diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..125955c
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,82 @@
+#!/bin/sh
+
+#
+# entrypoint script for postfix smarthost mail relay
+#
+
+convertCase () {
+    printf "%s" "$1" | tr "[:lower:]" "[:upper:]"
+}
+
+printf "\nVerifying environment variables... "
+
+# check for missing environment variable values
+if [ -z "$SMARTHOST" ]; then
+    printf "\nYou must specify the hostname or IP address of a smarthost where mail should be relayed.\n\n"
+fi
+if [ -z "$SMARTHOST_USERNAME" ]; then
+    printf "\nYou must provide a username for smarthost authentication.\n\n"
+fi
+if [ -z "$SMARTHOST_PASSWORD" ]; then
+    printf "\nYou must provide a password for smarthost authentication.\n\n"
+fi
+
+# set failsafes
+[ -z "$SMARTHOST_PORT" ] && SMARTHOST_PORT=587
+[ -z "$LOCAL_HOSTNAME" ] && LOCAL_HOSTNAME="smarthost"
+[ -z "$LOCAL_DOMAINNAME" ] && LOCAL_DOMAINNAME="smarthost"
+
+printf "done\n"
+printf "updating configuration files... "
+
+# update main.cf
+sed -i 's/{LOCAL_HOSTNAME}/${LOCAL_HOSTNAME}/' /tmp/main.cf.insert
+sed -i 's/{LOCAL_DOMAINNAME}/${LOCAL_DOMAINNAME}/' /tmp/main.cf.insert
+sed -i 's/{SMARTHOST}/${SMARTHOST}/' /tmp/main.cf.insert
+sed -i 's/{SMARTHOST_PORT}/${SMARTHOST_PORT}/' /tmp/main.cf.insert
+sed -i 's/{SMARTHOST_USERNAME}/${SMARTHOST_USERNAME}/' /tmp/main.cf.insert
+sed -i 's/{SMARTHOST_PASSWORD}/${SMARTHOST_PASSWORD}/' /tmp/main.cf.insert
+
+LOCAL_ENCRYPTION="$(convertCase "$LOCAL_ENCRYPTION")"
+case "$LOCAL_ENCRYPTION" in
+    OPT*)
+        sed -i 's/{LOCAL_ENCRYPTION}/may/' /tmp/main.cf.insert
+        sed -i 's/#smtpd_/smtpd_/g' /tmp/main.cf.insert
+        ;;
+    TRUE)
+        sed -i 's/{LOCAL_ENCRYPTION}/encrypt/' /tmp/main.cf.insert
+        sed -i 's/#smtpd_/smtpd_/g' /tmp/main.cf.insert
+        ;;
+    *)
+        sed -i 's/{LOCAL_ENCRYPTION}//' /tmp/main.cf.insert
+        ;;
+esac
+
+SMARTHOST_ENCRYPTION="$(convertCase "$SMARTHOST_ENCRYPTION")"
+case "$SMARTHOST_ENCRYPTION" in
+    OPT*)
+        sed -i 's/{SMARTHOST_ENCRYPTION}/may/' /tmp/main.cf.insert
+        ;;
+    TRUE)
+        sed -i 's/{SMARTHOST_ENCRYPTION}/secure/' /tmp/main.cf.insert
+        ;;
+    *)
+        sed -i 's/{SMARTHOST_ENCRYPTION}/none/' /tmp/main.cf.insert
+        ;;
+esac
+
+cat /tmp/main.cf.insert >> /etc/postfix/main.cf
+rm -f /tmp/main.cf.insert
+
+# update master.cf
+sed -i 's/#tlsproxy/tlsproxy/' /etc/postfix/master.cf
+
+printf "done\n"
+printf "container setup complete!\n"
+
+# run CMD passed to this container
+printf "\nExecuting: %s\n" "$*"
+exec "$@"
+
+exit 0
+#EOF
diff --git a/main.cf.insert b/main.cf.insert
new file mode 100644
index 0000000..cb72c44
--- /dev/null
+++ b/main.cf.insert
@@ -0,0 +1,33 @@
+#
+# configure as smarthost
+#
+myhostname = {LOCAL_HOSTNAME}
+mydomain = {LOCAL_DOMAINNAME}
+
+myorigin = $mydomain
+mydestination = localhost localhost.$mydomain $myhostname $mydomain
+mynetworks_style = subnet
+
+relay_domains =
+relayhost = [{SMARTHOST}]:{SMARTHOST_PORT}
+
+#smtpd_tls_chain_files = /certs/privkey.pem, /certs/fullchain.pem
+#smtpd_tls_mandatory_ciphers = high
+#smptd_tls_mandatory_exclude_ciphers = aNULL, MD5
+#smtpd_tls_mandatory_protocols = >=TLSv1.2
+#smtpd_tls_security_level = {LOCAL_ENCRYPTION}
+
+smtp_tls_security_level = {SMARTHOST_ENCRYPTION}
+smtp_tls_connection_reuse = yes
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = static:{SMARTHOST_USERNAME}:{SMARTHOST_PASSWORD}
+smtp_sasl_security_options = noanonymous
+
+header_size_limit = 4096000
+relay_destination_concurrency_limit = 20
+
+soft_bounce = no
+
+maillog_file = /dev/stdout