diff --git a/cmd/install.go b/cmd/install.go
index f9da997..eafb03d 100644
--- a/cmd/install.go
+++ b/cmd/install.go
@@ -1,23 +1,47 @@
 package cmd
 
 import (
-	"fmt"
+	"context"
 
+	"code.icod.de/postfix/manager/ent"
+	_ "github.com/go-sql-driver/mysql"
 	"github.com/spf13/cobra"
 )
 
+var (
+	db           string
+	setupPostfix bool
+	setupDovecot bool
+)
+
 // installCmd represents the install command
 var installCmd = &cobra.Command{
 	Use:   "install",
-	Short: "installs the database config files for postfix",
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("install called")
+	Short: "installs the database config files for postfix and creates the database",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		// create database schema
+		client, e := ent.Open("mysql", "dev:dev@tcp(localhost:3306)/postfix")
+		if e != nil {
+			return e
+		}
+		defer client.Close()
+		ctx := context.Background()
+		if e := client.Schema.Create(ctx); e != nil {
+			return e
+		}
+		return nil
+
+		// setup postfix
+
 	},
 }
 
 func init() {
 	rootCmd.AddCommand(installCmd)
 
+	installCmd.Flags().BoolVar(&setupPostfix, "setup:postfix", true, "--setup:postfix=true|false")
+	installCmd.Flags().BoolVar(&setupPostfix, "setup:dovecot", true, "--setup:dovecot=true|false")
+
 	// Here you will define your flags and configuration settings.
 
 	// Cobra supports Persistent Flags which will work for this command
diff --git a/cmd/ui.go b/cmd/ui.go
index 4f15ce2..f9f633f 100644
--- a/cmd/ui.go
+++ b/cmd/ui.go
@@ -7,7 +7,9 @@ import (
 	"os"
 	"strings"
 
+	"code.icod.de/postfix/manager/ent"
 	"code.icod.de/postfix/manager/ui"
+	"code.icod.de/postfix/manager/ui/handler"
 	"git.icod.de/dalu/ginpongo2/v5"
 	"github.com/flosch/pongo2/v5"
 	"github.com/gin-gonic/gin"
@@ -54,21 +56,18 @@ var uiCmd = &cobra.Command{
 			r.HTMLRender = hr
 		}
 
+		// Database
+		client, e := ent.Open("mysql", "dev:dev@tcp(localhost:3306)/postfix")
+		if e != nil {
+			return e
+		}
+		defer client.Close()
+		handler.SetClient(client)
+
 		// Static
 		r.Static("/assets/", "./assets/")
 
-		r.GET("/", func(cx *gin.Context) {
-			ctx := make(pongo2.Context)
-			type Data struct {
-				Target  string
-				Message string
-			}
-			ctx["data"] = &Data{
-				Target:  "World",
-				Message: "It's a great day to be alive",
-			}
-			cx.HTML(200, "index", ctx)
-		})
+		r.GET("/", handler.GETIndex)
 
 		// serve
 		if strings.HasPrefix(uiAddr, prefixTCP) {
diff --git a/ent/schema/account.go b/ent/schema/account.go
index d792fc9..c59bf43 100644
--- a/ent/schema/account.go
+++ b/ent/schema/account.go
@@ -1,10 +1,11 @@
 package schema
 
 import (
+	"time"
+
 	"entgo.io/ent"
 	"entgo.io/ent/schema/edge"
 	"entgo.io/ent/schema/field"
-	"time"
 )
 
 // Account holds the schema definition for the Account entity.
@@ -19,7 +20,7 @@ func (Account) Fields() []ent.Field {
 		field.Time("created").Default(time.Now).Immutable(),
 		field.Time("modified").Default(time.Now).UpdateDefault(time.Now).Optional(),
 		field.String("username"),
-		field.Bytes("password"),
+		field.Bytes("password").Sensitive(),
 		field.Bool("super"),
 		field.Bool("active"),
 	}
diff --git a/go.mod b/go.mod
index bcb47c4..e0513e1 100644
--- a/go.mod
+++ b/go.mod
@@ -7,6 +7,7 @@ require (
 	git.icod.de/dalu/ginpongo2 v0.0.0-20220408201859-2045ea0f25a9
 	github.com/flosch/pongo2/v5 v5.0.0
 	github.com/gin-gonic/gin v1.7.7
+	github.com/go-sql-driver/mysql v1.6.0
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/viper v1.10.1
 )
diff --git a/go.sum b/go.sum
index f1d513e..ecefaa8 100644
--- a/go.sum
+++ b/go.sum
@@ -35,6 +35,8 @@ github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD87
 github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
 github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE=
 github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
+github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
+github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
 github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
diff --git a/install/dovecot.go b/install/dovecot.go
new file mode 100644
index 0000000..c0ed29c
--- /dev/null
+++ b/install/dovecot.go
@@ -0,0 +1 @@
+package install
diff --git a/install/files.go b/install/files.go
new file mode 100644
index 0000000..92d8a99
--- /dev/null
+++ b/install/files.go
@@ -0,0 +1,6 @@
+package install
+
+import "embed"
+
+//go:embed files/*
+var FileFS embed.FS
diff --git a/install/files/dovecot/conf.d/10-auth.conf b/install/files/dovecot/conf.d/10-auth.conf
new file mode 100644
index 0000000..5949408
--- /dev/null
+++ b/install/files/dovecot/conf.d/10-auth.conf
@@ -0,0 +1,3 @@
+auth_mechanisms = plain login
+!include auth-system.conf.ext
+!include auth-sql.conf.ext
diff --git a/install/files/dovecot/conf.d/10-director.conf b/install/files/dovecot/conf.d/10-director.conf
new file mode 100644
index 0000000..aa31812
--- /dev/null
+++ b/install/files/dovecot/conf.d/10-director.conf
@@ -0,0 +1,32 @@
+# To enable director service, uncomment the modes and assign a port.
