diff --git a/docker-compose.yml b/docker-compose.yml
index f4157689fc7f95aa9f621f3d03854ac2ac3f3224..6d07260e0c78c48663de1db6c7417353b70cb6fa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -54,6 +54,11 @@ services:
       MY_DESTINATION:
       TRUSTED_HOSTS:
       TZ:
+      LDAP_BIND_DN:
+      LDAP_BIND_PASSWORD:
+      LDAP_HOST:
+      LDAP_FILTER:
+      LDAP_SEARCH_BASE:
 
 
   pgsql:
diff --git a/docker/postfix/Dockerfile b/docker/postfix/Dockerfile
index d6ee7267fa7baff129e25f80e9917190c4742d1d..84651aa9c9d13ecb2bc299609f7be4538355807a 100644
--- a/docker/postfix/Dockerfile
+++ b/docker/postfix/Dockerfile
@@ -1,10 +1,10 @@
 # Dockerfile inspired from https://github.com/cloyne/docker-postfix
-FROM tozd/postfix:ubuntu-focal
+FROM tozd/postfix:ubuntu-jammy
 
 VOLUME /etc/sympa/shared
 
 RUN apt-get update -q -q && \
- apt-get install adduser curl dnsutils openssh-client opendkim opendkim-tools spamassassin --yes --force-yes && \
+ apt-get install adduser curl dnsutils openssh-client opendkim opendkim-tools spamassassin sasl2-bin libsasl2-modules libsasl2-modules-ldap --yes --force-yes && \
  adduser --system --group mailpipe --no-create-home --home /nonexistent && \
  cp /etc/postfix/main.cf /etc/postfix/main.cf.orig && \
  cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
@@ -19,4 +19,9 @@ RUN sed -i -e 's/^\(smtp.*smtpd\)$/\1 -o content_filter=spamassassin/' /etc/post
 
 RUN echo 'rewrite_header Subject *****SPAM*****' >> /etc/spamassassin/local.cf
 
-COPY ./etc /etc
+RUN usermod -a -G sasl postfix
+
+COPY ./etc/postfix /etc/postfix
+COPY ./etc/service /etc/service
+COPY ./etc/saslauthd.conf /etc/saslauthd.conf
+COPY ./etc/aliases /etc/aliases
diff --git a/docker/postfix/etc/postfix/main.cf.append b/docker/postfix/etc/postfix/main.cf.append
index cbc02bfcf943419325e74d18830b9f398a135bc3..918596d70437949aa489c5803aa55c6668737dfb 100644
--- a/docker/postfix/etc/postfix/main.cf.append
+++ b/docker/postfix/etc/postfix/main.cf.append
@@ -28,3 +28,10 @@ milter_protocol = 6
 smtpd_milters = inet:localhost:8892
 non_smtpd_milters = inet:localhost:8892
 smtpd_client_restrictions = check_client_access cidr:/etc/postfix/sinokorea.cidr
+
+smtpd_use_tls=yes
+smtpd_sasl_auth_enable = yes
+broken_sasl_auth_clients = yes
+smtpd_recipient_restrictions = permit_mynetworks,
+  permit_sasl_authenticated,
+  reject_unauth_destination
diff --git a/docker/postfix/etc/postfix/master.cf.append b/docker/postfix/etc/postfix/master.cf.append
index 83a9724b6629c6273c830831ac51ea3fae4719c1..d4141eaaaecdf7e68b081a7026a4167afdaa068d 100644
--- a/docker/postfix/etc/postfix/master.cf.append
+++ b/docker/postfix/etc/postfix/master.cf.append
@@ -15,3 +15,11 @@ sympabouncedomain	unix	-	n	n	-	-	pipe
   -o soft_bounce=yes
   flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa bouncequeue sympa@${domain}
 spamassassin unix -     n       n       -       -       pipe user=spamassassin argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
+submission inet n       -       -       -       -       smtpd
+  -o smtpd_enforce_tls=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+smtps     inet  n       -       -       -       -       smtpd
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
diff --git a/docker/postfix/etc/service/postfix/run.config b/docker/postfix/etc/service/postfix/run.config
old mode 100644
new mode 100755
index b71a28ab4439c71fd6f28926928b821377a8c42c..cdf571a751908828e3880bc5fb75c8c3101649d6
--- a/docker/postfix/etc/service/postfix/run.config
+++ b/docker/postfix/etc/service/postfix/run.config
@@ -2,3 +2,13 @@ cp /etc/postfix/main.cf.orig /etc/postfix/main.cf
 cp /etc/postfix/master.cf.orig /etc/postfix/master.cf
 sed "s/POSTFIX_VIRTUAL_DOMAINS/$POSTFIX_VIRTUAL_DOMAINS/g" /etc/postfix/main.cf.append >> /etc/postfix/main.cf
 cat /etc/postfix/master.cf.orig /etc/postfix/master.cf.append >> /etc/postfix/master.cf
+sed -i -e "s@LDAP_HOST@$LDAP_HOST@" \
+    -e "s/LDAP_SEARCH_BASE/$LDAP_SEARCH_BASE/" \
+    -e "s/LDAP_FILTER/$LDAP_FILTER/" \
+    -e "s/LDAP_BIND_DN/$LDAP_BIND_DN/" \
+    -e "s/LDAP_BIND_PASSWORD/$LDAP_BIND_PASSWORD/" \
+    /etc/saslauthd.conf
+mkdir -p /var/spool/postfix/var/run/saslauthd
+set +e
+postfix set-permissions
+set -e
diff --git a/docker/postfix/etc/service/postfix/run.initialization b/docker/postfix/etc/service/postfix/run.initialization
old mode 100644
new mode 100755
index c710aa3c74a4762385bf711ecfe5466a04703328..c240e1bfa26aa0e4eeb3f1861e02f9765289f5a2
--- a/docker/postfix/etc/service/postfix/run.initialization
+++ b/docker/postfix/etc/service/postfix/run.initialization
@@ -1,3 +1,4 @@
 if [ -e /etc/sympa/shared/id_rsa ]; then
   chown mailpipe /etc/sympa/shared/id_rsa*
 fi
+saslauthd -c -m /var/spool/postfix/var/run/saslauthd -a ldap -d &