?: number;
+    name?: string;
+  }
+) {
+  const body = { items: emails, attr };
+  const res = await mfetch("/edit/mailbox", { method: "POST", body: JSON.stringify(body) });
+  const data = await res.json();
+  return { ok: res.ok, data };
+}
+
+// ─── Status ─────────────────────────────────────────────────
+
+export async function getVersionStatus() {
+  const res = await mfetch("/get/status/version");
+  if (!res.ok) return null;
+  return res.json();
+}
+
+// ─── DKIM ────────────────────────────────────────────────────
+
+export async function getDKIM(domain: string) {
+  const res = await mfetch(`/get/dkim/${domain}`);
+  if (!res.ok) return null;
+  return res.json();
+}
diff --git a/lib/smtp.ts b/lib/smtp.ts
new file mode 100644
index 0000000..29e3d22
--- /dev/null
+++ b/lib/smtp.ts
@@ -0,0 +1,131 @@
+/**
+ * lib/smtp.ts
+ * SMTP mail sending via nodemailer + IMAP Sent folder append.
+ * Uses user's mailbox credentials for authenticated SMTP.
+ */
+
+import nodemailer from "nodemailer";
+import { ImapFlow } from "imapflow";
+import type { MailCredentials } from "./imap";
+
+const SMTP_HOST = process.env.MAILCOW_API_URL
+  ? new URL(process.env.MAILCOW_API_URL).hostname
+  : "localhost";
+const SMTP_PORT = parseInt(process.env.SMTP_PORT ?? "587");
+const IMAP_HOST = SMTP_HOST;
+const IMAP_PORT = parseInt(process.env.IMAP_PORT ?? "993");
+
+export interface SendMailOptions {
+  to: string;
+  cc?: string;
+  subject: string;
+  html: string;
+  text?: string;
+  inReplyTo?: string;
+  references?: string;
+  attachments?: {
+    filename: string;
+    content: Buffer | string;
+    contentType?: string;
+  }[];
+}
+
+export async function sendMail(
+  creds: MailCredentials,
+  options: SendMailOptions
+): Promise<{ success: boolean; messageId?: string; error?: string }> {
+  try {
+    const transporter = nodemailer.createTransport({
+      host: SMTP_HOST,
+      port: SMTP_PORT,
+      secure: SMTP_PORT === 465,
+      auth: {
+        user: creds.email,
+        pass: creds.password,
+      },
+      tls: {
+        // Mailcow self-signed cert'e izin ver
+        rejectUnauthorized: false,
+      },
+    });
+
+    const mailOptions = {
+      from: creds.email,
+      to: options.to,
+      cc: options.cc || undefined,
+      subject: options.subject,
+      html: options.html,
+      text: options.text || undefined,
+      inReplyTo: options.inReplyTo || undefined,
+      references: options.references || undefined,
+      attachments: options.attachments?.map((a) => ({
+        filename: a.filename,
+        content: a.content,
+        contentType: a.contentType,
+      })),
+    };
+
+    const result = await transporter.sendMail(mailOptions);
+
+    // Gönderilen maili Sent klasörüne kaydet (IMAP APPEND)
+    try {
+      await appendToSent(creds, mailOptions);
+    } catch (e) {
+      // Sent'e kaydetme başarısız olursa mail yine de gitmiş olur
+      console.error("Sent klasörüne kaydetme hatası:", e);
+    }
+
+    return { success: true, messageId: result.messageId };
+  } catch (err: any) {
+    return { success: false, error: err?.message ?? "SMTP hatası" };
+  }
+}
+
+/**
+ * Gönderilen maili IMAP Sent klasörüne kaydet.
+ * Mailcow'da Sent klasörü "Sent" olarak adlandırılır.
+ */
+async function appendToSent(
+  creds: MailCredentials,
+  mailOptions: Record<string, any>
+): Promise<void> {
+  // nodemailer ile raw mesaj oluştur
+  const transporter = nodemailer.createTransport({ jsonTransport: true });
+  const compiled = await transporter.sendMail(mailOptions);
+  const rawMessage = JSON.parse(compiled.message);
+
+  // Gerçek raw RFC822 mesajı oluştur
+  const buildTransporter = nodemailer.createTransport({ streamTransport: true });
+  const built = await buildTransporter.sendMail(mailOptions);
+  const chunks: Buffer[] = [];
+  for await (const chunk of built.message as any) {
+    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+  }
+  const rawBuffer = Buffer.concat(chunks);
+
+  const client = new ImapFlow({
+    host: IMAP_HOST,
+    port: IMAP_PORT,
+    secure: true,
+    auth: { user: creds.email, pass: creds.password },
+    logger: false,
+  });
+
+  await client.connect();
+  try {
+    // Sent klasörünü bul
+    const mailboxes = await client.list();
+    let sentPath = "Sent";
+    for (const mb of mailboxes) {
+      if (mb.specialUse === "\\Sent") {
+        sentPath = mb.path;
+        break;
+      }
+    }
+
+    // Mesajı Sent klasörüne ekle (Seen flag ile)
+    await client.append(sentPath, rawBuffer, ["\\Seen"]);
+  } finally {
+    await client.logout();
+  }
+}
diff --git a/lib/users.ts b/lib/users.ts
new file mode 100644
index 0000000..4bf8952
--- /dev/null
+++ b/lib/users.ts
@@ -0,0 +1,69 @@
+/**
+ * lib/users.ts
+ * Reads user config from environment variables — no database needed.
+ *
+ * .env format:
+ *   USER_0_NAME="Mustafa Ayris"
+ *   USER_0_EMAIL="mustafa@ayristech.com"
+ *   USER_0_PASSWORD="mustafa123"
+ *   USER_0_ROLE="SUPER_ADMIN"       // or "DOMAIN_ADMIN"
+ *   USER_0_DOMAINS="*"              // "*" for all, or "domain1.com,domain2.com"
+ *
+ *   USER_1_NAME="Emina Karabudak"
+ *   USER_1_EMAIL="emina@ayristech.com"
+ *   USER_1_PASSWORD="emina123"
+ *   USER_1_ROLE="DOMAIN_ADMIN"
+ *   USER_1_DOMAINS="aveminakarabudak.com"
+ */
+
+export interface AppUser {
+  id: string;           // "user_0", "user_1", ...
