diff --git a/files/clamav/clamd.conf b/files/clamav/clamd.conf
new file mode 100644
index 0000000..102955c
--- /dev/null
+++ b/files/clamav/clamd.conf
@@ -0,0 +1,8 @@
+LogFile /var/log/clamav/clamd.log
+LogTime yes
+PidFile /run/clamav/clamd.pid
+LocalSocket /run/clamav/clamd.sock
+TCPSocket 3310
+TCPAddr 127.0.0.1
+User clamav
+AllowSupplementaryGroups yes
diff --git a/files/clamav/freshclam.conf b/files/clamav/freshclam.conf
new file mode 100644
index 0000000..3defb90
--- /dev/null
+++ b/files/clamav/freshclam.conf
@@ -0,0 +1,7 @@
+UpdateLogFile /var/log/clamav/freshclam.log
+PidFile /run/clamav/freshclam.pid
+DatabaseOwner clamav
+AllowSupplementaryGroups yes
+DatabaseMirror database.clamav.net
+ScriptedUpdates yes
+NotifyClamd /etc/clamav/clamd.conf
diff --git a/files/clamsmtpd.conf b/files/clamsmtpd.conf
new file mode 100644
index 0000000..19125ee
--- /dev/null
+++ b/files/clamsmtpd.conf
@@ -0,0 +1,3 @@
+OutAddress: 10026
+ClamAddress: 127.0.0.1:3310 
+User: clamav
diff --git a/files/ssl/cert.pem b/files/ssl/cert.pem
new file mode 100644
index 0000000..73c775a
--- /dev/null
+++ b/files/ssl/cert.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGCzCCA/OgAwIBAgIDEkvKMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTE2MDgyMjExMjczOFoXDTE3MDIxODExMjczOFowGjEY
+MBYGA1UEAxQPKi5icjB0a2FzdGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAt1a84Be+eux7k9lutN4hGYom6ArVo8qYy6MubItRIwv7fhq3/CRp
+Mj/MsdOzJJyv/3x/jjPxVs/XXvYt3RiYU8mHjE/nBQV03O04pDtx/YFoqDXWCqMF
+RalelupMpwbuvedDc8kO0S3Jx1LZgCx9v5MXne9o4uPMuMGIMwyKDPuOi6O9wO5h
+Vw5n4lnA+dIbzDwLhzs+DnAuVWIc7b56prHwbieCV89AEAg0OEbd2+avvaNsVStb
++JybB6buvMHDzaLdCsWdCb+ixgIaUuJ1mHacMouzs8Hrm+RrJ53DZRkKRU8LkeYO
+t9Ns175H380jJz6jI3jkekeEdeY6/TiWN+EqDLhOB7SXAHg8Kg16jzCngQ43XjAb
+Jv75+t35G70iCxhYrsyOUJXcwsR0sH30iZyCebbYWvamIatsWC9wP+CWzLFXF14n
+BXE1wDXYaxg2zArHTlac1pXeFkaDbDuqf9q+eeZ8hari3PkBhOiUQ8NTJ09bwF2E
+zO0Zun4RVvYpBlF1fgTwbQ6LWyxNVJMKfuFlExc4AEuvd46D8+qaeipXHGLkhXxm
+3sn/D7huZRU6u0KGEZoC4GKa60XqB9naro1vtioNtQLcIcbrntjzfqhU5tAGHbIl
+UDp4FZXs/TnLsJoqrY0G15BoHXhdYUvP+5aHr/RmypuhoU3xWk4rbt0CAwEAAaOB
++jCB9zAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDA0BgNVHSUELTArBggr
+BgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzAzBggrBgEF
+BQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMDEG
+A1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9yZXZva2UuY3Js
+MDkGA1UdEQQyMDCCDyouYnIwdGthc3Rlbi5kZaAdBggrBgEFBQcIBaARDA8qLmJy