+service director {
+  unix_listener login/director {
+    #mode = 0666
+  }
+  fifo_listener login/proxy-notify {
+    #mode = 0666
+  }
+  unix_listener director-userdb {
+    #mode = 0600
+  }
+  inet_listener {
+    #port = 
+  }
+}
+
+# Enable director for the wanted login services by telling them to
+# connect to director socket instead of the default login socket:
+service imap-login {
+  #executable = imap-login director
+}
+service pop3-login {
+  #executable = pop3-login director
+}
+service submission-login {
+  #executable = submission-login director
+}
+
+# Enable director for LMTP proxying:
+protocol lmtp {
+  #auth_socket_path = director-userdb
+}
diff --git a/install/files/dovecot/conf.d/10-mail.conf b/install/files/dovecot/conf.d/10-mail.conf
new file mode 100644
index 0000000..21ddafc
--- /dev/null
+++ b/install/files/dovecot/conf.d/10-mail.conf
@@ -0,0 +1,13 @@
+mail_location = maildir:/srv/vmail/%d/%n
+namespace inbox {
+  inbox = yes
+}
+mail_uid = 2000
+mail_gid = 2000
+mail_privileged_group = vmail
+first_valid_uid = 2000
+last_valid_uid = 2000
+mail_plugins = old_stats
+protocol !indexer-worker {
+}
+maildir_copy_with_hardlinks = yes
diff --git a/install/files/dovecot/conf.d/10-master.conf b/install/files/dovecot/conf.d/10-master.conf
new file mode 100644
index 0000000..c865573
--- /dev/null
+++ b/install/files/dovecot/conf.d/10-master.conf
@@ -0,0 +1,65 @@
+service imap-login {
+  inet_listener imap {
+    port = 143
+  }
+  inet_listener imaps {
+    port = 993
+    ssl = yes
+  }
+
+  service_count = 0
+}
+
+service pop3-login {
+  inet_listener pop3 {
+    port = 110
+  }
+  inet_listener pop3s {
+    port = 995
+    ssl = yes
+  }
+}
+
+service lmtp {
+  unix_listener /var/spool/postfix/private/dovecot-lmtp {
+    group = postfix
+    mode = 0666
+    user = postfix
+  }
+}
+
+service imap {
+}
+
+service pop3 {
+}
+
+service auth {
+  unix_listener auth-userdb {
+    mode = 0666
+    user = vmail
+    group = vmail
+  }
+
+  # Postfix smtp-auth
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0660
+    user = postfix
+    group = postfix
+  }
+}
+
+service auth-worker {
+}
+
+service dict {
+  unix_listener dict {
+  }
+}
+
+service old-stats {
+  inet_listener {
+    address = 127.0.0.1
+    port = 24242
+  }
+}
diff --git a/install/files/dovecot/conf.d/10-ssl.conf b/install/files/dovecot/conf.d/10-ssl.conf
new file mode 100644
index 0000000..55b9aa1
--- /dev/null
+++ b/install/files/dovecot/conf.d/10-ssl.conf
@@ -0,0 +1,7 @@
+ssl = yes
+
+ssl_cert = </etc/letsencrypt/live/{{.Hostname}}/fullchain.pem
+ssl_key = </etc/letsencrypt/live/{{.Hostname}}/privkey.pem
+ssl_require_crl = no
+ssl_dh=</etc/dovecot/dh.pem
+
diff --git a/install/files/dovecot/conf.d/15-lda.conf b/install/files/dovecot/conf.d/15-lda.conf
new file mode 100644
index 0000000..34eca81
--- /dev/null
+++ b/install/files/dovecot/conf.d/15-lda.conf
@@ -0,0 +1,10 @@
+postmaster_address = {{.Postmaster}}
+hostname = {{.Hostname}}
+quota_full_tempfail = yes
+recipient_delimiter = +
+lda_mailbox_autocreate = yes
+lda_mailbox_autosubscribe = yes
+
+protocol lda {
+  mail_plugins = $mail_plugins sieve quota
+}
diff --git a/install/files/dovecot/conf.d/15-mailboxes.conf b/install/files/dovecot/conf.d/15-mailboxes.conf
new file mode 100644
index 0000000..024a5fe
--- /dev/null
+++ b/install/files/dovecot/conf.d/15-mailboxes.conf
@@ -0,0 +1,40 @@
+# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
+namespace inbox {
+  # These mailboxes are widely used and could perhaps be created automatically:
+  mailbox Drafts {
+    special_use = \Drafts
+  }
+  mailbox Junk {
+    special_use = \Junk
+  }
+  mailbox Trash {
+    special_use = \Trash
+  }
+
+  # For \Sent mailboxes there are two widely used names. We'll mark both of
+  # them as \Sent. User typically deletes one of them if duplicates are created.