+  name: string;
+  email: string;
+  password: string;     // plain text — store hashed in prod or use secrets manager
+  role: "SUPER_ADMIN" | "DOMAIN_ADMIN";
+  domains: string[];    // ["*"] for super admin, ["domain.com"] for domain admins
+}
+
+/** Load all users defined in environment variables */
+export function getUsers(): AppUser[] {
+  const users: AppUser[] = [];
+
+  let i = 0;
+  while (true) {
+    const name = process.env[`USER_${i}_NAME`];
+    const email = process.env[`USER_${i}_EMAIL`];
+    const password = process.env[`USER_${i}_PASSWORD`];
+    const role = process.env[`USER_${i}_ROLE`] as AppUser["role"];
+    const domainsRaw = process.env[`USER_${i}_DOMAINS`] ?? "";
+
+    if (!name || !email || !password) break;
+
+    users.push({
+      id: `user_${i}`,
+      name,
+      email,
+      password,
+      role: role ?? "DOMAIN_ADMIN",
+      domains: domainsRaw === "*" ? ["*"] : domainsRaw.split(",").map((d) => d.trim()).filter(Boolean),
+    });
+
+    i++;
+  }
+
+  return users;
+}
+
+/** Find user by email and validate password */
+export function authenticateUser(email: string, password: string): AppUser | null {
+  const users = getUsers();
+  const user = users.find((u) => u.email.toLowerCase() === email.toLowerCase());
+  if (!user) return null;
+  if (user.password !== password) return null;
+  return user;
+}
+
+/** Check if a user has access to a specific domain */
+export function canAccessDomain(userDomains: string[], domain: string): boolean {
+  return userDomains.includes("*") || userDomains.includes(domain);
+}
diff --git a/next.config.ts b/next.config.ts
index e9ffa30..68a6c64 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -1,7 +1,7 @@
 import type { NextConfig } from "next";
 
 const nextConfig: NextConfig = {
-  /* config options here */
+  output: "standalone",
 };
 
 export default nextConfig;
diff --git a/package-lock.json b/package-lock.json
index 6607073..8fe76fc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,18 +8,31 @@
       "name": "mailserver",
       "version": "0.1.0",
       "dependencies": {
+        "@tanstack/react-query": "^5.100.10",
+        "bcryptjs": "^3.0.3",
+        "imapflow": "^1.3.3",
+        "lucide-react": "^1.14.0",
+        "mailparser": "^3.9.8",
         "next": "16.2.6",
+        "next-auth": "^5.0.0-beta.31",
+        "nodemailer": "^8.0.7",
         "react": "19.2.4",
-        "react-dom": "19.2.4"
+        "react-dom": "19.2.4",
+        "zod": "^4.4.3"
       },
       "devDependencies": {
         "@tailwindcss/postcss": "^4",
+        "@types/bcryptjs": "^2.4.6",
+        "@types/mailparser": "^3.4.6",
         "@types/node": "^20",
+        "@types/nodemailer": "^8.0.0",
         "@types/react": "^19",
         "@types/react-dom": "^19",
+        "dotenv": "^17.4.2",
         "eslint": "^9",
         "eslint-config-next": "16.2.6",
         "tailwindcss": "^4",
+        "tsx": "^4.21.0",
         "typescript": "^5"
       }
     },
@@ -36,6 +49,35 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/@auth/core": {
+      "version": "0.41.2",
+      "resolved": "https://registry.npmjs.org/@auth/core/-/core-0.41.2.tgz",
+      "integrity": "sha512-Hx5MNBxN2fJTbJKGUKAA0wca43D0Akl3TvufY54Gn8lop7F+34vU1zA1pn0vQfIoVuLIrpfc2nkyjwIaPJMW7w==",
+      "license": "ISC",
+      "dependencies": {
+        "@panva/hkdf": "^1.2.1",
+        "jose": "^6.0.6",
+        "oauth4webapi": "^3.3.0",
+        "preact": "10.24.3",
+        "preact-render-to-string": "6.5.11"
+      },
+      "peerDependencies": {
+        "@simplewebauthn/browser": "^9.0.1",
+        "@simplewebauthn/server": "^9.0.2",
+        "nodemailer": "^7.0.7"
+      },
+      "peerDependenciesMeta": {
+        "@simplewebauthn/browser": {
+          "optional": true
+        },
+        "@simplewebauthn/server": {
+          "optional": true
+        },
+        "nodemailer": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@babel/code-frame": {
       "version": "7.29.0",
       "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
@@ -309,6 +351,448 @@
         "tslib": "^2.4.0"
       }
     },
+    "node_modules/@esbuild/aix-ppc64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.7.tgz",
+      "integrity": "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "aix"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.7.tgz",
+      "integrity": "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.7.tgz",
+      "integrity": "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.7.tgz",
+      "integrity": "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.7.tgz",
+      "integrity": "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.7.tgz",
+      "integrity": "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.7.tgz",
+      "integrity": "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.7.tgz",
+      "integrity": "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.7.tgz",
+      "integrity": "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ia32": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.7.tgz",
+      "integrity": "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-loong64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.7.tgz",
+      "integrity": "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-mips64el": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.7.tgz",
+      "integrity": "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw==",
+      "cpu": [
+        "mips64el"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ppc64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.7.tgz",
+      "integrity": "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-riscv64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.7.tgz",
+      "integrity": "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-s390x": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.7.tgz",
+      "integrity": "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.7.tgz",
