diff --git a/data/Dockerfiles/clamd/bootstrap.sh b/data/Dockerfiles/clamd/bootstrap.sh
index fcfe0934..1d49cd20 100755
--- a/data/Dockerfiles/clamd/bootstrap.sh
+++ b/data/Dockerfiles/clamd/bootstrap.sh
@@ -7,19 +7,29 @@ if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 fi
 
 # Prepare whitelist
+
+mkdir -p /run/clamav /var/lib/clamav
+
 if [[ -s /etc/clamav/whitelist.ign2 ]]; then
+  echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
   cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
 fi
 if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
+  echo "Creating /var/lib/clamav/whitelist.ign2"
   echo "Example-Signature.Ignore-1" > /var/lib/clamav/whitelist.ign2
 fi
-chown clamav:clamav /var/lib/clamav/whitelist.ign2
-mkdir -p /run/clamav /var/lib/clamav
-chown clamav:clamav /run/clamav /var/lib/clamav
-chmod 750 /run/clamav
+
+chown clamav:clamav -R /var/lib/clamav /run/clamav
+
 chmod 755 /var/lib/clamav
+chmod 644 -R /var/lib/clamav/*
+chmod 750 /run/clamav
+
+echo "Stating whitelist.ign2"
+stat /var/lib/clamav/whitelist.ign2
 
 dos2unix /var/lib/clamav/whitelist.ign2
+
 sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2
 
 BACKGROUND_TASKS=()
@@ -38,7 +48,7 @@ while true; do
   sleep 2m
   SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)"
   for sane_mirror in ${SANE_MIRRORS}; do
-    rsync -avp --chown=clamav:clamav --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
+    rsync -avp --chown=clamav:clamav --chmod=Du=rwx,Dgo=rx,Fu=rw,Fog=r --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
       --include 'blurl.ndb' \
       --include 'junk.ndb' \
       --include 'jurlbl.ndb' \
diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index 5072a306..84176ebd 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -85,6 +85,9 @@ done
 
 mkdir -p /var/lib/sogo/GNUstep/Defaults/
 
+# Force-remove lines from sogo.conf
+sed -i '/SOGoIMAPServer/d' /etc/sogo/sogo.conf
+
 # Generate plist header with timezone data
 cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
 <?xml version="1.0" encoding="UTF-8"?>
@@ -93,6 +96,8 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
 <dict>
     <key>OCSAclURL</key>
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_acl</string>
+    <key>SOGoIMAPServer</key>
+    <string>imap://${IPV4_NETWORK}.250:143/?tls=YES</string>
     <key>OCSCacheFolderURL</key>
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_cache_folder</string>
     <key>OCSEMailAlarmsFolderURL</key>
diff --git a/data/conf/nginx/templates/sogo.auth_request.template.sh b/data/conf/nginx/templates/sogo.auth_request.template.sh
index ae1a3879..d885d9f5 100644
--- a/data/conf/nginx/templates/sogo.auth_request.template.sh
+++ b/data/conf/nginx/templates/sogo.auth_request.template.sh
@@ -2,5 +2,7 @@ if printf "%s\n" "${ALLOW_ADMIN_EMAIL_LOGIN}" | grep -E '^([yY][eE][sS]|[yY])+$'
     echo 'auth_request /sogo-auth-verify;
 auth_request_set $user $upstream_http_x_username;
 proxy_set_header x-webobjects-remote-user $user;
-'
+if ($args ~* (.*)(account=(?!0))(.*)) {
+  return 401;
+}'
 fi
diff --git a/data/conf/rspamd/dynmaps/settings.php b/data/conf/rspamd/dynmaps/settings.php
index 8bdfb49d..4d78456e 100644
--- a/data/conf/rspamd/dynmaps/settings.php
+++ b/data/conf/rspamd/dynmaps/settings.php
@@ -179,7 +179,7 @@ foreach (wl_by_sogo() as $user => $contacts) {
     }
 ?>
     apply "default" {
-      SOGO_CONTACT = -999.0;
+      SOGO_CONTACT = -99.0;
     }
     symbols [
       "SOGO_CONTACT"
@@ -425,4 +425,4 @@ while ($row = array_shift($rows)) {
 <?php
 }
 ?>
-}
\ No newline at end of file
+}
diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index a8befc2b..b115d75d 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -26,7 +26,6 @@
     //  (domain3.tld, domain2.tld)
     // );
 
-    SOGoIMAPServer = "imap://dovecot:143/?tls=YES";
     SOGoSieveServer = "sieve://dovecot:4190/?tls=YES";
     SOGoSMTPServer = "postfix:588";
     WOPort = "0.0.0.0:20000";
diff --git a/docker-compose.yml b/docker-compose.yml
index a48744e5..c2394909 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -55,7 +55,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.21
+      image: mailcow/clamd:1.22
       build: ./data/Dockerfiles/clamd
       restart: always
       environment:
@@ -140,7 +140,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.52
+      image: mailcow/sogo:1.53
       build: ./data/Dockerfiles/sogo
       environment:
         - DBNAME=${DBNAME}
@@ -150,6 +150,8 @@ services:
         - LOG_LINES=${LOG_LINES:-9999}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
         - ACL_ANYONE=${ACL_ANYONE:-disallow}
+        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
+        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
       volumes:
         - ./data/conf/sogo/:/etc/sogo/
         - ./data/web/inc/init_db.inc.php:/init_db.inc.php
@@ -165,7 +167,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.63
+      image: mailcow/dovecot:1.64
       build: ./data/Dockerfiles/dovecot
       cap_add:
         - NET_BIND_SERVICE
@@ -210,6 +212,7 @@ services:
       hostname: ${MAILCOW_HOSTNAME}
       networks:
         mailcow-network:
+          ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
           aliases:
             - dovecot