diff --git a/docs/restrictions_ip_accss.md b/docs/restrictions_ip_accss.md
new file mode 100644
index 000000000..2c23ba6c8
--- /dev/null
+++ b/docs/restrictions_ip_accss.md
@@ -0,0 +1,13 @@
+# Protocol restrictions and IP access
+
+Denied access will be shown to the user as failed login attempts.
+
+## Protocol restrictions in Dovecot
+
+Protocol restrictions work by filtering the passdb query for IMAP and POP3 as well as reading the JSON value for %s_access where %s reflects the protocol seen by Dovecot.
+
+In the future we may use virtual colums in SQL to add an index on these values.
+
+## Protocol restrictions in Postfix
+
+Filtering SMTP protocol access works by using a check_sasl_map in the smtpd_recipient_restrictions.
diff --git a/docs/u_e-dovecot-static_master.md b/docs/u_e-dovecot-static_master.md
index 99503572b..08c489a95 100644
--- a/docs/u_e-dovecot-static_master.md
+++ b/docs/u_e-dovecot-static_master.md
@@ -17,5 +17,5 @@ The static master username will be expanded to `DOVECOT_MASTER_USER@mailcow.loca
 
 To login as `test@example.org` this would equal to `test@example.org*mymasteruser@mailcow.local` with the specified password above.
 
-A login to SOGo is not possible with this username. A click-to-login function for SOGo is available for admins as described [https://mailcow.github.io/mailcow-dockerized-docs/debug-admin_login_sogo/](here).
+A login to SOGo is not possible with this username. A click-to-login function for SOGo is available for admins as described [here](https://mailcow.github.io/mailcow-dockerized-docs/debug-admin_login_sogo/)
 No master user is required.