+      "integrity": "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.7.tgz",
+      "integrity": "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.7.tgz",
+      "integrity": "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openharmony-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.7.tgz",
+      "integrity": "sha512-+KrvYb/C8zA9CU/g0sR6w2RBw7IGc5J2BPnc3dYc5VJxHCSF1yNMxTV5LQ7GuKteQXZtspjFbiuW5/dOj7H4Yw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/sunos-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.7.tgz",
+      "integrity": "sha512-ikktIhFBzQNt/QDyOL580ti9+5mL/YZeUPKU2ivGtGjdTYoqz6jObj6nOMfhASpS4GU4Q/Clh1QtxWAvcYKamA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.7.tgz",
+      "integrity": "sha512-7yRhbHvPqSpRUV7Q20VuDwbjW5kIMwTHpptuUzV+AA46kiPze5Z7qgt6CLCK3pWFrHeNfDd1VKgyP4O+ng17CA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-ia32": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.7.tgz",
+      "integrity": "sha512-SmwKXe6VHIyZYbBLJrhOoCJRB/Z1tckzmgTLfFYOfpMAx63BJEaL9ExI8x7v0oAO3Zh6D/Oi1gVxEYr5oUCFhw==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.7.tgz",
+      "integrity": "sha512-56hiAJPhwQ1R4i+21FVF7V8kSD5zZTdHcVuRFMW0hn753vVfQN8xlx4uOPT4xoGH0Z/oVATuR82AiqSTDIpaHg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/@eslint-community/eslint-utils": {
       "version": "4.9.1",
       "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.1.tgz",
@@ -1240,6 +1724,21 @@
         "node": ">=12.4.0"
       }
     },
+    "node_modules/@panva/hkdf": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@panva/hkdf/-/hkdf-1.2.1.tgz",
+      "integrity": "sha512-6oclG6Y3PiDFcoyk8srjLfVKyMfVCKJ27JwNPViuXziFpmdz+MZnZN/aKY0JGXgYuO/VghU0jcOAZgWXZ1Dmrw==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
+    "node_modules/@pinojs/redact": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@pinojs/redact/-/redact-0.4.0.tgz",
+      "integrity": "sha512-k2ENnmBugE/rzQfEcdWHcCY+/FM3VLzH9cYEsbdsoqrvzAKRhUZeRNhAZvB8OitQJ1TBed3yqWtdjzS6wJKBwg==",
+      "license": "MIT"
+    },
     "node_modules/@rtsao/scc": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/@rtsao/scc/-/scc-1.1.0.tgz",
@@ -1247,6 +1746,19 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@selderee/plugin-htmlparser2": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/@selderee/plugin-htmlparser2/-/plugin-htmlparser2-0.11.0.tgz",
+      "integrity": "sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ==",
+      "license": "MIT",
+      "dependencies": {
+        "domhandler": "^5.0.3",
+        "selderee": "^0.11.0"
+      },
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
     "node_modules/@swc/helpers": {
       "version": "0.5.15",
       "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.15.tgz",
@@ -1527,6 +2039,32 @@
         "tailwindcss": "4.3.0"
       }
     },
+    "node_modules/@tanstack/query-core": {
+      "version": "5.100.10",
+      "resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.100.10.tgz",
+      "integrity": "sha512-8UR0yJR+GiQ40m3lPhUr0xbfAupe6GSQiksSBSa9SM2NjezFyxXCIA69/lz8cSoNKZLrw1/PktIyQBJcVeMi3w==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/tannerlinsley"
+      }
+    },
+    "node_modules/@tanstack/react-query": {
+      "version": "5.100.10",
+      "resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.100.10.tgz",
+      "integrity": "sha512-FLaZf2RCrA/Zgp4aiu5tG3TyasTRO7aZ99skxQpr3Hg/zXOhu6yq5FZCYQ/tRaJtM9ylnoK8tFK7PolXQadv6Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@tanstack/query-core": "5.100.10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/tannerlinsley"
+      },
+      "peerDependencies": {
+        "react": "^18 || ^19"
+      }
+    },
     "node_modules/@tybys/wasm-util": {
       "version": "0.10.2",
       "resolved": "https://registry.npmjs.org/@tybys/wasm-util/-/wasm-util-0.10.2.tgz",
@@ -1538,6 +2076,13 @@
         "tslib": "^2.4.0"
       }
     },
+    "node_modules/@types/bcryptjs": {
+      "version": "2.4.6",
+      "resolved": "https://registry.npmjs.org/@types/bcryptjs/-/bcryptjs-2.4.6.tgz",
+      "integrity": "sha512-9xlo6R2qDs5uixm0bcIqCeMCE6HiQsIyel9KQySStiyqNl2tnj2mP3DX1Nf56MD6KMenNNlBBsy3LJ7gUEQPXQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@types/estree": {
       "version": "1.0.9",
       "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.9.tgz",
@@ -1559,6 +2104,30 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@types/mailparser": {
+      "version": "3.4.6",
+      "resolved": "https://registry.npmjs.org/@types/mailparser/-/mailparser-3.4.6.tgz",
+      "integrity": "sha512-wVV3cnIKzxTffaPH8iRnddX1zahbYB1ZEoAxyhoBo3TBCBuK6nZ8M8JYO/RhsCuuBVOw/DEN/t/ENbruwlxn6Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*",
+        "iconv-lite": "^0.6.3"
+      }
+    },
+    "node_modules/@types/mailparser/node_modules/iconv-lite": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
+      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/@types/node": {
       "version": "20.19.41",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.41.tgz",
@@ -1569,6 +2138,16 @@
         "undici-types": "~6.21.0"
       }
     },
+    "node_modules/@types/nodemailer": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/@types/nodemailer/-/nodemailer-8.0.0.tgz",
+      "integrity": "sha512-fyf8jWULsCo0d0BuoQ75i6IeoHs47qcqxWc7yUdUcV0pOZGjUTTOvwdG1PRXUDqN/8A64yQdQdnA2pZgcdi+cA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@types/react": {
       "version": "19.2.14",
       "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz",
@@ -2153,6 +2732,17 @@
         "win32"
       ]
     },
+    "node_modules/@zone-eu/mailsplit": {
+      "version": "5.4.9",
+      "resolved": "https://registry.npmjs.org/@zone-eu/mailsplit/-/mailsplit-5.4.9.tgz",
+      "integrity": "sha512-Qq7k6FzA5SmGf5HFPcr17gE7M+O1gttlmWn7tlGUlhGsbbjUaBL/4cEWIwExeCzqu5+kyZJ91mcBZbQ9zEwwYA==",
+      "license": "(MIT OR EUPL-1.1+)",
+      "dependencies": {
