diff --git a/Dockerfile b/Dockerfile
index 7064af7..6dd598e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,25 +2,36 @@ FROM debian:buster-slim
 MAINTAINER Mark Feldhousen <mark.feldhousen@trio.dhs.gov>
 
 RUN apt-get update && \
-apt-get install --no-install-recommends -y \
+DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
 ca-certificates \
+dovecot-imapd \
+dovecot-lmtpd \
 gettext-base \
+mailutils \
 opendkim \
 opendkim-tools \
+opendmarc \
 postfix \
+procmail \
 sasl2-bin \
 && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
+RUN adduser mailarchive --quiet --disabled-password \
+--shell /usr/sbin/nologin --gecos "Mail Archive"
+
 USER root
 WORKDIR /root
 
+# make backups of configurations.  These are modified at startup.
 RUN mv /etc/postfix/master.cf /etc/postfix/master.cf.orig
+RUN mv /etc/default/opendkim /etc/default/opendkim.orig
+RUN mv /etc/default/opendmarc /etc/default/opendmarc.orig
 
 COPY ./templates ./templates/
 COPY ./src/docker-entrypoint.sh .
 
 VOLUME ["/var/log", "/var/spool/postfix"]
-EXPOSE 25/TCP 587/TCP
+EXPOSE 25/TCP 587/TCP 993/TCP
 
 ENTRYPOINT ["./docker-entrypoint.sh"]
 CMD ["postfix", "-v", "start-fg"]
diff --git a/docker-compose.yml b/docker-compose.yml
index 525e957..1a50d6f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,6 +6,8 @@ secrets:
     file: ./secrets/fullchain.pem
   privkey_pem:
     file: ./secrets/privkey.pem
+  mailarchive_passwd_txt:
+    file: ./secrets/mailarchive_passwd.txt
 
 
 services:
@@ -18,7 +20,10 @@ services:
     restart: always
     environment:
       - PRIMARY_DOMAIN=example.com
-      - RELAY_IP=
+      - RELAY_IP=172.16.202.1/32
+    networks:
+      front:
+        ipv4_address: 172.16.202.2
     ports:
       - target: "25"
         published: "1025"
@@ -28,8 +33,22 @@ services:
         published: "1587"
         protocol: tcp
         mode: host
+      - target: "993"
+        published: "1993"
+        protocol: tcp
+        mode: host
     secrets:
       - source: fullchain_pem
         target: fullchain.pem
       - source: privkey_pem
         target: privkey.pem
+      - source: mailarchive_passwd_txt
+        target: mailarchive_passwd.txt
+
+networks:
+  front:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.16.202.0/24