diff --git a/dockerfile b/dockerfile
index 3b28a31..3662615 100644
--- a/dockerfile
+++ b/dockerfile
@@ -10,13 +10,119 @@ RUN apt update && DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends
       ca-certificates \
       supervisor
 
+RUN curl https://repo.dovecot.org/DOVECOT-REPO-GPG | gpg --import && \
+    gpg --export ED409DA1 > /etc/apt/trusted.gpg.d/dovecot.gpg
+
+RUN echo "deb https://repo.dovecot.org/ce-2.3-latest/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list
 
 RUN apt update && DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install \
         # System Apps
       cron \
       rsyslog \
       logrotate \
+        # Dovecot
+      dovecot-core=2:2.3.18-4+debian11 \
+      dovecot-imapd=2:2.3.18-4+debian11 \
+      dovecot-lmtpd=2:2.3.18-4+debian11 \
+      dovecot-ldap=2:2.3.18-4+debian11 \
+      dovecot-sieve=2:2.3.18-4+debian11 \
+      dovecot-managesieved=2:2.3.18-4+debian11 \
+        # Postfix
+      postfix=3.5.6-1+b1 \
+      postfix-ldap=3.5.6-1+b1 \
+      libsasl2-modules \
+      sasl2-bin \
 # Cleanup, remove cron jobs not required
 RUN rm -f /etc/cron.d/e2scrub_all \
     && rm -f /etc/cron.daily/apt-compat \
     && rm -f /etc/cron.daily/dpkg
+
+
+COPY include/ /
+
+RUN chmod +x /docker-entrypoint.sh \
+      # Create vmail user for system
+    && groupadd -g 5000 vmail \
+    && useradd -g vmail -u 5000 vmail -d /var/vmail \
+      # create SSL directory for ssl certificates
+    && mkdir -p /ssl \
+      # Dovecot related commands
+    && mkdir -p /srv/mail \ 
+    && chown vmail:vmail /srv/mail \
+    && chmod 765 -R /srv/mail \
+    && mkdir -p /ssl/dovecot \
+    && chown dovecot:dovecot -R /etc/dovecot/ \
+    && chgrp postfix -R /etc/dovecot/sieve/ \
+    && chmod 0755 -R /etc/dovecot/sieve/ \
+      # ensure dovecot related scripts are executable
+    && chmod +x /bin/quota-warning.sh \
+    && chmod +x /bin/welcome-email.sh \
+    && chmod 744 /etc/dovecot/dovecot-acl \
+      # Postfix related commands
+    && usermod -a -G vmail postfix \
+    && mkdir -p /ssl/postfix \
+    && ln -s /etc/dovecot/dovecot-ldap.conf.ext /etc/dovecot/dovecot-ldap-userdb.conf.ext \
+      # ensure postfix related scripts are executable
+    && chmod +x /bin/postfix.sh \
+      # check if needed
+    && mkdir -p /var/spool/postfix/private/dovecot \
+    && chown postfix:postfix /var/spool/postfix/private/dovecot \
+    && chown vmail:vmail /var/lib/dovecot \
+
+# Setup data volumes
+VOLUME /srv/mail /ssl /var/log
+
+# Configure postfix
+RUN postconf -e "maillog_file=/var/log/postfix.log" \
+  # Postfix to use dovecot LMTP
+  && postconf -e "virtual_transport=lmtp:unix:private/lda" \
+  #       # Only allow a user to send from email address' they own
+  #    && postconf -e "smtpd_sender_login_maps=ldap:/etc/postfix/ldap/smtpd_sender_login_maps" \
+  # Only allow specified domains for usage
+  && postconf -e "virtual_mailbox_domains=ldap:/etc/postfix/ldap/virtual_email_domains" \
+  # postfix user mapping 
+  && postconf -e "virtual_alias_maps=ldap:/etc/postfix/ldap/virtual_alias_maps" \
+  # by default encryption is optional
+  && postconf -e "smtpd_tls_security_level=may" \
+  # log outbound tls connection information
+  && postconf -e "smtpd_tls_loglevel=1" \
+  # try tls connection outbound
+  && postconf -e "smtp_tls_security_level=may" \
+  # log inbound tls connection information
+  && postconf -e "smtp_tls_loglevel=1" \
+  # Only authenticate over tls
+  && postconf -e "smtpd_tls_auth_only=yes" \
+  # all smtpd actions need to be filtered
+  && postconf -e "content_filter=amavis:[127.0.0.1]:10024" \
+  # not give away os, set clean banner
+  && postconf -e "smtpd_banner=$myhostname ESMTP " \
+  # Dont give away that postfix is used
+  && postconf -e "mail_name=server" \
+  # create privacy header check db
+  && postmap /etc/postfix/header_checks_privacy \
+  # create clean header check db
+  && postmap /etc/postfix/header_checks_outbound \
+  # Clean outbound headers
+  && postconf -e "smtp_header_checks=regexp:/etc/postfix/header_checks_outbound" \
+  # Add To, From, Date and Message-id headers if missing
+  && postconf -e "always_add_missing_headers=yes" \
+  # Only add missing headers for authenticated users (mail users) and my networks and mail orginating from localhost
+  && postconf -e "local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces" \
+  # check quota before delivery
+  && postconf -e "smtpd_recipient_restrictions=check_policy_service=inet:localhost:12340" \
+  # set tls settings
+  && postconf -e "smtpd_tls_cert_file=/ssl/postfix/cert.pem" \
+  && postconf -e "smtpd_tls_key_file=/ssl/postfix/key.pem" \
+  && postconf -e "smtpd_helo_required = yes" \
+  && postconf -e "smtpd_delay_reject = yes" \
+  && postconf -e "disable_vrfy_command = yes" \
+  # use secure protocols and cyphers
+  && postconf -e "smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
+  && postconf -e "smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
+  && postconf -e "smtpd_tls_mandatory_ciphers=high" \
+  && postconf -e "smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1"
+    
+EXPOSE 25 587 993 4190
+
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/include/bin/postfix.sh b/include/bin/postfix.sh
new file mode 100644
index 0000000..a717ed2
--- /dev/null
+++ b/include/bin/postfix.sh
@@ -0,0 +1,14 @@
+#! /bin/bash
+
+trap "service postfix stop" SIGINT
+trap "service postfix stop" SIGTERM
+trap "service postfix reload" SIGHUP
+
+service postfix start
+
+# wait until postfix is dead (triggered by trap)
+while kill -0 "$(< /var/spool/postfix/pid/master.pid)"
+do
+  sleep 5
+done
+
diff --git a/include/bin/quota-warning.sh b/include/bin/quota-warning.sh
new file mode 100644
index 0000000..bb524d8
--- /dev/null
+++ b/include/bin/quota-warning.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+PERCENT=$1
+USER=$2
+
+cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"
+Auto-Submitted: auto-generated
+Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
+From: Postmaster <NO-REPLY@$(hostname -f)>
+Subject: Mailbox Quota Warning
+
+Hi,
+
+Just wanted to let you know that Your mailbox is now $PERCENT% full.
+
+Note: This is an automated message. Please do not respond to it.