+        "libbase64": "1.3.0",
+        "libmime": "5.3.8",
+        "libqp": "2.1.1"
+      }
+    },
     "node_modules/acorn": {
       "version": "8.16.0",
       "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.16.0.tgz",
@@ -2403,6 +2993,15 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/atomic-sleep": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/atomic-sleep/-/atomic-sleep-1.0.0.tgz",
+      "integrity": "sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
     "node_modules/available-typed-arrays": {
       "version": "1.0.7",
       "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz",
@@ -2458,6 +3057,15 @@
         "node": ">=6.0.0"
       }
     },
+    "node_modules/bcryptjs": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-3.0.3.tgz",
+      "integrity": "sha512-GlF5wPWnSa/X5LKM1o0wz0suXIINz1iHRLvTS+sLyi7XPbe5ycmYI3DlZqVGZZtDgl4DmasFg7gOB3JYbphV5g==",
+      "license": "BSD-3-Clause",
+      "bin": {
+        "bcrypt": "bin/bcrypt"
+      }
+    },
     "node_modules/brace-expansion": {
       "version": "1.1.14",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
@@ -2761,6 +3369,15 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/deepmerge": {
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz",
+      "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/define-data-property": {
       "version": "1.1.4",
       "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
@@ -2820,6 +3437,74 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/dom-serializer": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz",
+      "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==",
+      "license": "MIT",
+      "dependencies": {
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.2",
+        "entities": "^4.2.0"
+      },
+      "funding": {
+        "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1"
+      }
+    },
+    "node_modules/domelementtype": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz",
+      "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fb55"
+        }
+      ],
+      "license": "BSD-2-Clause"
+    },
+    "node_modules/domhandler": {
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz",
+      "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==",
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "domelementtype": "^2.3.0"
+      },
+      "engines": {
+        "node": ">= 4"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/domhandler?sponsor=1"
+      }
+    },
+    "node_modules/domutils": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz",
+      "integrity": "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==",
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "dom-serializer": "^2.0.0",
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/domutils?sponsor=1"
+      }
+    },
+    "node_modules/dotenv": {
+      "version": "17.4.2",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.4.2.tgz",
+      "integrity": "sha512-nI4U3TottKAcAD9LLud4Cb7b2QztQMUEfHbvhTH09bqXTxnSie8WnjPALV/WMCrJZ6UV/qHJ6L03OqO3LcdYZw==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://dotenvx.com"
+      }
+    },
     "node_modules/dunder-proto": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
@@ -2849,6 +3534,15 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/encoding-japanese": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/encoding-japanese/-/encoding-japanese-2.2.0.tgz",
+      "integrity": "sha512-EuJWwlHPZ1LbADuKTClvHtwbaFn4rOD+dRAbWysqEOXRc2Uui0hJInNJrsdH0c+OhJA4nrCBdSkW4DD5YxAo6A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.10.0"
+      }
+    },
     "node_modules/enhanced-resolve": {
       "version": "5.21.3",
       "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.21.3.tgz",
@@ -2863,6 +3557,18 @@
         "node": ">=10.13.0"
       }
     },
+    "node_modules/entities": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
+      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
     "node_modules/es-abstract": {
       "version": "1.24.2",
       "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.24.2.tgz",
@@ -3040,6 +3746,48 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/esbuild": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.7.tgz",
+      "integrity": "sha512-IxpibTjyVnmrIQo5aqNpCgoACA/dTKLTlhMHihVHhdkxKyPO1uBBthumT0rdHmcsk9uMonIWS0m4FljWzILh3w==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.27.7",
+        "@esbuild/android-arm": "0.27.7",
+        "@esbuild/android-arm64": "0.27.7",
+        "@esbuild/android-x64": "0.27.7",
+        "@esbuild/darwin-arm64": "0.27.7",
+        "@esbuild/darwin-x64": "0.27.7",
+        "@esbuild/freebsd-arm64": "0.27.7",
+        "@esbuild/freebsd-x64": "0.27.7",
+        "@esbuild/linux-arm": "0.27.7",
+        "@esbuild/linux-arm64": "0.27.7",
+        "@esbuild/linux-ia32": "0.27.7",
+        "@esbuild/linux-loong64": "0.27.7",
+        "@esbuild/linux-mips64el": "0.27.7",
+        "@esbuild/linux-ppc64": "0.27.7",
+        "@esbuild/linux-riscv64": "0.27.7",
+        "@esbuild/linux-s390x": "0.27.7",
+        "@esbuild/linux-x64": "0.27.7",
+        "@esbuild/netbsd-arm64": "0.27.7",
+        "@esbuild/netbsd-x64": "0.27.7",
+        "@esbuild/openbsd-arm64": "0.27.7",
+        "@esbuild/openbsd-x64": "0.27.7",
+        "@esbuild/openharmony-arm64": "0.27.7",
+        "@esbuild/sunos-x64": "0.27.7",
+        "@esbuild/win32-arm64": "0.27.7",
+        "@esbuild/win32-ia32": "0.27.7",
+        "@esbuild/win32-x64": "0.27.7"
+      }
+    },
     "node_modules/escalade": {
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
@@ -3610,6 +4358,21 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/fsevents": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
     "node_modules/function-bind": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
@@ -3898,6 +4661,15 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/he": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz",
