diff --git a/deployment/questionnaire/questionnaire.dat b/deployment/questionnaire/questionnaire.dat
index 3ada26bfef65733e1d6ae0f4362700c1d288b2db..74dff8e5000ecd226a76865801a2e5e04bf9213e 100644
--- a/deployment/questionnaire/questionnaire.dat
+++ b/deployment/questionnaire/questionnaire.dat
@@ -24,6 +24,8 @@ CREATE_ACCOUNT_PASSWORD=@@@generate@@@:20@
 
 PFA_SUPERADMIN_PASSWORD=1@@@generate@@@:16@2
 
+WELCOME_SECRET=@@@generate@@@:20@
+
 # fixed defaults
 ENABLE_POP3=false;default
 DISABLE_RATELIMITING=false;default
diff --git a/scripts/base.sh b/scripts/base.sh
index c179258d3f9611c41d2230308d01e6402d04df16..be318b29972149029fd99aa1f413229807ea2859 100755
--- a/scripts/base.sh
+++ b/scripts/base.sh
@@ -27,6 +27,10 @@ DRIVE_SMTP_PASSWORD=$(grep ^DRIVE_SMTP_PASSWORD= "$ENVFILE" | awk -F= '{ print $
 
 PFA_SUPERADMIN_PASSWORD=$(grep ^PFA_SUPERADMIN_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }')
 
+WELCOME_SECRET=$(grep ^WELCOME_SECRET= "$ENVFILE" | awk -F= '{ print $NF }')
+WELCOME_SECRET_SHA=$(grep ^WELCOME_SECRET_SHA= "$ENVFILE" | awk -F= '{ print $NF }')
+WEBSITE_SECRET=$(grep ^WEBSITE_SECRET= "$ENVFILE" | awk -F= '{ print $NF }')
+
 PFDB_DB=$(grep ^PFDB_DB= "$ENVFILE" | awk -F= '{ print $NF }')
 PFDB_USR=$(grep ^PFDB_USR= "$ENVFILE" | awk -F= '{ print $NF }')
 PFDB_DBPASS=$(grep ^DBPASS= "$ENVFILE" | awk -F= '{ print $NF }')
diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh
index ede51512de144249becab77af635c798db77c912..d5ca69d267236780b5fd11089516d1276c653151 100755
--- a/scripts/init-repo.sh
+++ b/scripts/init-repo.sh
@@ -50,6 +50,10 @@ elif ! echo "$VALIDATED_ADD_DOMAINS" | grep -q "$VALIDATED_DOMAIN" ; then
     sed -i '/ADD_DOMAINS/d' "$ENVFILE"
     echo "ADD_DOMAINS=$VALIDATED_ADD_DOMAINS,$VALIDATED_DOMAIN" >> "$ENVFILE"
 fi
+
+echo "WELCOME_SECRET_SHA=$(echo -n $WELCOME_SECRET |sha1sum | awk '{print $1}')" >> "$ENVFILE"
+echo "WEBSITE_SECRET=not_defined" >> "$ENVFILE"
+
 source /mnt/repo-base/scripts/base.sh
 
 DC_DIR="templates/docker-compose/"
@@ -186,9 +190,12 @@ docker-compose up -d
 echo -e "\nHack: restart everything to ensure that database and nextcloud are initialized"
 docker-compose restart
 
+# needed to store accounts to create, and needs to be writable by welcome
+touch /mnt/repo-base/volumes/accounts/auth.file
 # needed to store created accounts, and needs to be writable by welcome
 touch /mnt/repo-base/volumes/accounts/auth.file.done
 ACCOUNTS_UID=$(docker-compose exec --user www-data welcome id -u | tr -d '\r')
+chown "$ACCOUNTS_UID:$ACCOUNTS_UID" /mnt/repo-base/volumes/accounts/auth.file
 chown "$ACCOUNTS_UID:$ACCOUNTS_UID" /mnt/repo-base/volumes/accounts/auth.file.done
 
 printf "$(date): Waiting for Nextcloud to finish installation"
diff --git a/scripts/postfixadmin-mailbox-postdeletion.sh b/scripts/postfixadmin-mailbox-postdeletion.sh
new file mode 100755
index 0000000000000000000000000000000000000000..f3c47815adee157af774defc611531e1752905cd
--- /dev/null
+++ b/scripts/postfixadmin-mailbox-postdeletion.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# Script for removing a mailbox dir in ecloud
+
+# The script looks at arguments 1 and 2, assuming that they 
+# indicate username and domain, respectively.
+
+
+# the script is actually run by the pfexec user
+# the script handles deletion in a bind-mounted dir shared with eelomailserver
+# so pfexec user has no right over it. it needs a specific sudo perm 
+#to be able to only run this script
+# the /etc/sudoers line added to the container during install :
+# pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh
+# The line states that the pfexec user may run the script without providing a password.
+
+
+# where the mailbox dirs are bind-mounted on the container.
+basedir=/var/mail/vhosts
+
+if [[ -n "$1" && -n "$2" ]]; then
+    # double check both arguments are provided
+
+    if [ `echo $1 | fgrep '..'` ]; then
+        # not permitted!!
+        exit 1
+    fi
+    if [ `echo $2 | fgrep '..'` ]; then
+        # not permitted!!
+        exit 1
+    fi
+
+    
+    maildir="${basedir}/$2/$1"
+
+
+
+    if [ ! -e "$maildir" ]; then
+        # not maildir empty, doing nothing
+        exit 0
+    fi
+
+
+    rm -rf $maildir
+else 
+    # args are empty, do nothing
+    exit 1
+fi   
+
+exit $?
\ No newline at end of file
diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh
index 1598a0ffa2ff02f0d79f1dc555be989c37940625..78c204d047736b695830e7c25fc962ef17dfb0a6 100755
--- a/scripts/postinstall.sh
+++ b/scripts/postinstall.sh
@@ -31,6 +31,17 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:insta
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_backend_sql_raw
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install rainloop
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1
+git clone --single-branch https://framagit.org/tcit/drop_user.git volumes/nextcloud/custom_apps/drop_account
+docker-compose exec -T --user www-data nextcloud php occ app:enable drop_account
+
+echo "Installing custom ecloud drop account plugin"
+# Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud_drop_account plugin
+docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_secret --value="$WELCOME_SECRET"
+# Add VHOST_ACCOUNTS from .env file as a system config value, to be used by our ecloud_drop_account plugin
+docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_domain --value="welcome.$DOMAIN"
+git clone --single-branch https://gitlab.e.foundation/e/infra/selfhost/nextcloud-apps/ecloud-drop-account.git volumes/nextcloud/custom_apps/ecloud_drop_account
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud_drop_account
+
 