+  mailbox Sent {
+    special_use = \Sent
+  }
+  mailbox "Sent Messages" {
+    special_use = \Sent
+  }
+
+  # If you have a virtual "All messages" mailbox:
+  #mailbox virtual/All {
+  #  special_use = \All
+  #  comment = All my messages
+  #}
+
+  # If you have a virtual "Flagged" mailbox:
+  #mailbox virtual/Flagged {
+  #  special_use = \Flagged
+  #  comment = All my flagged messages
+  #}
+
+  # If you have a virtual "Important" mailbox:
+  #mailbox virtual/Important {
+  #  special_use = \Important
+  #  comment = All my important messages
+  #}
+}
diff --git a/install/files/dovecot/conf.d/20-imap.conf b/install/files/dovecot/conf.d/20-imap.conf
new file mode 100644
index 0000000..9d9dde5
--- /dev/null
+++ b/install/files/dovecot/conf.d/20-imap.conf
@@ -0,0 +1,3 @@
+protocol imap {
+  mail_plugins = $mail_plugins quota imap_quota
+}
diff --git a/install/files/dovecot/conf.d/20-lmtp.conf b/install/files/dovecot/conf.d/20-lmtp.conf
new file mode 100644
index 0000000..a020b04
--- /dev/null
+++ b/install/files/dovecot/conf.d/20-lmtp.conf
@@ -0,0 +1,4 @@
+protocol lmtp {
+  postmaster_address = info@icod.de
+  mail_plugins = quota sieve
+}
diff --git a/install/files/dovecot/conf.d/20-managesieve.conf b/install/files/dovecot/conf.d/20-managesieve.conf
new file mode 100644
index 0000000..1ae9869
--- /dev/null
+++ b/install/files/dovecot/conf.d/20-managesieve.conf
@@ -0,0 +1,57 @@
+protocols = $protocols sieve
+
+# Service definitions
+
+service managesieve-login {
+  inet_listener sieve {
+    address = 127.0.0.1
+    port = 4190
+  }
+
+  service_count = 1
+}
+
+service managesieve {
+}
+
+# Service configuration
+
+protocol sieve {
+  # Maximum ManageSieve command line length in bytes. ManageSieve usually does
+  # not involve overly long command lines, so this setting will not normally
+  # need adjustment
+  #managesieve_max_line_length = 65536
+
+  # Maximum number of ManageSieve connections allowed for a user from each IP
+  # address.
+  # NOTE: The username is compared case-sensitively.
+  #mail_max_userip_connections = 10
+
+  # Space separated list of plugins to load (none known to be useful so far).
+  # Do NOT try to load IMAP plugins here.
+  #mail_plugins =
+
+  # MANAGESIEVE logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #managesieve_logout_format = bytes=%i/%o
+
+  # To fool ManageSieve clients that are focused on CMU's timesieved you can
+  # specify the IMPLEMENTATION capability that Dovecot reports to clients.
+  # For example: 'Cyrus timsieved v2.2.13'
+  #managesieve_implementation_string = Dovecot Pigeonhole
+
+  # Explicitly specify the SIEVE and NOTIFY capability reported by the server
+  # before login. If left unassigned these will be reported dynamically
+  # according to what the Sieve interpreter supports by default (after login
+  # this may differ depending on the user).
+  #managesieve_sieve_capability =
+  #managesieve_notify_capability =
+
+  # The maximum number of compile errors that are returned to the client upon
+  # script upload or script verification.
+  #managesieve_max_compile_errors = 5
+
+  # Refer to 90-sieve.conf for script quota configuration and configuration of
+  # Sieve execution limits.