+
+TIP: 
+
+EOF
diff --git a/include/bin/welcome-email.sh b/include/bin/welcome-email.sh
new file mode 100644
index 0000000..3e5d402
--- /dev/null
+++ b/include/bin/welcome-email.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+USER=$1
+
+cat << EOF | /usr/lib/dovecot/dovecot-lda -d ${USER} -o "plugin/quota=maildir:User quota:noenforcing"
+Auto-Submitted: auto-generated
+Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
+From: Postmaster <NO-REPLY@$(hostname -f)>
+Subject: New User Welcome
+
+Hi,
+
+This E-Mail has been sent to inform you of some of the ins and outs of this E-Mail server.
+
+Features available to you:
+- IMAP Sieve
+- Spam automatically sent to your spam folder
+- Ability to share your E-mail folders with other users
+
+
+Quota
+=====
+Your mailbox has a set quota that should be visible in your E-Mail client. A quota is the storage space that your E-Mails use. It is your responsability to keep you storage below your allocated quota, or you won't be able to send or receive E-Mails.
+
+
+Spam
+====
+Spam is defined as unwanted messages, which sometimes contains malicious software. It's advised if you receive a message you think is spam, don't open it. Move it to your spam folder. Any spam that we detect, will automatically delivered to your spam folder. If we miss a spam messages, as stated earlier, please move it to your spam folder.
+
+We have a learning bot that automagically uses your spam folder to learn why it is spam. After our AI learns, it will be better next time at catching the spam messages so you don't have to.
+
+$(if [ "0$POST_MASTER_EMAIL" != "0" ]; then echo "If you have any concerns, please email the postmaster ($POST_MASTER_EMAIL)."; fi )
+
+EOF
diff --git a/include/docker-entrypoint.sh b/include/docker-entrypoint.sh
new file mode 100644
index 0000000..4506ec6
--- /dev/null
+++ b/include/docker-entrypoint.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+set -e
+
+if [ "0$POST_MASTER_EMAIL" != "0" ]; then export MAILTO="$POST_MASTER_EMAIL"; fi
+
+# Populate this file so cron has access to env vars. thanks to https://stackoverflow.com/a/41938139
+printenv | grep -v "no_proxy" > /etc/environment
+
+
+# compile sieve scripts
+for file in /etc/dovecot/sieve/*.sieve ; 
+do 
+
+  sievec $file; 
+
+done
+
+
+if [ "$1" == "setup" ]; then
+
+
+postconf -e "myhostname = $(`echo hostname -f`)"
+
+
+    if [ ! -f /ssl/dovecot/key.pem ]; then
+
+        echo "[WARNING] Creating Self-signed TLS Cert. Consider using letsencrypt or another trusted CA"
+
+        openssl req  -nodes -new -x509 -keyout /ssl/dovecot/key.pem -out /ssl/dovecot/cert.pem -subj '/CN=localhost'
+
+    fi
+
+    if [ ! -f /ssl/dovecot/dh.pem ]; then
+
+        echo "[Information] Creating DHPEM Key"
+
+        openssl dhparam -out /ssl/dovecot/dh.pem 4096
+
+    fi
+
+
+    echo "[Information] Start dovecot"
+
+    supervisorctl start dovecot
+
+
+    sed -i -r -e 's/^manpage_directory/#manpage_directory/' /etc/postfix/main.cf.proto
+
+    sed -i -r -e 's/^\$manpage_directory/#$manpage_directory/' /etc/postfix/postfix-files
+
+    sed -i -r -e 's/^\$manpage_directory/#$manpage_directory/' /etc/postfix/postfix-files.d/*
+
+
+    if [ ! -f /ssl/postfix/key.pem ]; then
+
+        echo "[WARNING] Creating Self-signed TLS Cert. Consider using letsencrypt or another trusted CA"
+
+        openssl req  -nodes -new -x509 -keyout /ssl/postfix/key.pem -out /ssl/postfix/cert.pem -subj '/CN=localhost'
+
+    fi
+
+
+    echo "[Information] set postfix permissions"
+
+    postfix set-permissions create-missing
+
+    postmap /etc/postfix/header_checks_outbound
+
+    postmap /etc/postfix/header_checks_privacy
+
+    echo "[Information] start postfix"
+
+
+#    supervisorctl start amavis
+
+    supervisorctl start postfix
+
+
+else
+
+    exec "$@"
+
+fi
+
diff --git a/include/etc/dovecot/conf.d/10-auth.conf b/include/etc/dovecot/conf.d/10-auth.conf
new file mode 100644
index 0000000..0775dd9
--- /dev/null
+++ b/include/etc/dovecot/conf.d/10-auth.conf
@@ -0,0 +1,31 @@
+##
+## Authentication processes
+##
+
+
+#auth_verbose = yes
+#auth_debug=yes
+
+
+#disable_plaintext_auth = yes
+
+#auth_mechanisms = plain login
+auth_mechanisms = plain
+
+mail_access_groups=vmail
+mail_uid=vmail
+mail_gid=vmail
+
+
+auth_username_format = %Lu
+
+userdb {
+    driver = ldap
+    args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
+}
+
+passdb {
+    driver = ldap
+    args = /etc/dovecot/dovecot-ldap.conf.ext
+}
+
diff --git a/include/etc/dovecot/conf.d/10-logging.conf b/include/etc/dovecot/conf.d/10-logging.conf
new file mode 100644
index 0000000..7d4d745
--- /dev/null
+++ b/include/etc/dovecot/conf.d/10-logging.conf
@@ -0,0 +1,95 @@
+##
+## Log destination.
+##
+
+log_path=/var/log/dovecot.log
+
+
+
+##
+## Logging verbosity and debugging.
+##
+
+# Log filter is a space-separated list conditions. If any of the conditions
+# match, the log filter matches (i.e. they're ORed together). Parenthesis
+# are supported if multiple conditions need to be matched together.
+#
+# See https://doc.dovecot.org/configuration_manual/event_filter/ for details.
+#
+# For example: event=http_request_* AND category=error AND category=storage
+#
+# Filter to specify what debug logging to enable. This will eventually replace
+# mail_debug and auth_debug settings.
+#log_debug = 
+
+# Crash after logging a matching event. For example category=error will crash
+# any time an error is logged, which can be useful for debugging.
+#log_core_filter = 
+
+# Log unsuccessful authentication attempts and the reasons why they failed.
+#auth_verbose = no
+
+# In case of password mismatches, log the attempted password. Valid values are
+# no, plain and sha1. sha1 can be useful for detecting brute force password
+# attempts vs. user simply trying the same password over and over again.
+# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
+#auth_verbose_passwords = no
+
+# Even more verbose logging for debugging purposes. Shows for example SQL
+# queries.
+#auth_debug = no
+
+# In case of password mismatches, log the passwords and used scheme so the
+# problem can be debugged. Enabling this also enables auth_debug.
+#auth_debug_passwords = no
+
+# Enable mail process debugging. This can help you figure out why Dovecot
+# isn't finding your mails.
+#mail_debug = no
+
+# Show protocol level SSL errors.
+#verbose_ssl = no
+
+# mail_log plugin provides more event logging for mail processes.
+plugin {
+  # Events to log. Also available: flag_change append
+  #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
+  # Available fields: uid, box, msgid, from, subject, size, vsize, flags
+  # size and vsize are available only for expunge and copy events.
+  #mail_log_fields = uid box msgid size
+}
+
+##
+## Log formatting.
+##
+
+# Prefix for each line written to log file. % codes are in strftime(3)
+# format.
+#log_timestamp = "%b %d %H:%M:%S "
+
+# Space-separated list of elements we want to log. The elements which have
+# a non-empty variable value are joined together to form a comma-separated
+# string.