+MHRrYXN0ZW4uZGUwDQYJKoZIhvcNAQENBQADggIBAD/KPnpUvx7DHyIQA9wpX9QV
+Mq9n5Sgaw8kZA3mMe3g+nB4MI/YQrHHQ7K4mpZv7ZL2cGwVCEUYZQmsxrp5HemwM
+i+wFB2LBERQeS4y1UWHKlBFbnlhXCrC7fkw6YsyMCvYvZyd4LlcNXXp/scApzrSe
+PWX0O5/aIQCFF/1NfKXCJ05QYSN6DxMXaz/ovR97WB+2fczt9rDab8rPjwx65+w6
+EHhOwqnooWilw58WoIEy3jW5VowCGQIrtAGwfBgv1GgLLzfDC8qQA01+xYgnjPG8
+5VoIjx7Myvl5x3nFT73DrH8n34JsfFwm6h1+OnzNgTugmep9kYATdEd7Nb8b2Fq+
+VAhh2Am+QIyxy4mqq63M23C9R6UkawyximEMKIDmjB6KSMPewErk4cHECPhaSNCC
+Cil4mL5zLSf8iFbQQ+ofisShFTiivuLDJLGUlTApoVtlsW/Xb0f9axvXSHaQ7h1H
+GIHtrjxpQlFtGDbZwRQ8pp1xg1NdZ0FLt0h7cFkYzh6RWjLCZ09FzFqLqE4GY1p1
+lEZSNHJfvXw2zMUtCTmIvzLbTnrDKCLKQIgYdFvzkgd2/RMq1k39b09zjzBEOGQA
+/P7yhO1q0BXDdL08ZOu/13s9G4ovsUII1DrQNm5aJh89KPZ/kVgtGikWAbT7WqTS
+4jmCW392bf4ez74VKFkB
+-----END CERTIFICATE-----
diff --git a/files/ssl/key.pem b/files/ssl/key.pem
new file mode 100644
index 0000000..0595027
--- /dev/null
+++ b/files/ssl/key.pem
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC3VrzgF7567HuT
+2W603iEZiiboCtWjypjLoy5si1EjC/t+Grf8JGkyP8yx07MknK//fH+OM/FWz9de
+9i3dGJhTyYeMT+cFBXTc7TikO3H9gWioNdYKowVFqV6W6kynBu6950NzyQ7RLcnH
+UtmALH2/kxed72ji48y4wYgzDIoM+46Lo73A7mFXDmfiWcD50hvMPAuHOz4OcC5V
+YhztvnqmsfBuJ4JXz0AQCDQ4Rt3b5q+9o2xVK1v4nJsHpu68wcPNot0KxZ0Jv6LG
+AhpS4nWYdpwyi7Ozweub5GsnncNlGQpFTwuR5g6302zXvkffzSMnPqMjeOR6R4R1
+5jr9OJY34SoMuE4HtJcAeDwqDXqPMKeBDjdeMBsm/vn63fkbvSILGFiuzI5QldzC
+xHSwffSJnIJ5ttha9qYhq2xYL3A/4JbMsVcXXicFcTXANdhrGDbMCsdOVpzWld4W
+RoNsO6p/2r555nyFquLc+QGE6JRDw1MnT1vAXYTM7Rm6fhFW9ikGUXV+BPBtDotb
+LE1Ukwp+4WUTFzgAS693joPz6pp6KlccYuSFfGbeyf8PuG5lFTq7QoYRmgLgYprr
+ReoH2dqujW+2Kg21Atwhxuue2PN+qFTm0AYdsiVQOngVlez9OcuwmiqtjQbXkGgd
+eF1hS8/7loev9GbKm6GhTfFaTitu3QIDAQABAoICAGljwfUrkQKGeE84OSxdWDef
+M9hFiiO6bXT529DnkP+Nfscxwrt9jr8k75z1bdBJBd7eiVCMSVo25b4f06N55O6d
+NX8R22IGjfQFpX668T7hqfCv6dd5eKlfwBEOpHuLP6gIjby8Qfk60ffzhzXn3W1H
+t9bA7dEnU+KM1adKuPzXikx5FrYWEfyCOnNiVs0E25femF3nTzfrgqbwXGLKESVL
+ukMIESQ67b+Jh8Ml8ZjcFf/0Nm0LHLZgB7oxWqFE3TKTQW9Uw338HCyovssQhLrc
+y9M+fVGC0tZtSq+eP9kYuM+4rZTz41gGgFXQeu6KtH91wT+92dD01Y8UhqpTYf3J
+5MJrNthcD7Z7DCGyl3iNSe/fOfn9A+RBMc+hnatzC5IGed/VHdDTNlzjBXNfLHOG
+g9hLV5Boe2Ee9axzxG31ZMwUmTyud89715UcDyE66OVWLmgRHnp8aopcGj8Hxjv6
+ic9vWsFzqaPkgnYfi70Ph/CIprkZsMKjU0vQHHA9Nllo61KfIhp4uHqpnTnCu28d
+Nfbxd9phkO5QcHGRQY5P5PhX2t4l00aAPafeBZIzgstKO0U2edcf3RgiPxpAPlF9
+dLpbVZEGHubunGgkPVWGMgcTQ360UfnA3Z2oVfvX5B15AvnPVoem4p5c3gY8AUB7
+QLOc1+MdcKVMnaC7vQ+hAoIBAQDjQDgtZOpkQ7QdqZvyOWRTvkkK76zjnkdsbBmL
