diff --git a/docs/content/config/advanced/kubernetes.md b/docs/content/config/advanced/kubernetes.md
index 357e3621..0223368f 100644
--- a/docs/content/config/advanced/kubernetes.md
+++ b/docs/content/config/advanced/kubernetes.md
@@ -409,12 +409,16 @@ Then, configure both [Postfix][docs-postfix] and [Dovecot][docs-dovecot] to expe
       postfix-main.cf: |
         postscreen_upstream_proxy_protocol = haproxy
       postfix-master.cf: |
+        smtp/inet/postscreen_upstream_proxy_protocol=haproxy
         submission/inet/smtpd_upstream_proxy_protocol=haproxy
         smtps/inet/smtpd_upstream_proxy_protocol=haproxy
       dovecot.cf: |
         # Assuming your ingress controller is bound to 10.0.0.0/8
         haproxy_trusted_networks = 10.0.0.0/8, 127.0.0.0/8
         service imap-login {
+          inet_listener imap {
+            haproxy = yes
+          }
           inet_listener imaps {
             haproxy = yes
           }
diff --git a/docs/content/config/advanced/optional-config.md b/docs/content/config/advanced/optional-config.md
index 3d8dc57b..7ad053a2 100644
--- a/docs/content/config/advanced/optional-config.md
+++ b/docs/content/config/advanced/optional-config.md
@@ -38,12 +38,14 @@ This is a list of all configuration files and directories which are optional or
 - **amavis.cf:** replaces the `/etc/amavis/conf.d/50-user` file
 - **dovecot.cf:** replaces `/etc/dovecot/local.conf`. (Docs: [Override Dovecot Defaults][docs-override-dovecot])
 - **dovecot-quotas.cf:** list of custom quotas per mailbox. (Docs: [Accounts][docs-accounts-quota])
+- **user-patches.sh:** this file will be run after all configuration files are set up, but before the postfix, amavis and other daemons are started. (Docs: [FAQ - How to adjust settings with the `user-patches.sh` script][docs-faq-userpatches])
 
 [docs-accounts-quota]: ../../config/user-management/accounts.md#notes
 [docs-aliases-regex]: ../../config/user-management/aliases.md#configuring-regexp-aliases
 [docs-dkim]: ../../config/best-practices/dkim.md
 [docs-fail2ban]: ../../config/security/fail2ban.md
 [docs-faq-spamrules]: ../../faq.md#how-can-i-manage-my-custom-spamassassin-rules
+[docs-faq-userpatches]: ../../faq.md#how-to-adjust-settings-with-the-user-patchessh-script
 [docs-override-postfix]: ./override-defaults/postfix.md
 [docs-override-dovecot]: ./override-defaults/dovecot.md
 [docs-relayhosts-senderauth]: ./mail-forwarding/relay-hosts.md#sender-dependent-authentication
diff --git a/docs/content/config/best-practices/dkim.md b/docs/content/config/best-practices/dkim.md
index 569de5b3..0e71058c 100644
--- a/docs/content/config/best-practices/dkim.md
+++ b/docs/content/config/best-practices/dkim.md
@@ -18,13 +18,13 @@ To enable DKIM signature, **you must have created at least one email account**.
 After generating DKIM keys, you should restart the mail server. DNS edits may take a few minutes to hours to propagate. The script assumes you're being in the directory where the `config/` directory is located. The default keysize when generating the signature is 4096 bits for now. If you need to change it (e.g. your DNS provider limits the size), then provide the size as the first parameter of the command:
 
 ```sh
-./setup.sh config dkim <keysize>
+./setup.sh config dkim keysize <keysize>
 ```
 
 For LDAP systems that do not have any directly created user account you can run the following command (since `8.0.0`) to generate the signature by additionally providing the desired domain name (if you have multiple domains use the command multiple times or provide a comma-separated list of domains): 
 
 ```sh
-./setup.sh config dkim <key-size> <domain.tld>[,<domain2.tld>]
+./setup.sh config dkim keysize <key-size> domain <domain.tld>[,<domain2.tld>]
 ```
 
 Now the keys are generated, you can configure your DNS server with DKIM signature, simply by adding a TXT record. If you have direct access to your DNS zone file, then it's only a matter of pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
@@ -78,6 +78,10 @@ SendReports             yes
 Mode                    v
 ```
 
+## Switch Off DKIM
+
+Simply remove the DKIM key by recreating (not just relaunching) the mailserver container.
+
 ## Debugging
 
 - [DKIM-verifer](https://addons.mozilla.org/en-US/thunderbird/addon/dkim-verifier): A add-on for the mail client Thunderbird.
@@ -106,6 +110,10 @@ mail._domainkey.domain.tld. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBA
 ;; MSG SIZE  rcvd: 310
 ```
 
-## Switch Off DKIM
+---
 
-Simply remove the DKIM key by recreating (not just relaunching) the mailserver container.
+!!! warning "Key sizes >=4096-bit"
+
+    Keys of 4096 bits could de denied by some mailservers. According to https://tools.ietf.org/html/rfc6376 keys are preferably between 512 and 2048 bits. See issue [#1854][github-issue-1854].
+
+[github-issue-1854]: https://github.com/docker-mailserver/docker-mailserver/issues/1854
diff --git a/docs/content/config/setup.sh.md b/docs/content/config/setup.sh.md
index 70bff7a5..48b99498 100644
--- a/docs/content/config/setup.sh.md
+++ b/docs/content/config/setup.sh.md
@@ -19,7 +19,7 @@ chmod a+x ./setup.sh
 
 ## Usage
 
-Run `./setup.sh -h` and you'll get some usage information:
+Run `./setup.sh help` and you'll get some usage information:
 
 ```bash
 setup.sh Bootstrapping Script
@@ -30,7 +30,7 @@ OPTIONS:
 
   -i IMAGE_NAME     The name of the docker-mailserver image
                     The default value is
-                    'docker.io/mailserver/docker-maiserver:latest'
+                    'docker.io/mailserver/docker-mailserver:latest'
 
   -c CONTAINER_NAME The name of the running container.
 
diff --git a/docs/content/config/troubleshooting/debugging.md b/docs/content/config/troubleshooting/debugging.md
index 4d608847..0c7deb87 100644
--- a/docs/content/config/troubleshooting/debugging.md
+++ b/docs/content/config/troubleshooting/debugging.md
@@ -53,7 +53,7 @@ fail2ban-client stop dovecot
 fail2ban-client stop postfix
 ```
 
-## Send email is never received
+## Sent email is never received
 
 Some hosting provides have a stealth block on port 25. Make sure to check with your hosting provider that traffic on port 25 is allowed
 
diff --git a/docs/content/examples/uses-cases/forward-only-mailserver-with-ldap-authentication.md b/docs/content/examples/uses-cases/forward-only-mailserver-with-ldap-authentication.md
index b3033299..b62964e6 100644
--- a/docs/content/examples/uses-cases/forward-only-mailserver-with-ldap-authentication.md
+++ b/docs/content/examples/uses-cases/forward-only-mailserver-with-ldap-authentication.md
@@ -105,5 +105,9 @@ You see that besides `query_filter`, I had to customize as well `result_attribut
 
     Another solution that serves as a forward-only mailserver is this: https://gitlab.com/docker-scripts/postfix
 
+!!! tip
+
+    One user reports only having success if `ENABLE_LDAP=0` was set.
+
 [github-file-readme-patches]: https://github.com/docker-mailserver/docker-mailserver/blob/master/README.md#custom-user-changes--patches
 [github-issue-1247]: https://github.com/docker-mailserver/docker-mailserver/issues/1247