+      "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==",
+      "license": "MIT",
+      "bin": {
+        "he": "bin/he"
+      }
+    },
     "node_modules/hermes-estree": {
       "version": "0.25.1",
       "resolved": "https://registry.npmjs.org/hermes-estree/-/hermes-estree-0.25.1.tgz",
@@ -3915,6 +4687,57 @@
         "hermes-estree": "0.25.1"
       }
     },
+    "node_modules/html-to-text": {
+      "version": "9.0.5",
+      "resolved": "https://registry.npmjs.org/html-to-text/-/html-to-text-9.0.5.tgz",
+      "integrity": "sha512-qY60FjREgVZL03vJU6IfMV4GDjGBIoOyvuFdpBDIX9yTlDw0TjxVBQp+P8NvpdIXNJvfWBTNul7fsAQJq2FNpg==",
+      "license": "MIT",
+      "dependencies": {
+        "@selderee/plugin-htmlparser2": "^0.11.0",
+        "deepmerge": "^4.3.1",
+        "dom-serializer": "^2.0.0",
+        "htmlparser2": "^8.0.2",
+        "selderee": "^0.11.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/htmlparser2": {
+      "version": "8.0.2",
+      "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz",
+      "integrity": "sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==",
+      "funding": [
+        "https://github.com/fb55/htmlparser2?sponsor=1",
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fb55"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.3",
+        "domutils": "^3.0.1",
+        "entities": "^4.4.0"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.2.tgz",
+      "integrity": "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==",
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
     "node_modules/ignore": {
       "version": "5.3.2",
       "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
@@ -3925,6 +4748,23 @@
         "node": ">= 4"
       }
     },
+    "node_modules/imapflow": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/imapflow/-/imapflow-1.3.3.tgz",
+      "integrity": "sha512-lx7nWcUDfNgITEKYYfunUDqJ3LT6ImuiA1ReqJepVEA2nqBQNUqa3ppF7Yz5CNjuDYG95pmzsCcNqRjMrwh/Vg==",
+      "license": "MIT",
+      "dependencies": {
+        "@zone-eu/mailsplit": "5.4.9",
+        "encoding-japanese": "2.2.0",
+        "iconv-lite": "0.7.2",
+        "libbase64": "1.3.0",
+        "libmime": "5.3.8",
+        "libqp": "2.1.1",
+        "nodemailer": "8.0.7",
+        "pino": "10.3.1",
+        "socks": "2.8.8"
+      }
+    },
     "node_modules/import-fresh": {
       "version": "3.3.1",
       "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.1.tgz",
@@ -3967,6 +4807,15 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/ip-address": {
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz",
+      "integrity": "sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
     "node_modules/is-array-buffer": {
       "version": "3.0.5",
       "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.5.tgz",
@@ -4424,6 +5273,15 @@
         "jiti": "lib/jiti-cli.mjs"
       }
     },
+    "node_modules/jose": {
+      "version": "6.2.3",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-6.2.3.tgz",
+      "integrity": "sha512-YYVDInQKFJfR/xa3ojUTl8c2KoTwiL1R5Wg9YCydwH0x0B9grbzlg5HC7mMjCtUJjbQ/YnGEZIhI5tCgfTb4Hw==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
     "node_modules/js-tokens": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
@@ -4537,6 +5395,15 @@
         "node": ">=0.10"
       }
     },
+    "node_modules/leac": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/leac/-/leac-0.6.0.tgz",
+      "integrity": "sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
     "node_modules/levn": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
@@ -4551,6 +5418,30 @@
         "node": ">= 0.8.0"
       }
     },
+    "node_modules/libbase64": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/libbase64/-/libbase64-1.3.0.tgz",
+      "integrity": "sha512-GgOXd0Eo6phYgh0DJtjQ2tO8dc0IVINtZJeARPeiIJqge+HdsWSuaDTe8ztQ7j/cONByDZ3zeB325AHiv5O0dg==",
+      "license": "MIT"
+    },
+    "node_modules/libmime": {
+      "version": "5.3.8",
+      "resolved": "https://registry.npmjs.org/libmime/-/libmime-5.3.8.tgz",
+      "integrity": "sha512-ZrCY+Q66mPvasAfjsQ/IgahzoBvfE1VdtGRpo1hwRB1oK3wJKxhKA3GOcd2a6j7AH5eMFccxK9fBoCpRZTf8ng==",
+      "license": "MIT",
+      "dependencies": {
+        "encoding-japanese": "2.2.0",
+        "iconv-lite": "0.7.2",
+        "libbase64": "1.3.0",
+        "libqp": "2.1.1"
+      }
+    },
+    "node_modules/libqp": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/libqp/-/libqp-2.1.1.tgz",
+      "integrity": "sha512-0Wd+GPz1O134cP62YU2GTOPNA7Qgl09XwCqM5zpBv87ERCXdfDtyKXvV7c9U22yWJh44QZqBocFnXN11K96qow==",
+      "license": "MIT"
+    },
     "node_modules/lightningcss": {
       "version": "1.32.0",
       "resolved": "https://registry.npmjs.org/lightningcss/-/lightningcss-1.32.0.tgz",
@@ -4812,6 +5703,15 @@
         "url": "https://opencollective.com/parcel"
       }
     },
+    "node_modules/linkify-it": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz",
+      "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==",
+      "license": "MIT",
+      "dependencies": {
+        "uc.micro": "^2.0.0"
+      }
+    },
     "node_modules/locate-path": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz",
@@ -4858,6 +5758,15 @@
         "yallist": "^3.0.2"
       }
     },
+    "node_modules/lucide-react": {
+      "version": "1.14.0",
+      "resolved": "https://registry.npmjs.org/lucide-react/-/lucide-react-1.14.0.tgz",
+      "integrity": "sha512-+1mdWcfSJVUsaTIjN9zoezmUhfXo5l0vP7ekBMPo3jcS/aIkxHnXqAPsByszMZx/Y8oQBRJxJx5xg+RH3urzxA==",
+      "license": "ISC",
+      "peerDependencies": {
+        "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0"
+      }
+    },
     "node_modules/magic-string": {
       "version": "0.30.21",
       "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz",
@@ -4868,6 +5777,68 @@
         "@jridgewell/sourcemap-codec": "^1.5.5"
       }
     },
+    "node_modules/mailparser": {
