diff --git a/dockerfile b/dockerfile
index 3526e3d..44950c2 100644
--- a/dockerfile
+++ b/dockerfile
@@ -193,10 +193,12 @@ RUN postconf -e "maillog_file=/var/log/postfix.log" \
   && postconf -e "smtpd_delay_reject = yes" \
   && postconf -e "disable_vrfy_command = yes" \
   # use secure protocols and cyphers
+  # Generated by https://ssl-config.mozilla.org/
+  #&& postconf -e "smtpd_tls_mandatory_ciphers=high" \
   && postconf -e "smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
   && postconf -e "smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
-  && postconf -e "smtpd_tls_mandatory_ciphers=high" \
   && postconf -e "smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
+  && postconf -e "tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
      # SPF postfix Settings
   && postconf -e "policyd-spf_time_limit=3600" \
     # Connection defaults to reject where possible/advised
diff --git a/include/etc/dovecot/conf.d/10-ssl.conf b/include/etc/dovecot/conf.d/10-ssl.conf
index 2d9812d..9a74efe 100644
--- a/include/etc/dovecot/conf.d/10-ssl.conf
+++ b/include/etc/dovecot/conf.d/10-ssl.conf
@@ -15,3 +15,6 @@ ssl_dh = </certs/dovecot/dh.pem
 ssl_cert = </certs/dovecot/cert.pem
 ssl_key = </certs/dovecot/key.pem
 
+# Generated by https://ssl-config.mozilla.org/ 
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384