diff --git a/deployment/salt/base/docker-compose.sls b/deployment/salt/base/docker-compose.sls
index 16794e97a03eec15f635c3af8b98a652d13dfd5d..6a6b2b2c5d71827a143e07d90fc45f797952b59f 100644
--- a/deployment/salt/base/docker-compose.sls
+++ b/deployment/salt/base/docker-compose.sls
@@ -42,6 +42,13 @@ cron-check-updates:
     - special: '@daily'
     - identifier: 'check-updates'
 
+cron-sync-emails:
+  cron.present:
+    - name: bash /mnt/repo-base/scripts/sync-emails.sh
+    - user: root
+    - special: '@hourly'
+    - identifier: 'sync-emails'
+
 /etc/docker/daemon.json:
   file.managed:
     - source: salt://docker-daemon.json
diff --git a/scripts/base.sh b/scripts/base.sh
index f447bb84e2bcc46e740af776d1ce2d341b6bf967..8b3fd70154ec56fc72535c0aeabdeb23de8ae4e8 100755
--- a/scripts/base.sh
+++ b/scripts/base.sh
@@ -36,6 +36,7 @@ SMTP_PW=$(grep ^SMTP_PW= "$ENVFILE" | awk -F= '{ print $NF }')
 
 SMTP_HOST=$(grep ^SMTP_HOST= "$ENVFILE" | awk -F= '{ print $NF }')
 
+MYSQL_ROOT_PASSWORD=$(grep ^MYSQL_ROOT_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }')
 
 # the encoding/decoding is taken from here: https://stackoverflow.com/questions/296536/how-to-urlencode-data-for-curl-command/10660730#10660730
 urlencode() {
diff --git a/scripts/generate-signup-link.sh b/scripts/generate-signup-link.sh
index 359d6b3809d845c79ab4177347f2e1d23082f482..21c2e10a36030374573380eab05c53c0aabdbca6 100755
--- a/scripts/generate-signup-link.sh
+++ b/scripts/generate-signup-link.sh
@@ -24,6 +24,8 @@ echo "$EMAIL:$AUTH_SECRET" >> /mnt/repo-base/volumes/accounts/auth.file
 SIGNUP_URL="https://welcome.$DOMAIN/?authmail=$(urlencode "$EMAIL")&authsecret=$AUTH_SECRET"
 echo "The new user can sign up now at $SIGNUP_URL"
 
-echo -e "Subject:Signup for $DOMAIN
+echo -e "to:$EMAIL
+from:drive@$DOMAIN
+subject:Signup for $DOMAIN
 You can now sign up for your $DOMAIN account at $SIGNUP_URL" | \
-docker-compose exec -T eelomailserver sendmail -f "drive@$DOMAIN" -t "$EMAIL"
+    docker exec -i $(docker-compose ps -q eelomailserver) sendmail -t
diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh
index 9a7c0917135c0d3cf1da9d54af06165547918fcd..7877747cf58ede9efefd1e06b6dab941b913a6a7 100755
--- a/scripts/init-repo.sh
+++ b/scripts/init-repo.sh
@@ -173,10 +173,7 @@ fi
 # create nextcloud config
 mkdir -p "/mnt/repo-base/volumes/nextcloud/config/"
 cat /mnt/repo-base/templates/nextcloud/config.php | sed "s/@@@DOMAIN@@@/$DOMAIN/g" | \
-    sed "s/@@@DRIVE_SMTP_PASSWORD@@@/$DRIVE_SMTP_PASSWORD/g" | sed "s/@@@MYSQL_PASSWORD_NC@@@/$MYSQL_PASSWORD_NC/g" | \
-    sed "s/@@@MYSQL_DATABASE_NC@@@/$MYSQL_DATABASE_NC/g" | sed "s/@@@MYSQL_USER_NC@@@/$MYSQL_USER_NC/g" | \
-    sed "s/@@@PFDB_DBPASS@@@/$PFDB_DBPASS/g" > \
-    "/mnt/repo-base/volumes/nextcloud/config/config.php"
+    sed "s/@@@DRIVE_SMTP_PASSWORD@@@/$DRIVE_SMTP_PASSWORD/g" > "/mnt/repo-base/volumes/nextcloud/config/config.php"
 chown www-data:www-data "/mnt/repo-base/volumes/nextcloud/" -R
 