+}
diff --git a/install/files/dovecot/conf.d/20-pop3.conf b/install/files/dovecot/conf.d/20-pop3.conf
new file mode 100644
index 0000000..d7af0e2
--- /dev/null
+++ b/install/files/dovecot/conf.d/20-pop3.conf
@@ -0,0 +1,3 @@
+protocol pop3 {
+  mail_plugins = $mail_plugins quota
+}
diff --git a/install/files/dovecot/conf.d/20-submission.conf b/install/files/dovecot/conf.d/20-submission.conf
new file mode 100644
index 0000000..308c36c
--- /dev/null
+++ b/install/files/dovecot/conf.d/20-submission.conf
@@ -0,0 +1,3 @@
+protocol submission {
+}
+
diff --git a/install/files/dovecot/conf.d/90-acl.conf b/install/files/dovecot/conf.d/90-acl.conf
new file mode 100644
index 0000000..a429cf7
--- /dev/null
+++ b/install/files/dovecot/conf.d/90-acl.conf
@@ -0,0 +1,5 @@
+plugin {
+}
+
+plugin {
+}
diff --git a/install/files/dovecot/conf.d/90-plugin.conf b/install/files/dovecot/conf.d/90-plugin.conf
new file mode 100644
index 0000000..7acffca
--- /dev/null
+++ b/install/files/dovecot/conf.d/90-plugin.conf
@@ -0,0 +1,2 @@
+plugin {
+}
diff --git a/install/files/dovecot/conf.d/90-quota.conf b/install/files/dovecot/conf.d/90-quota.conf
new file mode 100644
index 0000000..b7b78b1
--- /dev/null
+++ b/install/files/dovecot/conf.d/90-quota.conf
@@ -0,0 +1,11 @@
+plugin {
+}
+
+plugin {
+}
+
+plugin {
+}
+
+plugin {
+}
diff --git a/install/files/dovecot/conf.d/90-sieve-extprograms.conf b/install/files/dovecot/conf.d/90-sieve-extprograms.conf
new file mode 100644
index 0000000..7acffca
--- /dev/null
+++ b/install/files/dovecot/conf.d/90-sieve-extprograms.conf
@@ -0,0 +1,2 @@
+plugin {
+}
diff --git a/install/files/dovecot/conf.d/90-sieve.conf b/install/files/dovecot/conf.d/90-sieve.conf
new file mode 100644
index 0000000..098eab3
--- /dev/null
+++ b/install/files/dovecot/conf.d/90-sieve.conf
@@ -0,0 +1,3 @@
+plugin {
+  sieve = file:~/sieve;active=~/.dovecot.sieve
+}
diff --git a/install/files/dovecot/conf.d/auth-checkpassword.conf.ext b/install/files/dovecot/conf.d/auth-checkpassword.conf.ext
new file mode 100644
index 0000000..5a54bb9
--- /dev/null
+++ b/install/files/dovecot/conf.d/auth-checkpassword.conf.ext
@@ -0,0 +1,9 @@
+passdb {
+  driver = checkpassword
+  args = /usr/bin/checkpassword
+}
+
+# passdb lookup should return also userdb info
+userdb {
+  driver = prefetch
+}
diff --git a/install/files/dovecot/conf.d/auth-deny.conf.ext b/install/files/dovecot/conf.d/auth-deny.conf.ext
new file mode 100644
index 0000000..e5e99f1
--- /dev/null
+++ b/install/files/dovecot/conf.d/auth-deny.conf.ext
@@ -0,0 +1,6 @@
+passdb {
+  driver = passwd-file
+  deny = yes
+
+  args = /etc/dovecot/deny-users
+}
diff --git a/install/files/dovecot/conf.d/auth-dict.conf.ext b/install/files/dovecot/conf.d/auth-dict.conf.ext
new file mode 100644
index 0000000..af6ec48
--- /dev/null
+++ b/install/files/dovecot/conf.d/auth-dict.conf.ext
@@ -0,0 +1,10 @@
+passdb {
+  driver = dict
+
+  args = /etc/dovecot/dovecot-dict-auth.conf.ext
+}
+
+userdb {
+  driver = dict
+  args = /etc/dovecot/dovecot-dict-auth.conf.ext
+}
diff --git a/install/files/dovecot/conf.d/auth-ldap.conf.ext b/install/files/dovecot/conf.d/auth-ldap.conf.ext
new file mode 100644
index 0000000..d24ac9b
--- /dev/null
+++ b/install/files/dovecot/conf.d/auth-ldap.conf.ext
@@ -0,0 +1,11 @@
+passdb {
+  driver = ldap
+
+  # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
+  args = /etc/dovecot/dovecot-ldap.conf.ext
+}
+
+userdb {
+  driver = ldap
+  args = /etc/dovecot/dovecot-ldap.conf.ext
+}
diff --git a/install/files/dovecot/conf.d/auth-master.conf.ext b/install/files/dovecot/conf.d/auth-master.conf.ext
new file mode 100644
index 0000000..68f53a7
--- /dev/null
+++ b/install/files/dovecot/conf.d/auth-master.conf.ext
@@ -0,0 +1,7 @@
+passdb {
+  driver = passwd-file
+  master = yes
+  args = /etc/dovecot/master-users
+
+  pass = yes
+}
diff --git a/install/files/dovecot/conf.d/auth-passwdfile.conf.ext b/install/files/dovecot/conf.d/auth-passwdfile.conf.ext
new file mode 100644
index 0000000..34e819f
--- /dev/null
+++ b/install/files/dovecot/conf.d/auth-passwdfile.conf.ext
@@ -0,0 +1,15 @@
+passdb {
+  driver = passwd-file
+  args = scheme=CRYPT username_format=%u /etc/dovecot/users
+}
+
+userdb {
+  driver = passwd-file