+#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
+
+# Login log format. %s contains login_log_format_elements string, %$ contains
+# the data we want to log.
+#login_log_format = %$: %s
+ 
+# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
+# possible variables you can use.
+#mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
+
+# Format to use for logging mail deliveries:
+#  %$ - Delivery status message (e.g. "saved to INBOX")
+#  %m / %{msgid} - Message-ID
+#  %s / %{subject} - Subject
+#  %f / %{from} - From address
+#  %p / %{size} - Physical size
+#  %w / %{vsize} - Virtual size
+#  %e / %{from_envelope} - MAIL FROM envelope
+#  %{to_envelope} - RCPT TO envelope
+#  %{delivery_time} - How many milliseconds it took to deliver the mail
+#  %{session_time} - How long LMTP session took, not including delivery_time
+#  %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
+#deliver_log_format = msgid=%m: %$
diff --git a/include/etc/dovecot/conf.d/10-mail.conf b/include/etc/dovecot/conf.d/10-mail.conf
new file mode 100644
index 0000000..c46f9f6
--- /dev/null
+++ b/include/etc/dovecot/conf.d/10-mail.conf
@@ -0,0 +1,13 @@
+##
+## Mailbox locations and namespaces
+##
+
+mail_home = /srv/mail/%u
+mail_location = maildir:~/mail:LAYOUT=fs
+
+
+mailbox_list_index = yes
+
+mail_shared_explicit_inbox = yes
+
+
diff --git a/include/etc/dovecot/conf.d/10-master.conf b/include/etc/dovecot/conf.d/10-master.conf
new file mode 100644
index 0000000..154ea7b
--- /dev/null
+++ b/include/etc/dovecot/conf.d/10-master.conf
@@ -0,0 +1,79 @@
+##
+## Services
+##
+
+mail_plugins = $mail_plugins acl quota welcome
+
+service auth {
+
+    unix_listener /var/spool/postfix/private/dovecot/auth {
+        #mode = 0660
+        mode=0777
+        user = postfix
+        group = postfix
+    }
+
+    unix_listener auth-userdb {
+      mode=0777 
+    }
+}
+
+service imap {
+
+}
+
+
+service imap-login {
+    inet_listener imap {
+        port = 0
+    }
+    inet_listener imaps {
+        port = 993
+        ssl = yes
+    }
+    
+    service_count = 1
+    process_min_avail = 1
+}
+
+
+#service imap-postlogin {
+  # all post-login scripts are executed via script-login binary
+#  executable = script-login -d /etc/dovecot/acl_groups.py
+
+  # the script process runs as the user specified here (v2.0.14+):
+#  user = $default_internal_user
+  
+  # this UNIX socket listener must use the same name as given to imap executable
+#  unix_listener imap-postlogin {
+#  }
+#}
+
+
+service lmtp {
+  unix_listener /var/spool/postfix/private/lda {
+    group = postfix
+    mode = 0600
+    user = postfix
+  }
+}
+
+
+service pop3-login {
+  inet_listener pop3 {
+    #port = 110
+  }
+  inet_listener pop3s {
+    #port = 995
+    #ssl = yes
+  }
+}
+
+
+
+service submission-login {
+  inet_listener submission {
+    #port = 587
+  }
+}
+
diff --git a/include/etc/dovecot/conf.d/10-ssl.conf b/include/etc/dovecot/conf.d/10-ssl.conf
new file mode 100644
index 0000000..072c442
--- /dev/null
+++ b/include/etc/dovecot/conf.d/10-ssl.conf
@@ -0,0 +1,17 @@
+##
+## SSL settings
+##
+
+
+#verbose_ssl = yes
+
+ssl = required
+
+ssl_prefer_server_ciphers = yes
+
+ssl_client_ca_dir = /etc/ssl/certs
+
+ssl_dh = </ssl/dovecot/dh.pem
+ssl_cert = </ssl/dovecot/cert.pem
+ssl_key = </ssl/dovecot/key.pem
+
diff --git a/include/etc/dovecot/conf.d/15-lda.conf b/include/etc/dovecot/conf.d/15-lda.conf
new file mode 100644
index 0000000..d885ff6
--- /dev/null
+++ b/include/etc/dovecot/conf.d/15-lda.conf
@@ -0,0 +1,49 @@
+##
+## LDA specific settings (also used by LMTP)
+##
+
+# Address to use when sending rejection mails.
+# Default is postmaster@%d. %d expands to recipient domain.
+#postmaster_address =
+
+# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
+# in LMTP replies. Default is the system's real hostname@domain.
+#hostname = 
+
+# If user is over quota, return with temporary failure instead of
+# bouncing the mail.
+#quota_full_tempfail = no
+
+# Binary to use for sending mails.
+#sendmail_path = /usr/sbin/sendmail
+
+# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
+#submission_host =
+
+# Subject: header to use for rejection mails. You can use the same variables
+# as for rejection_reason below.
+#rejection_subject = Rejected: %s
+
+# Human readable error message for rejection mails. You can use variables:
+#  %n = CRLF, %r = reason, %s = original subject, %t = recipient
+#rejection_reason = Your message to <%t> was automatically rejected:%n%r
+
+# Delimiter character between local-part and detail in email address.
+#recipient_delimiter = +
+
+# Header where the original recipient address (SMTP's RCPT TO: address) is taken
+# from if not available elsewhere. With dovecot-lda -a parameter overrides this. 
+# A commonly used header for this is X-Original-To.
+#lda_original_recipient_header =
+
+# Should saving a mail to a nonexistent mailbox automatically create it?
+lda_mailbox_autocreate = yes
+
+# Should automatically created mailboxes be also automatically subscribed?
+lda_mailbox_autosubscribe = yes
+
+protocol lda {
+  # Space separated list of plugins to load (default is global mail_plugins).
+  mail_plugins = $mail_plugins sieve
+}
+
diff --git a/include/etc/dovecot/conf.d/15-mailboxes.conf b/include/etc/dovecot/conf.d/15-mailboxes.conf
new file mode 100644
index 0000000..8dd3cbd
--- /dev/null
+++ b/include/etc/dovecot/conf.d/15-mailboxes.conf
@@ -0,0 +1,75 @@
+##
+## Mailbox definitions
+##
+
+
+namespace inbox {
+  prefix =
+  type = private
+  separator = /
+  inbox = yes
+  list = yes
+
+  mailbox Archive {
+    auto = subscribe
+    special_use = \Archive
+  }
+
+  mailbox Drafts {
+    auto = subscribe
+    special_use = \Drafts
+  }
+
+  mailbox Sent {
+    auto = subscribe # autocreate and autosubscribe the Sent mailbox
+    special_use = \Sent
+  }
+  mailbox "Sent Messages" {
+    special_use = \Sent
+  }
+
+  mailbox Spam {
+    auto = subscribe
+    special_use = \Junk
+    autoexpunge = 60d
+  }
+
+  mailbox Trash {
+    auto = subscribe
+    autoexpunge = 120d
+    special_use = \Trash
+  }
+
+  mailbox virtual/All { # if you have a virtual "All messages" mailbox
+    auto = no
+    special_use = \All
+  }
+
+  # If you have a virtual "Flagged" mailbox:
+  #mailbox virtual/Flagged {
+  #  special_use = \Flagged
+  #  comment = All my flagged messages
+  #}
+
+  # If you have a virtual "Important" mailbox:
+  #mailbox virtual/Important {
+  #  special_use = \Important
+  #  comment = All my important messages
+  #}
+
+}
+
+# Shared mailbox
+namespace {
+  type = shared
+  separator = /
+  prefix = shared/%%n@%%d/
+
+  location = maildir:%%h/mail:LAYOUT=fs:INDEXPVT=%h/mail/shared/%%n@%%d
+
+  subscriptions = no
+  list = children
+
+}
+
+
diff --git a/include/etc/dovecot/conf.d/20-imap.conf b/include/etc/dovecot/conf.d/20-imap.conf
new file mode 100644
index 0000000..c7d5aca
--- /dev/null
+++ b/include/etc/dovecot/conf.d/20-imap.conf
@@ -0,0 +1,22 @@
+##
+## IMAP specific settings
+##
+
+# If nothing happens for this long while client is IDLEing, move the connection
+# to imap-hibernate process and close the old imap process. This saves memory,
+# because connections use very little memory in imap-hibernate process. The
+# downside is that recreating the imap process back uses some resources.
