diff --git a/target/dovecot/10-auth.conf b/target/dovecot/10-auth.conf
index bfec05ef..942b0857 100644
--- a/target/dovecot/10-auth.conf
+++ b/target/dovecot/10-auth.conf
@@ -30,7 +30,7 @@
 
 # Default realm/domain to use if none was specified. This is used for both
 # SASL realms and appending @domain to username in plaintext logins.
-#auth_default_realm = 
+#auth_default_realm =
 
 # List of allowed characters in username. If the user-given username contains
 # a character not listed in here, the login automatically fails. This is just
@@ -73,7 +73,7 @@
 # Kerberos keytab to use for the GSSAPI mechanism. Will use the system
 # default (usually /etc/krb5.keytab) if not specified. You may need to change
 # the auth service to run as root to be able to read this file.
-#auth_krb5_keytab = 
+#auth_krb5_keytab =
 
 # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
 # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
@@ -88,9 +88,9 @@
 # Require a valid SSL client certificate or the authentication fails.
 #auth_ssl_require_client_cert = no
 
-# Take the username from client's SSL certificate, using 
+# Take the username from client's SSL certificate, using
 # X509_NAME_get_text_by_NID() which returns the subject's DN's
-# CommonName. 
+# CommonName.
 #auth_ssl_username_from_cert = no
 
 # Space separated list of wanted authentication mechanisms:
diff --git a/target/dovecot/10-logging.conf b/target/dovecot/10-logging.conf
index 59168d82..d50fe506 100644
--- a/target/dovecot/10-logging.conf
+++ b/target/dovecot/10-logging.conf
@@ -7,9 +7,9 @@
 log_path = /var/log/mail/mail.log
 
 # Log file to use for informational messages. Defaults to log_path.
-#info_log_path = 
+#info_log_path =
 # Log file to use for debug messages. Defaults to info_log_path.
-#debug_log_path = 
+#debug_log_path =
 
 # Syslog facility to use if you're logging to syslog. Usually if you don't
 # want to use "mail", you'll use local0..local7. Also other standard
@@ -69,7 +69,7 @@ plugin {
 # Login log format. %s contains login_log_format_elements string, %$ contains
 # the data we want to log.
 #login_log_format = %$: %s
- 
+
 # Log prefix for mail processes. See doc/wiki/Variables.txt for list of
 # possible variables you can use.
 #mail_log_prefix = "%s(%u): "
diff --git a/target/dovecot/10-mail.conf b/target/dovecot/10-mail.conf
index da0a13e9..57899ac2 100644
--- a/target/dovecot/10-mail.conf
+++ b/target/dovecot/10-mail.conf
@@ -46,11 +46,11 @@ namespace inbox {
   # Hierarchy separator to use. You should use the same separator for all
   # namespaces or some clients get confused. '/' is usually a good one.
   # The default however depends on the underlying mail storage format.
-  #separator = 
+  #separator =
 
   # Prefix required to access this namespace. This needs to be different for
   # all namespaces. For example "Public/".
-  #prefix = 
+  #prefix =
 
   # Physical location of the mailbox. This is in same format as
   # mail_location, which is also the default for it.
@@ -186,7 +186,7 @@ mail_privileged_group = docker
 # WARNING: Never add directories here which local users can modify, that
 # may lead to root exploit. Usually this should be done only if you don't
 # allow shell access for users. <doc/wiki/Chrooting.txt>
-#valid_chroot_dirs = 
+#valid_chroot_dirs =
 
 # Default chroot directory for mail processes. This can be overridden for
 # specific users in user database by giving /./ in user's home directory
@@ -194,7 +194,7 @@ mail_privileged_group = docker
 # need to do chrooting, Dovecot doesn't allow users to access files outside
 # their mail directory anyway. If your home directories are prefixed with
 # the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
-#mail_chroot = 
+#mail_chroot =
 
 # UNIX socket path to master authentication server to find users.
 # This is used by imap (for shared users) and lda.
@@ -205,7 +205,7 @@ mail_privileged_group = docker
 
 # Space separated list of plugins to load for all services. Plugins specific to
 # IMAP, LDA, etc. are added to this list in their own .conf files.
-#mail_plugins = 
+#mail_plugins =
 
 ##
 ## Mailbox handling optimizations
@@ -307,7 +307,7 @@ mail_privileged_group = docker
 # fallbacks to re-reading the whole mbox file whenever something in mbox isn't
 # how it's expected to be. The only real downside to this setting is that if
 # some other MUA changes message flags, Dovecot doesn't notice it immediately.
-# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK 
+# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
 # commands.
 #mbox_dirty_syncs = yes
 
diff --git a/target/dovecot/10-master.conf b/target/dovecot/10-master.conf
index 48707827..f0c92f8c 100644
--- a/target/dovecot/10-master.conf
+++ b/target/dovecot/10-master.conf
@@ -54,7 +54,7 @@ service lmtp {
   #inet_listener lmtp {
     # Avoid making LMTP visible for the entire internet
     #address =
-    #port = 
+    #port =
   #}
 }
 
@@ -121,7 +121,7 @@ service dict {
   # For example: mode=0660, group=vmail and global mail_access_groups=vmail
   unix_listener dict {
     #mode = 0600
-    #user = 
-    #group = 
+    #user =
+    #group =
   }
 }
diff --git a/target/dovecot/10-ssl.conf b/target/dovecot/10-ssl.conf
index 8873bc25..a868c97a 100644
--- a/target/dovecot/10-ssl.conf
+++ b/target/dovecot/10-ssl.conf
@@ -21,7 +21,7 @@ ssl_key = </etc/dovecot/private/dovecot.pem
 # PEM encoded trusted certificate authority. Set this only if you intend to use
 # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
 # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
-#ssl_ca = 
+#ssl_ca =
 
 # Require that CRL check succeeds for client certificates.
 #ssl_require_crl = yes
diff --git a/target/dovecot/dovecot.conf b/target/dovecot/dovecot.conf
index 5a35e5fe..5256b9c1 100644
--- a/target/dovecot/dovecot.conf
+++ b/target/dovecot/dovecot.conf
@@ -23,7 +23,7 @@
 # Enable installed protocols
 !include_try /etc/dovecot/protocols.d/*.protocol
 
-# A comma separated list of IPs or hosts where to listen in for connections. 
+# A comma separated list of IPs or hosts where to listen in for connections.
 # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
 # If you want to specify non-default ports or anything more complex,
 # edit conf.d/master.conf.
@@ -48,7 +48,7 @@
 #login_trusted_networks =
 
 # Space separated list of login access check sockets (e.g. tcpwrap)
-#login_access_sockets = 
+#login_access_sockets =
 
 # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
 # proxying. This isn't necessary normally, but may be useful if the destination
diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh
index 67228ee8..052da9f2 100644
--- a/target/start-mailserver.sh
+++ b/target/start-mailserver.sh
@@ -114,6 +114,7 @@ if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then
   mkdir -p /etc/opendmarc/
   echo "localhost" >> /etc/opendmarc/ignore.hosts
 fi
+END
 
 # SSL Configuration
 case $DMS_SSL in
@@ -192,6 +193,7 @@ case $DMS_SSL in
 
 esac
 
+: <<'END'
 #
 # Override Postfix configuration
 #