+      "version": "3.9.8",
+      "resolved": "https://registry.npmjs.org/mailparser/-/mailparser-3.9.8.tgz",
+      "integrity": "sha512-7jSlFGXiianVnhnb6wdutJFloD34488nrHY7r6FNqwXAhZ7YiJDYrKKTxZJ0oSrXcAPHm8YoYnh97xyGtrBQ3w==",
+      "license": "MIT",
+      "dependencies": {
+        "@zone-eu/mailsplit": "5.4.8",
+        "encoding-japanese": "2.2.0",
+        "he": "1.2.0",
+        "html-to-text": "9.0.5",
+        "iconv-lite": "0.7.2",
+        "libmime": "5.3.8",
+        "linkify-it": "5.0.0",
+        "nodemailer": "8.0.5",
+        "punycode.js": "2.3.1",
+        "tlds": "1.261.0"
+      }
+    },
+    "node_modules/mailparser/node_modules/@zone-eu/mailsplit": {
+      "version": "5.4.8",
+      "resolved": "https://registry.npmjs.org/@zone-eu/mailsplit/-/mailsplit-5.4.8.tgz",
+      "integrity": "sha512-eEyACj4JZ7sjzRvy26QhLgKEMWwQbsw1+QZnlLX+/gihcNH07lVPOcnwf5U6UAL7gkc//J3jVd76o/WS+taUiA==",
+      "license": "(MIT OR EUPL-1.1+)",
+      "dependencies": {
+        "libbase64": "1.3.0",
+        "libmime": "5.3.7",
+        "libqp": "2.1.1"
+      }
+    },
+    "node_modules/mailparser/node_modules/@zone-eu/mailsplit/node_modules/iconv-lite": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
+      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/mailparser/node_modules/@zone-eu/mailsplit/node_modules/libmime": {
+      "version": "5.3.7",
+      "resolved": "https://registry.npmjs.org/libmime/-/libmime-5.3.7.tgz",
+      "integrity": "sha512-FlDb3Wtha8P01kTL3P9M+ZDNDWPKPmKHWaU/cG/lg5pfuAwdflVpZE+wm9m7pKmC5ww6s+zTxBKS1p6yl3KpSw==",
+      "license": "MIT",
+      "dependencies": {
+        "encoding-japanese": "2.2.0",
+        "iconv-lite": "0.6.3",
+        "libbase64": "1.3.0",
+        "libqp": "2.1.1"
+      }
+    },
+    "node_modules/mailparser/node_modules/nodemailer": {
+      "version": "8.0.5",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-8.0.5.tgz",
+      "integrity": "sha512-0PF8Yb1yZuQfQbq+5/pZJrtF6WQcjTd5/S4JOHs9PGFxuTqoB/icwuB44pOdURHJbRKX1PPoJZtY7R4VUoCC8w==",
+      "license": "MIT-0",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
     "node_modules/math-intrinsics": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
@@ -5026,6 +5997,33 @@
         }
       }
     },
+    "node_modules/next-auth": {
+      "version": "5.0.0-beta.31",
+      "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-5.0.0-beta.31.tgz",
+      "integrity": "sha512-1OBgCKPzo+S7UWWMp3xgvGvIJ0OpV7B3vR4ZDRqD9a4Ch+OT6dakLXG9ivhtmIWVa71nTSXattOHyCg8sNi8/Q==",
+      "license": "ISC",
+      "dependencies": {
+        "@auth/core": "0.41.2"
+      },
+      "peerDependencies": {
+        "@simplewebauthn/browser": "^9.0.1",
+        "@simplewebauthn/server": "^9.0.2",
+        "next": "^14.0.0-0 || ^15.0.0 || ^16.0.0",
+        "nodemailer": "^7.0.7",
+        "react": "^18.2.0 || ^19.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@simplewebauthn/browser": {
+          "optional": true
+        },
+        "@simplewebauthn/server": {
+          "optional": true
+        },
+        "nodemailer": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/next/node_modules/postcss": {
       "version": "8.4.31",
       "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
@@ -5080,6 +6078,24 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/nodemailer": {
+      "version": "8.0.7",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-8.0.7.tgz",
+      "integrity": "sha512-pkjE4mkBzQjdJT4/UmlKl3pX0rC9fZmjh7c6C9o7lv66Ac6w9WCnzPzhbPNxwZAzlF4mdq4CSWB5+FbK6FWCow==",
+      "license": "MIT-0",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/oauth4webapi": {
+      "version": "3.8.6",
+      "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-3.8.6.tgz",
+      "integrity": "sha512-iwemM91xz8nryHti2yTmg5fhyEMVOkOXwHNqbvcATjyajb5oQxCQzrNOA6uElRHuMhQQTKUyFKV9y/CNyg25BQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
     "node_modules/object-assign": {
       "version": "4.1.1",
       "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
@@ -5203,6 +6219,15 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/on-exit-leak-free": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/on-exit-leak-free/-/on-exit-leak-free-2.1.2.tgz",
+      "integrity": "sha512-0eJJY6hXLGf1udHwfNftBqH+g73EU4B504nZeKpz1sYRKafAghwxEJunB2O7rDZkL4PGfsMVnTXZ2EjibbqcsA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
     "node_modules/optionator": {
       "version": "0.9.4",
       "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz",
@@ -5284,6 +6309,19 @@
         "node": ">=6"
       }
     },
+    "node_modules/parseley": {
+      "version": "0.12.1",
+      "resolved": "https://registry.npmjs.org/parseley/-/parseley-0.12.1.tgz",
+      "integrity": "sha512-e6qHKe3a9HWr0oMRVDTRhKce+bRO8VGQR3NyVwcjwrbhMmFCX9KszEV35+rn4AdilFAq9VPxP/Fe1wC9Qjd2lw==",
+      "license": "MIT",
+      "dependencies": {
+        "leac": "^0.6.0",
+        "peberminta": "^0.9.0"
+      },
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
     "node_modules/path-exists": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
@@ -5311,6 +6349,15 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/peberminta": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz",
+      "integrity": "sha512-XIxfHpEuSJbITd1H3EeQwpcZbTLHc+VVr8ANI9t5sit565tsI4/xK3KWTUFE2e6QiangUkh3B0jihzmGnNrRsQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
     "node_modules/picocolors": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
@@ -5330,6 +6377,43 @@
         "url": "https://github.com/sponsors/jonschlinkert"
       }
     },
+    "node_modules/pino": {
+      "version": "10.3.1",
+      "resolved": "https://registry.npmjs.org/pino/-/pino-10.3.1.tgz",
+      "integrity": "sha512-r34yH/GlQpKZbU1BvFFqOjhISRo1MNx1tWYsYvmj6KIRHSPMT2+yHOEb1SG6NMvRoHRF0a07kCOox/9yakl1vg==",
+      "license": "MIT",
+      "dependencies": {
+        "@pinojs/redact": "^0.4.0",
+        "atomic-sleep": "^1.0.0",