+  args = username_format=%u /etc/dovecot/users
+
+  # Default fields that can be overridden by passwd-file
+  #default_fields = quota_rule=*:storage=1G
+
+  # Override fields from passwd-file
+  #override_fields = home=/home/virtual/%u
+}
diff --git a/install/files/dovecot/conf.d/auth-sql.conf.ext b/install/files/dovecot/conf.d/auth-sql.conf.ext
new file mode 100644
index 0000000..c3168cf
--- /dev/null
+++ b/install/files/dovecot/conf.d/auth-sql.conf.ext
@@ -0,0 +1,14 @@
+passdb {
+  driver = sql
+
+  args = /etc/dovecot/dovecot-sql.conf.ext
+}
+
+userdb {
+  driver = prefetch
+}
+
+userdb {
+  driver = sql
+  args = /etc/dovecot/dovecot-sql.conf.ext
+}
diff --git a/install/files/dovecot/conf.d/auth-system.conf.ext b/install/files/dovecot/conf.d/auth-system.conf.ext
new file mode 100644
index 0000000..b06a5c6
--- /dev/null
+++ b/install/files/dovecot/conf.d/auth-system.conf.ext
@@ -0,0 +1,8 @@
+passdb {
+  driver = pam
+  args = "*"
+}
+
+userdb {
+  driver = passwd
+}
diff --git a/install/files/dovecot/dovecot-dict-auth.conf.ext b/install/files/dovecot/dovecot-dict-auth.conf.ext
new file mode 100644
index 0000000..285c7f1
--- /dev/null
+++ b/install/files/dovecot/dovecot-dict-auth.conf.ext
@@ -0,0 +1,23 @@
+default_pass_scheme = MD5
+iterate_prefix = userdb/
+key passdb {
+  key = passdb/%u
+  format = json
+}
+key userdb {
+  key = userdb/%u
+  format = json
+}
+key quota {
+  key = userdb/%u/quota
+  default_value = 100M
+}
+
+passdb_objects = passdb
+
+userdb_objects = userdb
+
+userdb_fields {
+  quota_rule = *:storage=%{dict:quota}
+  mail = maildir:%{dict:userdb.home}/Maildir
+}
diff --git a/install/files/dovecot/dovecot-dict-sql.conf.ext b/install/files/dovecot/dovecot-dict-sql.conf.ext
new file mode 100644
index 0000000..cbbde9f
--- /dev/null
+++ b/install/files/dovecot/dovecot-dict-sql.conf.ext
@@ -0,0 +1,12 @@
+map {
+  pattern = priv/quota/storage
+  table = quota
+  username_field = username
+  value_field = bytes
+}
+map {
+  pattern = priv/quota/messages
+  table = quota
+  username_field = username
+  value_field = messages
+}
diff --git a/install/files/dovecot/dovecot-sql.conf.ext b/install/files/dovecot/dovecot-sql.conf.ext
new file mode 100644
index 0000000..5822a07
--- /dev/null
+++ b/install/files/dovecot/dovecot-sql.conf.ext
@@ -0,0 +1,16 @@
+driver = mysql
+
+connect = host=localhost user={{.User}} password={{.Password}} dbname={{.DBName}}
+
+default_pass_scheme = CRYPT
+
+password_query = SELECT username as user, password as password, \
+        homedir AS userdb_home, maildir AS userdb_mail, \
+        concat('*:bytes=', quota) as userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid \
+    FROM mailbox \
+        WHERE username = '%Lu' AND active = '1' \
+AND ( access_restriction = 'ALL' OR LOCATE( '%Us', access_restriction ) > 0 )
+
+user_query = SELECT homedir AS home, maildir AS mail, \
+        concat('*:bytes=', quota) as quota_rule, uid, gid \
+FROM mailbox WHERE username = '%u'
diff --git a/install/files/dovecot/dovecot.conf b/install/files/dovecot/dovecot.conf
new file mode 100644
index 0000000..69dde3b
--- /dev/null
+++ b/install/files/dovecot/dovecot.conf
@@ -0,0 +1,5 @@
+dict {
+  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
+}
+!include conf.d/*.conf
+!include_try local.conf
diff --git a/install/files/postfix/main.cf b/install/files/postfix/main.cf
new file mode 100644
index 0000000..5d5b24e
--- /dev/null
+++ b/install/files/postfix/main.cf
@@ -0,0 +1,101 @@
+compatibility_level = 2
+queue_directory = /var/spool/postfix
+command_directory = /usr/sbin
+daemon_directory = /usr/libexec/postfix
+data_directory = /var/lib/postfix
+mail_owner = postfix
+myhostname = {{.Hostname}}
+mydomain = {{.Hostname}}
+myorigin = $myhostname
+inet_interfaces = all
+unknown_local_recipient_reject_code = 550
+mynetworks_style = host
+alias_maps = hash:/etc/aliases
+smtpd_banner = $myhostname ESMTP $mail_name
+debug_peer_level = 2
+debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
+sendmail_path = /usr/sbin/sendmail
+newaliases_path = /usr/bin/newaliases
+mailq_path = /usr/bin/mailq
+setgid_group = postdrop
+html_directory = no
+manpage_directory = /usr/share/man
+readme_directory = no
+inet_protocols = ipv4,ipv6