+imap_hibernate_timeout = 5M
+
+# Maximum IMAP command line length. Some clients generate very long command
+# lines with huge mailboxes, so you may need to raise this if you get
+# "Too long argument" or "IMAP command line too large" errors often.
+#imap_max_line_length = 64k
+
+
+
+protocol imap {
+    imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
+    mail_plugins = $mail_plugins imap_acl imap_quota
+
+}
diff --git a/include/etc/dovecot/conf.d/20-lmtp.conf b/include/etc/dovecot/conf.d/20-lmtp.conf
new file mode 100644
index 0000000..81c2662
--- /dev/null
+++ b/include/etc/dovecot/conf.d/20-lmtp.conf
@@ -0,0 +1,18 @@
+##
+## LMTP specific settings
+##
+
+
+# Verify quota before replying to RCPT TO. This adds a small overhead.
+lmtp_rcpt_check_quota = yes
+
+# Add "Received:" header to mails delivered.
+#lmtp_add_received_header = no
+
+
+protocol lmtp {
+   info_log_path = /var/log/dovecot-lmtp.log
+#   postmaster_address = postmaster@example.org
+
+  mail_plugins = $mail_plugins sieve
+}
diff --git a/include/etc/dovecot/conf.d/20-managesieve.conf b/include/etc/dovecot/conf.d/20-managesieve.conf
new file mode 100644
index 0000000..06c4f86
--- /dev/null
+++ b/include/etc/dovecot/conf.d/20-managesieve.conf
@@ -0,0 +1,85 @@
+##
+## ManageSieve specific settings
+##
+
+# Uncomment to enable managesieve protocol:
+#protocols = $protocols sieve
+
+# Service definitions
+
+service managesieve-login {
+  inet_listener sieve {
+    port = 4190
+  }
+
+  #inet_listener sieve_deprecated {
+  #  port = 2000
+  #}
+
+  # Number of connections to handle before starting a new process. Typically
+  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
+  # is faster. <doc/wiki/LoginProcess.txt>
+  service_count = 1
+
+  # Number of processes to always keep waiting for more connections.
+  process_min_avail = 1
+
+  # If you set service_count=0, you probably need to grow this.
+  #vsz_limit = 64M
+}
+
+service managesieve {
+  # Max. number of ManageSieve processes (connections)
+  process_limit = 100
+}
+
+# Service configuration
+
+protocol sieve {
+  # Maximum ManageSieve command line length in bytes. ManageSieve usually does
+  # not involve overly long command lines, so this setting will not normally
+  # need adjustment
+  managesieve_max_line_length = 65536
+
+  # Maximum number of ManageSieve connections allowed for a user from each IP
+  # address.
+  # NOTE: The username is compared case-sensitively.
+  mail_max_userip_connections = 5
+
+  # Space separated list of plugins to load (none known to be useful so far).
+  # Do NOT try to load IMAP plugins here.
+  #mail_plugins =
+
+  # MANAGESIEVE logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #  %{put_bytes} - Number of bytes saved using PUTSCRIPT command
+  #  %{put_count} - Number of scripts saved using PUTSCRIPT command
+  #  %{get_bytes} - Number of bytes read using GETCRIPT command
+  #  %{get_count} - Number of scripts read using GETSCRIPT command
+  #  %{get_bytes} - Number of bytes processed using CHECKSCRIPT command
+  #  %{get_count} - Number of scripts checked using CHECKSCRIPT command
+  #  %{deleted_count} - Number of scripts deleted using DELETESCRIPT command
+  #  %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command
+  managesieve_logout_format = bytes=%i/%o
+
+  # To fool ManageSieve clients that are focused on CMU's timesieved you can
+  # specify the IMPLEMENTATION capability that Dovecot reports to clients.
+  # For example: 'Cyrus timsieved v2.2.13'
+  #managesieve_implementation_string = Dovecot Pigeonhole
+
+  # Explicitly specify the SIEVE and NOTIFY capability reported by the server
+  # before login. If left unassigned these will be reported dynamically
+  # according to what the Sieve interpreter supports by default (after login
+  # this may differ depending on the user).
+  #managesieve_sieve_capability =
+  #managesieve_notify_capability =
+
+  # The maximum number of compile errors that are returned to the client upon
+  # script upload or script verification.
+  #managesieve_max_compile_errors = 5
+
+  # Refer to 90-sieve.conf for script quota configuration and configuration of
+  # Sieve execution limits.
+}
+
diff --git a/include/etc/dovecot/conf.d/90-acl.conf b/include/etc/dovecot/conf.d/90-acl.conf
new file mode 100644
index 0000000..f402712
--- /dev/null
+++ b/include/etc/dovecot/conf.d/90-acl.conf
@@ -0,0 +1,28 @@
+##
+## Mailbox access control lists.
+##
+
+# vfile backend reads ACLs from "dovecot-acl" file from mail directory.
+# You can also optionally give a global ACL directory path where ACLs are
+# applied to all users' mailboxes. The global ACL directory contains
+# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
+# specifies how many seconds to wait between stat()ing dovecot-acl file
+# to see if it changed.
+plugin {
+  # Per-user ACL:
+  acl = vfile
+
+  # (if yes) Creates an issue where shared folders inbox folder is 
+  # shown but clicking on the root folder, also displays the contents
+  # of the inbox.
+  #acl_defaults_from_inbox = yes
+
+  acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=60
+
+}
+
+plugin {
+
+  acl_shared_dict = file:/srv/mail/shared-mailboxes
+
+}
diff --git a/include/etc/dovecot/conf.d/90-plugin.conf b/include/etc/dovecot/conf.d/90-plugin.conf
new file mode 100644
index 0000000..79d97fb
--- /dev/null
+++ b/include/etc/dovecot/conf.d/90-plugin.conf
@@ -0,0 +1,21 @@
+##
+## Plugin settings
+##
+
+
+plugin {
+  welcome_script = welcome %u
+  welcome_wait = no
+}
+
+service welcome {
+  executable = script /bin/welcome-email.sh
+  user = dovecot
+  
+
+  unix_listener welcome {
+    user = dovecot
+    group = postfix
+    mode = 0766
+  }
+}
diff --git a/include/etc/dovecot/conf.d/90-quota.conf b/include/etc/dovecot/conf.d/90-quota.conf
new file mode 100644
index 0000000..4954245
--- /dev/null
+++ b/include/etc/dovecot/conf.d/90-quota.conf
@@ -0,0 +1,85 @@
+##
+## Quota configuration.
