diff --git a/smtprelay/Dockerfile b/smtprelay/Dockerfile
index 36a86ba..2e7120d 100644
--- a/smtprelay/Dockerfile
+++ b/smtprelay/Dockerfile
@@ -1,5 +1,13 @@
-FROM alpine:edge
-RUN apk --update --no-cache add opensmtpd openssl && \
-    install -d -m 0711 -v /var/spool/smtpd && \
-    openssl req -newkey rsa:4096 -nodes -keyout /etc/ssl/serverkey.pem -x509 -days 365 -subj "/CN=smtprelay.codehal.de" -out /etc/ssl/servercert.pem
+FROM alpine
+RUN apk --update --no-cache add shadow opensmtpd opensmtpd-filter-dkimsign && \
+    install -dm 711 /var/spool/smtpd && \
+    groupmod -g 601 smtpd && \
+    groupmod -g 602 smtpq && \
+    groupmod -g 603 dkimsign && \
+    usermod -u 601 -g smtpd smtpd && \
+    usermod -u 602 -g smtpq smtpq && \
+    usermod -u 603 -g dkimsign dkimsign && \
+    chgrp smtpq /usr/sbin/smtpctl && \
+    chmod g+s /usr/sbin/smtpctl && \
+    apk del shadow
 ENTRYPOINT smtpd -d
diff --git a/smtprelay/docker-compose.yml b/smtprelay/docker-compose.yml
index 04d4b5d..c63c004 100644
--- a/smtprelay/docker-compose.yml
+++ b/smtprelay/docker-compose.yml
@@ -1,5 +1,3 @@
-version: '3'
-
 volumes:
   spool:
 
@@ -9,7 +7,7 @@ services:
     build: .
     restart: unless-stopped
     volumes:
-      - ./smtpd:/etc/smtpd:ro
+      - ./opensmtpd:/etc/smtpd:ro
       - spool:/var/spool/smtpd
     ports:
       - 587:587
diff --git a/smtprelay/smtpd/creds b/smtprelay/opensmtpd/creds
similarity index 66%
rename from smtprelay/smtpd/creds
rename to smtprelay/opensmtpd/creds
index c41d7e2..1aa4479 100644
--- a/smtprelay/smtpd/creds
+++ b/smtprelay/opensmtpd/creds
@@ -1,2 +1,3 @@
 user1	$6$kHKLoDIKs/glvw9v$NlERi0VTXJw1Nxa6DQWv9k5DXZ5pvRIJo77j3CqpwJxhZkmvURClviSwyD1RLY7Y0EAlF44qFx7T1IfMwoGwl0
 user2	$6$MJI.2JXCp88rZbFg$Z5aiK3d001yycF21tXnWBbwsCyfDCLHPs0X1INM2Amj4GP/GxkV/NG.ZTELaD.BP3YOaCFo6PKqb2ns.Nmril.