+rOSCvMC5xqKFQeqJhbeITKRLo5IHPVl3pdaVQqhkg3wfMh/bwpJfZCJPlOg5q9Oo
+c4JzsCrouLvnWQx9rzJLsXQGrxE2UKJaWRZLGxeSVhNwpI1dHouKS8sBDm5P7MCt
+ytiNALguim9jWrujsQh63Tvg82khMYstZoLTDboLlQmLsJ2TIOrjko8+qnomxtuX
+ywsIF/VZaSrqpa7Y9NBIeuaSbupJOo5SZ0MdfABjtlvhDRwtbRn9CYF2nWJcFZJ3
+ifS8K19H4Ajxj1SBBNNhATAL46+qbFeBYWrQLRPYXOGfp8h1AoIBAQDOiGBgeNhc
+wOcuENdM+0bQTyXAr90DW34ucDhDwPH8WrI1VlJix/VSC4wXjDp0b5h9WRXJoC6A
+Oidzx83tGto5sQLhl9ZBeJyTwDLU+XPS+JXRfJDt5gz7QxnxnX7GRWMnKKi2hP8q
+wYCFz2uOeHiPXV+GeAtEN7brJUaazSJDCB5NZcUme43b00fMsdTyVq01DZP425UK
+lFq0fIJufo2O3XjZcC/7qYN1Jyx/oHnP48ExyPZbU3OlAVwZs3XYKEi/3gp6uYfQ
+IkP3JYg4yr/uuJrSfl35oBfDTY8Eg0FeTpFI8Cvdr1XnA9j1oeCvKLlZxLaBomMY
+VRQUXdyjaX/JAoIBAC5uGow7yCAALTa6RqBw1Wy+vhG78mj3F8SxOW7uPinwArhy
+OxZa5159sYfpkM/bdaSBBlyJx5PrcJhIvP1qslOmJ13SCaiU1fWig7YxE4AriDjQ
+NaQI76JmPzJz6S7Magnc467t8L4bpO9DIumq1S8nZH83CR0II8W0q5FWlnQIp5jq
+s+Nq0Febfg4MUYWedeZQRw1ZmnUgothm9PJTfX5oBVXFxfqZvidaDdevpmta6cgA
+0sHqZBTzv/JvGdjlTHz1t8piSrYldbbptU//67fkSKEIZikj8sq5pZlC2HvxqJ/4
+yBsCm9NYdw+kvHpRZLy/Mgm/K6Go9BsKrxZ9o1kCggEBAMbzUju8TVfULx4N9Qhg
+CdACXjCmeDWSvhNH4LtLsw9P4tlEZSpoymWVYAcS+wBMu80LstQ+LG0zF+wNLc5Y
+jp0Cae8cj7UT1WjyvUSxY6R3+AILh6TTde/YrLY16/hcwO3o2dSwewkZy4+axlZA
+sIoR/UIQg3HcZaVQjBn0vytpN5+BCJBQds+qUEDbkXE8k69GfCM+iuzdCh9QzWhZ
+Gk3kBFUZH+/CVDLXYKM02AKtt94YY1CILB9oFutfF4b5D1NcNiYQcMbLK0N5cSac
+EJWKWQGp3ybm09076igDtEV/U666RNdQ3mQiLa44mLLCfQH/X3uzDNhUpHoWDMOR
+jhkCggEARM45FUFwUvpB2LpzHYMDIkeczQ5llwwQtSjz7Or/M7URQ98dfpsQ5TvW
+cUHFMJ6CKtTyx4mpBU5nLBa33THdob+Qo7MFsXSYoyvZOwWhSkXIMJKki74/DVYy
+SBgu1QAt58UOjgAXQmy1tPusVbG15juN9P9zjkcG//lTpw/jUYEq2OGlwJkMP2nw
+MxRF6ow3lmM2wU6bYqmSfrc8VnWJg2bQr7wMpTGh+cNEOPgZET7GFsX878JyD83h
+ZMdBwzFx20rESQ/J6EMYK7kW76A20cQXh/vrhAzFZ/Xq9Q5Eaa4yHMkfRYvy2aW+
+5T6cXxgEOoiMHt7e5/CXgAlWvEli+Q==
+-----END PRIVATE KEY-----
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..6feaf0c
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,93 @@
+---
+- name: update apk cache
+  apk: update_cache=yes
+
+- name: install packages
+  apk: name=postfix,postfix-pgsql,postfix-policyd-spf-perl,dovecot,dovecot-pgsql,dovecot-pigeonhole-plugin,clamav,freshclam,clamsmtp,gross,spamassassin,spamassassin-client,mailx,mutt state=present
+
+- name: deploy main.cf
+  template: src=postfix/main.cf dest=/etc/postfix/main.cf
+
+- name: deploy master.cf
+  template: src=postfix/master.cf dest=/etc/postfix/master.cf
+
+- name: deploy pgsql-aliases.cf