+##
+
+# Note that you also have to enable quota plugin in mail_plugins setting.
+# <doc/wiki/Quota.txt>
+
+##
+## Quota limits
+##
+
+plugin {
+  quota = maildir:User quota
+  quota_rule = *:storage=200M
+  quota_rule2 = Trash:storage=+50M
+  quota_grace = 10%%
+
+  quota_max_mail_size = 25M
+
+  quota_status_success = DUNNO
+  quota_status_nouser = DUNNO
+  quota_status_overquota = "552 5.2.2 Mailbox is full"
+}
+
+
+
+plugin {
+
+  quota = maildir:Shared quota:ns=shared/
+  quota_rule = *:storage=200M
+
+
+  quota_max_mail_size = 25M
+
+  quota_status_success = DUNNO
+  quota_status_nouser = DUNNO
+  quota_status_overquota = "552 5.2.2 Mailbox is full"
+
+}
+
+
+
+##
+## Quota warnings
+##
+
+# You can execute a given command when user exceeds a specified quota limit.
+# Each quota root has separate limits. Only the command for the first
+# exceeded limit is executed, so put the highest limit first.
+# The commands are executed via script service by connecting to the named
+# UNIX socket (quota-warning below).
+# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
+
+plugin {
+  quota_warning = storage=50%% quota-warning 50 %u
+  quota_warning2 = storage=80%% quota-warning 80 %u
+  quota_warning2 = storage=90%% quota-warning 90 %u
+  quota_warning3 = storage=95%% quota-warning 95 %u
+}
+
+# Example quota-warning service. The unix listener's permissions should be
+# set in a way that mail processes can connect to it. Below example assumes
+# that mail processes run as vmail user. If you use mode=0666, all system users
+# can generate quota warnings to anyone.
+
+service quota-warning {
+  executable = script /bin/quota-warning.sh
+#  user = vmail
+
+  unix_listener quota-warning {
+    user = dovecot
+    group = vmail
+    mode = 0766
+  }
+}
+
+service quota-status {
+  executable = quota-status -p postfix
+  inet_listener {
+    port = 12340
+    # You can choose any port you want
+  }
+  client_limit = 1
+}
+
diff --git a/include/etc/dovecot/conf.d/90-sieve-extprograms.conf b/include/etc/dovecot/conf.d/90-sieve-extprograms.conf
new file mode 100644
index 0000000..cc51d13
--- /dev/null
+++ b/include/etc/dovecot/conf.d/90-sieve-extprograms.conf
@@ -0,0 +1,45 @@
+# Sieve Extprograms plugin configuration
+
+# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
+# Also enable the extensions you need (one or more of vnd.dovecot.pipe,
+# vnd.dovecot.filter and vnd.dovecot.execute) by adding these	to the
+# sieve_extensions or sieve_global_extensions settings. Restricting these
+# extensions to a global context using sieve_global_extensions is recommended.
+
+plugin {
+
+  # The directory where the program sockets are located for the
+  # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
+  # respectively. The name of each unix socket contained in that directory
+  # directly maps to a program-name referenced from the Sieve script.
+  #sieve_pipe_socket_dir = sieve-pipe
+  #sieve_filter_socket_dir = sieve-filter
+  #sieve_execute_socket_dir = sieve-execute
+
+  # The directory where the scripts are located for direct execution by the
+  # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
+  # respectively. The name of each script contained in that directory
+  # directly maps to a program-name referenced from the Sieve script.
+  #sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
+  #sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
+  #sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
+}
+
+# An example program service called 'do-something' to pipe messages to
+#service do-something {
+  # Define the executed script as parameter to the sieve service
+  #executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
+
+  # Use some unprivileged user for executing the program
+  #user = dovenull
+
+  # The unix socket located in the sieve_pipe_socket_dir (as defined in the 
+  # plugin {} section above)
+  #unix_listener sieve-pipe/do-something {
+    # LDA/LMTP must have access
+  #  user = vmail  
+  #  mode = 0600
+  #}
+#}
+
+
diff --git a/include/etc/dovecot/conf.d/90-sieve.conf b/include/etc/dovecot/conf.d/90-sieve.conf
new file mode 100644
index 0000000..d97709a
--- /dev/null
+++ b/include/etc/dovecot/conf.d/90-sieve.conf
@@ -0,0 +1,210 @@
+##
+## Settings for the Sieve interpreter
+##
+
+# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
+# by adding it to the respective mail_plugins= settings.
+
+# The Sieve interpreter can retrieve Sieve scripts from several types of
+# locations. The default `file' location type is a local filesystem path
+# pointing to a Sieve script file or a directory containing multiple Sieve
+# script files. More complex setups can use other location types such as
+# `ldap' or `dict' to fetch Sieve scripts from remote databases.
+#
+# All settings that specify the location of one ore more Sieve scripts accept
+# the following syntax:
+#
+# location = [<type>:]path[;<option>[=<value>][;...]]
+#
+# If the type prefix is omitted, the script location type is 'file' and the 
+# location is interpreted as a local filesystem path pointing to a Sieve script
+# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
+# information.
+
+plugin {
+  # The location of the user's main Sieve script or script storage. The LDA
+  # Sieve plugin uses this to find the active script for Sieve filtering at
+  # delivery. The "include" extension uses this location for retrieving
+  # :personal" scripts. This is also where the  ManageSieve service will store
+  # the user's scripts, if supported.
+  # 
+  # Currently only the 'file:' location type supports ManageSieve operation.
+  # Other location types like 'dict:' and 'ldap:' can currently only
+  # be used as a read-only script source ().
+  #
+  # For the 'file:' type: use the ';active=' parameter to specify where the
+  # active script symlink is located.
+  # For other types: use the ';name=' parameter to specify the name of the
+  # default/active script.
+  sieve = file:~/sieve;active=~/.dovecot.sieve
+
+  # The default Sieve script when the user has none. This is the location of a
+  # global sieve script file, which gets executed ONLY if user's personal Sieve
+  # script doesn't exist. Be sure to pre-compile this script manually using the
+  # sievec command line tool if the binary is not stored in a global location.
+  # --> See sieve_before for executing scripts before the user's personal
+  #     script.
+  #sieve_default = /var/lib/dovecot/sieve/default.sieve
+
+  # The name by which the default Sieve script (as configured by the 
+  # sieve_default setting) is visible to the user through ManageSieve. 
+  #sieve_default_name = 
+
+  # Location for ":global" include scripts as used by the "include" extension.
+  #sieve_global_path = 
+
+  # The location of a Sieve script that is run for any message that is about to
+  # be discarded; i.e., it is not delivered anywhere by the normal Sieve
+  # execution. This only happens when the "implicit keep" is canceled, by e.g.
+  # the "discard" action, and no actions that deliver the message are executed.
+  # This "discard script" can prevent discarding the message, by executing
+  # alternative actions. If the discard script does nothing, the message is
+	# still discarded as it would be when no discard script is configured.
+  #sieve_discard =
+
+  # Location Sieve of scripts that need to be executed before the user's
+  # personal script. If a 'file' location path points to a directory, all the 
+  # Sieve scripts contained therein (with the proper `.sieve' extension) are
+  # executed. The order of execution within that directory is determined by the
+  # file names, using a normal 8bit per-character comparison.