+user	$6$VdLqPKptD5yxiY.j$xzHXVjzgmrwI3VV1uX8HKvbd1g/9jmZy3ygE94fz3u5KT5xye1m6vFB/4wm533oo3gY1VNoBAZHMIAvFY.JuI0
diff --git a/smtprelay/opensmtpd/dkim_rsa4096.key b/smtprelay/opensmtpd/dkim_rsa4096.key
new file mode 100644
index 0000000..faf5e50
--- /dev/null
+++ b/smtprelay/opensmtpd/dkim_rsa4096.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDHLgVkBm/JljPN
+o60CNFl4uYrWyhNyn9SkK+DdPrySQf/CHtHkZyXp3srvNyDbwSn8fsl0ZDGJ39o/
+X46Gx8zNNphZzw5B3zgyPtgk4i3bjRuE12FuKD9H7GoLuT+TcwhrAI+zu/CCKKiX
+sGyF6W0OZZnAGwq8i8vKM/z8LKQJ7BOrIfMf3oENjnTu0JMF48ck/lNcF4FKLtOM
+FbSu8HRqi/03vdH9WCDFqmifou7HVvaqui6f+q9hqFIxQvxwkvXz/KgCsobzJDQV
+D9int9mygK9R/dwu6SiXLRvEzKRwDC60qveGVKPKMWeW9M6p9NTuXX1UxBzGxzmf
+phQjw5tCAiuDCRxmmT0Sf85Cs01/q1feizdcIdauy2bk0ToJK/aHX5uwoP+VCaMh
+ppzqYt0ltCFxxNNYmFlClHbTapGU4gdbYM/a2D6Za+XzqSjAZ5VvockJo0dxqbrl
+ljYEuFNK78u+tVxjIQyIdk+zLKD5ZliZp8VTjgbwawLREJw9uh49UbnvBxD+W1JO
+drXOjaKKOls+DdKh2fBVqKt2EKSFr7bqModixOh5VI0cqeezJ5oS8yPPaKBn2kFN
+4AwfeZwkQhVI3nsWSATfzb7asIPSMAZnBHdywQUghpDcc2beSL0X7Jm1dtVGNyOI
+alzu7ugWzarbdPWPjnwCBZWi/3cEmQIDAQABAoICAAb1aAWOtoLY0yo+6sVSEiKm
+O9AlevC1HgsWx9o+7fxfnyl3ZW6Y/nF5YcZh+w1GZjq+rLfa5MKr/g5a/qodip2M
+R94SXm2FeIuD184RE1hRaZnWYv5j3FMdUraiZBLZEN0ZJcwaF6zacgprpNz4UuGv
+AcQ9BZ7g9O+VaaQfRKNemrDOxLVTMxfHx3TM92f8JVnY401rOk5+zI//NaLrfmu3
+BJOZF4Al/y4cth9GpFg1RPShwM2AxvYO2QFE1Xgy4DIkHHQMq+uMcx/dv/xbD1ld
+xtJC39mJNoxyjF7vpdqOyGZyNyfbpuXCXFvBJYO5TKOfw0hN+jHlJbGazicSN0cz
+IUJnSvfUvvigqsGxVBDISVnwEYnfMc0EzjYuWuOyhPPZKfLrz68NDigWlrxG1x2f
+MoYl3QxPJsFf6YakeNAx1/lE0Bw9pkIYvEO0eBQJqNisFKGLUfp/BLkvm8/hbWuv
+cpMAQftr7EbDeNCaf5B8KKTad78HNHnuH2cPmBaEn4nZZdL1geyz+YiMnWOmukTF
+Ehoda+XDMb8bkfJ/vaRDtAOHR1lyDM0fOvtuqcrptB9qMOtcGXko2qGIhtp4E9IX
+HCJ9//9LjT/N4khHXbZyGBRLtqm/KosJkvKTb5Q4nqwQA0ekLBmyhkXuVVgyaKFl
+mMTx0ZEVzHyVvhhL7xuxAoIBAQD2HYNKRAw2I5A0YWhG82HqBX/Q+W/5lWZk5BiF
+jyFOeUlHyl7W+2PbJXKt7vK94ypguWH3RRkO7SARcNZOcP7btv+Eq4XJCaXOqOBH
+jzO0Ug5kvZVaWveBTZ1kamfYBPw/AIZo9Pxk3D/EpfK8FuFCOFpHhjOL8Pt0Of9l
+24CSnqJFxmIA7DjDHIjIjCAex5yXzqlEETwZz8hcQGCxJpXyCnoVtvFkwerIWsGI
+w6FblYXS5gAkUJvE8dA/EA9wz4rOMDrr4+PZHL42R6Y/KPIN8Th+bMNp+aYCC0mt
+BiV2eRWgdy9W6Jp+mnlg7JkikMAy1LOe7/W2Fx5XRhO13OcxAoIBAQDPLe492KH6