+  template: src=postfix/pgsql-aliases.cf dest=/etc/postfix/pgsql-aliases.cf
+
+- name: deploy pgsql-domains.cf
+  template: src=postfix/pgsql-domains.cf dest=/etc/postfix/pgsql-domains.cf
+
+- name: deploy pgsql-maildir.cf
+  template: src=postfix/pgsql-maildir.cf dest=/etc/postfix/pgsql-maildir.cf
+
+- name: deploy grossd.conf
+  template: src=gross/grossd.conf dest=/etc/grossd.conf
+
+- name: deploy dovecot.conf
+  template: src=dovecot/dovecot.conf dest=/etc/dovecot/dovecot.conf
+
+- name: deploy dovecot-sql.conf.ext
+  template: src=dovecot/dovecot-sql.conf.ext dest=/etc/dovecot/dovecot-sql.conf.ext
+
+- name: create postfix spool dir 
+  file: path=/var/spool/postfix state=directory owner=root group=root
+
+- name: create postfix pid dir
+  file: path=/var/spool/postfix/pid state=directory owner=root group=root
+
+- name: create dovecot log dir 
+  file: path=/var/log/dovecot state=directory recurse=yes mode=0770 owner=dovecot group=mail
+
+- name: create maildir
+  file: path=/var/spool/imap state=directory owner=mail group=mail
+
+- name: deploy clamd.conf 
+  copy: src=clamav/clamd.conf dest=/etc/clamav/clamd.conf mode=0600 owner=root group=root
+
+- name: deploy feshclam.conf
+  copy: src=clamav/freshclam.conf dest=/etc/clamav/freshclam.conf mode=0600 owner=root group=root
+
+- name: deploy clamsmtpd.conf
+  copy: src=clamsmtpd.conf dest=/etc/clamsmtpd.conf mode=0600 owner=root group=root
+
+- name: generate dh512
+  command: openssl dhparam -out /etc/ssl/private/dh512.pem 512
+
+- name: generate dh1024
+  command: openssl dhparam -out /etc/ssl/private/dh1024.pem 1024
+
+- name: enable grossd
+  command: /sbin/rc-update add grossd
+
+- name: enable clamd
+  command: /sbin/rc-update add clamd
+
+- name: enable clamsmtpd
+  command: /sbin/rc-update add clamsmtpd
+
+- name: enable spamd
+  command: /sbin/rc-update add spamd
+
+- name: enable postfix
+  command: /sbin/rc-update add postfix
+
+- name: enable dovecot
+  command: /sbin/rc-update add dovecot
+
+- name: restart grossd
+  command: /sbin/rc-service grossd restart
+
+- name: restart clamd
+  command: /sbin/rc-service clamd restart
+
+- name: restart clamsmtpd
+  command: /sbin/rc-service clamsmtpd restart
+
+- name: restart spamd
+  command: /sbin/rc-service spamd restart
+
+- name: restart postfix
+  command: /sbin/rc-service postfix restart
+
+- name: restart dovecot
+  command: /sbin/rc-service dovecot restart