 # Login to /e/ registry | not necessary when going public
diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh
index c19f86c86eb8190316b4dfb9c81359d84ddbe328..328437f4a36958961d9851e1de467a199f74c014 100755
--- a/scripts/postinstall.sh
+++ b/scripts/postinstall.sh
@@ -28,7 +28,7 @@ echo "Installing nextcloud plugins"
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install calendar
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install tasks
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install notes
-docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_backend_sql_raw
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_external
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install rainloop
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1
 
@@ -60,7 +60,9 @@ docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli admin
 
 # Adding domains to postfix is done by docker exec instead of docker-compose exec on purpose. Reason: with compose the loop aborts after the first item for an unknown reason
 echo "Adding domains to Postfix"
-echo "$ADD_DOMAINS" | tr "," "\n" | while read line; do docker exec -t postfixadmin /postfixadmin/scripts/postfixadmin-cli domain add $line; done
+# The password_expiry parameter is only a workaround, and does not have any effect
+# https://github.com/postfixadmin/postfixadmin/issues/280#issuecomment-511788887
+echo "$ADD_DOMAINS" | tr "," "\n" | while read line; do docker exec -t postfixadmin /postfixadmin/scripts/postfixadmin-cli domain add $line --password_expiry 0; done
 
 echo "Adding email accounts used by system senders (drive, ...)"
 docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli mailbox add drive@$DOMAIN --password $DRIVE_SMTP_PASSWORD --password2 $DRIVE_SMTP_PASSWORD --name "drive" --email-other $ALT_EMAIL
diff --git a/scripts/sync-emails.sh b/scripts/sync-emails.sh
new file mode 100644
index 0000000000000000000000000000000000000000..7198c045b358c793aa0a657b940fc637e98bd66d
--- /dev/null
+++ b/scripts/sync-emails.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+source /mnt/repo-base/scripts/base.sh
+
+QUERY_RESULT=$(docker-compose exec -T mariadb mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --database=$MYSQL_DATABASE_NC -N -B \
+    -e "SELECT uid,json_unquote(json_extract(data,'$.email.value')) AS email FROM accounts;")
+
+UPDATE_QUERY="UPDATE mailbox SET email_other = CASE username "
+while read -r line; do
+    USER=$(echo "$line" | cut -f1)
+    FALLBACK_EMAIL=$(echo "$line" | cut -f2)
+    if [ "$FALLBACK_EMAIL" = "null" ]; then
+        continue
+    fi
+    UPDATE_QUERY+="WHEN '$USER' THEN '$FALLBACK_EMAIL' "
+done <<< "$QUERY_RESULT"
+UPDATE_QUERY+="ELSE email_other END;"
+
+docker-compose exec -T mariadb mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --database=postfix \
+    -e "$UPDATE_QUERY"
diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml
index d190260de31a65d12c28247430b1fd166c72c2bd..07c768f9b5ba581b034eb45f589ca7e739caa82e 100644
--- a/templates/docker-compose/docker-compose-base.yml
+++ b/templates/docker-compose/docker-compose-base.yml
@@ -37,16 +37,18 @@ services:
       - redis
 
   postfixadmin:
-    image: registry.gitlab.e.foundation:5000/e/infra/docker-postfixadmin:0.1.2
+    image: registry.gitlab.e.foundation:5000/e/infra/docker-postfixadmin:admin-smtp-password
     container_name: postfixadmin
     domainname: ${DOMAIN}
-    hostname: mail
     restart: always
     networks:
       - serverbase
     environment:
       - DBPASS=${DBPASS}
+      - DOMAIN=${DOMAIN}
       - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD}
+      - SMTPHOST=${SMTP_HOST}
+      - ADMIN_SMTP_PASSWORD=${DRIVE_SMTP_PASSWORD}
     depends_on:
       - eelomailserver
       - mariadb
@@ -103,13 +105,6 @@ services:
   nextcloud:
     image: nextcloud:15.0.10
     container_name: nextcloud
-    environment:
-      - MYSQL_DATABASE=${MYSQL_DATABASE_NC}
-      - MYSQL_USER=${MYSQL_USER_NC}
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD_NC}
-      - MYSQL_HOST=mariadb
-      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
-      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
     restart: always
     networks:
       - serverbase
@@ -136,7 +131,7 @@ services:
       - /mnt/repo-base/config-dynamic/automx/automx.conf:/etc/automx.conf
 