+meta_directory = /etc/postfix
+shlib_directory = /usr/lib64/postfix/${mail_version}
+#home_mailbox = .maildir/
+smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
+smtp_tls_security_level = may
+tls_random_source = dev:/dev/urandom
+smtp_tls_loglevel = 1
+smtpd_tls_loglevel = 1
+smtpd_tls_cert_file = /etc/letsencrypt/live/{{.Hostname}}/fullchain.pem
+smtpd_tls_received_header = yes
+smtpd_tls_security_level = may
+smtpd_tls_key_file = /etc/letsencrypt/live/{{.Hostname}}/privkey.pem
+append_dot_mydomain = no
+biff = no
+delay_warning_time = 4h
+smtpd_use_tls = yes
+smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
+smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
+smtpd_tls_loglevel = 1
+smtpd_tls_auth_only = yes
+mailbox_size_limit = 0
+recipient_delimiter = +
+notify_classes = resource, software
+error_notice_recipient = info@icod.de
+virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf
+virtual_gid_maps = static:2000
+virtual_mailbox_base = /srv/vmail
+virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_domains_maps.cf
+virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
+virtual_minimum_uid = 2000
+virtual_uid_maps = static:2000
+virtual_transport = lmtp:unix:private/dovecot-lmtp
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+broken_sasl_auth_clients = yes
+message_size_limit = 40000000
+home_mailbox = Maildir/
+smtpd_sasl_authenticated_header = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_local_domain = $myhostname
+smtp_use_tls = yes
+smtpd_tls_received_header = yes
+smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
+smtp_tls_mandatory_protocols  = !SSLv2,!SSLv3,!TLSv1
+smtpd_tls_protocols           = !SSLv2,!SSLv3,!TLSv1
+smtp_tls_protocols            = !SSLv2,!SSLv3,!TLSv1
+smtpd_tls_mandatory_ciphers = medium
+tls_random_source = dev:/dev/urandom
+smtpd_recipient_restrictions =
+        reject_unknown_sender_domain,
+        reject_unknown_recipient_domain,
+        reject_non_fqdn_sender,
+        reject_unauth_pipelining,
+        permit_mynetworks,
+        permit_sasl_authenticated,
+        reject_unauth_destination,
+        reject_rbl_client cbl.abuseat.org,
+        reject_rbl_client bl.spamcop.net,
+
+smtpd_helo_required = yes
+
+smtpd_sender_restrictions =
+        reject_unknown_sender_domain,
+        check_sender_access pcre:/etc/postfix/access
+
+smtpd_data_restrictions =
+        reject_unauth_pipelining
+
+smtpd_client_restrictions = permit_sasl_authenticated
+
+smtpd_milters     = inet:localhost:8891 inet:localhost:11332
+non_smtpd_milters = inet:localhost:8891
+milter_default_action = accept
+smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
+smtpd_tls_dh512_param_file = /etc/postfix/dhparams.pem
+smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
diff --git a/install/files/postfix/master.cf b/install/files/postfix/master.cf
new file mode 100644
index 0000000..0be3517
--- /dev/null
+++ b/install/files/postfix/master.cf
@@ -0,0 +1,35 @@
+smtp      inet  n       -       n       -       -       smtpd
+submission inet n       -       n       -       -       smtpd
+  -o smtpd_tls_security_level=encrypt
+smtps     inet  n       -       n       -       -       smtpd
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_sasl_type=dovecot
+  -o smtpd_sasl_path=private/auth
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o milter_macro_daemon_name=ORIGINATING
+pickup    unix  n       -       n       60      1       pickup
+cleanup   unix  n       -       n       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+rewrite   unix  -       -       n       -       -       trivial-rewrite
+bounce    unix  -       -       n       -       0       bounce
+defer     unix  -       -       n       -       0       bounce
+trace     unix  -       -       n       -       0       bounce
+verify    unix  -       -       n       -       1       verify
+flush     unix  n       -       n       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       n       -       -       smtp
+relay     unix  -       -       n       -       -       smtp
+        -o syslog_name=postfix/$service_name
+showq     unix  n       -       n       -       -       showq
+error     unix  -       -       n       -       -       error