+        "on-exit-leak-free": "^2.1.0",
+        "pino-abstract-transport": "^3.0.0",
+        "pino-std-serializers": "^7.0.0",
+        "process-warning": "^5.0.0",
+        "quick-format-unescaped": "^4.0.3",
+        "real-require": "^0.2.0",
+        "safe-stable-stringify": "^2.3.1",
+        "sonic-boom": "^4.0.1",
+        "thread-stream": "^4.0.0"
+      },
+      "bin": {
+        "pino": "bin.js"
+      }
+    },
+    "node_modules/pino-abstract-transport": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/pino-abstract-transport/-/pino-abstract-transport-3.0.0.tgz",
+      "integrity": "sha512-wlfUczU+n7Hy/Ha5j9a/gZNy7We5+cXp8YL+X+PG8S0KXxw7n/JXA3c46Y0zQznIJ83URJiwy7Lh56WLokNuxg==",
+      "license": "MIT",
+      "dependencies": {
+        "split2": "^4.0.0"
+      }
+    },
+    "node_modules/pino-std-serializers": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-7.1.0.tgz",
+      "integrity": "sha512-BndPH67/JxGExRgiX1dX0w1FvZck5Wa4aal9198SrRhZjH3GxKQUKIBnYJTdj2HDN3UQAS06HlfcSbQj2OHmaw==",
+      "license": "MIT"
+    },
     "node_modules/possible-typed-array-names": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/possible-typed-array-names/-/possible-typed-array-names-1.1.0.tgz",
@@ -5369,6 +6453,25 @@
         "node": "^10 || ^12 || >=14"
       }
     },
+    "node_modules/preact": {
+      "version": "10.24.3",
+      "resolved": "https://registry.npmjs.org/preact/-/preact-10.24.3.tgz",
+      "integrity": "sha512-Z2dPnBnMUfyQfSQ+GBdsGa16hz35YmLmtTLhM169uW944hYL6xzTYkJjC07j+Wosz733pMWx0fgON3JNw1jJQA==",
+      "license": "MIT",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/preact"
+      }
+    },
+    "node_modules/preact-render-to-string": {
+      "version": "6.5.11",
+      "resolved": "https://registry.npmjs.org/preact-render-to-string/-/preact-render-to-string-6.5.11.tgz",
+      "integrity": "sha512-ubnauqoGczeGISiOh6RjX0/cdaF8v/oDXIjO85XALCQjwQP+SB4RDXXtvZ6yTYSjG+PC1QRP2AhPgCEsM2EvUw==",
+      "license": "MIT",
+      "peerDependencies": {
+        "preact": ">=10"
+      }
+    },
     "node_modules/prelude-ls": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz",
@@ -5379,6 +6482,22 @@
         "node": ">= 0.8.0"
       }
     },
+    "node_modules/process-warning": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-5.0.0.tgz",
+      "integrity": "sha512-a39t9ApHNx2L4+HBnQKqxxHNs1r7KF+Intd8Q/g1bUh6q0WIp9voPXJ/x0j+ZL45KF1pJd9+q2jLIRMfvEshkA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fastify"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/fastify"
+        }
+      ],
+      "license": "MIT"
+    },
     "node_modules/prop-types": {
       "version": "15.8.1",
       "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz",
@@ -5401,6 +6520,15 @@
         "node": ">=6"
       }
     },
+    "node_modules/punycode.js": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz",
+      "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/queue-microtask": {
       "version": "1.2.3",
       "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
@@ -5422,6 +6550,12 @@
       ],
       "license": "MIT"
     },
+    "node_modules/quick-format-unescaped": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/quick-format-unescaped/-/quick-format-unescaped-4.0.4.tgz",
+      "integrity": "sha512-tYC1Q1hgyRuHgloV/YXs2w15unPVh8qfu/qCTfhTYamaw7fyhumKa2yGpdSo87vY32rIclj+4fWYQXUMs9EHvg==",
+      "license": "MIT"
+    },
     "node_modules/react": {
       "version": "19.2.4",
       "resolved": "https://registry.npmjs.org/react/-/react-19.2.4.tgz",
@@ -5450,6 +6584,15 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/real-require": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/real-require/-/real-require-0.2.0.tgz",
+      "integrity": "sha512-57frrGM/OCTLqLOAh0mhVA9VBMHd+9U7Zb2THMGdBUoZVOtGbJzjxsYGDJ3A9AYYCP4hn6y1TVbaOfzWtm5GFg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12.13.0"
+      }
+    },
     "node_modules/reflect.getprototypeof": {
       "version": "1.0.10",
       "resolved": "https://registry.npmjs.org/reflect.getprototypeof/-/reflect.getprototypeof-1.0.10.tgz",
@@ -5628,12 +6771,39 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/safe-stable-stringify": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.5.0.tgz",
+      "integrity": "sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "license": "MIT"
+    },
     "node_modules/scheduler": {
       "version": "0.27.0",
       "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.27.0.tgz",
       "integrity": "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q==",
       "license": "MIT"
     },
+    "node_modules/selderee": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/selderee/-/selderee-0.11.0.tgz",
+      "integrity": "sha512-5TF+l7p4+OsnP8BCCvSyZiSPc4x4//p5uPwK8TCnVPJYRmU2aYKMpOXvw8zM5a5JvuuCGN1jmsMwuU2W02ukfA==",
+      "license": "MIT",
+      "dependencies": {
+        "parseley": "^0.12.0"
+      },
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
     "node_modules/semver": {
       "version": "6.3.1",
       "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
@@ -5850,6 +7020,39 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/smart-buffer": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz",
+      "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 6.0.0",
+        "npm": ">= 3.0.0"
+      }
+    },
+    "node_modules/socks": {
+      "version": "2.8.8",
+      "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.8.tgz",
+      "integrity": "sha512-NlGELfPrgX2f1TAAcz0WawlLn+0r3FyhhCRpFFK2CemXenPYvzMWWZINv3eDNo9ucdwme7oCHRY0Jnbs4aIkog==",
+      "license": "MIT",
+      "dependencies": {
+        "ip-address": "^10.1.1",
+        "smart-buffer": "^4.2.0"
+      },
+      "engines": {
+        "node": ">= 10.0.0",
+        "npm": ">= 3.0.0"
+      }
+    },
+    "node_modules/sonic-boom": {
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-4.2.1.tgz",