   create-account:
-    image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:0.1.6
+    image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:trigger-nextcloud-account
     container_name: create-account
     restart: always
     environment:
diff --git a/templates/nextcloud/config.php b/templates/nextcloud/config.php
index e1dcc922838e5070282410168e90018cd72c4dc3..4816d1e1fe573b95a8357713b02543f176ea4bfe 100644
--- a/templates/nextcloud/config.php
+++ b/templates/nextcloud/config.php
@@ -38,27 +38,14 @@ $CONFIG = array (
   'mail_smtpport' => '587',
   'mail_smtpsecure' => 'tls',
   'installed' => false,
-  'user_backend_sql_raw' =>
-    array (
-      'db_type' => 'mariadb',
-      'db_host' => 'mariadb',
-      'db_port' => '3306',
-      'db_name' => 'postfix',
-      'db_user' => 'postfix',
-      'db_password' => '@@@PFDB_DBPASS@@@',
-      'mariadb_charset' => 'utf8mb4',
-      'queries' =>
-        array (
-          'get_password_hash_for_user' => 'SELECT substr(password,15,3000) AS password_hash FROM mailbox WHERE username = BINARY :username',
-          'user_exists' => 'SELECT EXISTS(SELECT 1 FROM mailbox WHERE username = :username)',
-          'get_users' => 'select username as fqda from mailbox where username like :search or name like :search',
-          'set_password_hash_for_user' => 'UPDATE mailbox SET password = CONCAT(\'{SHA512-CRYPT}\',:new_password_hash) WHERE username = BINARY :username',
-          'get_display_name' => 'SELECT name FROM mailbox where username = BINARY :username',
-          'set_display_name' => 'UPDATE mailbox SET name = :new_display_name WHERE username = BINARY :username',
-          'count_users' => 'SELECT COUNT(*) FROM mailbox',
+  'user_backends' => array(
+    array(
+        'class' => 'OC_User_IMAP',
+        'arguments' => array(
+            'mail.@@@DOMAIN@@@', 993, 'ssl'
         ),
-    'hash_algorithm_for_new_passwords' => 'sha512',
     ),
+  ),
   'theme' => 'eelo',
   'loglevel' => 2,
   'preview_max_x' => 1024,
diff --git a/templates/nextcloud/plugin-config/user_sql_raw_config.conf b/templates/nextcloud/plugin-config/user_sql_raw_config.conf
deleted file mode 100644
index 08b54a8cfd162bd88c3a9469a25da3a12f83e63c..0000000000000000000000000000000000000000
--- a/templates/nextcloud/plugin-config/user_sql_raw_config.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-   'user_backend_sql_raw' =>
-    array (
-    'db_type' => 'mariadb',
-    'db_host' => 'mariadb',
-    'db_port' => '3306',
-    'db_name' => '@@@DBNAME@@@',
-    'db_user' => '@@@DBUSER@@@',
-    'db_password' => '@@@DBPW@@@',
-    'queries' =>
-    array (
-      'get_password_hash_for_user' => 'SELECT substr(password,15,3000) AS password_hash FROM mailbox WHERE username = BINARY :username',
-      'user_exists' => 'SELECT EXISTS(SELECT 1 FROM mailbox WHERE username = :username)',
-      'get_users' => 'select username as fqda from mailbox where username like :search or name like :search',
-      'set_password_hash_for_user' => 'UPDATE mailbox SET password = CONCAT(\'{SHA512-CRYPT}\',:new_password_hash) WHERE username = BINARY :username',
-      'get_display_name' => 'SELECT name FROM mailbox where username = BINARY :username',
-      'set_display_name' => 'UPDATE mailbox SET name = :new_display_name WHERE username = BINARY :username',
-      'count_users' => 'SELECT COUNT(*) FROM mailbox',
-    ),
-    'hash_algorithm_for_new_passwords' => 'sha512',
-    )
-);