diff --git a/src/routes/test/mail-test.js b/src/routes/test/mail-test.js
index 2e6cef9e2..4f5c162c8 100644
--- a/src/routes/test/mail-test.js
+++ b/src/routes/test/mail-test.js
@@ -567,7 +567,7 @@ describe('Mail API', function () {
     describe('mailboxes', function () {
         it('add succeeds', function (done) {
             superagent.post(SERVER_URL + '/api/v1/mail/' + DOMAIN_0.domain + '/mailboxes')
-                .send({ name: MAILBOX_NAME, ownerId: userId, ownerType: 'user' })
+                .send({ name: MAILBOX_NAME, ownerId: userId, ownerType: 'user', active: true })
                 .query({ access_token: token })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(201);
@@ -577,7 +577,7 @@ describe('Mail API', function () {
 
         it('cannot add again', function (done) {
             superagent.post(SERVER_URL + '/api/v1/mail/' + DOMAIN_0.domain + '/mailboxes')
-                .send({ name: MAILBOX_NAME, ownerId: userId, ownerType: 'user' })
+                .send({ name: MAILBOX_NAME, ownerId: userId, ownerType: 'user', active: true })
                 .query({ access_token: token })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(409);
@@ -662,7 +662,7 @@ describe('Mail API', function () {
 
         it('add the mailbox', function (done) {
             superagent.post(SERVER_URL + '/api/v1/mail/' + DOMAIN_0.domain + '/mailboxes')
-                .send({ name: MAILBOX_NAME, ownerId: userId, ownerType: 'user' })
+                .send({ name: MAILBOX_NAME, ownerId: userId, ownerType: 'user', active: true })
                 .query({ access_token: token })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(201);
@@ -769,7 +769,7 @@ describe('Mail API', function () {
 
         it('add succeeds', function (done) {
             superagent.post(SERVER_URL + '/api/v1/mail/' + DOMAIN_0.domain + '/lists')
-                .send({ name: LIST_NAME, members: [ `admin2@${DOMAIN_0.domain}`, `${USERNAME}@${DOMAIN_0.domain}`], membersOnly: false })
+                .send({ name: LIST_NAME, members: [ `admin2@${DOMAIN_0.domain}`, `${USERNAME}@${DOMAIN_0.domain}`], membersOnly: false, active: true })
                 .query({ access_token: token })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(201);
@@ -779,7 +779,7 @@ describe('Mail API', function () {
 
         it('add twice fails', function (done) {
             superagent.post(SERVER_URL + '/api/v1/mail/' + DOMAIN_0.domain + '/lists')
-                .send({ name: LIST_NAME, members: [ `admin2@${DOMAIN_0.domain}`, `${USERNAME}@${DOMAIN_0.domain}`], membersOnly: false })
+                .send({ name: LIST_NAME, members: [ `admin2@${DOMAIN_0.domain}`, `${USERNAME}@${DOMAIN_0.domain}`], membersOnly: false, active: true })
                 .query({ access_token: token })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(409);
diff --git a/src/test/database-test.js b/src/test/database-test.js
index 45495de6e..31056a5d2 100644
--- a/src/test/database-test.js
+++ b/src/test/database-test.js
@@ -41,6 +41,7 @@ var USER_0 = {
     role: 'user',
     active: true,
     source: '',
+    locations: [],
     resetTokenCreationTime: Date.now()
 };
 
@@ -59,6 +60,7 @@ var USER_1 = {
     role: 'user',
     active: true,
     source: '',
+    locations: [],
     resetTokenCreationTime: Date.now()
 };
 
@@ -77,6 +79,7 @@ var USER_2 = {
     role: 'user',
     active: true,
     source: '',
+    locations: [],
     resetTokenCreationTime: Date.now()
 };
 
diff --git a/src/users.js b/src/users.js
index 475ec6b0c..4d93c3730 100644
--- a/src/users.js
+++ b/src/users.js
@@ -537,11 +537,13 @@ function checkLoginLocation(user, ip, userAgent) {
 
     debug(`checkLoginLocation: ${user.id} ${ip} ${userAgent}`);
 
-    superagent.get('https://geolocation.cloudron.io/json').query({ ip: ip }).end(function (error, result) {
+    superagent.get('https://geolocation.cloudron.io/json').query({ ip }).end(function (error, result) {
         if (error) return console.error('Failed to get geoip info:', error);
 
-        const country = result.body.country.names.en;
-        const city = result.body.city.names.en;
+        const country = safe.query(result.body, 'country.names.en', '');
+        const city = safe.query(result.body, 'city.names.en', '');
+
+        if (!city || !country) return;
 
         const knownLogin = user.locations.find(function (l) {
             return l.userAgent === userAgent && l.country === country && l.city === city;
@@ -551,7 +553,7 @@ function checkLoginLocation(user, ip, userAgent) {
 
         // purge potentially old locations where ts > now() - 6 months
         const sixMonthsBack = Date.now() - 6 * 30 * 24 * 60 * 60 * 1000;
-        var locations = user.locations.filter(function (l) { return l.ts > sixMonthsBack; });
+        let locations = user.locations.filter(function (l) { return l.ts > sixMonthsBack; });
 
         locations.push({ ts: Date.now(), ip, userAgent, country, city });
         userdb.update(user.id, { locations }, function (error) {