diff --git a/.gitignore b/.gitignore
index 9e5f5bf..5bf94b9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,10 +22,8 @@ _testmain.go
 
 # Compiled binaries
 cmd/maddy/maddy
-cmd/maddyctl/maddyctl
 cmd/maddy-*-helper/maddy-*-helper
 /maddy
-/maddyctl
 
 # Man pages
 docs/man/*.1
diff --git a/Dockerfile b/Dockerfile
index c760ec0..992cb81 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,7 +22,7 @@ RUN set -ex && \
     apk upgrade --no-cache --available && \
     apk --no-cache add ca-certificates
 COPY --from=build-env /pkg/data/maddy.conf /data/maddy.conf
-COPY --from=build-env /pkg/usr/local/bin/maddy /pkg/usr/local/bin/maddyctl /bin/
+COPY --from=build-env /pkg/usr/local/bin/maddy /bin/
 
 EXPOSE 25 143 993 587 465
 VOLUME ["/data"]
diff --git a/contrib/kubernetes/chart/files/maddy.conf b/contrib/kubernetes/chart/files/maddy.conf
index e4adab8..6e8b66c 100644
--- a/contrib/kubernetes/chart/files/maddy.conf
+++ b/contrib/kubernetes/chart/files/maddy.conf
@@ -1,6 +1,6 @@
 ## maddy 0.3 - default configuration file (2020-05-31)
 # Suitable for small-scale deployments. Uses its own format for local users DB,
-# should be managed via maddyctl utility.
+# should be managed via maddy subcommands.
 #
 # See tutorials at https://foxcpp.dev/maddy for guidance on typical
 # configuration changes.
@@ -28,7 +28,7 @@ tls file /etc/maddy/certs/fullchain.pem /etc/maddy/certs/privkey.pem
 # PAM, /etc/shadow file).
 #
 # If table module supports it (sql_table does) - credentials can be managed
-# using 'maddyctl creds' command.
+# using 'maddy creds' command.
 
 auth.pass_table local_authdb {
     table sql_table {
@@ -43,7 +43,7 @@ auth.pass_table local_authdb {
 # also by SMTP & Submission endpoints for delivery of local messages.
 #
 # IMAP accounts, mailboxes and all message metadata can be inspected using
-# imap-* subcommands of maddyctl utility.
+# imap-* subcommands of maddy.
 
 storage.imapsql local_mailboxes {
     driver sqlite3
diff --git a/dist/apparmor/dev.foxcpp.maddyctl b/dist/apparmor/dev.foxcpp.maddyctl
deleted file mode 100644
index 86cd087..0000000
--- a/dist/apparmor/dev.foxcpp.maddyctl
+++ /dev/null
@@ -1,24 +0,0 @@
-# AppArmor profile for maddyctl management utility.
-# vim:syntax=apparmor:ts=2:sw=2:et
-
-#include <tunables/global>
-
-profile dev.foxcpp.maddyctl /usr{/local,}/bin/maddyctl {
-  #include <abstractions/base>
-
-  /etc/resolv.conf r,
-  /proc/sys/net/core/somaxconn r,
-  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-  deny ptrace,
-  network unix,
-  deny unix,
-
-  /etc/maddy/** r,
-  owner /run/maddy/ rw,
-  owner /run/maddy/** rwkl,
-  owner /var/lib/maddy/ rw,
-  owner /var/lib/maddy/** rwk,
-  owner /var/lib/maddy/**.db-{wal,shm} rmk,
-
-  #include if exists <local/dev.foxcpp.maddyctl>
-}
diff --git a/docs/docker.md b/docs/docker.md
index 36b18c3..7cbfea4 100644
--- a/docs/docker.md
+++ b/docs/docker.md
@@ -5,7 +5,7 @@ Official Docker image is available from Docker Hub.
 It expects configuration file to be available at /data/maddy.conf.
 
