diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index ce943be1b..03f64f918 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -37,6 +37,16 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "user";
     $_SESSION['mailcow_cc_last_login'] = last_login($login_user);
+    $http_parameters = explode('&', $_SESSION['index_query_string']);
+    unset($_SESSION['index_query_string']);
+    if (in_array('mobileconfig', $http_parameters)) {
+      if (in_array('only_email', $http_parameters)) {
+        header("Location: /mobileconfig.php?email_only");
+        die();
+      }
+      header("Location: /mobileconfig.php");
+      die();
+    }
 		header("Location: /user");
 	}
 	elseif ($as != "pending") {
diff --git a/data/web/index.php b/data/web/index.php
index c9eb6b3f5..b8e53a870 100644
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -22,6 +22,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
 
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+$_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
 
 ?>
 <div class="container">
@@ -32,12 +33,19 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
         <div class="panel-body">
           <div class="text-center mailcow-logo"><img src="<?=($main_logo = customize('get', 'main_logo')) ? $main_logo : '/img/cow_mailcow.svg';?>" alt="mailcow"></div>
           <legend><?= isset($_SESSION['oauth2_request']) ? $lang['oauth2']['authorize_app'] : $UI_TEXTS['main_name'];?></legend>
+            <?php
+            if (strpos($_SESSION['index_query_string'], 'mobileconfig') !== false):
+            ?>
+            <div class="alert alert-info"><?= $lang['login']['mobileconfig_info']; ?></div>
+            <?php
+            endif;
+            ?>
             <form method="post" autofill="off">
             <div class="form-group">
               <label class="sr-only" for="login_user"><?= $lang['login']['username']; ?></label>
               <div class="input-group">
                 <div class="input-group-addon"><i class="glyphicon glyphicon-user"></i></div>
-                <input name="login_user" autocorrect="off" autocapitalize="none" type="text" id="login_user" class="form-control" placeholder="<?= $lang['login']['username']; ?>" required="" autofocus="">
+                <input name="login_user" autocorrect="off" autocapitalize="none" type="<?=(strpos($_SESSION['index_query_string'], 'mobileconfig') !== false) ? 'email' : 'text';?>" id="login_user" class="form-control" placeholder="<?= $lang['login']['username']; ?>" required="" autofocus="">
               </div>
             </div>
             <div class="form-group">
diff --git a/data/web/lang/lang.de.json b/data/web/lang/lang.de.json
index 1b42a2621..d5ea4e87d 100644
--- a/data/web/lang/lang.de.json
+++ b/data/web/lang/lang.de.json
@@ -217,6 +217,11 @@
     },
     "user": {
         "generate": "generieren",
+        "apple_connection_profile": "Apple Verbindungsprofil",
+        "apple_connection_profile_mailonly": "Dieses Verbindungsprofil beinhaltet IMAP und SMTP Konfigurationen für ein Apple Gerät.",
+        "apple_connection_profile_complete": "Dieses Verbindungsprofil beinhaltet neben IMAP und SMTP Konfigurationen auch Pfade für die Konfiguration von CalDAV (Kalender) und CardDAV (Adressbücher) für ein Apple Gerät.",
+        "email": "E-Mail",
+        "email_and_dav": "E-Mail, Kalender und Adressbücher",
         "create_app_passwd": "Erstelle App Passwort",
         "app_passwds": "App Passwörter",
         "app_name": "App Name",
@@ -566,6 +571,7 @@
         "booking_0_short": "Immer verfügbar",
         "booking_lt0_short": "Weiches Limit",
         "booking_custom_short": "Hartes Limit",
+        "alias_domain_alias_hint": "Alias-Adressen werden <b>nicht</b> automatisch auch auf Domain-Alias Adressen angewendet. Eine Alias-Adresse <code>mein-alias@domain</code> bildet demnach <b>nicht</b> die Adresse <code>my-alias@alias-domain</code> ab.",
         "domain": "Domain",
         "spam_aliases": "Temp. Alias",
         "alias": "Alias",
@@ -848,6 +854,7 @@
         "username": "Benutzername",
         "password": "Passwort",
         "login": "Anmelden",
+        "mobileconfig_info": "Bitte als Mailbox-Benutzer einloggen, um das Verbindungsprofil herunterzuladen.",
         "delayed": "Login wurde zur Sicherheit um %s Sekunde/n verzögert."
     },
     "tfa": {
diff --git a/data/web/lang/lang.en.json b/data/web/lang/lang.en.json
index d8dcb428f..a7073bde2 100644
--- a/data/web/lang/lang.en.json
+++ b/data/web/lang/lang.en.json
@@ -216,6 +216,11 @@
         "ip_invalid": "Skipped invalid IP: %s"
     },
     "user": {
+        "apple_connection_profile": "Apple connection profile",
+        "apple_connection_profile_mailonly": "This connection profile includes IMAP and SMTP configuration parameters for an Apple device.",
+        "apple_connection_profile_complete": "This connection profile includes IMAP and SMTP parameters as well as CalDAV (calendars) and CardDAV (contacts) pathes for an Apple device.",
+        "email": "Email",
+        "email_and_dav": "Email, calendars and contacts",
         "generate": "generate",
         "create_app_passwd": "Create app password",
         "app_passwds": "App passwords",
@@ -565,6 +570,7 @@
         "booking_0_short": "Always free",
         "booking_lt0_short": "Soft limit",
         "booking_custom_short": "Hard limit",
+        "alias_domain_alias_hint": "Aliases are <b>not</b> applied on domain aliases automatically. An alias address <code>my-alias@domain</code> <b>does not</b> cover the address <code>my-alias@alias-domain</code> (where \"alias-domain\" is an imaginary alias domain for \"domain\").",
         "domain": "Domain",
         "spam_aliases": "Temp. alias",
         "multiple_bookings": "Multiple bookings",
@@ -847,6 +853,7 @@
         "username": "Username",
         "password": "Password",
         "login": "Login",
+        "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "delayed": "Login was delayed by %s seconds."
     },
     "tfa": {
diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index bf9e3d9c6..78d38c922 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -108,6 +108,11 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
                 <button class="btn btn-xs btn-default refresh_table" data-draw="draw_resource_table" data-table="resource_table"><?=$lang['admin']['refresh'];?></button>
               </div>
             </div>
+            <div class="panel-body help-block">
+            <p><span class="label label-success"><?=$lang['mailbox']['booking_0_short'];?></span> - <?=$lang['mailbox']['booking_0'];?></p>
+            <p><span class="label label-warning"><?=$lang['mailbox']['booking_lt0_short'];?></span> - <?=$lang['mailbox']['booking_lt0'];?></p>
+            <p><span class="label label-danger"><?=$lang['mailbox']['booking_custom_short'];?></span> - <?=$lang['mailbox']['booking_custom'];?></p>
+            </div>
             <div class="table-responsive">
               <table id="resource_table" class="table table-striped"></table>
             </div>
@@ -124,12 +129,6 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
                 <a class="btn btn-sm btn-success" href="#" data-toggle="modal" data-target="#addResourceModal"><span class="glyphicon glyphicon-plus"></span> <?=$lang['mailbox']['add_resource'];?></a>
               </div>
             </div>
-            <hr>
-            <div class="panel-body help-block">
-            <p><span class="label label-success"><?=$lang['mailbox']['booking_0_short'];?></span> - <?=$lang['mailbox']['booking_0'];?></p>
-            <p><span class="label label-warning"><?=$lang['mailbox']['booking_lt0_short'];?></span> - <?=$lang['mailbox']['booking_lt0'];?></p>
-            <p><span class="label label-danger"><?=$lang['mailbox']['booking_custom_short'];?></span> - <?=$lang['mailbox']['booking_custom'];?></p>
-            </div>
           </div>
         </div>
 