diff --git a/templates/dovecot/dovecot-sql.conf.ext b/templates/dovecot/dovecot-sql.conf.ext
new file mode 100644
index 0000000..f606754
--- /dev/null
+++ b/templates/dovecot/dovecot-sql.conf.ext
@@ -0,0 +1,7 @@
+driver = pgsql
+connect = host=db.lxc.br0tkasten.de dbname=users user=mail
+default_pass_scheme = PLAIN-MD5
+
+#user_query = SELECT home, uid, gid FROM users WHERE userid = '%n'
+user_query = SELECT r.home, r.uid, r.gid FROM users r, users v WHERE v.userid = '%n' AND v.realuser = r.userid
+password_query = SELECT realuser as user, '{PLAIN-MD5}' || password as password FROM users WHERE userid = '%n'
diff --git a/templates/dovecot/dovecot.conf b/templates/dovecot/dovecot.conf
new file mode 100644
index 0000000..2edc1c7
--- /dev/null
+++ b/templates/dovecot/dovecot.conf
@@ -0,0 +1,86 @@
+## Dovecot configuration file
+base_dir                    = /var/run/dovecot/
+protocols                   = pop3 imap sieve
+mailbox_idle_check_interval = 15
+ssl_cert                    = </etc/ssl/private/mailcert.pem
+ssl_key                     = </etc/ssl/private/mailkey.pem
+listen                      = *
+
+# To disable plaintext login without ssl set disable_plaintext_auth = yes
+disable_plaintext_auth      = no
+ssl                         = yes
+default_login_user          = dovecot
+
+first_valid_uid             = 8
+mail_location               = maildir:~
+mail_access_groups          = mail
+mail_privileged_group       = mail
+verbose_proctitle           = no # yes
+
+log_path                    = /var/log/dovecot/access.log
+info_log_path               = /var/log/dovecot/info.log
+debug_log_path              = /var/log/dovecot/debug.log
+
+auth_verbose                = no
+auth_mechanisms             = login plain
+
+protocol lda {
+  postmaster_address        = postmaster@br0tkasten.de
+  mail_plugins              = $mail_plugins sieve
+}
+
+service auth {
+	inet_listener {
+		address               = 127.0.0.1
+		port                  = 6222
+	}
+}
+
+passdb {
+	driver                   = sql
+   args                     = /etc/dovecot/dovecot-sql.conf.ext
+}
+
+userdb {
+	driver                   = sql
+   args                     = /etc/dovecot/dovecot-sql.conf.ext
+}
+
+dict {
+}
+
+plugin {
+}
+
+protocol imap {
+	imap_idle_notify_interval = 29 mins
+}
+
+protocol pop3 {
+	ssl              = no
+	pop3_uidl_format = %08Xu%08Xv
+}
+
+namespace {
+	separator = .