 echo "Installing Nextcloud theme"
 wget "https://gitlab.e.foundation/api/v4/projects/315/repository/archive.tar.gz" -O "/tmp/nextcloud-theme.tar.gz"
@@ -58,6 +69,11 @@ curl --silent -L https://mail.$DOMAIN/setup.php > /dev/null
 echo "Adding Postfix admin superadmin account"
 docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli admin add $ALT_EMAIL --password $PFA_SUPERADMIN_PASSWORD --password2 $PFA_SUPERADMIN_PASSWORD --superadmin
 
+# adding sudo to postfixadmin container
+docker-compose exec -T postfixadmin apk add sudo
+# giving pfexec user a specific sudo perm ONLY for launching the bind-mounted mailbox-postdeletion script
+docker-compose exec -T postfixadmin bash -c 'echo "" >> /etc/sudoers && echo "#pfexec single command perm" >> /etc/sudoers && echo "pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh" >> /etc/sudoers'
+
 # Adding domains to postfix is done by docker exec instead of docker-compose exec on purpose. Reason: with compose the loop aborts after the first item for an unknown reason
 echo "Adding domains to Postfix"
 # The password_expiry parameter is only a workaround, and does not have any effect
diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml
index 4b714e0cd2d144563246d5de7b81985ceb8ba242..dc1873e6e476829a20a882e9233ca2a73e83c04f 100644
--- a/templates/docker-compose/docker-compose-base.yml
+++ b/templates/docker-compose/docker-compose-base.yml
@@ -51,6 +51,9 @@ services:
       - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD}
       - SMTPHOST=${SMTP_HOST}
       - ADMIN_SMTP_PASSWORD=${DRIVE_SMTP_PASSWORD}
+    volumes:
+      - /mnt/repo-base/volumes/mail:/var/mail
+      - /mnt/repo-base/scripts/postfixadmin-mailbox-postdeletion.sh:/usr/local/bin/postfixadmin-mailbox-postdeletion.sh
     depends_on:
       - eelomailserver
       - mariadb
@@ -80,9 +83,10 @@ services:
     command: redis-server --appendonly yes
     volumes:
       - /mnt/repo-base/volumes/redis/db:/data
+      - /mnt/repo-base/volumes/redis/tmp:/tmp/redis
 
   welcome:
-    image: registry.gitlab.e.foundation:5000/e/infra/docker-welcome:1.0.1
+    image: registry.gitlab.e.foundation:5000/e/infra/docker-welcome:1.1.0
     container_name: welcome
     environment:
       - DOMAINS=${VHOSTS_ACCOUNTS}
@@ -92,6 +96,9 @@ services:
       - PFDB_DB=${PFDB_DB}
       - PFDB_USR=${PFDB_USR}
       - PFDB_PW=${DBPASS}
+      - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD}
+      - WELCOME_SECRET_SHA=${WELCOME_SECRET_SHA}
+      - WEBSITE_SECRET=${WEBSITE_SECRET}
       - SMTP_HOST=${SMTP_HOST}
       - SMTP_FROM=${SMTP_FROM}
       - SMTP_PW=${SMTP_PW}
@@ -117,6 +124,7 @@ services:
       - /mnt/repo-base/volumes/nextcloud/data:/var/www/html/data/
       - /mnt/repo-base/config-dynamic/nextcloud/x-fpm-overloads.conf:/usr/local/etc/php-fpm.d/x-fpm-overloads.conf
       - /mnt/repo-base/config-dynamic/nextcloud/x-php-overloads.ini:/usr/local/etc/php/conf.d/x-php-overloads.ini
+      - /mnt/repo-base/volumes/redis/tmp:/tmp/redis/
     depends_on:
       - mariadb
 
diff --git a/templates/nextcloud/config.php b/templates/nextcloud/config.php
index 70174a32f01b6289ad402ebc76885a9a84618dbe..c3311a758060ba62235ff9f2eb85415ab0fb9137 100644
--- a/templates/nextcloud/config.php
+++ b/templates/nextcloud/config.php
@@ -58,6 +58,7 @@ $CONFIG = array (
       'user_exists' => 'SELECT EXISTS(SELECT 1 FROM mailbox WHERE username = :username)',
       'get_users' => 'select username as fqda from mailbox where username like :search or name like :search',
       'set_password_hash_for_user' => 'UPDATE mailbox SET password = CONCAT(\'{SHA512-CRYPT}\',:new_password_hash) WHERE username = BINARY :username',
+      'delete_user' => 'SELECT EXISTS(SELECT 1 FROM mailbox WHERE username = :username)',
       'get_display_name' => 'SELECT name FROM mailbox where username = BINARY :username',
       'set_display_name' => 'UPDATE mailbox SET name = :new_display_name WHERE username = BINARY :username',
       'count_users' => 'SELECT COUNT(*) FROM mailbox',