+  #
+  # Multiple script locations can be specified by appending an increasing number
+  # to the setting name. The Sieve scripts found from these locations are added
+  # to the script execution sequence in the specified order. Reading the
+  # numbered sieve_before settings stops at the first missing setting, so no
+  # numbers may be skipped.
+  #sieve_before = /var/lib/dovecot/sieve.d/
+  #sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
+  #sieve_before3 = (etc...)
+  sieve_before = /etc/dovecot/sieve
+
+  # Identical to sieve_before, only the specified scripts are executed after the
+  # user's script (only when keep is still in effect!). Multiple script
+  # locations can be specified by appending an increasing number.
+  #sieve_after =
+  #sieve_after2 =
+  #sieve_after2 = (etc...)
+
+  # Which Sieve language extensions are available to users. By default, all
+  # supported extensions are available, except for deprecated extensions or
+  # those that are still under development. Some system administrators may want
+  # to disable certain Sieve extensions or enable those that are not available
+  # by default. This setting can use '+' and '-' to specify differences relative
+  # to the default. For example `sieve_extensions = +imapflags' will enable the
+  # deprecated imapflags extension in addition to all extensions were already
+  # enabled by default.
+  #sieve_extensions = +notify +imapflags
+
+  sieve_extensions=-vacation, -enotify, -editheader, imap4flags
+
+  # Which Sieve language extensions are ONLY available in global scripts. This
+  # can be used to restrict the use of certain Sieve extensions to administrator
+  # control, for instance when these extensions can cause security concerns.
+  # This setting has higher precedence than the `sieve_extensions' setting
+  # (above), meaning that the extensions enabled with this setting are never
+  # available to the user's personal script no matter what is specified for the
+  # `sieve_extensions' setting. The syntax of this setting is similar to the
+  # `sieve_extensions' setting, with the difference that extensions are
+  # enabled or disabled for exclusive use in global scripts. Currently, no
+  # extensions are marked as such by default.
+  #sieve_global_extensions =
+
+  # The Pigeonhole Sieve interpreter can have plugins of its own. Using this
+  # setting, the used plugins can be specified. Check the Dovecot wiki
+  # (wiki2.dovecot.org) or the pigeonhole website
+  # (http://pigeonhole.dovecot.org) for available plugins.
+  # The sieve_extprograms plugin is included in this release.
+  #sieve_plugins =
+  sieve_plugins = sieve_extprograms
+
+  # The maximum size of a Sieve script. The compiler will refuse to compile any
+  # script larger than this limit. If set to 0, no limit on the script size is
+  # enforced.
+  #sieve_max_script_size = 1M
+
+  # The maximum number of actions that can be performed during a single script
+  # execution. If set to 0, no limit on the total number of actions is enforced.
+  #sieve_max_actions = 32
+
+  # The maximum number of redirect actions that can be performed during a single
+  # script execution. If set to 0, no redirect actions are allowed.
+  #sieve_max_redirects = 4
+
+  # The maximum number of personal Sieve scripts a single user can have. If set
+  # to 0, no limit on the number of scripts is enforced.
+  # (Currently only relevant for ManageSieve)
+  #sieve_quota_max_scripts = 0
+
+  # The maximum amount of disk storage a single user's scripts may occupy. If
+  # set to 0, no limit on the used amount of disk storage is enforced.
+  # (Currently only relevant for ManageSieve)
+  #sieve_quota_max_storage = 0
+
+  # The primary e-mail address for the user. This is used as a default when no
+  # other appropriate address is available for sending messages. If this setting
+  # is not configured, either the postmaster or null "<>" address is used as a
+  # sender, depending on the action involved. This setting is important when
+  # there is no message envelope to extract addresses from, such as when the
+  # script is executed in IMAP.
+  #sieve_user_email =
+
+  # The path to the file where the user log is written. If not configured, a
+  # default location is used. If the main user's personal Sieve (as configured
+  # with sieve=) is a file, the logfile is set to <filename>.log by default. If
+  # it is not a file, the default user log file is ~/.dovecot.sieve.log.
+  #sieve_user_log =
+
+  # Specifies what envelope sender address is used for redirected messages.
+  # The following values are supported for this setting:
+  #
+  #   "sender"         - The sender address is used (default).
+  #   "recipient"      - The final recipient address is used.
+  #   "orig_recipient" - The original recipient is used.
+  #   "user_email"     - The user's primary address is used. This is
+  #                      configured with the "sieve_user_email" setting. If
+  #                      that setting is unconfigured, "user_mail" is equal to
+  #                      "recipient".
+  #   "postmaster"     - The postmaster_address configured for the LDA.
+  #   "<user@domain>"  - Redirected messages are always sent from user@domain.
+  #                      The angle brackets are mandatory. The null "<>" address
+  #                      is also supported.
+  #
+  # This setting is ignored when the envelope sender is "<>". In that case the
+  # sender of the redirected message is also always "<>".
+  #sieve_redirect_envelope_from = sender
+
+  ## TRACE DEBUGGING
+  # Trace debugging provides detailed insight in the operations performed by
+  # the Sieve script. These settings apply to both the LDA Sieve plugin and the
+  # IMAPSIEVE plugin. 
+  #
+  # WARNING: On a busy server, this functionality can quickly fill up the trace
+  # directory with a lot of trace files. Enable this only temporarily and as
+  # selective as possible.
+  
+  # The directory where trace files are written. Trace debugging is disabled if
+  # this setting is not configured or if the directory does not exist. If the 
+  # path is relative or it starts with "~/" it is interpreted relative to the
+  # current user's home directory.
+  #sieve_trace_dir =
+  
+  # The verbosity level of the trace messages. Trace debugging is disabled if
+  # this setting is not configured. Possible values are:
+  #
+  #   "actions"        - Only print executed action commands, like keep,
+  #                      fileinto, reject and redirect.
+  #   "commands"       - Print any executed command, excluding test commands.
+  #   "tests"          - Print all executed commands and performed tests.
+  #   "matching"       - Print all executed commands, performed tests and the
+  #                      values matched in those tests.
+  #sieve_trace_level =
+  
+  # Enables highly verbose debugging messages that are usually only useful for
+  # developers.
+  #sieve_trace_debug = no
+  
+  # Enables showing byte code addresses in the trace output, rather than only
+  # the source line numbers.
