diff --git a/.gitea/workflows/container.yaml b/.gitea/workflows/container.yaml
deleted file mode 100644
index e48b3fd..0000000
--- a/.gitea/workflows/container.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-name: Build Multiarch Container Image
-on: [push]
-jobs:
-  call-reusable-workflow:
-    uses: container/multiarch-build-workflow/.gitea/workflows/build.yaml@main
-    with:
-      repository: ${{ gitea.repository }}
-      ref_name: ${{ gitea.ref_name }}
-      sha: ${{ gitea.sha }}
-      registry_url: ${{ secrets.REGISTRY_URL }}
-      registry_user: ${{ secrets.REGISTRY_USER }}
-      registry_pw: ${{ secrets.REGISTRY_PW }}
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..f6d2976
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,18 @@
+variables:
+  CONTAINER_NAME: thallian/postfix
+
+build:
+  stage: build
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
+  script:
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
+    - >-
+      /kaniko/executor
+      --context "$CI_PROJECT_DIR"
+      --dockerfile "$CI_PROJECT_DIR/Dockerfile"
+      --destination "$CONTAINER_NAME:$CI_COMMIT_SHA"
+      --destination "$CONTAINER_NAME:$CI_COMMIT_REF_NAME"
+      --destination "$CONTAINER_NAME:latest"
diff --git a/Containerfile b/Dockerfile
similarity index 75%
rename from Containerfile
rename to Dockerfile
index e19ae1d..d8f8e55 100644
--- a/Containerfile
+++ b/Dockerfile
@@ -1,12 +1,11 @@
-FROM docker.io/thallian/confd-env:3.19-3.1.6.2
+FROM docker.io/thallian/confd-env:3.16
 
 RUN apk add --no-cache \
     postfix \
     postfix-pgsql \
     openssl \
     libstdc++ \
-    libmilter \
-    icu-data-full
+    libmilter
 
 RUN addgroup -g 2222 access
 RUN addgroup postfix access
diff --git a/README.md b/README.md
index 57cc753..bdc8ebc 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ create table if not exists virtual_domains (
 create table if not exists virtual_users (
 	email text primary key,
 	domain_name text not null references virtual_domains(name),
-  wildcard_sender bool default false
+    wildcard_sender bool default false
 );
 
 create table if not exists virtual_aliases (
diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl
index 529943e..8a8173d 100644
--- a/rootfs/etc/confd/templates/main.cf.tmpl
+++ b/rootfs/etc/confd/templates/main.cf.tmpl
@@ -1,28 +1,29 @@
-compatibility_level = 3.7
-
-inet_protocols = all 
+compatibility_level = 2
 
 mail_owner = postfix
 myhostname = {{getenv "MYHOSTNAME"}}
 mydomain = {{getenv "MYDOMAIN"}}
 myorigin = $mydomain
+mydestination = $myhostname, localhost
+
+proxy_interfaces = {{getenv "EXTERNAL_IP"}}
 
 unknown_local_recipient_reject_code = 550
+mynetworks_style = host
 relay_domains = $mydestination
 recipient_delimiter = +
 
 mailbox_transport = lmtp:{{getenv "LMTP_HOST"}}
 mailbox_size_limit = {{getenv "MAILBOX_SIZELIMIT" "0"}}
 smtpd_banner = {{getenv "SMTP_BANNER"}} $myhostname ESMTP $mail_name
-smtp_helo_name = $mydomain
 
 virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual-mailbox-maps.cf
 virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual-mailbox-domains.cf
 virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual-alias-maps.cf
 virtual_transport = lmtp:inet:{{getenv "LMTP_HOST"}}:{{getenv "LMTP_PORT"}}
 
-smtpd_tls_key_file=/etc/ssl/mail/key.pem
-smtpd_tls_cert_file=/etc/ssl/mail/cert.pem
+smtpd_tls_key_file=/etc/ssl/mail/tls.key
+smtpd_tls_cert_file=/etc/ssl/mail/tls.crt
 
 smtp_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}}
 smtp_tls_auth_only = yes
@@ -58,11 +59,8 @@ smtpd_sasl_auth_enable = yes
 smtpd_tls_auth_only = yes
 smtpd_sasl_tls_security_options = noanonymous
 
-smtpd_relay_restrictions = 
-  permit_mynetworks
-  permit_sasl_authenticated
-  defer_unauth_destination
-  reject_sender_login_mismatch
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
+smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient
 
 smtpd_sender_restrictions = reject_sender_login_mismatch
 smtpd_sender_login_maps = pgsql:/etc/postfix/pgsql-login-maps.cf
diff --git a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl
index 29ce91c..4460f1c 100644
--- a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl
+++ b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl
@@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }}
 user = {{ getenv "DB_USER" "email" }}
 password = {{ getenv "DB_PASSWORD" }}
 dbname = {{ getenv "DB_NAME" "email" }}
-query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u' UNION SELECT email FROM virtual_users WHERE wildcard_sender = true AND domain_name = '%d'
+query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u'