+BYX4B2N2mHcUMvDQhb0A+hQo7zncU4HkUhz4ffFPoUjmdoL9Oj8U7EoWhjm3QYAK
+xyFVQ0geqXL/PLW42hJAqxeIkcqcDt03xPwkwyfsynOziMcvoRlHTc48tRZpR8gE
+8KFGTdKS0Wb0jQk77PIzMn6zhbMEj4Cn+WygEIZ88H3haxaZakqBQbVtV7BcPMkm
+8r8aEf3/eXarYC+748ZRzCsP85z0XUPfqgdlRh6mHv3fFCkugVM5pCXZq+GAqKJV
+k77n1RshJaz12HtfkfbDUCmKhOnmoZv+kVw2fVLEl3kgnlz/X4hSR4LbDVQdzUKX
++GRcbscljenpAoIBAC6hXtu2Ut37FPpnrjsrJ9UQH6x3ZjjSjqj08pRzjurwXesF
+M7zluoCt8rFzwXgqzz+uQBp6dAn48Yd8ao5IKHF2lakMWnfBpTGnm37TagdzOJjr
+tp18+MH986Ev6+bo4uYI8m52ZE+zzz0x9/CdISbLyIcerSuJiAr4ZiRlV1HwTmyL
+7suf9g05nczph7htN4UnubhUz59QV/TqmadW2TgXthPhKpFdkF9PmrWP40WX6dgQ
+jdxTjX/eFQetwk8sc28ngjJpZiUfpgZgwuXamyn7FyoU711n2IUwoE/xBy4QOQHD
+MyvzPDpaiD7N9SGwbUn0NOgbLOHINY5xj5B4fzECggEAaWSpLKcWhzTmGO3RSFR5
+Rzo+zSUrp+KP/N7tpUqJ6ldnS3XuGx8mEa86JY3K517otZqko7fbZiA0scYfWxHC
+YVtF6nptDJ68wwm/czIQkT1RM3ZfyhKXVz5+bZlbXa2T+8f3ValhdDnhIP2X4H5M
+DJ3uk6CO+UJ3t+WM0wYZYdn9y1N8xvQkZVbv0S2EJ0sA+1W/bryxa3HTi3SZrKvi
+lX3B6qgNjDD7uwqnzpvfWlmJl5hbIRDk/uWnqXO6nbkGVDwe5C9lHXmihRcgzPT4
+jrwIzu5XBLaz2zaQMnYGADN8IHASedXAlbpZ/sNfetPMGpkmMF7pwJtomqj0AAO4
+eQKCAQEAqyxVnVdblW7zQbVzIHKxysGPc+1d6f/RsoW9inBAXAYTPxJbBIUIl+Qs
+X/2EPYE8pox24ruLVBLA9+2fRU9/yF4/5x8aXnXeU/KMUVWvuzEJ+l5HYySAZqGw
+JymQsd97mFRZgYNhrdGisdCciXKuwxwd0E5d+H7Bvd3zvrLWYjLaXCMvEAZVmxLk
+DpeTFztYclT0vm2f26SLTUd8FbCDVEAV1+nSa1s8hcNz1QgHvoD4oDUe4KFh+n+D
+QgWiGePbuep7f5h02iI9HZOExwgQirEveMV3XyEUrACW9Zi4EyhKNoHVksFwNrX4
+BL5KfMGSowUX9nsTXP8r1PNrJWF3Bw==
+-----END PRIVATE KEY-----
diff --git a/smtprelay/opensmtpd/mailname b/smtprelay/opensmtpd/mailname
new file mode 100644
index 0000000..0551cd0
--- /dev/null
+++ b/smtprelay/opensmtpd/mailname
@@ -0,0 +1 @@
+lok01.abzw.de
diff --git a/smtprelay/opensmtpd/smtpd.conf b/smtprelay/opensmtpd/smtpd.conf
new file mode 100644
index 0000000..6eb2681
--- /dev/null
+++ b/smtprelay/opensmtpd/smtpd.conf
@@ -0,0 +1,17 @@
+pki smtprelay.abzw.de cert "/etc/smtpd/tls/smtprelay.abzw.de.crt"
+pki smtprelay.abzw.de key "/etc/smtpd/tls/smtprelay.abzw.de.key"
+
+table creds file:/etc/smtpd/creds
+
+filter "dkimsign" proc-exec "filter-dkimsign -d abzw.de -d codehal.de -s lok01 -k /etc/smtpd/dkim_rsa4096.key" user dkimsign group dkimsign
+
