diff --git a/applications/email.nix b/applications/email.nix
index 9c972b4..d7a6381 100644
--- a/applications/email.nix
+++ b/applications/email.nix
@@ -470,6 +470,8 @@ in {
 
     mailserver = {
       enable = true;
+      stateVersion = 1;
+
       fqdn = "${cfg.sub}.${cfg.domain}";
       domains = [
         cfg.domain
@@ -488,9 +490,9 @@ in {
       # 20MB max size
       messageSizeLimit = 20000000;
 
-      policydSPFExtraConfig = ''
-        skip_addresses = 193.1.99.86/32
-      '';
+      #      policydSPFExtraConfig = ''
+      #        skip_addresses = 193.1.99.86/32
+      #      '';
 
       ldap = {
         enable = true;
@@ -504,13 +506,13 @@ in {
         searchScope = "sub";
 
         dovecot = {
-          userFilter = "(skMail=%u)";
+          userFilter = "(skMail=%{user})";
 
           # can lock down how much space each user has access to from ldap
           userAttrs = "quotaEmail=quota_rule=*:bytes=%$,=quota_rule2=Trash:storage=+100M";
 
           # accept emails in, but only allow access to paid up members
-          passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))";
+          passFilter = "(&(|${create_filter cfg.groups})(skMail=%{user}))";
         };
 
         postfix = {
diff --git a/flake.lock b/flake.lock
index 5975f6d..804e475 100644
--- a/flake.lock
+++ b/flake.lock
@@ -247,11 +247,11 @@
     "flake-compat_2": {
       "flake": false,
       "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
         "type": "github"
       },
       "original": {
@@ -379,6 +379,54 @@
         "type": "github"
       }
     },
+    "git-hooks": {
+      "inputs": {
+        "flake-compat": [
+          "simple-nixos-mailserver",
+          "flake-compat"
+        ],
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "simple-nixos-mailserver",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1749636823,
+        "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "623c56286de5a3193aa38891a6991b28f9bab056",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "simple-nixos-mailserver",
+          "git-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "haskell-flake": {
       "locked": {
         "lastModified": 1675296942,
@@ -542,19 +590,20 @@
         "type": "github"
       }
     },
-    "nixpkgs-24_05": {
+    "nixpkgs-25_05": {
       "locked": {
-        "lastModified": 1717144377,
-        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
+        "lastModified": 1749727998,
+        "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
+        "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd",
         "type": "github"
       },
       "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-24.05",
-        "type": "indirect"
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "nixpkgs-mozilla": {
@@ -864,11 +913,11 @@
     },
     "nixpkgs_7": {
       "locked": {
-        "lastModified": 1739214665,
-        "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=",
+        "lastModified": 1749794982,
+        "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a",
+        "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81",
         "type": "github"
       },
       "original": {
@@ -970,17 +1019,18 @@
       "inputs": {
         "blobs": "blobs",
         "flake-compat": "flake-compat_2",
+        "git-hooks": "git-hooks",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "nixpkgs-24_05": "nixpkgs-24_05"
+        "nixpkgs-25_05": "nixpkgs-25_05"
       },
       "locked": {
-        "lastModified": 1723233349,
-        "narHash": "sha256-0NqGJ+wFxmK6DEEvlZ+jGMdDkIaQ+S54kBStwkGUaO8=",
+        "lastModified": 1750183846,
+        "narHash": "sha256-owKJ2rsa/0WVZQAprlbqgVAAGlz3MFuvgNea3+ic4fs=",
         "ref": "refs/heads/master",
-        "rev": "a98a93cf22cd53a92143703a0a5b6f76438a15ba",
-        "revCount": 594,
+        "rev": "c097bd662c9e1aea8c1fca10d57188e81c5574a0",
+        "revCount": 743,
         "type": "git",
         "url": "https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver"
       },