diff --git a/services/bstein-dev-home/backend-deployment.yaml b/services/bstein-dev-home/backend-deployment.yaml
index b4f426f..53fa4a0 100644
--- a/services/bstein-dev-home/backend-deployment.yaml
+++ b/services/bstein-dev-home/backend-deployment.yaml
@@ -38,9 +38,9 @@ spec:
           export SMTP_PORT="587"
           export SMTP_STARTTLS="true"
           export SMTP_USE_TLS="false"
-          export SMTP_USERNAME="test@bstein.dev"
+          export SMTP_USERNAME="no-reply-portal@bstein.dev"
           export SMTP_PASSWORD="{{ .Data.data.password }}"
-          export SMTP_FROM="test@bstein.dev"
+          export SMTP_FROM="no-reply-portal@bstein.dev"
           {{ end }}
     spec:
       automountServiceAccountToken: true
diff --git a/services/mailu/mailu-sync-cronjob.yaml b/services/mailu/mailu-sync-cronjob.yaml
index 57cbd0a..9f55f7b 100644
--- a/services/mailu/mailu-sync-cronjob.yaml
+++ b/services/mailu/mailu-sync-cronjob.yaml
@@ -32,6 +32,9 @@ spec:
             vault.hashicorp.com/agent-inject-secret-mailu-sync-credentials__client-secret: "kv/data/atlas/mailu/mailu-sync-credentials"
             vault.hashicorp.com/agent-inject-template-mailu-sync-credentials__client-secret: |
               {{- with secret "kv/data/atlas/mailu/mailu-sync-credentials" -}}{{ index .Data.data "client-secret" }}{{- end -}}
+            vault.hashicorp.com/agent-inject-secret-mailu-initial-account-secret__password: "kv/data/atlas/mailu/mailu-initial-account-secret"
+            vault.hashicorp.com/agent-inject-template-mailu-initial-account-secret__password: |
+              {{- with secret "kv/data/atlas/mailu/mailu-initial-account-secret" -}}{{ .Data.data.password }}{{- end -}}
         spec:
           restartPolicy: OnFailure
           serviceAccountName: mailu-vault-sync
@@ -55,6 +58,8 @@ spec:
                   value: bstein.dev
                 - name: MAILU_DEFAULT_QUOTA
                   value: "20000000000"
+                - name: MAILU_SYSTEM_USERS
+                  value: no-reply-portal@bstein.dev
                 - name: MAILU_DB_HOST
                   value: postgres-service.postgres.svc.cluster.local
                 - name: MAILU_DB_PORT
diff --git a/services/mailu/mailu-sync-job.yaml b/services/mailu/mailu-sync-job.yaml
index 18aef7c..0eaebe6 100644
--- a/services/mailu/mailu-sync-job.yaml
+++ b/services/mailu/mailu-sync-job.yaml
@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: mailu-sync-7
+  name: mailu-sync-8
   namespace: mailu-mailserver
 spec:
   template:
@@ -26,6 +26,9 @@ spec:
         vault.hashicorp.com/agent-inject-secret-mailu-sync-credentials__client-secret: "kv/data/atlas/mailu/mailu-sync-credentials"
         vault.hashicorp.com/agent-inject-template-mailu-sync-credentials__client-secret: |
           {{- with secret "kv/data/atlas/mailu/mailu-sync-credentials" -}}{{ index .Data.data "client-secret" }}{{- end -}}
+        vault.hashicorp.com/agent-inject-secret-mailu-initial-account-secret__password: "kv/data/atlas/mailu/mailu-initial-account-secret"
+        vault.hashicorp.com/agent-inject-template-mailu-initial-account-secret__password: |
+          {{- with secret "kv/data/atlas/mailu/mailu-initial-account-secret" -}}{{ .Data.data.password }}{{- end -}}
     spec:
       restartPolicy: OnFailure
       affinity:
@@ -63,6 +66,8 @@ spec:
               value: bstein.dev
             - name: MAILU_DEFAULT_QUOTA
               value: "20000000000"
+            - name: MAILU_SYSTEM_USERS
+              value: no-reply-portal@bstein.dev
             - name: MAILU_DB_HOST
               value: postgres-service.postgres.svc.cluster.local
             - name: MAILU_DB_PORT
diff --git a/services/mailu/mailu-sync-listener.yaml b/services/mailu/mailu-sync-listener.yaml
index cfc915f..83b812f 100644
--- a/services/mailu/mailu-sync-listener.yaml
+++ b/services/mailu/mailu-sync-listener.yaml
@@ -46,6 +46,9 @@ spec:
         vault.hashicorp.com/agent-inject-secret-mailu-sync-credentials__client-secret: "kv/data/atlas/mailu/mailu-sync-credentials"
         vault.hashicorp.com/agent-inject-template-mailu-sync-credentials__client-secret: |
           {{- with secret "kv/data/atlas/mailu/mailu-sync-credentials" -}}{{ index .Data.data "client-secret" }}{{- end -}}
+        vault.hashicorp.com/agent-inject-secret-mailu-initial-account-secret__password: "kv/data/atlas/mailu/mailu-initial-account-secret"
+        vault.hashicorp.com/agent-inject-template-mailu-initial-account-secret__password: |
+          {{- with secret "kv/data/atlas/mailu/mailu-initial-account-secret" -}}{{ .Data.data.password }}{{- end -}}
     spec:
       restartPolicy: Always
       serviceAccountName: mailu-vault-sync
@@ -69,6 +72,8 @@ spec:
               value: bstein.dev
             - name: MAILU_DEFAULT_QUOTA
               value: "20000000000"
+            - name: MAILU_SYSTEM_USERS
+              value: no-reply-portal@bstein.dev
             - name: MAILU_DB_HOST
               value: postgres-service.postgres.svc.cluster.local
             - name: MAILU_DB_PORT
diff --git a/services/mailu/scripts/mailu_sync.py b/services/mailu/scripts/mailu_sync.py
index 7c5edda..001917a 100644
--- a/services/mailu/scripts/mailu_sync.py
+++ b/services/mailu/scripts/mailu_sync.py
@@ -27,6 +27,12 @@ MAILU_DOMAIN = os.environ["MAILU_DOMAIN"]
 MAILU_DEFAULT_QUOTA = int(os.environ.get("MAILU_DEFAULT_QUOTA", "20000000000"))
 MAILU_ENABLED_ATTR = os.environ.get("MAILU_ENABLED_ATTR", "mailu_enabled")
 MAILU_EMAIL_ATTR = "mailu_email"
+MAILU_SYSTEM_USERS = [
+    item.strip()
+    for item in os.environ.get("MAILU_SYSTEM_USERS", "").split(",")
+    if item.strip()
+]
+MAILU_SYSTEM_PASSWORD = os.environ.get("MAILU_SYSTEM_PASSWORD", "").strip()
 