+listen on eth0 port 587 tls-require pki smtprelay.abzw.de auth <creds>
+listen on 127.0.0.1 port 10027 tag DKIM_SIGNED filter "dkimsign"
+
+action "relay_dkim" relay host smtp://127.0.0.1:10027
+action "send" relay
+
+match tag DKIM_SIGNED for any action "send"
+match from mail-from "@abzw.de" auth for any action "relay_dkim"
+match from mail-from "@codehal.de" auth for any action "relay_dkim"
+match from any auth for any action "send"
diff --git a/smtprelay/opensmtpd/tls/smtprelay.abzw.de.crt b/smtprelay/opensmtpd/tls/smtprelay.abzw.de.crt
new file mode 100644
index 0000000..3ca177d
--- /dev/null
+++ b/smtprelay/opensmtpd/tls/smtprelay.abzw.de.crt
@@ -0,0 +1,49 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAxOgAwIBAgISBZadN+RRwUE+0mjbueyB75pHMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NzAeFw0yNjA0MDgxMzI1MDhaFw0yNjA3MDcxMzI1MDdaMBwxGjAYBgNVBAMTEXNt
+dHByZWxheS5hYnp3LmRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAfKNjUi9
+u9+lnictQbL5GZzM5oEIFXNFkCZunJZ7o8/BEymbAhaPnwulQKzfxfa4JmZk8XCK
+2TiYk7FJhuFovaOCAh0wggIZMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggr
+BgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSjc29tSyt23hb9QHQsFPwA
+driz5TAfBgNVHSMEGDAWgBSuSJ7chx1EoG/aouVgdAR4wpwAgDAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNy5pLmxlbmNyLm9yZy8wHAYDVR0R
+BBUwE4IRc210cHJlbGF5LmFiencuZGUwEwYDVR0gBAwwCjAIBgZngQwBAgEwLQYD
+VR0fBCYwJDAioCCgHoYcaHR0cDovL2U3LmMubGVuY3Iub3JnLzcyLmNybDCCAQwG
+CisGAQQB1nkCBAIEgf0EgfoA+AB2AMIxfldFGaNF7n843rKQQevHwiFaIr9/1bWt
+dprZDlLNAAABnW16NoMAAAQDAEcwRQIhAMXYbChAukVOQlC9W0YzBgBIR+7l2Rnk
+vZiVOTMKC/JmAiA+eO3B52h2y29d/WKI1YUgYFWjyMbrrWoau2b8/0DN5QB+AEav
+hj07PuWfpXfeqCRdNrDZ7SKiI/Rhd0EilFLulVBfAAABnW16N0EACAAABQADWIWD
+BAMARzBFAiEAww8nZl6zNQQ5XC4swU2tr7uKTwjgFiK1znpSA6hQLBgCIAQLA/xr
+rFZqCaaKS5lDdmvnEbzU0TLWgTdx6VkbX8kNMAoGCCqGSM49BAMDA2kAMGYCMQC7
+fhItTdePw/+03T6lutX8ytMbG6yBlX+ppiBW6triiizmWSVjiupgZfUasi3YD2IC
+MQDFEenC3UdFuX0iSerMnTj9hGt7YmH+x98StugF+cZYynhhAwKDX4U1z9DpECar
+siE=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRAKp18eYrjwoiCWbTi7/UuqEwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARB6AST
+CFh/vjcwDMCgQer+VtqEkz7JANurZxLP+U9TCeioL6sp5Z8VRvRbYk4P1INBmbef