+  #sieve_trace_addresses = no 
+}
+
diff --git a/include/etc/dovecot/dovecot-acl b/include/etc/dovecot/dovecot-acl
new file mode 100644
index 0000000..6f78220
--- /dev/null
+++ b/include/etc/dovecot/dovecot-acl
@@ -0,0 +1,7 @@
+INBOX.Archive owner lrwstipek
+INBOX.Drafts owner lrwstipek
+INBOX.Spam owner lrwstipek
+INBOX.Sent owner lrwstipek
+INBOX.Trash owner lrwstipek
+#* owner akxeilprwts
+
diff --git a/include/etc/dovecot/dovecot-ldap.conf.ext b/include/etc/dovecot/dovecot-ldap.conf.ext
new file mode 100644
index 0000000..6c6e2aa
--- /dev/null
+++ b/include/etc/dovecot/dovecot-ldap.conf.ext
@@ -0,0 +1,24 @@
+uris = ldap://openldap
+dn = cn=admin,dc=example,dc=org
+dnpass = admin
+
+debug_level = 0
+auth_bind = no
+
+ldap_version = 3
+base = dc=example,dc=org
+scope = subtree
+
+user_attrs = uid=user=%{ldap:uid}, memberUid=user=%{ldap:mail}, mail=home=/srv/mail/%{ldap:mail}, mail=mailHomeDirectory=maildir:~/mail:LAYOUT=fs, mailQuota=quota_rule=*:bytes=%$
+
+user_filter = (&(objectClass=PostfixBookMailAccount)(|(uid=%u)(mail=%u)(cn=%u)))
+
+
+pass_filter = (&(objectClass=PostfixBookMailAccount)(|(uid=%u)(mail=%u)))
+
+
+iterate_attrs = mail=user
+iterate_filter = (objectClass=PostfixBookMailAccount)
+
+
+
diff --git a/include/etc/dovecot/protocols.d/imap.protocol b/include/etc/dovecot/protocols.d/imap.protocol
new file mode 100644
index 0000000..cbc7ed9
--- /dev/null
+++ b/include/etc/dovecot/protocols.d/imap.protocol
@@ -0,0 +1,2 @@
+
+protocols = $protocols imap
diff --git a/include/etc/dovecot/protocols.d/lmtp.protocol b/include/etc/dovecot/protocols.d/lmtp.protocol
new file mode 100644
index 0000000..e71d974
--- /dev/null
+++ b/include/etc/dovecot/protocols.d/lmtp.protocol
@@ -0,0 +1,2 @@
+
+protocols = $protocols lmtp
diff --git a/include/etc/dovecot/protocols.d/sieve.protocol b/include/etc/dovecot/protocols.d/sieve.protocol
new file mode 100644
index 0000000..91ef409
--- /dev/null
+++ b/include/etc/dovecot/protocols.d/sieve.protocol
@@ -0,0 +1,2 @@
+
+protocols = $protocols sieve
diff --git a/include/etc/dovecot/sieve/00-fileto-spam.sieve b/include/etc/dovecot/sieve/00-fileto-spam.sieve
new file mode 100644
index 0000000..ef121dc
--- /dev/null
+++ b/include/etc/dovecot/sieve/00-fileto-spam.sieve
@@ -0,0 +1,11 @@
+require ["fileinto", "mailbox"];
+
+if exists "X-Spam-Flag" {
+if header :contains "X-Spam-Flag" "NO" {
+
+} else {
+fileinto :create "Spam";
+stop;
+}
+
+}
diff --git a/include/etc/logrotate.d/dovecot b/include/etc/logrotate.d/dovecot
new file mode 100644
index 0000000..67fc8f1
--- /dev/null
+++ b/include/etc/logrotate.d/dovecot
@@ -0,0 +1,14 @@
+/var/log/dovecot.log 
+{
+    rotate 30
+    daily
+    missingok
+    notifempty
+    compress
+    delaycompress
+    extension log
+    create 0644 dovecot dovecot
+         postrotate
+             supervisorctl restart dovecot
+         endscript
+}
diff --git a/include/etc/logrotate.d/postfix b/include/etc/logrotate.d/postfix
new file mode 100644
index 0000000..00d81fe
--- /dev/null
+++ b/include/etc/logrotate.d/postfix
@@ -0,0 +1,14 @@
+/var/log/postfix.log
+{
+    rotate 30
+    daily
+    missingok
+    notifempty
+    compress
+    delaycompress
+    extension log
+    create 0644 postfix postfix
+        postrotate
+            supervisorctl restart postfix
+        endscript
+}
diff --git a/include/etc/logrotate.d/rsyslog b/include/etc/logrotate.d/rsyslog
index 56c774d..68dcb13 100644
--- a/include/etc/logrotate.d/rsyslog
+++ b/include/etc/logrotate.d/rsyslog
@@ -1,4 +1,8 @@
 /var/log/syslog
+/var/log/mail.info
+/var/log/mail.warn
+/var/log/mail.err
+/var/log/mail.log
 /var/log/daemon.log
 /var/log/kern.log
 /var/log/auth.log
@@ -19,5 +23,6 @@
     sharedscripts
         postrotate
             supervisorctl restart rsyslog
+            supervisorctl restart amavis
         endscript
 }
diff --git a/include/etc/postfix/header_checks_outbound b/include/etc/postfix/header_checks_outbound
new file mode 100644
index 0000000..d69784e
--- /dev/null
+++ b/include/etc/postfix/header_checks_outbound
@@ -0,0 +1,14 @@
+#
+#  Header Checks for outbound E-Mail
+#
+# Checks for outbound mail
+#
+
+#
+# Remove spam headers as they are applicable for local users only.
+#
+/^X-Spam-Flag:/    IGNORE
+/^X-Spam-Score:/   IGNORE
+/^X-Spam-Level:/   IGNORE
+/^X-Spam-Status:/  IGNORE
+
diff --git a/include/etc/postfix/header_checks_privacy b/include/etc/postfix/header_checks_privacy
new file mode 100644
index 0000000..6c9f700
--- /dev/null
+++ b/include/etc/postfix/header_checks_privacy
@@ -0,0 +1,32 @@
+#
+#  Privacy Header Checks
+#
+
+#
+# Hide the software the sender is using
+#
+/^User-Agent:/  IGNORE
+
+#
+# Remove Date from header.
+# 
+# The date that the client users is often in their own timezone.
+# this is not desirable, so removing and having the server re-add
+# the date header, enables hiding the users timezone.
+#
+# NOTE: postfix requires the following settings:
+#  - always_add_missing_headers=yes
+#  - local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces
+#
+# These settings will add the date back to the E-Mail header using the servers timezone.
