diff --git a/playbook.yml b/playbook.yml
index 3320a15..561fa16 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -15,7 +15,7 @@
     - role: wiki-docker
     - role: emby-docker
     - role: gitlab-docker
-    - role: mailu-docker
+    - { role: mailu-docker, tags: [ 'mailu', 'docker' ] }
     - { role: nextcloud-docker, tags: [ 'nextcloud', 'docker' ] }
     - role: matrix-docker
     - role: plex-docker
diff --git a/roles/mailu-docker/files/mailu/docker-compose.yml b/roles/mailu-docker/files/mailu/docker-compose.yml
index a0b5de8..00ffffb 100644
--- a/roles/mailu-docker/files/mailu/docker-compose.yml
+++ b/roles/mailu-docker/files/mailu/docker-compose.yml
@@ -6,8 +6,23 @@ networks:
       name: nginx-proxy
 
 services:
+  front:
+    image: mailu/nginx:$VERSION
+    restart: always
+    env_file: .env
+    ports:
+      - "$BIND_ADDRESS4:110:110"
+      - "$BIND_ADDRESS4:143:143"
+      - "$BIND_ADDRESS4:993:993"
+      - "$BIND_ADDRESS4:995:995"
+      - "$BIND_ADDRESS4:25:25"
+      - "$BIND_ADDRESS4:465:465"
+      - "$BIND_ADDRESS4:587:587"
+    volumes:
+      - "../proxy/nginx/certs/${DOMAIN}.crt:/certs/cert.pem"
+      - "../proxy/nginx/certs/${DOMAIN}.key:/certs/key.pem"
   redis:
-    image: redis:latest
+    image: redis:alpine
     restart: always
     volumes:
       - "$ROOT/redis:/data"
@@ -16,44 +31,18 @@ services:
     image: mailu/dovecot:$VERSION
     restart: always
     env_file: .env
-    ports:
-      - "110:110"
-      - "143:143"
-      - "993:993"
-      - "995:995"
-      - "4190:4190"
     volumes:
       - "$ROOT/data:/data"
       - "$ROOT/mail:/mail"
-      - "../proxy/nginx/certs/${DOMAIN}.crt:/certs/cert.pem"
-      - "../proxy/nginx/certs/${DOMAIN}.key:/certs/key.pem"
       - "$ROOT/overrides:/overrides"
-      - /etc/localtime:/etc/localtime:ro
 
   smtp:
     image: mailu/postfix:$VERSION
     restart: always
     env_file: .env
-    ports:
-      - "25:25"
-      - "465:465"
-      - "587:587"
     volumes:
       - "$ROOT/data:/data"
-      - "../proxy/nginx/certs/${DOMAIN}.crt:/certs/cert.pem"
-      - "../proxy/nginx/certs/${DOMAIN}.key:/certs/key.pem"
       - "$ROOT/overrides:/overrides"
-      - /etc/localtime:/etc/localtime:ro
-
-  milter:
-    image: mailu/rmilter:$VERSION
-    restart: always
-    env_file: .env
-    volumes:
-      - "$ROOT/filter:/data"
-      - "$ROOT/dkim:/dkim"
-      - "$ROOT/overrides:/overrides"
-      - /etc/localtime:/etc/localtime:ro
 
   antispam:
     image: mailu/rspamd:$VERSION
@@ -61,15 +50,15 @@ services:
     env_file: .env
     volumes:
       - "$ROOT/filter:/var/lib/rspamd"
-      - /etc/localtime:/etc/localtime:ro
+      - "$ROOT/dkim:/dkim"
+      - "$ROOT/overrides/rspamd:/etc/rspamd/override.d"
 
   antivirus:
-    image: mailu/clamav:$VERSION
+    image: mailu/$ANTIVIRUS:$VERSION
     restart: always
     env_file: .env
     volumes:
       - "$ROOT/filter:/data"
-      - /etc/localtime:/etc/localtime:ro
 
   webdav:
     image: mailu/$WEBDAV:$VERSION
@@ -77,35 +66,42 @@ services:
     env_file: .env
     volumes:
       - "$ROOT/dav:/data"
-      - /etc/localtime:/etc/localtime:ro
 
   admin:
     image: mailu/admin:$VERSION
     restart: always
     env_file: .env
-    #hostname: mailu.banditlair.com
-    ports:
-      - "127.0.0.1:8000:80"
+    expose:
+      - 80
     environment:
-      - VIRTUAL_HOST=${HOSTNAME}
+      - VIRTUAL_HOST=mailu.banditlair.com
       - VIRTUAL_NETWORK=nginx-proxy
-      - VIRTUAL_PORT=8000
+      - VIRTUAL_PORT=80
     volumes:
       - "$ROOT/data:/data"
       - "$ROOT/dkim:/dkim"
-      - "../proxy/nginx/certs/${DOMAIN}.crt:/certs/cert.pem"
-      - "../proxy/nginx/certs/${DOMAIN}.key:/certs/key.pem"
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - /etc/localtime:/etc/localtime:ro
+    depends_on:
+      - redis
     networks:
       - proxy-tier
+      - default
 
-  #webmail:
-  #  image: "mailu/$WEBMAIL:$VERSION"
-  #  restart: always
-  #  env_file: .env
-  #  volumes:
-  #    - "$ROOT/webmail:/data"
+  webmail:
+    image: "mailu/$WEBMAIL:$VERSION"
+    restart: always
+    env_file: .env
+    expose:
+      - 80
+    environment:
+      - VIRTUAL_HOST=webmail.banditlair.com
+      - VIRTUAL_NETWORK=nginx-proxy
+      - VIRTUAL_PORT=80
+    volumes:
+      - "$ROOT/webmail:/data"
+    networks:
+      - proxy-tier
+      - default
 
   fetchmail:
     image: mailu/fetchmail:$VERSION
@@ -113,4 +109,3 @@ services:
     env_file: .env
     volumes:
       - "$ROOT/data:/data"
-      - /etc/localtime:/etc/localtime:ro
diff --git a/roles/mailu-docker/templates/mailu/.env b/roles/mailu-docker/templates/mailu/.env
index 745b016..7a9d847 100644
--- a/roles/mailu-docker/templates/mailu/.env
+++ b/roles/mailu-docker/templates/mailu/.env
@@ -12,45 +12,49 @@
 ROOT=/var/lib/mailu
 