+QHJFHCxcSjKmwtvGBWpl/9ra8HW0QDsUaJW2qOJqceJ0ZVFT3hbUHifBM/2jgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSuSJ7chx1EoG/aouVgdAR4
+wpwAgDAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAjx66fDdLk5ywFn3CzA1w1qfylHUD
+aEf0QZpXcJseddJGSfbUUOvbNR9N/QQ16K1lXl4VFyhmGXDT5Kdfcr0RvIIVrNxF
+h4lqHtRRCP6RBRstqbZ2zURgqakn/Xip0iaQL0IdfHBZr396FgknniRYFckKORPG
+yM3QKnd66gtMst8I5nkRQlAg/Jb+Gc3egIvuGKWboE1G89NTsN9LTDD3PLj0dUMr
+OIuqVjLB8pEC6yk9enrlrqjXQgkLEYhXzq7dLafv5Vkig6Gl0nuuqjqfp0Q1bi1o
+yVNAlXe6aUXw92CcghC9bNsKEO1+M52YY5+ofIXlS/SEQbvVYYBLZ5yeiglV6t3S
+M6H+vTG0aP9YHzLn/KVOHzGQfXDP7qM5tkf+7diZe7o2fw6O7IvN6fsQXEQQj8TJ
+UXJxv2/uJhcuy/tSDgXwHM8Uk34WNbRT7zGTGkQRX0gsbjAea/jYAoWv0ZvQRwpq
+Pe79D/i7Cep8qWnA+7AE/3B3S/3dEEYmc0lpe1366A/6GEgk3ktr9PEoQrLChs6I
+tu3wnNLB2euC8IKGLQFpGtOO/2/hiAKjyajaBP25w1jF0Wl8Bbqne3uZ2q1GyPFJ
+YRmT7/OXpmOH/FVLtwS+8ng1cAmpCujPwteJZNcDG0sF2n/sc0+SQf49fdyUK0ty
++VUwFj9tmWxyR/M=
+-----END CERTIFICATE-----
diff --git a/smtprelay/opensmtpd/tls/smtprelay.abzw.de.key b/smtprelay/opensmtpd/tls/smtprelay.abzw.de.key
new file mode 100644
index 0000000..1934acc
--- /dev/null
+++ b/smtprelay/opensmtpd/tls/smtprelay.abzw.de.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEINIHnL1kSNfqUaFYSwWFj1EFGdP9oFWrkLSqySu/AhcioAoGCCqGSM49
+AwEHoUQDQgAEAfKNjUi9u9+lnictQbL5GZzM5oEIFXNFkCZunJZ7o8/BEymbAhaP
+nwulQKzfxfa4JmZk8XCK2TiYk7FJhuFovQ==
+-----END EC PRIVATE KEY-----
diff --git a/smtprelay/smtpctl b/smtprelay/smtpctl
index ea18de4..960a011 100755
--- a/smtprelay/smtpctl
+++ b/smtprelay/smtpctl
@@ -1,2 +1,2 @@
 #!/bin/sh
-docker-compose exec smtprelay smtpctl "$@"
+docker compose exec smtprelay smtpctl "$@"
diff --git a/smtprelay/smtpd/smtpd.conf b/smtprelay/smtpd/smtpd.conf
deleted file mode 100644
index 4c02cc6..0000000
--- a/smtprelay/smtpd/smtpd.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-pki "server" cert "/etc/ssl/servercert.pem"
-pki "server" key  "/etc/ssl/serverkey.pem"
-
-table creds file:/etc/smtpd/creds
-
-listen on eth0 port 587 tls-require pki "server" auth <creds> hostname smtprelay.codehal.de
-
-action "relay" relay
-
-match from auth for any action "relay"
-