diff --git a/Dockerfile b/Dockerfile
index 0fed2c43..afe675d3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,8 +17,8 @@ ENV SASLAUTHD_MECH_OPTIONS=""
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # Packages
-# hadolint ignore=DL3015,SC2016
-RUN echo "deb http://ftp.debian.org/debian stretch-backports main" | tee -a /etc/apt/sources.list.d/stretch-bp.list && \
+# hadolint ignore=DL3015
+RUN echo "deb http://http.debian.net/debian stretch-backports main" | tee -a /etc/apt/sources.list.d/stretch-bp.list && \
   apt-get update -q --fix-missing && \
   apt-get -y install postfix && \
   # TODO installing postfix with --no-install-recommends makes "checking ssl: generated default cert works correctly" fail
@@ -77,9 +77,10 @@ RUN echo "deb http://ftp.debian.org/debian stretch-backports main" | tee -a /etc
     xz-utils \
     zoo \
     && \
+  # use Dovecot community repo to react faster on security updates
   curl https://repo.dovecot.org/DOVECOT-REPO-GPG | gpg --import && \
   gpg --export ED409DA1 > /etc/apt/trusted.gpg.d/dovecot.gpg && \
-  echo "deb https://repo.dovecot.org/ce-2.3-latest/debian/stretch stretch main" > /etc/apt/sources.list.d/dovecot.list && \
+  echo "deb https://repo.dovecot.org/ce-2.3-latest/debian/stretch stretch main" > /etc/apt/sources.list.d/dovecot-community.list && \
   apt-get update -q --fix-missing && \
   apt-get -y install --no-install-recommends \
     dovecot-core \
@@ -90,9 +91,6 @@ RUN echo "deb http://ftp.debian.org/debian stretch-backports main" | tee -a /etc
     dovecot-pop3d \
     dovecot-sieve \
     && \
-  sed -i 's/CERTDIR=.*/CERTDIR=\/etc\/dovecot\/ssl/g' /usr/share/dovecot/mkcert.sh && \
-  sed -i 's/KEYDIR=.*/KEYDIR=\/etc\/dovecot\/ssl/g' /usr/share/dovecot/mkcert.sh && \
-  sed -i 's/KEYFILE=.*/KEYFILE=\$KEYDIR\/dovecot.key/g' /usr/share/dovecot/mkcert.sh && \
   apt-get autoclean && \
   rm -rf /var/lib/apt/lists/* && \
   rm -rf /usr/share/locale/* && \
@@ -132,7 +130,11 @@ RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/e
   sed -i -e 's/^.*lda_mailbox_autosubscribe.*/lda_mailbox_autosubscribe = yes/g' /etc/dovecot/conf.d/15-lda.conf && \
   sed -i -e 's/^.*postmaster_address.*/postmaster_address = '${POSTMASTER_ADDRESS:="postmaster@domain.com"}'/g' /etc/dovecot/conf.d/15-lda.conf && \
   sed -i 's/#imap_idle_notify_interval = 2 mins/imap_idle_notify_interval = 29 mins/' /etc/dovecot/conf.d/20-imap.conf && \
-  # stretch-backport of dovecot needs this folder
+  # Adapt mkcert for Dovecot community repo
+  sed -i 's/CERTDIR=.*/CERTDIR=\/etc\/dovecot\/ssl/g' /usr/share/dovecot/mkcert.sh && \
+  sed -i 's/KEYDIR=.*/KEYDIR=\/etc\/dovecot\/ssl/g' /usr/share/dovecot/mkcert.sh && \
+  sed -i 's/KEYFILE=.*/KEYFILE=\$KEYDIR\/dovecot.key/g' /usr/share/dovecot/mkcert.sh && \
+  # create directory for certificates created by mkcert
   mkdir /etc/dovecot/ssl && \
   chmod 755 /etc/dovecot/ssl  && \
   ./mkcert.sh  && \
diff --git a/README.md b/README.md
index ec0c3c26..8ed4b4b8 100644
--- a/README.md
+++ b/README.md
@@ -9,24 +9,25 @@ Easy to deploy and upgrade.
 
 Includes:
 
-- postfix with smtp or ldap auth
-- dovecot for sasl, imap (and optional pop3) with ssl support, with ldap auth
+- [Postfix](http://www.postfix.org) with smtp or ldap auth
+- [Dovecot](https://www.dovecot.org) for sasl, imap (and optional pop3) with ssl support, with ldap auth
+  - Dovecot is installed from the [Dovecot Community Repo](https://wiki2.dovecot.org/PrebuiltBinaries)
 - saslauthd with ldap auth
-- [amavis](https://www.amavis.org/)
-- [spamassasin](http://spamassassin.apache.org/) supporting custom rules
-- [clamav](https://www.clamav.net/) with automatic updates
-- opendkim
-- opendmarc
-- [fail2ban](https://www.fail2ban.org/wiki/index.php/Main_Page)
-- [fetchmail](http://www.fetchmail.info/fetchmail-man.html)
-- [postscreen](http://www.postfix.org/POSTSCREEN_README.html)
-- [postgrey](https://postgrey.schweikert.ch/)
-- basic [sieve support](https://github.com/tomav/docker-mailserver/wiki/Configure-Sieve-filters) using dovecot
+- [Amavis](https://www.amavis.org/)
+- [Spamassasin](http://spamassassin.apache.org/) supporting custom rules
+- [ClamAV](https://www.clamav.net/) with automatic updates
+- [OpenDKIM](http://www.opendkim.org)
+- [OpenDMARC](https://github.com/trusteddomainproject/OpenDMARC)
+- [Fail2ban](https://www.fail2ban.org/wiki/index.php/Main_Page)
+- [Fetchmail](http://www.fetchmail.info/fetchmail-man.html)
+- [Postscreen](http://www.postfix.org/POSTSCREEN_README.html)
+- [Postgrey](https://postgrey.schweikert.ch/)
+- basic [Sieve support](https://github.com/tomav/docker-mailserver/wiki/Configure-Sieve-filters) using dovecot
 - [LetsEncrypt](https://letsencrypt.org/) and self-signed certificates
-- [setup script](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh) to easily configure and maintain your mailserver
+- [Setup script](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh) to easily configure and maintain your mailserver
 - persistent data and state (but think about backups!)
-- [integration tests](https://travis-ci.org/tomav/docker-mailserver)
-- [automated builds on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
+- [Integration tests](https://travis-ci.org/tomav/docker-mailserver)
+- [Automated builds on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
 
 Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)