 If /data is a Docker volume, then default configuration will be placed there
-automatically. If it is used, then MADDY_HOSTNAME, MADDY_DOMAIN environment 
+automatically. If it is used, then MADDY_HOSTNAME, MADDY_DOMAIN environment
 variables control the host name and primary domain for the server. TLS
 certificate should be placed in /data/tls/fullchain.pem, private key in
 /data/tls/privkey.pem
@@ -15,8 +15,8 @@ DKIM keys are generated in /data/dkim_keys directory.
 ## Image tags
 
 - `latest` - A latest stable release. May contain breaking changes.
-- `X.Y` - A specific feature branch, it is recommended to use these tags to 
-  receive bugfixes without the risk of feature-related regressions or breaking 
+- `X.Y` - A specific feature branch, it is recommended to use these tags to
+  receive bugfixes without the risk of feature-related regressions or breaking
   changes.
 - `X.Y.Z` - A specific stable release
 
@@ -30,8 +30,8 @@ All standard ports, as described in maddy docs.
 
 ## Volumes
 
-`/data` - maddy state directory. Databases, queues, etc are stored here. You 
-might want to mount a named volume there. The main configuration file is stored 
+`/data` - maddy state directory. Databases, queues, etc are stored here. You
+might want to mount a named volume there. The main configuration file is stored
 here too (`/data/maddy.conf`).
 
 ## Management utility
@@ -47,7 +47,7 @@ docker run --rm -it -v maddydata:/data foxcpp/maddy:0.6.0 imap-acct create foxcp
 Use the same image version as the running server. Things may break badly
 otherwise.
 
-Note that, if you modify messages using maddyctl while the server is running -
+Note that, if you modify messages using maddy subcommands while the server is running -
 you must ensure that  /tmp from the server is accessible for the management
 command. One way to it is to run it using `docker exec` instead of `docker run`:
 ```
@@ -70,6 +70,6 @@ docker run \
   foxcpp/maddy:0.6
 ```
 
-It will fail on first startup. Copy TLS certificate to /data/tls/fullchain.pem 
-and key to /data/tls/privkey.pem. Run the server again. Finish DNS configuration 
-(DKIM keys, etc) as described in [tutorials/setting-up/](tutorials/setting-up/).
\ No newline at end of file
+It will fail on first startup. Copy TLS certificate to /data/tls/fullchain.pem
+and key to /data/tls/privkey.pem. Run the server again. Finish DNS configuration
+(DKIM keys, etc) as described in [tutorials/setting-up/](tutorials/setting-up/).
diff --git a/docs/faq.md b/docs/faq.md
index a216020..b9d755c 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -5,7 +5,7 @@
 Unfortunately, GMail policies are opaque so we cannot tell why this happens.
 
 Verify that you have a rDNS record set for the IP used
-by sender server. Also some IPs may just happen to 
+by sender server. Also some IPs may just happen to
 have bad reputation - check it with various DNSBLs. In this
 case you do not have much of a choice but to replace it.
 
@@ -21,19 +21,19 @@ all outbound messages via a "smart-host".
 
 ## What is resource usage of maddy?
 
-For a small personal server, you do not need much more than a 
+For a small personal server, you do not need much more than a
 single 1 GiB of RAM and disk space.
 
 ## How to setup a catchall address?
 
 https://github.com/foxcpp/maddy/issues/243#issuecomment-655694512
 
-## maddyctl prints a "permission denied" error
+## maddy command prints a "permission denied" error
 
