Operations

Self-Update

Cleanmails can update itself from the dashboard or via API. Updates are signed with Ed25519 for security.

Checking for Updates

From the dashboard: Settings → System → Check for Updates

bash

curl http://YOUR_SERVER/v1/system/update/check \
  -H "Cookie: auth_token=YOUR_SESSION"

Triggering an Update

bash

curl -X POST http://YOUR_SERVER/v1/system/update/trigger \
  -H "Cookie: auth_token=YOUR_SESSION"

The server downloads the new binary, verifies the Ed25519 signature, replaces itself, and performs a graceful restart.

Manual Update (Docker)

If self-update is not configured, update manually:

bash

cd /opt/cleanmails
docker compose pull
docker compose up -d --build

Graceful shutdown

During updates, the server drains in-flight requests (30-second timeout), stops workers, and then restarts. No emails are lost — pending tasks resume after restart.

Update Security

Updates are signed with Ed25519 (public key embedded in binary)
If the signature doesn't match, the update is rejected
If Ed25519 signing is not configured, self-update is disabled (logged at startup)