 # Mailu version to run (stable, 1.0, 1.1, etc. or latest)
-VERSION=stable
+VERSION=1.5.1
 
 # Set to a randomly generated 16 bytes string
 SECRET_KEY={{mailu_secret_key}}
 
 # Address where listening ports should bind
-BIND_ADDRESS={{inventory_hostname}}
+BIND_ADDRESS4=0.0.0.0
+BIND_ADDRESS6=::
 
 # Main mail domain
 DOMAIN=banditlair.com
 
 # Exposed mail-server hostname
-HOSTNAME=mail.banditlair.com
+HOSTNAMES=mail.banditlair.com,mail2.banditlair.com
 
 # Postmaster local part (will append the main mail domain)
 POSTMASTER=admin
 
-# Docker-compose project name, this will prepended to containers names.
-COMPOSE_PROJECT_NAME=mailu
+# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail)
+TLS_FLAVOR=mail
+
+# Authentication rate limit (per source IP address)
+AUTH_RATELIMIT=30/minute;1800/hour
+
+# Opt-out of statistics, replace with "True" to opt out
+DISABLE_STATISTICS=True
 
 ###################################
 # Optional features
 ###################################
 
-# Choose which frontend Web server to run if any (value: nginx, nginx-no-https, none)
-FRONTEND=none
+# Expose the admin interface (value: true, false)
+ADMIN=true
 
 # Choose which webmail to run if any (values: roundcube, rainloop, none)
-WEBMAIL=none
-
-# Expose the admin interface in publicly (values: yes, no)
-EXPOSE_ADMIN=no
-
-# Use Letsencrypt to generate a TLS certificate (uncomment to enable)
-ENABLE_CERTBOT=True
+WEBMAIL=rainloop
 
 # Dav server implementation (value: radicale, none)
 WEBDAV=none
 
+# Antivirus solution (value: clamav, none)
+ANTIVIRUS=none
+
 ###################################
 # Mail settings
 ###################################
@@ -61,7 +65,7 @@ MESSAGE_SIZE_LIMIT=50000000
 
 # Networks granted relay permissions, make sure that you include your Docker
 # internal network (default to 172.17.0.0/16)
-RELAYNETS=172.25.0.0/16
+RELAYNETS=172.22.0.0/16
 
 # Will relay all outgoing mails if configured
 RELAYHOST=
@@ -69,16 +73,45 @@ RELAYHOST=
 # Fetchmail delay
 FETCHMAIL_DELAY=600
 
-###################################
-# Nginx settings
-###################################
+# Recipient delimiter, character used to delimiter localpart from custom address part
+# e.g. localpart+custom@domain;tld
+RECIPIENT_DELIMITER=+
 
-# SSL DHPARAM Bits
-#NGINX_SSL_DHPARAM_BITS=2048
+
+# DMARC rua and ruf email
+DMARC_RUA=dmarc
+DMARC_RUF=dmarc
+
+
+# Weclome email, enable and set a topic and body if you wish to send welcome
+# emails to all users.
+WELCOME=true
+WELCOME_SUBJECT=Welcome to your new email account
+WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
 
 ###################################
-# Developers
+# Web settings
 ###################################
 
-# Uncomment this to enable debugging globally
-#DEBUG=True
+# Path to the admin interface if enabled
+WEB_ADMIN=/admin
+
+# Path to the webmail if enabled
+WEB_WEBMAIL=/webmail
+
+# Website name
+SITENAME=Emails management
+
+# Linked Website URL
+WEBSITE=https://banditlair.com
+
+###################################
+# Advanced settings
+###################################
+
+# Docker-compose project name, this will prepended to containers names.
+COMPOSE_PROJECT_NAME=mailu
+
+# Default password scheme used for newly created accounts and changed passwords
+# (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
+PASSWORD_SCHEME=SHA512-CRYPT
diff --git a/roles/searx-docker/files/searx/docker-compose.yml b/roles/searx-docker/files/searx/docker-compose.yml
index 7aa2fd7..788b2d6 100644
--- a/roles/searx-docker/files/searx/docker-compose.yml
+++ b/roles/searx-docker/files/searx/docker-compose.yml
@@ -14,7 +14,7 @@ services:
       - VIRTUAL_HOST=banditlair.com
       - VIRTUAL_NETWORK=nginx-proxy
       - VIRTUAL_PORT=8888
-      - LETSENCRYPT_HOST=banditlair.com,mail.banditlair.com,gitlab.banditlair.com,grafana.banditlair.com,cloud.banditlair.com,office.banditlair.com,plex.banditlair.com,sonar.banditlair.com,deluge.banditlair.com,rpg.banditlair.com,matrix.banditlair.com,emby.banditlair.com
+      - LETSENCRYPT_HOST=banditlair.com,mail.banditlair.com,mailu.banditlair.com,webmail.banditlair.com,gitlab.banditlair.com,cloud.banditlair.com,office.banditlair.com,plex.banditlair.com,deluge.banditlair.com,rpg.banditlair.com,matrix.banditlair.com,emby.banditlair.com
       - LETSENCRYPT_EMAIL=letsencrypt.account@banditlair.com
     networks:
       - proxy-tier