diff --git a/dovecot/configuration/dovecot-sql.conf.ext.erb b/dovecot/configuration/dovecot-sql.conf.ext.erb
index c5814e6..552d2fe 100644
--- a/dovecot/configuration/dovecot-sql.conf.ext.erb
+++ b/dovecot/configuration/dovecot-sql.conf.ext.erb
@@ -112,7 +112,7 @@ password_query = \
            1000 AS userdb_uid, \
            1000 AS userdb_gid, \
            '<%= with_base_directory 'home' %>/%n' AS userdb_home, \
-           '%w' AS userdb_scrambler_plain_password, \
+           REPLACE('%w', '%%', '%%%%') AS userdb_scrambler_plain_password, \
            keys.enabled AS userdb_scrambler_enabled, \
            keys.public_key AS userdb_scrambler_public_key, \
            keys.private_key AS userdb_scrambler_private_key, \
diff --git a/dovecot/configuration/mailservice.sqlite b/dovecot/configuration/mailservice.sqlite
index 03390f8..bb4790f 100644
Binary files a/dovecot/configuration/mailservice.sqlite and b/dovecot/configuration/mailservice.sqlite differ
diff --git a/spec/integration/mail_encryption_enabled_spec.rb b/spec/integration/mail_encryption_enabled_spec.rb
index 7e5b535..bd8dc2f 100644
--- a/spec/integration/mail_encryption_enabled_spec.rb
+++ b/spec/integration/mail_encryption_enabled_spec.rb
@@ -5,15 +5,17 @@ require 'tempfile'
 describe 'Mail encryption enabled' do
 
   before :all do
+    password = 'testPassword'
+
     @database = Database.new
-    @mailer = Mailer.new
+    @mailer = Mailer.new 'test.com', 'sender@test.com', 'test', password
     @storage = Storage.new
     @administrator = Administrator.new 'test'
 
     @database.clear_users
     @database.clear_keys
-    @database.insert_user 1, 'test', 'testPassword'
-    @database.insert_key 1, true
+    @database.insert_user 1, 'test', password
+    @database.insert_key 1, true, password
   end
 
   after :all do
diff --git a/spec/lib/database.rb b/spec/lib/database.rb
index ab19df7..a6bca48 100644
--- a/spec/lib/database.rb
+++ b/spec/lib/database.rb
@@ -14,10 +14,10 @@ class Database
         [ id, name, password ])
   end
 
-  def insert_key(id, enabled)
+  def insert_key(id, enabled, password = nil)
     @database.execute(
         'INSERT INTO keys (id, enabled, public_key, private_key, private_key_salt, private_key_iterations) VALUES (?, ?, ?, ?, ?, ?)',
-        [ id, (enabled ? 1 : 0), default_public_key, default_private_key, default_private_key_salt, default_private_key_iterations ])
+        [ id, (enabled ? 1 : 0), default_public_key, default_private_key(password), default_private_key_salt, default_private_key_iterations ])
   end
 
   def update_key(id, enabled)
@@ -86,9 +86,9 @@ class Database
     escape_pem default_key_pair.public_key.to_pem
   end
 
-  def default_private_key
+  def default_private_key(password = nil)
     settings = '$2a$%02u$%22s' % [ default_private_key_iterations, default_private_key_salt ]
-    hashed_password = BCrypt::Engine.hash_secret default_private_key_password, settings
+    hashed_password = BCrypt::Engine.hash_secret (password || default_private_key_password), settings
     escape_pem default_key_pair.to_pem(OpenSSL::Cipher.new('aes-256-cbc'), hashed_password)
   end