diff --git a/chatmaild/src/chatmaild/doveauth.py b/chatmaild/src/chatmaild/doveauth.py
index 138fb0c6..7fbc7444 100644
--- a/chatmaild/src/chatmaild/doveauth.py
+++ b/chatmaild/src/chatmaild/doveauth.py
@@ -45,23 +45,32 @@ def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
         return False
     localpart, domain = parts
 
+    if localpart == "echo":
+        # echobot account should not be created in the database
+        return False
+
     if (
         len(localpart) > config.username_max_length
         or len(localpart) < config.username_min_length
     ):
-        if localpart != "echo":
-            logging.warning(
-                "localpart %s has to be between %s and %s chars long",
-                localpart,
-                config.username_min_length,
-                config.username_max_length,
-            )
-            return False
+        logging.warning(
+            "localpart %s has to be between %s and %s chars long",
+            localpart,
+            config.username_min_length,
+            config.username_max_length,
+        )
 
     return True
 
 
 def get_user_data(db, config: Config, user):
+    if user == f"echo@{config.mail_domain}":
+        return dict(
+            home=f"/home/vmail/mail/{config.mail_domain}/echo@{config.mail_domain}",
+            uid="vmail",
+            gid="vmail",
+        )
+
     with db.read_connection() as conn:
         result = conn.get_user(user)
     if result:
@@ -76,6 +85,14 @@ def lookup_userdb(db, config: Config, user):
 
 
 def lookup_passdb(db, config: Config, user, cleartext_password):
+    if user == f"echo@{config.mail_domain}":
+        return dict(
+            home=f"/home/vmail/mail/{config.mail_domain}/echo@{config.mail_domain}",
+            uid="vmail",
+            gid="vmail",
+            password=encrypt_password("eiPhiez0eo8raighoh0C"),  # FIXME read from config
+        )
+
     with db.write_transaction() as conn:
         userdata = conn.get_user(user)
         if userdata:
diff --git a/chatmaild/src/chatmaild/echo.py b/chatmaild/src/chatmaild/echo.py
index 6e36d57f..33e0289e 100644
--- a/chatmaild/src/chatmaild/echo.py
+++ b/chatmaild/src/chatmaild/echo.py
@@ -3,13 +3,13 @@
 
 it will echo back any message that has non-empty text and also supports the /help command.
 """
+
 import logging
 import os
 import sys
 
 from deltachat_rpc_client import Bot, DeltaChat, EventType, Rpc, events
 
-from chatmaild.newemail import create_newemail_dict
 from chatmaild.config import read_config
 
 hooks = events.HookCollection()
@@ -77,7 +77,7 @@ def main():
         bot = Bot(account, hooks)
         if not bot.is_configured():
             config = read_config(sys.argv[1])
-            password = create_newemail_dict(config).get("password")
+            password = "eiPhiez0eo8raighoh0C"  # FIXME read from config
             email = "echo@" + config.mail_domain
             bot.configure(email, password)
         bot.run_forever()
diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index df77bc3c..6ecab523 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -477,6 +477,7 @@ def deploy_chatmail(config_path: Path) -> None:
         groups=["opendkim"],
         system=True,
     )
+    server.user(name="Create echobot user", user="echobot", system=True)
 
     server.shell(
         name="Fix file owner in /home/vmail",
diff --git a/cmdeploy/src/cmdeploy/service/echobot.service.f b/cmdeploy/src/cmdeploy/service/echobot.service.f
index 149fcbb1..17b3a161 100644
--- a/cmdeploy/src/cmdeploy/service/echobot.service.f
+++ b/cmdeploy/src/cmdeploy/service/echobot.service.f
@@ -7,6 +7,14 @@ Environment="PATH={remote_venv_dir}:$PATH"
 Restart=always
 RestartSec=30
 
+User=echobot
+Group=echobot
+
+# Create /var/lib/echobot
+StateDirectory=echobot
+
+WorkingDirectory=/var/lib/echobot
+
 # Apply security restrictions suggested by
 #   systemd-analyze security echobot.service
 CapabilityBoundingSet=