-Run maddyctl under the same user as maddy itself.
+Run maddy command under the same user as maddy itself.
 E.g.
-``` 
-sudo -u maddy maddyctl creds ...
+```
+sudo -u maddy maddy creds ...
 ```
 
 ## How maddy compares to MailCow or Mail-In-The-Box?
@@ -116,4 +116,4 @@ of bugs in one component.
 
 Besides, you are not required to use a single process, it is easy to launch
 maddy with a non-default configuration path and connect multiple instances
-together using off-the-shelf protocols.
\ No newline at end of file
+together using off-the-shelf protocols.
diff --git a/docs/multiple-domains.md b/docs/multiple-domains.md
index a52f06e..c8aa738 100644
--- a/docs/multiple-domains.md
+++ b/docs/multiple-domains.md
@@ -60,8 +60,8 @@ altogether since it is not currently supported.
 
 After that you can create accounts without specifying the domain part:
 ```
-maddyctl imap-acct create foxcpp
-maddyctl creds create foxcpp
+maddy imap-acct create foxcpp
+maddy creds create foxcpp
 ```
 And authenticate using "foxcpp" in email clients.
 
diff --git a/docs/reference/auth/pass_table.md b/docs/reference/auth/pass_table.md
index 5596c1e..6b1e214 100644
--- a/docs/reference/auth/pass_table.md
+++ b/docs/reference/auth/pass_table.md
@@ -33,12 +33,12 @@ smtp tcp://0.0.0.0:587 {
 pass\_table expects the used table to contain certain structured values with
 hash algorithm name, salt and other necessary parameters.
 
-You should use 'maddyctl hash' command to generate suitable values.
-See 'maddyctl hash --help' for details.
+You should use 'maddy hash' command to generate suitable values.
+See 'maddy hash --help' for details.
 
-## maddyctl creds
+## maddy creds
 
 If the underlying table is a "mutable" table (see maddy-tables(5)) then
-the 'maddyctl creds' command can be used to modify the underlying tables
+the 'maddy creds' command can be used to modify the underlying tables
 via pass\_table module. It will act on a "local credentials store" and will write
 appropriate hash values to the table.
diff --git a/docs/tutorials/setting-up.md b/docs/tutorials/setting-up.md
index d17c17c..9e75d58 100644
--- a/docs/tutorials/setting-up.md
+++ b/docs/tutorials/setting-up.md
@@ -35,7 +35,7 @@ Your options are:
     Available on [GitHub](https://github.com/foxcpp/maddy/releases) or
     [maddy.email/builds](https://maddy.email/builds/).
 
-	The tarball includes maddy and maddyctl executables you can
+	The tarball includes maddy executable you can
 	copy into /usr/local/bin as well as systemd unit file you can
 	use on systemd-based distributions for automatic startup and service
 	supervision. You should also create "maddy" user and group.
@@ -215,14 +215,14 @@ mx: mx2.example.org
 ```
 
 It is also recommended to set a TLSA (DANE) record.
-Use https://www.huque.com/bin/gen_tlsa to generate one. 
+Use https://www.huque.com/bin/gen_tlsa to generate one.
 Set port to 25, Transport Protocol to "tcp" and Domain Name to **the MX hostname**.
 Example of a valid record:
 ```
 _25._tcp.mx1.example.org. TLSA 3 1 1 7f59d873a70e224b184c95a4eb54caa9621e47d48b4a25d312d83d96e3498238
 ```
 
-## User accounts and maddyctl
+## User accounts and maddy command
 
 A mail server is useless without mailboxes, right? Unlike software like postfix
 and dovecot, maddy uses "virtual users" by default, meaning it does not care or
@@ -230,10 +230,10 @@ know about system users.
 
 IMAP mailboxes ("accounts") and authentication credentials are kept separate.
 
-To register user credentials, use `maddyctl creds create` command.
+To register user credentials, use `maddy creds create` command.
 Like that:
 ```
-$ maddyctl creds create postmaster@example.org
+$ maddy creds create postmaster@example.org
 ```
 
 Note the username is a e-mail address. This is required as username is used to
@@ -243,14 +243,14 @@ described here).
 After registering the user credentials, you also need to create a local
 storage account:
 ```
-$ maddyctl imap-acct create postmaster@example.org
+$ maddy imap-acct create postmaster@example.org
 ```
 
 That is it. Now you have your first e-mail address. when authenticating using
 your e-mail client, do not forget the username is "postmaster@example.org", not
 just "postmaster".
 