+	prefix =
+	inbox = yes
+
+  mailbox Trash {
+    auto = subscribe
+    special_use = \Trash
+  }
+  mailbox Drafts {
+    auto = subscribe
+    special_use = \Drafts
+  }
+  mailbox Sent {
+    auto = subscribe
+    special_use = \Sent
+  }
+  mailbox Spam {
+    auto = subscribe
+    special_use = \Junk
+  }
+
+}
diff --git a/templates/gross/grossd.conf b/templates/gross/grossd.conf
new file mode 100644
index 0000000..01da022
--- /dev/null
+++ b/templates/gross/grossd.conf
@@ -0,0 +1,11 @@
+protocol = postfix
+statefile = /var/db/gross/state
+check = dnsbl
+check = rhsbl
+dnsbl = zen.spamhaus.org
+dnsbl = list.dsbl.org
+dnsbl = bl.spamcop.net
+dnsbl = combined.njabl.org
+dnsbl = cbl.abuseat.org
+dnsbl = dnsbl.sorbs.net
+rhsbl = rhsbl.sorbs.net
diff --git a/templates/postfix/main.cf b/templates/postfix/main.cf
new file mode 100644
index 0000000..46b22a0
--- /dev/null
+++ b/templates/postfix/main.cf
@@ -0,0 +1,93 @@
+queue_directory                     = /var/spool/postfix
+command_directory                   = /usr/sbin
+daemon_directory                    = /usr/lib/postfix
+data_directory                      = /var/lib/postfix
+mail_owner                          = postfix
+setgid_group                        = postdrop
+sendmail_path                       = /usr/sbin/sendmail
+newaliases_path                     = /usr/bin/newaliases
+mailq_path                          = /usr/bin/mailq
+compatibility_level                 = 2
+
+myhostname                          = mail.{{ domain }}
+mydomain                            = {{ domain }}
+myorigin                            = $mydomain
+relay_domains                       = $mydestination
+mynetworks_style                    = host
+mynetworks                          = 127.0.0.0/8 10.3.0.0/24 37.221.196.144/32
+smtpd_banner                        = $myhostname ESMTP
+
+smtpd_tls_dh1024_param_file         = /etc/ssl/private/dh1024.pem
+smtpd_tls_dh512_param_file          = /etc/ssl/private/dh512.pem
+smtpd_tls_eecdh_grade               = strong
+tls_preempt_cipherlist              = yes
+smtpd_tls_loglevel                  = 1
+smtp_tls_loglevel                   = 1
+smtpd_tls_cert_file                 = /etc/ssl/private/mailcert.pem
+smtpd_tls_key_file                  = /etc/ssl/private/mailkey.pem
+smtpd_tls_security_level            = may
+
+unknown_local_recipient_reject_code = 550
+alias_maps                          = pgsql:/etc/postfix/pgsql-aliases.cf
+alias_database                      = $alias_maps
+
+smtpd_sasl_auth_enable              = yes
+smtpd_sasl_security_options         = noanonymous
+smtpd_sasl_local_domain             = $mydomain
+smtpd_sasl_type                     = dovecot
+smtpd_sasl_path                     = inet:127.0.0.1:6222
+broken_sasl_auth_clients            = yes
+
+receive_override_options            = no_address_mappings
+disable_vrfy_command                = yes
+
+dovecot_destination_recipient_limit = 1
+recipient_delimiter                 = +
+virtual_transport                   = dovecot
+virtual_alias_maps                  = pgsql:/etc/postfix/pgsql-aliases.cf
+virtual_mailbox_domains             = pgsql:/etc/postfix/pgsql-domains.cf
+virtual_mailbox_maps                = pgsql:/etc/postfix/pgsql-maildir.cf
+
+smtpd_delay_reject                  = yes
+smtpd_helo_required                 = yes
+smtpd_helo_restrictions             = 
+	permit_mynetworks,
+	reject_invalid_hostname,
+	permit
+
+smtpd_sender_restrictions           =
+	permit_sasl_authenticated,
+	permit_mynetworks,
+	reject_non_fqdn_sender,
+	reject_unknown_sender_domain,
+	permit
+
+smtpd_recipient_restrictions        =
+	reject_unauth_pipelining,
+	reject_non_fqdn_recipient,
+	reject_unknown_recipient_domain,
+	permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_unauth_destination,
+   check_policy_service inet:127.0.0.1:5525,
+   check_policy_service unix:private/spfpolicy,
+	permit
+
+smtpd_relay_restrictions            = 
+	permit_mynetworks,
+	permit_sasl_authenticated,
+	defer_unauth_destination
+
+html_directory                      = no