+retry     unix  -       -       n       -       -       error
+discard   unix  -       -       n       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       n       -       -       lmtp
+anvil     unix  -       -       n       -       1       anvil
+scache    unix  -       -       n       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd
diff --git a/install/files/postfix/mysql/virtual_alias_maps.cf b/install/files/postfix/mysql/virtual_alias_maps.cf
new file mode 100644
index 0000000..b46358d
--- /dev/null
+++ b/install/files/postfix/mysql/virtual_alias_maps.cf
@@ -0,0 +1,5 @@
+user = {{.User}}
+password = {{.Password}}
+hosts = 127.0.0.1
+dbname = {{.DBName}}
+query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'
diff --git a/install/files/postfix/mysql/virtual_domains_maps.cf b/install/files/postfix/mysql/virtual_domains_maps.cf
new file mode 100644
index 0000000..f0623dc
--- /dev/null
+++ b/install/files/postfix/mysql/virtual_domains_maps.cf
@@ -0,0 +1,5 @@
+user = {{.User}}
+password = {{.Password}}
+hosts = 127.0.0.1
+dbname = {{.DBName}}
+query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'
diff --git a/install/files/postfix/mysql/virtual_mailbox_maps.cf b/install/files/postfix/mysql/virtual_mailbox_maps.cf
new file mode 100644
index 0000000..a6182b2
--- /dev/null
+++ b/install/files/postfix/mysql/virtual_mailbox_maps.cf
@@ -0,0 +1,7 @@
+user = {{.User}}
+password = {{.Password}}
+hosts = 127.0.0.1
+dbname = {{.DBName}}
+table = mailbox
+select_field = maildir
+where_field = username
diff --git a/install/general.go b/install/general.go
new file mode 100644
index 0000000..b8094b5
--- /dev/null
+++ b/install/general.go
@@ -0,0 +1,8 @@
+package install
+
+import "os/exec"
+
+func runCmd(name string, arg ...string) error {
+	c := exec.Command(name, arg...)
+	return c.Run()
+}
diff --git a/install/postfix.go b/install/postfix.go
new file mode 100644
index 0000000..ae9ba67
--- /dev/null
+++ b/install/postfix.go
@@ -0,0 +1,138 @@
+package install
+
+import "fmt"
+
+const (
+	postconf = "postconf"
+)
+
+func setPostfixVirtualMysql() error {
+	if e := postfixSetConfig("virtual_alias_maps", "mysql:/etc/postfix/mysql/virtual_alias_maps.cf"); e != nil {
+		return e
+	}
+	if e := postfixSetConfig("virtual_mailbox_domains", "mysql:/etc/postfix/mysql/virtual_domains_maps.cf"); e != nil {
+		return e
+	}
+	if e := postfixSetConfig("virtual_mailbox_maps", "mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf"); e != nil {
+		return e
+	}
+	return nil
+}
+
+func setPostfixConfigAll(hostname string) error {
+	postfixSetConfig("compatibility_level", "2")
+	postfixSetConfig("queue_directory", "/var/spool/postfix")
+	postfixSetConfig("command_directory", "/usr/sbin")
+	postfixSetConfig("daemon_directory", "/usr/libexec/postfix")
+	postfixSetConfig("data_directory", "/var/lib/postfix")
+	postfixSetConfig("mail_owner", "postfix")
+	postfixSetConfig("myhostname", hostname)
+	postfixSetConfig("mydomain", "")
+	postfixSetConfig("myorigin", "$myhostname")
+	postfixSetConfig("inet_interfaces", "all")
+	postfixSetConfig("unknown_local_recipient_reject_code", "550")
+	postfixSetConfig("mynetworks_style", "host")
+	postfixSetConfig("alias_maps", "hash:/etc/aliases")
+	postfixSetConfig("smtpd_banner", "$myhostname ESMTP $mail_name")
+	postfixSetConfig("debug_peer_level", "2")
+	postfixSetConfig("debugger_command", "PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5")
+	postfixSetConfig("sendmail_path", "/usr/sbin/sendmail")
+	postfixSetConfig("newaliases_path", "/usr/bin/newaliases")
+	postfixSetConfig("mailq_path", "/usr/bin/mailq")
+	postfixSetConfig("setgid_group", "postdrop")
+	postfixSetConfig("html_directory", "no")
+	postfixSetConfig("manpage_directory", "/usr/share/man")
+	postfixSetConfig("readme_directory", "no")
+	postfixSetConfig("inet_protocols", "ipv4,ipv6")
+	postfixSetConfig("meta_directory", "/etc/postfix")
+	postfixSetConfig("shlib_directory", "/usr/lib64/postfix/${mail_version}")
+	postfixSetConfig("smtp_tls_session_cache_database", "btree:/var/lib/postfix/smtp_scache")
+	postfixSetConfig("smtp_tls_security_level", "may")
+	postfixSetConfig("tls_random_source", "dev:/dev/urandom")