-You may find running `maddyctl creds --help` and `maddyctl imap-acct --help`
+You may find running `maddy creds --help` and `maddy imap-acct --help`
 useful to learn about other commands. Note that IMAP accounts and credentials
 are managed separately yet usernames should match by default for things to
 work.
diff --git a/docs/upgrading.md b/docs/upgrading.md
index 25fdfae..88fe4c7 100644
--- a/docs/upgrading.md
+++ b/docs/upgrading.md
@@ -74,7 +74,7 @@ pass_table local_authdb {
 }
 ```
 
-6. Use `maddyctl creds create ACCOUNT_NAME` to add credentials to `pass_table`
+6. Use `maddy creds create ACCOUNT_NAME` to add credentials to `pass_table`
    store.
 
 7. Start the server back.
diff --git a/framework/module/auth.go b/framework/module/auth.go
index 7f35888..6e8d089 100644
--- a/framework/module/auth.go
+++ b/framework/module/auth.go
@@ -33,7 +33,7 @@ type PlainAuth interface {
 	AuthPlain(username, password string) error
 }
 
-// PlainUserDB is a local credentials store that can be managed using maddyctl
+// PlainUserDB is a local credentials store that can be managed using maddy command
 // utility.
 type PlainUserDB interface {
 	PlainAuth
diff --git a/internal/cli/ctl/imapacct.go b/internal/cli/ctl/imapacct.go
index 0be8e4d..ee7d19c 100644
--- a/internal/cli/ctl/imapacct.go
+++ b/internal/cli/ctl/imapacct.go
@@ -148,7 +148,7 @@ or other buffering takes effect.`,
 				{
 					Name:  "appendlimit",
 					Usage: "Query or set accounts's APPENDLIMIT value",
-					Description: `APPENDLIMIT value determines the size of a message that 
+					Description: `APPENDLIMIT value determines the size of a message that
 can be saved into a mailbox using IMAP APPEND command. This does not affect the size
 of messages that can be delivered to the mailbox from non-IMAP sources (e.g. SMTP).
 
@@ -192,7 +192,7 @@ type SpecialUseUser interface {
 func imapAcctList(be module.Storage, ctx *cli.Context) error {
 	mbe, ok := be.(module.ManageableStorage)
 	if !ok {
-		return cli.Exit("Error: storage backend does not support accounts management using maddyctl", 2)
+		return cli.Exit("Error: storage backend does not support accounts management using maddy command", 2)
 	}
 
 	list, err := mbe.ListIMAPAccts()
@@ -213,7 +213,7 @@ func imapAcctList(be module.Storage, ctx *cli.Context) error {
 func imapAcctCreate(be module.Storage, ctx *cli.Context) error {
 	mbe, ok := be.(module.ManageableStorage)
 	if !ok {
-		return cli.Exit("Error: storage backend does not support accounts management using maddyctl", 2)
+		return cli.Exit("Error: storage backend does not support accounts management using maddy command", 2)
 	}
 
 	username := ctx.Args().First()
@@ -274,7 +274,7 @@ func imapAcctCreate(be module.Storage, ctx *cli.Context) error {
 func imapAcctRemove(be module.Storage, ctx *cli.Context) error {
 	mbe, ok := be.(module.ManageableStorage)
 	if !ok {
-		return cli.Exit("Error: storage backend does not support accounts management using maddyctl", 2)
+		return cli.Exit("Error: storage backend does not support accounts management using maddy command", 2)
 	}
 
 	username := ctx.Args().First()
diff --git a/internal/storage/imapsql/imapsql.go b/internal/storage/imapsql/imapsql.go
index d890c3b..8a87934 100644
--- a/internal/storage/imapsql/imapsql.go
+++ b/internal/storage/imapsql/imapsql.go
@@ -397,8 +397,8 @@ func (store *Storage) Close() error {
 	store.Back.Close()
 
 	// Wait for 'updates replicate' goroutine to actually stop so we will send
-	// all updates before shuting down (this is especially important for
