diff --git a/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl b/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
index e67364f4..16b4c76f 100644
--- a/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
@@ -68,7 +68,8 @@ postfix:
   allowRelayNets: false
   smtpTLSSecurityLevel: "encrypt"
   smtpdSASLAuthEnable: "yes"
-  smtpdSASLSecurityOptions: "noanonymous"
+  smtpdSASLSecurityOptions: {{ .Values.smtp.security.smtpdSASLSecurityOptions | join ", " | quote }}
+  smtpSASLSecurityOptions: {{ .Values.smtp.security.smtpSASLSecurityOptions | join ", " | quote }}
   smtpdSASLType: "dovecot"
   smtpdTLSSecurityLevel: "encrypt"
   smtpdTLSCertFile: "/etc/tls/tls.crt"
@@ -78,6 +79,25 @@ postfix:
   staticAuthDB:
     enabled: false
 
+  ldapTransportMaps: []
+
+  ldapVirtualAliasMaps:
+    - host: "ums-ldap-server"
+      scheme: "ldap"
+      port: 389
+      baseDn: "{{ .Values.ldap.baseDn }}"
+      bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
+      password:
+        value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
+      # ldap filter to find groups with mail address
+      queryFilter: "(&(|(objectClass=univentionMailList)(objectClass=posixGroup))(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)))"
+      # -- use this attribute if the query already returns email addresses of members and no recursive lookup needs to be done
+      resultAttribute: ""
+      # -- do a recursive search on the specified attribute if found, should be a DN
+      specialResultAttribute: "uniqueMember"
+      # -- return the following attribute from all found leaves when a recursive search is done
+      leafResultAttribute: "mailPrimaryAddress"
+
   {{- if .Values.antivirus.milter.host }}
   smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
   {{- else }}
diff --git a/helmfile/apps/services-external/values-postfix.yaml.gotmpl b/helmfile/apps/services-external/values-postfix.yaml.gotmpl
index 738c8832..430d3187 100644
--- a/helmfile/apps/services-external/values-postfix.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-postfix.yaml.gotmpl
@@ -95,6 +95,25 @@ postfix:
     password:
       value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
 
+  ldapTransportMaps: []
+
+  ldapVirtualAliasMaps:
+    - host: "ums-ldap-server"
+      scheme: "ldap"
+      port: 389
+      baseDn: "{{ .Values.ldap.baseDn }}"
+      bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
+      password:
+        value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
+      # ldap filter to find groups with mail address
+      queryFilter: "(&(|(objectClass=univentionMailList)(objectClass=posixGroup))(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)))"
+      # -- use this attribute if the query already returns email addresses of members and no recursive lookup needs to be done
+      resultAttribute: ""
+      # -- do a recursive search on the specified attribute if found, should be a DN
+      specialResultAttribute: "uniqueMember"
+      # -- return the following attribute from all found leaves when a recursive search is done
+      leafResultAttribute: "mailPrimaryAddress"
+
   {{- if .Values.antivirus.milter.host }}
   smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
   {{- else }}
diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl
index 86c56ca8..9e2c16d3 100644
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -437,7 +437,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
     name: "postfix"
-    version: "5.0.1"
+    version: "5.0.2"
     verify: true
   postgresql:
     # providerCategory: "Platform"
diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl
index 8fa18757..6e730887 100644
--- a/helmfile/environments/default/images.yaml.gotmpl
+++ b/helmfile/environments/default/images.yaml.gotmpl
@@ -914,7 +914,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/postfix"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/postfix"
-    tag: "3.0.3@sha256:12bcebf57ddb53258c48eaa60e9c25b441f4319ee1b94b363c652ad0a992a875"
+    tag: "3.0.4@sha256:5b17c801283215b13e8305b0be1497d70c232e8ea8414f965cd1010333ae95ab"
   postfixBootstrap:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
diff --git a/helmfile/environments/default/secrets.yaml.gotmpl b/helmfile/environments/default/secrets.yaml.gotmpl
index 7d19de1d..f21617fe 100644
--- a/helmfile/environments/default/secrets.yaml.gotmpl
+++ b/helmfile/environments/default/secrets.yaml.gotmpl
@@ -32,6 +32,7 @@ secrets:
       dovecot: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_dovecot" | sha1sum | quote }}
       element: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_element" | sha1sum | quote }}
       ox: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_ox" | sha1sum | quote }}
+      postfix: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_postfix" | sha1sum | quote }}
       openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_openproject" | sha1sum | quote }}
       xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_xwiki" | sha1sum | quote }}
     systemAccounts: