diff --git a/Dockerfile b/Dockerfile
index bd8632c0..e6af09b6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:stretch-slim
+FROM debian:buster-slim
 
 ARG VCS_REF
 ARG VCS_VERSION
@@ -29,10 +29,9 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # Packages
 # hadolint ignore=DL3015
-RUN echo "deb http://http.debian.net/debian stretch-backports main" | tee -a /etc/apt/sources.list.d/stretch-bp.list && \
+RUN \
   apt-get update -q --fix-missing && \
   apt-get -y install postfix && \
-  # TODO installing postfix with --no-install-recommends makes "checking ssl: generated default cert works correctly" fail
   apt-get -y install --no-install-recommends \
     amavisd-new \
     apt-transport-https \
@@ -77,7 +76,8 @@ RUN echo "deb http://http.debian.net/debian stretch-backports main" | tee -a /et
     postsrsd \
     pyzor \
     razor \
-    ripole \
+    # TODO not present in buster?
+    #ripole \
     rpm2cpio \
     rsyslog \
     sasl2-bin \
@@ -88,14 +88,15 @@ RUN echo "deb http://http.debian.net/debian stretch-backports main" | tee -a /et
     unzip \
     whois \
     xz-utils \
-    zoo \
-    && \
+    # TODO not present in buster?
+    #zoo \
+    #&& \
   # use Dovecot community repo to react faster on security updates
-  curl https://repo.dovecot.org/DOVECOT-REPO-GPG | gpg --import && \
-  gpg --export ED409DA1 > /etc/apt/trusted.gpg.d/dovecot.gpg && \
-  echo "deb https://repo.dovecot.org/ce-2.3-latest/debian/stretch stretch main" > /etc/apt/sources.list.d/dovecot-community.list && \
-  apt-get update -q --fix-missing && \
-  apt-get -y install --no-install-recommends \
+  #curl https://repo.dovecot.org/DOVECOT-REPO-GPG | gpg --import && \
+  #gpg --export ED409DA1 > /etc/apt/trusted.gpg.d/dovecot.gpg && \
+  #echo "deb https://repo.dovecot.org/ce-2.3-latest/debian/stretch stretch main" > /etc/apt/sources.list.d/dovecot-community.list && \
+  #apt-get update -q --fix-missing && \
+  #apt-get -y install --no-install-recommends \
     dovecot-core \
     dovecot-imapd \
     dovecot-ldap \
@@ -117,15 +118,15 @@ RUN echo "deb http://http.debian.net/debian stretch-backports main" | tee -a /et
   rm -f /etc/cron.daily/00logwatch
 
 # install filebeat for logging
-RUN curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \
-  echo "deb http://packages.elastic.co/beats/apt stable main" | tee -a /etc/apt/sources.list.d/beats.list && \
-  apt-get update -q --fix-missing && \
-  apt-get -y install --no-install-recommends \
-    filebeat \
-  && apt-get clean \
-  && rm -rf /var/lib/apt/lists/*
-
-COPY target/filebeat.yml.tmpl /etc/filebeat/filebeat.yml.tmpl
+# SKIP and run in an external container instead
+#RUN curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \
+#  echo "deb http://packages.elastic.co/beats/apt stable main" | tee -a /etc/apt/sources.list.d/beats.list && \
+#  apt-get update -q --fix-missing && \
+#  apt-get -y install --no-install-recommends \
+#    filebeat \
+#  && apt-get clean \
+#  && rm -rf /var/lib/apt/lists/*
+#COPY target/filebeat.yml.tmpl /etc/filebeat/filebeat.yml.tmpl
 
 RUN echo "0 */6 * * * clamav /usr/bin/freshclam --quiet" > /etc/cron.d/clamav-freshclam && \
   chmod 644 /etc/clamav/freshclam.conf && \
diff --git a/target/filebeat.yml.tmpl b/target/filebeat.yml.tmpl
deleted file mode 100644
index d2d84ed4..00000000
--- a/target/filebeat.yml.tmpl
+++ /dev/null
@@ -1,13 +0,0 @@
-output:
-  logstash:
-    enabled: true
-    hosts:
-      - $ELK_HOST:$ELK_PORT
-
-filebeat:
-  prospectors:
-    -
-      paths:
-        - /var/log/mail/mail.log
-      document_type: syslog
-
diff --git a/target/supervisor/conf.d/supervisor-app.conf b/target/supervisor/conf.d/supervisor-app.conf
index 08b246f5..fd010b4d 100644
--- a/target/supervisor/conf.d/supervisor-app.conf
+++ b/target/supervisor/conf.d/supervisor-app.conf
@@ -65,14 +65,6 @@ stdout_logfile=/var/log/supervisor/%(program_name)s.log
 stderr_logfile=/var/log/supervisor/%(program_name)s.log
 command=/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
 
-[program:filebeat]
-startsecs=0
-autostart=false
-autorestart=true
-stdout_logfile=/var/log/supervisor/%(program_name)s.log
-stderr_logfile=/var/log/supervisor/%(program_name)s.log
-command=/usr/bin/filebeat -c /etc/filebeat/filebeat.yml
-
 [program:clamav]
 startsecs=0
 autostart=false