 DB_CONFIG = {
     "host": os.environ["MAILU_DB_HOST"],
@@ -213,10 +219,26 @@ def ensure_mailu_user(cursor, email, password, display_name):
     )
 
 
+def ensure_system_mailboxes(cursor):
+    if not MAILU_SYSTEM_USERS:
+        return
+    if not MAILU_SYSTEM_PASSWORD:
+        log("MAILU_SYSTEM_USERS set but MAILU_SYSTEM_PASSWORD is missing; skipping system mailboxes")
+        return
+
+    for email in MAILU_SYSTEM_USERS:
+        localpart = email.split("@", 1)[0] if "@" in email else email
+        try:
+            ensure_mailu_user(cursor, email, MAILU_SYSTEM_PASSWORD, localpart)
+            log(f"Ensured system mailbox for {email}")
+        except Exception as exc:
+            log(f"Failed to ensure system mailbox {email}: {exc}")
+
+
 def main():
     token = retry_request("Keycloak token", get_kc_token)
     users = retry_request("Keycloak user list", lambda: kc_get_users(token))
-    if not users:
+    if not users and not MAILU_SYSTEM_USERS:
         log("No users found; exiting.")
         return
 
@@ -257,6 +279,8 @@ def main():
         ensure_mailu_user(cursor, mailu_email, app_pw, display_name)
         log(f"Synced mailbox for {mailu_email}")
 
+    ensure_system_mailboxes(cursor)
+
     cursor.close()
     conn.close()
 
diff --git a/services/mailu/scripts/mailu_vault_env.sh b/services/mailu/scripts/mailu_vault_env.sh
index 1ba7dce..fb8055b 100644
--- a/services/mailu/scripts/mailu_vault_env.sh
+++ b/services/mailu/scripts/mailu_vault_env.sh
@@ -12,3 +12,4 @@ export MAILU_DB_USER="$(read_secret mailu-db-secret__username)"
 export MAILU_DB_PASSWORD="$(read_secret mailu-db-secret__password)"
 export KEYCLOAK_CLIENT_ID="$(read_secret mailu-sync-credentials__client-id)"
 export KEYCLOAK_CLIENT_SECRET="$(read_secret mailu-sync-credentials__client-secret)"
+export MAILU_SYSTEM_PASSWORD="$(read_secret mailu-initial-account-secret__password)"