diff --git a/helmfile/apps/open-xchange/values-dovecot-enterprise.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot-enterprise.yaml.gotmpl
index 218c6904..a487ce30 100644
--- a/helmfile/apps/open-xchange/values-dovecot-enterprise.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-dovecot-enterprise.yaml.gotmpl
@@ -27,15 +27,8 @@ dovecot:
     password:
       value: {{ .Values.secrets.cassandra.dovecotDictmapUser | quote }}
     keyspace: {{ .Values.databases.dovecotDictmap.name | quote }}
-  sharedMailboxes:
-    enabled: false
-    host: {{ .Values.databases.dovecotACL.host | quote }}
-    port: {{ .Values.databases.dovecotACL.port }}
-    username: {{ .Values.databases.dovecotACL.username | quote }}
-    password:
-      value: {{ .Values.secrets.cassandra.dovecotACLUser | quote }}
-    keyspace: {{ .Values.databases.dovecotACL.name | quote }}
   objectStorage:
+    bucket: {{ .Values.objectstores.dovecot.bucket | quote }}
     encryption:
       privateKey:
         value: {{ env "DOVECOT_CRYPT_PRIVATE_KEY" | quote }}
diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
index 4645b43a..02439e47 100644
--- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
@@ -49,6 +49,15 @@ dovecot:
     introspectionPath: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token/introspect"
     usernameAttribute: "opendesk_username"
   loginTrustedNetworks: {{ join " " .Values.cluster.networking.cidr | quote }}
+  sharedMailboxes:
+    type: "postgresql"
+    enabled: true
+    host: {{ .Values.databases.dovecotACL.host | quote }}
+    port: {{ .Values.databases.dovecotACL.port }}
+    username: {{ .Values.databases.dovecotACL.username | quote }}
+    password:
+      value: {{ .Values.secrets.postgresql.dovecotACLUser | quote }}
+    database: {{ .Values.databases.dovecotACL.name | quote }}
   submission:
     enabled: true
     ssl: "no"
diff --git a/helmfile/apps/services-external/values-cassandra.yaml.gotmpl b/helmfile/apps/services-external/values-cassandra.yaml.gotmpl
index da65c178..b09aeb9e 100644
--- a/helmfile/apps/services-external/values-cassandra.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-cassandra.yaml.gotmpl
@@ -43,10 +43,6 @@ initDB:
     CREATE ROLE IF NOT EXISTS {{ .Values.databases.dovecotDictmap.username | quote }};
     ALTER ROLE {{ .Values.databases.dovecotDictmap.username | quote }} WITH PASSWORD = {{ regexReplaceAll "'" .Values.secrets.cassandra.dovecotDictmapUser "''" | squote }} AND LOGIN = true;
     GRANT ALL ON KEYSPACE {{ .Values.databases.dovecotDictmap.name | quote }} TO {{ .Values.databases.dovecotDictmap.username | quote }};
-    CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecotACL.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
-    CREATE ROLE IF NOT EXISTS {{ .Values.databases.dovecotACL.username | quote }};
-    ALTER ROLE {{ .Values.databases.dovecotACL.username | quote }} WITH PASSWORD = {{ regexReplaceAll "'" .Values.secrets.cassandra.dovecotACLUser "''" | squote }} AND LOGIN = true;
-    GRANT ALL ON KEYSPACE {{ .Values.databases.dovecotACL.name | quote }} TO {{ .Values.databases.dovecotACL.username | quote }};
 
 # Will print a warning if unset but is automatically calculated:
 jvm:
diff --git a/helmfile/apps/services-external/values-postgresql.yaml.gotmpl b/helmfile/apps/services-external/values-postgresql.yaml.gotmpl
index d94f245e..77ef2350 100644
--- a/helmfile/apps/services-external/values-postgresql.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-postgresql.yaml.gotmpl
@@ -48,6 +48,9 @@ image:
 
 job:
   users:
+    - username: {{ .Values.databases.dovecotACL.username | quote }}
+      password: {{ .Values.secrets.postgresql.dovecotACLUser | quote }}
+      connectionLimit: {{ .Values.databases.dovecotACL.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
     - username: {{ .Values.databases.keycloak.username | quote }}
       password: {{ .Values.secrets.postgresql.keycloakUser | quote }}
       connectionLimit: {{ .Values.databases.keycloak.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
@@ -83,6 +86,8 @@ job:
       connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
 {{ end }}
   databases:
+    - name: {{ .Values.databases.dovecotACL.name | quote }}
+      user: {{ .Values.databases.dovecotACL.username | quote }}
     - name: {{ .Values.databases.keycloak.name | quote }}
       user: {{ .Values.databases.keycloak.username | quote }}
     - name: {{ .Values.databases.keycloakExtension.name | quote }}
diff --git a/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl b/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl
index 1978b76f..016f2672 100644
--- a/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl
+++ b/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl
@@ -6,7 +6,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/product-development/charts/opendesk-dovecot-pro"
     name: "dovecot"
-    version: "3.0.0" ## DO NOT FORGET TO UPDATE AND TEST ALSO THE EE CHART
+    version: "3.0.0-tkaltenbrunner-fix-postgresacl"
     verify: true
   oxAppSuite:
     registry: "registry.opencode.de"
diff --git a/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl b/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl
index 37590c27..991a83b4 100644
--- a/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl
+++ b/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl
@@ -17,5 +17,5 @@ images:
   openxchangeCoreMW:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"
-    tag: "8.35.85@sha256:54d01a16ea29a3ae8f1857e5bdf6d2e34046b8a3fa3d6179bb3ad3d047e1318f"
+    tag: "8.37.62@sha256:750bb22a12646e4f3df01de9d438617c53d0996407ba11924167102cd84c4660"
 ...
diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl
index 56b3ad15..40e63b63 100644
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -99,7 +99,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
     name: "dovecot"
-    version: "3.1.0-feat-dovecot-config"
+    version: "3.1.0-tkaltenbrunner-fix-dovecot-acls"
     verify: true
   element:
     # providerCategory: "Platform"
diff --git a/helmfile/environments/default/database.yaml.gotmpl b/helmfile/environments/default/database.yaml.gotmpl
index fa569e2c..f8e5bf75 100644
--- a/helmfile/environments/default/database.yaml.gotmpl
+++ b/helmfile/environments/default/database.yaml.gotmpl
@@ -15,10 +15,10 @@ databases:
     password: ""
     connectionLimit: ~
   dovecotACL:
-    type: "cassandra"
+    type: "postgresql"
     name: "dovecot_acl"
-    host: "cassandra"
-    port: 9042
+    host: "postgresql"
+    port: 5432
     username: "dovecot_acl_user"
     password: ""
     connectionLimit: ~
diff --git a/helmfile/environments/default/secrets.yaml.gotmpl b/helmfile/environments/default/secrets.yaml.gotmpl
index 04365e12..9c425b77 100644
--- a/helmfile/environments/default/secrets.yaml.gotmpl
+++ b/helmfile/environments/default/secrets.yaml.gotmpl
@@ -8,7 +8,6 @@ secrets:
   cassandra:
     rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "root_password" | sha1sum | quote }}
     dovecotDictmapUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_dictmap_user" | sha1sum | quote }}
-    dovecotACLUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_acl_user" | sha1sum | quote }}
   oxAppSuite:
     adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
     basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
@@ -59,6 +58,7 @@ secrets:
     natsAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "admin" "nats" | sha1sum | quote }}
   postgresql:
     postgresUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum | quote }}
+    dovecotACLUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_acl_user" | sha1sum | quote }}
     keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }}
     keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }}
     matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }}