diff --git a/docs/u_e-dovecot-mail-crypt.md b/docs/u_e-dovecot-mail-crypt.md
new file mode 100644
index 000000000..8715481fb
--- /dev/null
+++ b/docs/u_e-dovecot-mail-crypt.md
@@ -0,0 +1,28 @@
+Mails are stored encrypted, the key pair can be found in crypt-vol-1.
+
+If you want to decode/encode existing maildir files, you can use the following script at your own risk:
+
+Enter Dovecot by running `docker-compose exec dovecot-mailcow` in the mailcow-dockerized location.
+
+```
+# Decrypt /var/vmail
+for file in $(find /var/vmail/ -type f -regextype egrep -regex '/.*[0-9]{10}.+,.+'); do
+if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
+doveadm fs get crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
+  "$file" > "/tmp/$(basename "$file")"
+  chmod 600 "/tmp/$(basename "$file")"
+  chown 5000:5000 "/tmp/$(basename "$file")"
+  mv "/tmp/$(basename "$file")" "$file"
+fi
+done
+
+# Encrypt /var/vmail
+for file in $(find /var/vmail/ -type f -regextype egrep -regex '/.*[0-9]{10}.+,.+'); do
+if [[ $(head -c7 "$file") != "CRYPTED" ]]; then
+doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
+  "$file" "$file"
+  chmod 600 "$file"
+  chown 5000:5000 "$file"
+fi
+done
+```
diff --git a/mkdocs.yml b/mkdocs.yml
index 93efff466..2888105a1 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -69,6 +69,7 @@ nav:
   - 'Dovecot':
       - "(Re-)Enable any and all authenticated ACL settings": 'u_e-dovecot-any_acl.md'
       - "Expunge a User's Mails": 'u_e-dovecot-expunge.md'
+      - 'Mail crypt': 'u_e-dovecot-mail-crypt.md'
       - 'More Examples with DOVEADM': 'u_e-dovecot-more.md'
       - 'Move vmail volume': 'u_e-dovecot-vmail-volume.md'
       - 'IMAP IDLE interval': 'u_e-dovecot-idle_interval.md'