+      "integrity": "sha512-w6AxtubXa2wTXAUsZMMWERrsIRAdrK0Sc+FUytWvYAhBJLyuI4llrMIC1DtlNSdI99EI86KZum2MMq3EAZlF9Q==",
+      "license": "MIT",
+      "dependencies": {
+        "atomic-sleep": "^1.0.0"
+      }
+    },
     "node_modules/source-map-js": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
@@ -5859,6 +7062,15 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/split2": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz",
+      "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==",
+      "license": "ISC",
+      "engines": {
+        "node": ">= 10.x"
+      }
+    },
     "node_modules/stable-hash": {
       "version": "0.0.5",
       "resolved": "https://registry.npmjs.org/stable-hash/-/stable-hash-0.0.5.tgz",
@@ -6086,6 +7298,24 @@
         "url": "https://opencollective.com/webpack"
       }
     },
+    "node_modules/thread-stream": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-4.1.0.tgz",
+      "integrity": "sha512-Bw6h2iBDt16v6iHLChBIoVYU8CBo9GPsW8TG7h1hRVhqKhIkH6N8qkxNSmiOZTKsCLPbtWG4ViWLkU6KeKXpig==",
+      "license": "MIT",
+      "dependencies": {
+        "real-require": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/thread-stream/node_modules/real-require": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/real-require/-/real-require-1.0.0.tgz",
+      "integrity": "sha512-P4nbQYQfePJxRSmY+v/KINxVucm4NF3p3s7pJveMTtom52FR4YGltUQLB8idDXwDDWW+eYrWDFbuzUnjoWHF7g==",
+      "license": "MIT"
+    },
     "node_modules/tinyglobby": {
       "version": "0.2.16",
       "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz",
@@ -6134,6 +7364,15 @@
         "url": "https://github.com/sponsors/jonschlinkert"
       }
     },
+    "node_modules/tlds": {
+      "version": "1.261.0",
+      "resolved": "https://registry.npmjs.org/tlds/-/tlds-1.261.0.tgz",
+      "integrity": "sha512-QXqwfEl9ddlGBaRFXIvNKK6OhipSiLXuRuLJX5DErz0o0Q0rYxulWLdFryTkV5PkdZct5iMInwYEGe/eR++1AA==",
+      "license": "MIT",
+      "bin": {
+        "tlds": "bin.js"
+      }
+    },
     "node_modules/to-regex-range": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
@@ -6192,6 +7431,26 @@
       "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
       "license": "0BSD"
     },
+    "node_modules/tsx": {
+      "version": "4.21.0",
+      "resolved": "https://registry.npmjs.org/tsx/-/tsx-4.21.0.tgz",
+      "integrity": "sha512-5C1sg4USs1lfG0GFb2RLXsdpXqBSEhAaA/0kPL01wxzpMqLILNxIxIOKiILz+cdg/pLnOUxFYOR5yhHU666wbw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "~0.27.0",
+        "get-tsconfig": "^4.7.5"
+      },
+      "bin": {
+        "tsx": "dist/cli.mjs"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      }
+    },
     "node_modules/type-check": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
@@ -6321,6 +7580,12 @@
         "typescript": ">=4.8.4 <6.1.0"
       }
     },
+    "node_modules/uc.micro": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz",
+      "integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==",
+      "license": "MIT"
+    },
     "node_modules/unbox-primitive": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.1.0.tgz",
@@ -6562,7 +7827,6 @@
       "version": "4.4.3",
       "resolved": "https://registry.npmjs.org/zod/-/zod-4.4.3.tgz",
       "integrity": "sha512-ytENFjIJFl2UwYglde2jchW2Hwm4GJFLDiSXWdTrJQBIN9Fcyp7n4DhxJEiWNAJMV1/BqWfW/kkg71UDcHJyTQ==",
-      "dev": true,
       "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/colinhacks"
diff --git a/package.json b/package.json
index 59a6015..d739af6 100644
--- a/package.json
+++ b/package.json
@@ -6,21 +6,38 @@
     "dev": "next dev",
     "build": "next build",
     "start": "next start",
-    "lint": "eslint"
+    "lint": "eslint",
+    "seed": "tsx prisma/seed.ts"
+  },
+  "prisma": {
+    "seed": "tsx prisma/seed.ts"
   },
   "dependencies": {
+    "@tanstack/react-query": "^5.100.10",
+    "bcryptjs": "^3.0.3",
+    "imapflow": "^1.3.3",
+    "lucide-react": "^1.14.0",
+    "mailparser": "^3.9.8",
     "next": "16.2.6",
+    "next-auth": "^5.0.0-beta.31",
+    "nodemailer": "^8.0.7",
     "react": "19.2.4",
-    "react-dom": "19.2.4"
+    "react-dom": "19.2.4",
+    "zod": "^4.4.3"
   },
   "devDependencies": {
     "@tailwindcss/postcss": "^4",
+    "@types/bcryptjs": "^2.4.6",
+    "@types/mailparser": "^3.4.6",
     "@types/node": "^20",
+    "@types/nodemailer": "^8.0.0",
     "@types/react": "^19",
     "@types/react-dom": "^19",
+    "dotenv": "^17.4.2",
     "eslint": "^9",
     "eslint-config-next": "16.2.6",
     "tailwindcss": "^4",
+    "tsx": "^4.21.0",
     "typescript": "^5"
   }
 }
diff --git a/proxy.ts b/proxy.ts
new file mode 100644
index 0000000..a2390da
--- /dev/null
+++ b/proxy.ts
@@ -0,0 +1,22 @@
+import { NextResponse } from "next/server";
+import { auth } from "./auth";
+
+export default auth((req) => {
+  const { nextUrl } = req;
+  const isLoggedIn = !!req.auth;
+  const isLoginPage = nextUrl.pathname === "/login";
+
+  if (!isLoggedIn && !isLoginPage) {
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  if (isLoggedIn && isLoginPage) {
+    return NextResponse.redirect(new URL("/dashboard", req.url));
+  }
+
+  return NextResponse.next();
+});
+
+export const config = {
+  matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],
+};
diff --git a/types/next-auth.d.ts b/types/next-auth.d.ts
new file mode 100644
index 0000000..f932bc3
--- /dev/null
+++ b/types/next-auth.d.ts
@@ -0,0 +1,27 @@
+import NextAuth from "next-auth";
+
+declare module "next-auth" {
+  interface Session {
+    user: {
+      id: string;
+      name: string;
+      email: string;
+      image?: string;
+      role: string;             // "SUPER_ADMIN" | "DOMAIN_ADMIN"
+      domains: string[];        // ["*"] or ["domain1.com", "domain2.com"]
+    };
+  }
+
+  interface User {
+    role?: string;
+    domains?: string[];
+  }
+}
+
+declare module "next-auth/jwt" {
+  interface JWT {
+    id?: string;
+    role?: string;
+    domains?: string[];
+  }
+}