+#
+/^Date:/        IGNORE
+
+#
+# Remove the sender IP Address and Any hostname and replace with localhost
+#
+/^Received:\sfrom [^ ]+ \([^ ]+ \[[IPv0-9a-f:.]+\]\)(\s+.* \(server\) with .+)$/ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$1
+
+
+
+
diff --git a/include/etc/postfix/ldap/smtpd_sender_login_maps b/include/etc/postfix/ldap/smtpd_sender_login_maps
new file mode 100644
index 0000000..4580a84
--- /dev/null
+++ b/include/etc/postfix/ldap/smtpd_sender_login_maps
@@ -0,0 +1,16 @@
+server_host = ldap://openldap
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/tls/CA.pem
+#tls_require_cert = yes
+
+bind = yes
+bind_dn = cn=admin,dc=example,dc=org
+bind_pw = admin
+
+search_base = ou=Users,dc=example,dc=org
+
+
+query_filter = (&(objectClass=PostfixBookMailAccount)(|(mail=%s)(mailAlias=%s)))
+
+result_attribute = uid
diff --git a/include/etc/postfix/ldap/smtpd_sender_login_maps_groups b/include/etc/postfix/ldap/smtpd_sender_login_maps_groups
new file mode 100644
index 0000000..b05c323
--- /dev/null
+++ b/include/etc/postfix/ldap/smtpd_sender_login_maps_groups
@@ -0,0 +1,17 @@
+server_host = ldap://openldap
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/tls/CA.pem
+#tls_require_cert = yes
+
+bind = yes
+bind_dn = cn=admin,dc=example,dc=org
+bind_pw = admin
+
+search_base = ou=Groups,dc=example,dc=org
+
+
+query_filter = (&(objectClass=PostfixBookMailAccount)(objectClass=posixGroup)(|(mail=%s)(mailAlias=%s)))
+
+
+result_attribute = memberUid
diff --git a/include/etc/postfix/ldap/virtual_alias_domains b/include/etc/postfix/ldap/virtual_alias_domains
new file mode 100644
index 0000000..a89517e
--- /dev/null
+++ b/include/etc/postfix/ldap/virtual_alias_domains
@@ -0,0 +1,17 @@
+server_host = ldap://172.20.0.4
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/tls/CA.pem
+#tls_require_cert = yes
+
+bind = yes
+bind_dn = cn=admin,dc=example,dc=org
+bind_pw = admin
+
+
+search_base = ou=mail,dc=example,dc=org
+
+query_filter = (&(ObjectClass=dNSDomain)(dc=%s))
+
+result_attribute = dc
+
diff --git a/include/etc/postfix/ldap/virtual_alias_maps b/include/etc/postfix/ldap/virtual_alias_maps
new file mode 100644
index 0000000..cc1bc4d
--- /dev/null
+++ b/include/etc/postfix/ldap/virtual_alias_maps
@@ -0,0 +1,18 @@
+server_host = ldap://openldap
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/tls/CA.pem
+#tls_require_cert = yes
+
+bind = yes
+bind_dn = cn=admin,dc=example,dc=org
+bind_pw = admin
+
+search_base = dc=example,dc=org
+#scope = sub
+
+
+query_filter = (&(objectClass=PostfixBookMailAccount)(|(mail=%s)(mailAlias=%s)))
+
+result_attribute = mail
+
diff --git a/include/etc/postfix/ldap/virtual_email_domains b/include/etc/postfix/ldap/virtual_email_domains
new file mode 100644
index 0000000..61b3c62
--- /dev/null
+++ b/include/etc/postfix/ldap/virtual_email_domains
@@ -0,0 +1,18 @@
+server_host = ldap://openldap
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/tls/CA.pem
+#tls_require_cert = yes
+
+bind = yes
+bind_dn = cn=admin,dc=example,dc=org
+bind_pw = admin
+
+search_base = ou=mail,dc=example,dc=org
+scope = sub
+
+
+query_filter = (&(ObjectClass=dNSDomain)(dc=%s))
+
+result_attribute = dc
+
diff --git a/include/etc/postfix/master.cf b/include/etc/postfix/master.cf
new file mode 100644
index 0000000..b405703
--- /dev/null
+++ b/include/etc/postfix/master.cf
@@ -0,0 +1,175 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (no)    (never) (100)
+# ==========================================================================
+#smtp      inet  n       -       y       -       -       smtpd
+smtp      inet  n       -       y       -       1       postscreen
+smtpd     pass  -       -       y       -       -       smtpd
+  -o syslog_name=postfix/inbound
+  -o smtpd_tls_security_level=may
+  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,permit_auth_destination,reject
+
+#dnsblog   unix  -       -       y       -       0       dnsblog
+#tlsproxy  unix  -       -       y       -       0       tlsproxy
+submission inet n       -       y       -       -       smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_tls_auth_only=yes
+  -o smtpd_sasl_type=dovecot
+  -o smtpd_sasl_path=private/dovecot/auth
+  -o smtpd_sasl_security_options=noanonymous
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_sender_login_maps=ldap:/etc/postfix/ldap/smtpd_sender_login_maps,ldap:/etc/postfix/ldap/smtpd_sender_login_maps_groups
+  -o smtpd_sender_restrictions=reject_sender_login_mismatch
+  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
+  -o cleanup_service_name=privacy
+
+amavis unix -      -       n     -       2  smtp
+  -o syslog_name=postfix/$service_name
+  -o smtp_data_done_timeout=1200
+  -o smtp_send_xforward_command=yes
+  -o disable_dns_lookups=yes
+  -o max_use=20
+  -o content_filter=
+
+127.0.0.1:10025 inet n  -       n     -       -  smtpd
+  -o syslog_name=amavis
+  -o content_filter=
+  -o local_recipient_maps=
+  -o relay_recipient_maps=
+  -o smtpd_restriction_classes=
+  -o smtpd_delay_reject=no
+  -o smtpd_client_restrictions=permit_mynetworks,reject
+  -o smtpd_helo_restrictions=
+  -o smtpd_sender_restrictions=
+  -o smtpd_recipient_restrictions=permit_mynetworks,reject
+  -o smtpd_data_restrictions=reject_unauth_pipelining
+  -o smtpd_end_of_data_restrictions=
+  -o mynetworks=127.0.0.0/8
+  -o smtpd_error_sleep_time=0
+  -o smtpd_soft_error_limit=1001
+  -o smtpd_hard_error_limit=1000
+  -o smtpd_client_connection_count_limit=0
+  -o smtpd_client_connection_rate_limit=0
+  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
+  -o content_filter=
+
+
+#spamassassin unix -     n       n       -       -       pipe 
+#  user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
+
+#smtps     inet  n       -       y       -       -       smtpd
+#  -o syslog_name=postfix/smtps
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+
+
+
+#628       inet  n       -       y       -       -       qmqpd
+pickup    unix  n       -       y       60      1       pickup
+cleanup   unix  n       -       y       -       0       cleanup
+privacy   unix  n       -       n       -       0       cleanup
+  -o syslog_name=postfix/$service_name
+  -o header_checks=regexp:/etc/postfix/header_checks_privacy
+qmgr      unix  n       -       n       300     1       qmgr
+#qmgr     unix  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       y       1000?   1       tlsmgr
+rewrite   unix  -       -       y       -       -       trivial-rewrite
+bounce    unix  -       -       y       -       0       bounce
+defer     unix  -       -       y       -       0       bounce
+trace     unix  -       -       y       -       0       bounce
+verify    unix  -       -       y       -       1       verify
+flush     unix  n       -       y       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+
+smtp      unix  -       -       y       -       -       smtp
+  -o syslog_name=postfix/$service_name
+
+relay     unix  -       -       y       -       -       smtp
+        -o syslog_name=postfix/$service_name
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       y       -       -       showq
+error     unix  -       -       y       -       -       error
+retry     unix  -       -       y       -       -       error
+discard   unix  -       -       y       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       y       -       -       lmtp
+anvil     unix  -       -       y       -       1       anvil
+scache    unix  -       -       y       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix -       n       n       -       2       pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
+
diff --git a/include/etc/supervisor/conf.d/supervisord.conf b/include/etc/supervisor/conf.d/supervisord.conf
index d06b8c6..a3fab40 100644
--- a/include/etc/supervisor/conf.d/supervisord.conf
+++ b/include/etc/supervisor/conf.d/supervisord.conf
@@ -3,6 +3,14 @@
 nodaemon = true
 pidfile=/var/run/supervisord.pid
 
+[program:init]
+startsecs=0
+stopwaitsecs=55
+command=/docker-entrypoint.sh setup
+autorestart=false
+autostart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
 
 [program:rsyslog]
 startsecs=0
@@ -21,3 +29,28 @@ autorestart=true
 stdout_logfile=/var/log/supervisor/%(program_name)s.log
 stderr_logfile=/var/log/supervisor/%(program_name)s.log
 command=/usr/sbin/cron -f
+
+
+
+[program:dovecot]
+startsecs=0
+stopwaitsecs=55
+command=/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
+autorestart=true
+autostart=false
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+
+
+
+[program:postfix]
+startsecs=0
+stopwaitsecs=55
+#command=/usr/lib/postfix/sbin/master -vv -c /etc/postfix -d
+#command=postfix -vv -c /etc/postfix start-fg
+command=/bin/postfix.sh
+autorestart=true
+autostart=false
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+