-	// maddyctl).
+	// all updates before shutting down (this is especially important for
+	// maddy subcommands).
 	if store.updPipe != nil {
 		close(store.outboundUpds)
 		<-store.updPushStop
diff --git a/internal/updatepipe/update_pipe.go b/internal/updatepipe/update_pipe.go
index 5320177..1427c22 100644
--- a/internal/updatepipe/update_pipe.go
+++ b/internal/updatepipe/update_pipe.go
@@ -19,10 +19,10 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.
 // Package updatepipe implements utilities for serialization and transport of
 // IMAP update objects between processes and machines.
 //
-// Its main goal is provide maddyctl with ability to properly notify the server
-// about changes without relying on it to coordinate access in the first place
-// (so maddyctl can work without a running server or with a broken server
-// instance).
+// Its main goal is provide maddy command with ability to properly notify the
+// server about changes without relying on it to coordinate access in the
+// first place (so maddy command can work without a running server or with a
+// broken server instance).
 //
 // Additionally, it can be used to transfer IMAP updates between replicated
 // nodes.
diff --git a/maddy.conf b/maddy.conf
index 3e285a3..5f02fb3 100644
--- a/maddy.conf
+++ b/maddy.conf
@@ -1,6 +1,6 @@
 ## Maddy Mail Server - default configuration file (2022-06-18)
 # Suitable for small-scale deployments. Uses its own format for local users DB,
-# should be managed via maddyctl utility.
+# should be managed via maddy subcommands.
 #
 # See tutorials at https://maddy.email for guidance on typical
 # configuration changes.
@@ -25,7 +25,7 @@ tls file /etc/maddy/certs/$(hostname)/fullchain.pem /etc/maddy/certs/$(hostname)
 # PAM, /etc/shadow file).
 #
 # If table module supports it (sql_table does) - credentials can be managed
-# using 'maddyctl creds' command.
+# using 'maddy creds' command.
 
 auth.pass_table local_authdb {
     table sql_table {
@@ -40,7 +40,7 @@ auth.pass_table local_authdb {
 # also by SMTP & Submission endpoints for delivery of local messages.
 #
 # IMAP accounts, mailboxes and all message metadata can be inspected using
-# imap-* subcommands of maddyctl utility.
+# imap-* subcommands of maddy.
 
 storage.imapsql local_mailboxes {
     driver sqlite3
diff --git a/maddy.conf.docker b/maddy.conf.docker
index fd04e1a..39c3bbb 100644
--- a/maddy.conf.docker
+++ b/maddy.conf.docker
@@ -1,7 +1,7 @@
 ## Maddy Mail Server - default configuration file (2022-06-18)
 ## This is the copy of maddy.conf with changes necessary to run it in Docker.
 # Suitable for small-scale deployments. Uses its own format for local users DB,
-# should be managed via maddyctl utility.
+# should be managed via maddy subcommands.
 #
 # See tutorials at https://maddy.email for guidance on typical
 # configuration changes.
@@ -26,7 +26,7 @@ tls file /data/tls/fullchain.pem /data/tls/privkey.pem
 # PAM, /etc/shadow file).
 #
 # If table module supports it (sql_table does) - credentials can be managed
-# using 'maddyctl creds' command.
+# using 'maddy creds' command.
 
 auth.pass_table local_authdb {
     table sql_table {
@@ -41,7 +41,7 @@ auth.pass_table local_authdb {
 # also by SMTP & Submission endpoints for delivery of local messages.
 #
 # IMAP accounts, mailboxes and all message metadata can be inspected using
-# imap-* subcommands of maddyctl utility.
+# imap-* subcommands of maddy.
 
 storage.imapsql local_mailboxes {
     driver sqlite3