diff --git a/10-master.conf b/10-master.conf
index 314583e..ae59064 100644
--- a/10-master.conf
+++ b/10-master.conf
@@ -18,7 +18,7 @@ service imap-login {
   inet_listener imap {
     #port = 143
     #disable non-ssl imap
-    #port = 0
+    port = 0
   }
   inet_listener imaps {
     #port = 993
diff --git a/10-ssl.conf b/10-ssl.conf
index 37732d4..adf7b93 100644
--- a/10-ssl.conf
+++ b/10-ssl.conf
@@ -3,14 +3,14 @@
 ##
 
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-ssl = no
+ssl = yes
 
 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-#ssl_cert = </etc/dovecot/dovecot.pem
-#ssl_key = </etc/dovecot/private/dovecot.pem
+ssl_cert = </etc/dovecot/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.pem
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often
diff --git a/dovecot-openssl.cnf b/dovecot-openssl.cnf
index f096eac..295ab35 100644
--- a/dovecot-openssl.cnf
+++ b/dovecot-openssl.cnf
@@ -15,9 +15,9 @@ x509_extensions         = v3_req
 
 [ req_distinguished_name ]
 organizationName = scimetis.net
-organizationalUnitName = @commonName@
-commonName = @commonName@
-emailAddress = @emailAddress@
+organizationalUnitName = mail
+commonName = *.scimetis.net
+emailAddress = no-reply@scimetis.net
 
 [ v3_req ]
 basicConstraints        = CA:FALSE