@@ -168,6 +167,9 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
                 <button class="btn btn-xs btn-default refresh_table" data-draw="draw_alias_table" data-table="alias_table"><?=$lang['admin']['refresh'];?></button>
               </div>
             </div>
+            <div class="panel-body help-block">
+            <?=$lang['mailbox']['alias_domain_alias_hint'];?>
+            </div>
             <div class="table-responsive">
               <table id="alias_table" class="table table-striped"></table>
             </div>
diff --git a/data/web/mobileconfig.php b/data/web/mobileconfig.php
index 38b249c6e..bc4de03da 100644
--- a/data/web/mobileconfig.php
+++ b/data/web/mobileconfig.php
@@ -5,8 +5,11 @@ if (empty($mailcow_hostname)) {
   exit();
 }
 if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != 'user') {
-  header("Location: index.php");
-  die("This page is only available to logged-in users, not admins.");
+  session_destroy();
+  // probably better than appending the whole current http query string
+  $append_get = (isset($_GET['only_email'])) ? '&only_email' : '';
+  header('Location: index.php?mobileconfig' . $append_get);
+  die();
 }
 
 error_reporting(0);
diff --git a/data/web/user.php b/data/web/user.php
index 9081670d3..ad24811f3 100644
--- a/data/web/user.php
+++ b/data/web/user.php
@@ -130,6 +130,16 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
           </div>
         </div>
         <hr>
+        <div class="row">
+          <div class="col-md-3 col-xs-5 text-right"><?=$lang['user']['apple_connection_profile'];?>:</div>
+          <div class="col-md-9 col-xs-7">
+            <p><span class="glyphicon glyphicon-download-alt" aria-hidden="true"></span> <a href="/mobileconfig.php?only_email"><?=$lang['user']['email'];?></a> <small>IMAP, SMTP</small></p>
+            <p class="help-block"><?=$lang['user']['apple_connection_profile_mailonly'];?></p>
+            <p><span class="glyphicon glyphicon-download-alt" aria-hidden="true"></span> <a href="/mobileconfig.php"><?=$lang['user']['email_and_dav'];?></a> <small>IMAP, SMTP, Cal/CardDAV</small></p>
+            <p class="help-block"><?=$lang['user']['apple_connection_profile_complete'];?></p>
+          </div>
+        </div>
+        <hr>
         <?php // Get user information about aliases
         $user_get_alias_details = user_get_alias_details($username);
         ?>