diff --git a/src/infra_version.js b/src/infra_version.js
index a97f66210..23b23d444 100644
--- a/src/infra_version.js
+++ b/src/infra_version.js
@@ -20,7 +20,7 @@ exports = module.exports = {
         'postgresql': { repo: 'cloudron/postgresql', tag: 'cloudron/postgresql:4.3.1@sha256:b0c564d097b765d4a639330843e2e813d2c87fc8ed34b7df7550bf2c6df0012c' },
         'mongodb': { repo: 'cloudron/mongodb', tag: 'cloudron/mongodb:4.2.1@sha256:f7f689beea07b1c6a9503a48f6fb38ef66e5b22f59fc585a92842a6578b33d46' },
         'redis': { repo: 'cloudron/redis', tag: 'cloudron/redis:3.3.0@sha256:89c4e8083631b6d16b5d630d9b27f8ecf301c62f81219d77bd5948a1f4a4375c' },
-        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:3.7.0@sha256:b33a42d72c0c4bb5a7eb057001e50d1d042366d8307c354cb4c9f285bfc55262' },
+        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:3.7.0@sha256:29128fd789fbb226d25c1c17ad4d26e35b132227c1dfee73bf137f8b351ddd02' },
         'graphite': { repo: 'cloudron/graphite', tag: 'cloudron/graphite:3.1.0@sha256:30ec3a01964a1e01396acf265183997c3e17fb07eac1a82b979292cc7719ff4b' },
         'sftp': { repo: 'cloudron/sftp', tag: 'cloudron/sftp:3.6.1@sha256:ba4b9a1fe274c0ef0a900e5d0deeb8f3da08e118798d1d90fbf995cc0cf6e3a3' }
     }
diff --git a/src/ldap.js b/src/ldap.js
index cb6655088..2aee44f9c 100644
--- a/src/ldap.js
+++ b/src/ldap.js
@@ -268,19 +268,27 @@ async function groupAdminsCompare(req, res, next) {
 async function mailboxSearch(req, res, next) {
     debug('mailbox search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
 
-    // if cn is set we only search for one mailbox specifically
+    // if cn is set OR filter is mail= we only search for one mailbox specifically
+    let email, dn;
     if (req.dn.rdns[0].attrs.cn) {
-        const email = req.dn.rdns[0].attrs.cn.value.toLowerCase();
+        email = req.dn.rdns[0].attrs.cn.value.toLowerCase();
+        dn = req.dn.toString();
+    } else if (req.filter instanceof ldap.EqualityFilter && req.filter.attribute === 'mail') {
+        email = req.filter.value.toLowerCase();
+        dn = `cn=${email},${req.dn.toString()}`;
+    }
+
+    if (email) {
         const parts = email.split('@');
-        if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (parts.length !== 2) return next(new ldap.NoSuchObjectError(dn.toString()));
 
         const [error, mailbox] = await safe(mail.getMailbox(parts[0], parts[1]));
         if (error) return next(new ldap.OperationsError(error.toString()));
-        if (!mailbox) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-        if (!mailbox.active) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (!mailbox) return next(new ldap.NoSuchObjectError(dn.toString()));
+        if (!mailbox.active) return next(new ldap.NoSuchObjectError(dn.toString()));
 
         const obj = {
-            dn: req.dn.toString(),
+            dn: dn.toString(),
             attributes: {
                 objectclass: ['mailbox'],
                 objectcategory: 'mailbox',
@@ -301,7 +309,7 @@ async function mailboxSearch(req, res, next) {
         } else {
             res.end();
         }
-    } else { // new sogo
+    } else { // new sogo and dovecot listing (doveadm -A)
         // TODO figure out how proper pagination here could work
         let [error, mailboxes] = await safe(mail.listAllMailboxes(1, 100000));
         if (error) return next(new ldap.OperationsError(error.toString()));