+	postfixSetConfig("smtp_tls_loglevel", "1")
+	postfixSetConfig("smtpd_tls_loglevel", "1")
+	postfixSetConfig("smtpd_tls_cert_file", fmt.Sprintf("/etc/letsencrypt/live/%s/fullchain.pem", hostname))
+	postfixSetConfig("smtpd_tls_received_header", "yes")
+	postfixSetConfig("smtpd_tls_security_level", "may")
+	postfixSetConfig("smtpd_tls_key_file", fmt.Sprintf("/etc/letsencrypt/live/%s/privkey.pem", hostname))
+	postfixSetConfig("append_dot_mydomain", "no")
+	postfixSetConfig("biff", "no")
+	postfixSetConfig("delay_warning_time", "4h")
+	postfixSetConfig("smtpd_use_tls", "yes")
+	postfixSetConfig("smtpd_tls_session_cache_database", "btree:/var/lib/postfix/smtpd_scache")
+	postfixSetConfig("smtp_tls_session_cache_database", "btree:/var/lib/postfix/smtp_scache")
+	postfixSetConfig("smtpd_tls_loglevel", "1")
+	postfixSetConfig("smtpd_tls_auth_only", "yes")
+	postfixSetConfig("mailbox_size_limit", "0")
+	postfixSetConfig("recipient_delimiter", "+")
+	postfixSetConfig("notify_classes", "resource, software")
+	postfixSetConfig("error_notice_recipient", "info@icod.de")
+	// postfixSetConfig("")
+	return nil
+}
+
+func postfixSetConfig(key, value string) error {
+	return runCmd(postconf, "-e", fmt.Sprintf("%s = %s", key, value))
+}
+
+/*
+
+virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf
+virtual_gid_maps = static:2000
+virtual_mailbox_base = /srv/vmail
+virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_domains_maps.cf
+virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
+virtual_minimum_uid = 2000
+virtual_uid_maps = static:2000
+#dovecot_destination_recipient_limit = 1
+virtual_transport = lmtp:unix:private/dovecot-lmtp
+
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+broken_sasl_auth_clients = yes
+message_size_limit = 40000000
+home_mailbox = Maildir/
+smtpd_sasl_authenticated_header = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_local_domain = $myhostname
+
+smtp_use_tls = yes
+smtpd_tls_received_header = yes
+smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
+smtp_tls_mandatory_protocols  = !SSLv2,!SSLv3,!TLSv1
+smtpd_tls_protocols           = !SSLv2,!SSLv3,!TLSv1
+smtp_tls_protocols            = !SSLv2,!SSLv3,!TLSv1
+smtpd_tls_mandatory_ciphers = medium
+tls_random_source = dev:/dev/urandom
+smtpd_recipient_restrictions =
+        reject_unknown_sender_domain,
+        reject_unknown_recipient_domain,
+        reject_non_fqdn_sender,
+        reject_unauth_pipelining,
+        permit_mynetworks,
+        permit_sasl_authenticated,
+        reject_unauth_destination,
+        reject_rbl_client cbl.abuseat.org,
+        reject_rbl_client bl.spamcop.net,
+
+smtpd_helo_required = yes
+
+smtpd_sender_restrictions =
+        reject_unknown_sender_domain,
+        check_sender_access pcre:/etc/postfix/access
+
+smtpd_data_restrictions =
+        reject_unauth_pipelining
+
+smtpd_client_restrictions = permit_sasl_authenticated
+#,reject_rbl_client localhost
+#        check_client_access hash:/etc/postfix/client_access,
+
+smtpd_milters     = inet:localhost:8891 inet:localhost:11332
+non_smtpd_milters = inet:localhost:8891
+milter_default_action = accept
+smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
+smtpd_tls_dh512_param_file = /etc/postfix/dhparams.pem
+smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
+*/
diff --git a/manager b/manager
new file mode 100755
index 0000000..3063c1a
Binary files /dev/null and b/manager differ
diff --git a/ui/handler/get_index.go b/ui/handler/get_index.go
new file mode 100644
index 0000000..6ec5bef
--- /dev/null
+++ b/ui/handler/get_index.go
@@ -0,0 +1,20 @@
+package handler
+
+import (
+	"github.com/flosch/pongo2/v5"
+	"github.com/gin-gonic/gin"
+)
+
+func GETIndex(cx *gin.Context) {
+	ctx := make(pongo2.Context)
+	type Data struct {
+		Target  string
+		Message string
+	}
+	ctx["data"] = &Data{
+		Target:  "World",
+		Message: "It's a great day to be alive",
+	}
+	cx.HTML(200, "index", ctx)
+
+}
diff --git a/ui/handler/vars.go b/ui/handler/vars.go
new file mode 100644
index 0000000..9d5b284
--- /dev/null
+++ b/ui/handler/vars.go
@@ -0,0 +1,11 @@
+package handler
+
+import "code.icod.de/postfix/manager/ent"
+
+var (
+	client *ent.Client
+)
+
+func SetClient(c *ent.Client) {
+	client = c
+}