+manpage_directory                   = /usr/share/man
+sample_directory                    = /etc/postfix/sample
+readme_directory                    = /usr/share/doc/postfix
+inet_protocols                      = ipv4
+
+message_size_limit                  = 20480000
+
+debug_peer_level = 2
+debugger_command =
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+	 ddd $daemon_directory/$process_name $process_id & sleep 5
+
diff --git a/templates/postfix/master.cf b/templates/postfix/master.cf
new file mode 100644
index 0000000..2e2dc4e
--- /dev/null
+++ b/templates/postfix/master.cf
@@ -0,0 +1,55 @@
+smtp      inet  n       -       n       -       -       smtpd
+        -o content_filter=scan:127.0.0.1:10025
+
+scan      unix  -       -       n       -       16      smtp
+        -o smtp_send_xforward_command=yes
+
+127.0.0.1:10026 inet  n -       n       -       16      smtpd
+        -o content_filter=spamassassin
+        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
+        -o smtpd_helo_restrictions=
+        -o smtpd_client_restrictions=
+        -o smtpd_sender_restrictions=
+        -o smtpd_recipient_restrictions=permit_mynetworks,reject
+        -o mynetworks_style=host
+        -o smtpd_authorized_xforward_hosts=127.0.0.0/8
+
+spamassassin    
+          unix  -       n       n       -       -       pipe 
+   user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
+
+spfpolicy unix  -       n       n       -       -       spawn
+	user=nobody argv=/usr/bin/perl /usr/bin/postfix-policyd-spf-perl
+
+submission inet n       -       n       -       -       smtpd
+   -o smtpd_enforce_tls=yes
+   -o smtpd_sasl_auth_enable=yes
+   -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+
+dovecot   unix  -       n       n       -       -       pipe
+  flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
+#  flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
+
+pickup    unix  n       -       n       60      1       pickup
+cleanup   unix  n       -       n       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+rewrite   unix  -       -       n       -       -       trivial-rewrite
+bounce    unix  -       -       n       -       0       bounce
+defer     unix  -       -       n       -       0       bounce
+trace     unix  -       -       n       -       0       bounce
+verify    unix  -       -       n       -       1       verify
+flush     unix  n       -       n       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       n       -       -       smtp
+relay     unix  -       -       n       -       -       smtp
+showq     unix  n       -       n       -       -       showq
+error     unix  -       -       n       -       -       error
+retry     unix  -       -       n       -       -       error
+discard   unix  -       -       n       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       n       -       -       lmtp
+anvil     unix  -       -       n       -       1       anvil
+scache    unix  -       -       n       -       1       scache
diff --git a/templates/postfix/pgsql-aliases.cf b/templates/postfix/pgsql-aliases.cf
new file mode 100644
index 0000000..00d95d7
--- /dev/null
+++ b/templates/postfix/pgsql-aliases.cf
@@ -0,0 +1,6 @@
+hosts    = db.lxc.br0tkasten.de 
+user     = mail
+password = ienohSe4
+dbname   = users
+
+query = SELECT realuser FROM users WHERE userid='%s'
diff --git a/templates/postfix/pgsql-domains.cf b/templates/postfix/pgsql-domains.cf
new file mode 100644
index 0000000..6884131
--- /dev/null
+++ b/templates/postfix/pgsql-domains.cf
@@ -0,0 +1,6 @@
+hosts    = db.lxc.br0tkasten.de
+user     = mail
+password = ienohSe4
+dbname   = users
+
+query    = SELECT domain FROM users WHERE domain='%s'
diff --git a/templates/postfix/pgsql-maildir.cf b/templates/postfix/pgsql-maildir.cf
new file mode 100644
index 0000000..e7817df
--- /dev/null
+++ b/templates/postfix/pgsql-maildir.cf
@@ -0,0 +1,6 @@
+hosts    = db.lxc.br0tkasten.de
+user     = mail
+password = ienohSe4
+dbname   = users
+
+query    = SELECT home FROM users WHERE userid='%u' AND domain='%d'