diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6fdffbab..089aa68d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,12 +1,17 @@
 CHANGELOG
 =========
 
-In Development
---------------
+v0.41 (February 26, 2019)
+-------------------------
 
 System:
 
 * Missing brute force login attack prevention (fail2ban) filters which stopped working on Ubuntu 18.04 were added back.
+* Upgrades would fail if Mail-in-a-Box moved to a different directory in `systemctl link`.
+
+Mail:
+
+* Incoming messages addressed to more than one local user were rejected because of a bug in spampd packaged by Ubuntu 18.04. A workaround was added.
 
 Contacts/Calendar:
 
diff --git a/README.md b/README.md
index 300fe496..01997fd4 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ by him:
 	$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
 	gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
 
-	$ git verify-tag v0.40
+	$ git verify-tag v0.41
 	gpg: Signature made ..... using RSA key ID C10BDD81
 	gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
 	gpg: WARNING: This key is not certified with a trusted signature!
@@ -71,7 +71,7 @@ and on his [personal homepage](https://razor.occams.info/). (Of course, if this
 
 Checkout the tag corresponding to the most recent release:
 
-	$ git checkout v0.40
+	$ git checkout v0.41
 
 Begin the installation.
 
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index 3442499d..74bf5e16 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
 	# want to display in status checks.
 	if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
 		# This machine is running Ubuntu 18.04.
-		TAG=v0.40
+		TAG=v0.41
 
 	elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
 		# This machine is running Ubuntu 14.04.
diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index 39045046..36004597 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -42,7 +42,8 @@ source /etc/mailinabox.conf # load global vars
 # * `ca-certificates`: A trust store used to squelch postfix warnings about
 #   untrusted opportunistically-encrypted connections.
 echo "Installing Postfix (SMTP server)..."
-apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates
+apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates \
+	postfix-policyd-spf-python postsrsd
 
 # ### Basic Settings
 
@@ -97,7 +98,9 @@ tools/editconf.py /etc/postfix/master.cf -s -w \
 	  -o cleanup_service_name=authclean" \
 	"authclean=unix  n       -       -       -       0       cleanup
 	  -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters
-	  -o nested_header_checks="
+	  -o nested_header_checks=" \
+	"policy-spf=unix  -       n       n       -       -       spawn
+	  user=nobody argv=/usr/bin/policyd-spf"
 
 # Install the `outgoing_mail_header_filters` file required by the new 'authclean' service.
 cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
@@ -173,8 +176,11 @@ tools/editconf.py /etc/postfix/main.cf \
 #
 # In a basic setup we would pass mail directly to Dovecot by setting
 # virtual_transport to `lmtp:unix:private/dovecot-lmtp`.
-#
 tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
+# Because of a spampd bug, limit the number of recipients in each connection.
+# See https://github.com/mail-in-a-box/mailinabox/issues/1523.
+tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1
+
 
 # Who can send mail to us? Some basic filters.
 #
@@ -193,13 +199,19 @@ tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
 # so these IPs get mail delivered quickly. But when an IP is not listed in the permit_dnswl_client list (i.e. it is not #NODOC
 # whitelisted) then postfix does a DEFER_IF_REJECT, which results in all "unknown user" sorts of messages turning into #NODOC
 # "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
-RECIPIENT_RESTRICTIONS=permit_sasl_authenticated,permit_mynetworks,\"reject_rbl_client zen.spamhaus.org\",reject_unlisted_recipient
-if [ $GREYLISTING != "1" ]; then
-    RECIPIENT_RESTRICTIONS=${RECIPIENT_RESTRICTIONS},\"check_policy_service inet:127.0.0.1:10023\"
+postconf -e smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org"
+
+RECIPIENT_RESTRICTIONS="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org,reject_unlisted_recipient"
+
+if [ $GREYLISTING != 1 ]; then
+    RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service inet:127.0.0.1:10023"
 fi
-tools/editconf.py /etc/postfix/main.cf \
-	smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \
-	smtpd_recipient_restrictions=$RECIPIENT_RESTRICTIONS
+
+if [ $POLICY_SPF == 1 ]; then
+    RECIPIENT_RESTRICTIONS="${RECIPIENT_RESTRICTIONS},check_policy_service unix:private/policy-spf"
+fi
+
+postconf -e smtpd_recipient_restrictions="$RECIPIENT_RESTRICTIONS"
 
 # Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
 # Postgrey listens on the same interface (and not IPv6, for instance).
@@ -216,6 +228,29 @@ tools/editconf.py /etc/default/postgrey \
 tools/editconf.py /etc/postfix/main.cf \
 	message_size_limit=134217728
 
+if [ $POSTSRSD == "1" ]; then
+    # Setup SRS
+    postconf -e \
+        sender_canonical_maps=tcp:localhost:10001 \
+        sender_canonical_classes=envelope_sender \
+        recipient_canonical_maps=tcp:localhost:10002 \
+        recipient_canonical_classes=envelope_recipient,header_recipient
+
+    hide_output systemctl enable postsrsd
+    hide_output systemctl restart postsrsd
+
+else
+    postconf -e \
+        sender_canonical_maps= \
+        sender_canonical_classes= \
+        recipient_canonical_maps= \
+        recipient_canonical_classes=
+
+    hide_output systemctl disable postsrsd
+    hide_output systemctl stop postsrsd
+fi
+
+
 # Allow the two SMTP ports in the firewall.
 
 ufw_allow smtp
diff --git a/setup/management.sh b/setup/management.sh
index 9c221198..f7621a8b 100755
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -93,7 +93,7 @@ source $venv/bin/activate
 exec python `pwd`/management/daemon.py
 EOF
 chmod +x $inst_dir/start
-hide_output systemctl link conf/mailinabox.service
+hide_output systemctl link -f conf/mailinabox.service
 hide_output systemctl daemon-reload
 hide_output systemctl enable mailinabox.service
 
diff --git a/setup/munin.sh b/setup/munin.sh
index 8a85085d..3cb1cd9d 100755
--- a/setup/munin.sh
+++ b/setup/munin.sh
@@ -64,7 +64,7 @@ mkdir -p /var/lib/munin-node/plugin-state/
 # Create a systemd service for munin.
 ln -sf $(pwd)/management/munin_start.sh /usr/local/lib/mailinabox/munin_start.sh
 chmod 0744 /usr/local/lib/mailinabox/munin_start.sh
-hide_output systemctl link conf/munin.service
+hide_output systemctl link -f conf/munin.service
 hide_output systemctl daemon-reload
 hide_output systemctl unmask munin.service
 hide_output systemctl enable munin.service