diff --git a/README.md b/README.md
new file mode 100644
index 0000000..169a3ee
--- /dev/null
+++ b/README.md
@@ -0,0 +1,132 @@
+[Dovecot](http://www.dovecot.org/) with imap, starttls, ldap authentication, sieve rules in ldap.
+
+Uses [SSMTP](https://packages.debian.org/stable/mail/ssmtp) to send mails (for example if you have a redirect sieve rule).
+
+## Volumes
+- `/var/lib/vmail/mail`
+- `/etc/ssl/mail:ro`: certificates have to be here.
+
+## Environment Variables
+### HOSTNAME
+Fully qualified name of the mail host.
+
+### SSMTP_MAIL_RELAY
+Hostname and port for the used smtp relay (for example `mail.example.com:587`).
+
+### SSMTP_USER
+User to authenticate agains the smtp relay.
+
+### SSMTP_PASSWORD
+Password to authenticate agains the smtp relay.
+
+### SSMTP_AUTH_METHOD
+- default: LOGIN
+
+Which authentication mechanism to use for the smtp relay.
+
+### SSMTP_USE_STARTTLS
+- default: yes
+
+Whether to use starttls for the smtp relay.
+
+### LDAP_URI
+Complete uri for the authentication ldap host.
+
+### LDAP_SIEVE_HOST
+Has to be the same as `LDAP_URI` but in a different format (like `ldap:389`).
+
+### LDAP_BIND_DN
+DN used to authenticate against ldap.
+
+### LDAP_BIND_PASSWORD
+Password used to authenticate against ldap.
+
+### LDAP_BASE_DN
+Base DN to look for users on the ldap host.
+
+### LDAP_SCOPE
+- default: subtree
+
+Search scope of ldap queries.
+
+### LDAP_USER_FILTER
+
+### LDAP_PASS_FILTER
+Specifies the filter on how user is found on the ldap host.  
+[Dovecot variables](http://wiki2.dovecot.org/Variables) can be used.
+
+### LDAP_USER_ATTRIBUTE
+- default: cn
+
+The ldap attribute which stands for the username.
+
+### LDAP_PASSWORD_ATTRIBUTE
+- default: userPassword
+
+The ldap attribute which stands for the password.
+
+### LDAP_SIEVE_ATTRIBUTE
+- default: sieve
+
+The ldap attribute which contains the sieve rules.
+
+### LDAP_USE_TLS
+- default: yes
+
+Whether to use tls when connecting to the ldap host.
+
+### LDAP_DEFAULT_PASSSCHEME
+- default: SSHA
+
+Default password scheme used on the ldap host.
+
+### ALLOWED_USERNAME_CHARS
+- default: äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
+
+List of characters allowed in a username.
+
+### AUTH_MECHANISMS
+- default: plain login
+
+Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).
+
+### CERTNAME
+- default: fullchain.pem
+
+Name of the certificate file.
+
+### Keyname
+- default: privkey.pem
+
+Name of the key file.
+
+### SSL_DH_LENGTH
+- default: 2048
+
+Length of the Diffie-Helman key in bits.
+
+### SSL_PROTOCOLS
+- default: !SSLv2 !SSLv3
+
+Space seperated list of allowed ssl protocols (`!`disables a protocol).
+
+### SSL_CIPHERLIST
+- default: ALL:!ADH:!LOW:!SSLv2:!EXP:!aNULL:!RC4:+HIGH:+MEDIUM
+
+Colon seperated list of supported ciphers (`!`disables a cipher).
+
+### IMAP_MAX_USER_CONNECTIONS
+- default: 10
+
+Maximum number of connections from the same user + ip.
+
+## Ports
+- 143
+
+## Capabilities
+- CHOWN
+- DAC_OVERRIDE
+- FOWNER
+- NET_BIND_SERVICE
+- SETGID
+- SETUID