diff --git a/hosts/hetzner-vm/services/mailserver/postfix.nix b/hosts/hetzner-vm/services/mailserver/postfix.nix
index 81198b9..f89914c 100644
--- a/hosts/hetzner-vm/services/mailserver/postfix.nix
+++ b/hosts/hetzner-vm/services/mailserver/postfix.nix
@@ -30,12 +30,6 @@ let
   # all_valiases_postfix :: Map String [String]
   all_valiases_postfix = mergeLookupTables [ valiases_postfix ];
 
-  # attrsToLookupTable :: Map String (Either String [ String ]) -> Map String [String]
-  attrsToLookupTable = aliases:
-    let
-      lookupTables = lib.mapAttrsToList (from: to: { "${from}" = to; }) aliases;
-    in mergeLookupTables lookupTables;
-
   # lookupTableToString :: Map String [String] -> String
   lookupTableToString = attrs:
     let valueToString = value: lib.concatStringsSep ", " value;
@@ -117,11 +111,6 @@ in {
 
       policy-spf_time_limit = "3600s";
 
-      # reject selected senders
-      #smtpd_sender_restrictions =
-      #  [ "check_sender_access ${mappedFile "reject_senders"}" ];
-
-      # quota and spf checking
       smtpd_recipient_restrictions = [
         #"check_recipient_access ${mappedFile "denied_recipients"}"
         #"check_recipient_access ${mappedFile "reject_recipients"}"
@@ -135,23 +124,23 @@ in {
       # strong might suffice and is computationally less expensive
       smtpd_tls_eecdh_grade = "ultra";
 
-      # Disable obselete protocols
-      smtpd_tls_protocols = tls_allowed;
+      # Only Alow Modern TLS
       smtp_tls_protocols = tls_allowed;
-      smtpd_tls_mandatory_protocols = tls_allowed;
+      smtpd_tls_protocols = tls_allowed;
       smtp_tls_mandatory_protocols = tls_allowed;
+      smtpd_tls_mandatory_protocols = tls_allowed;
 
+      # Disable Old Ciphers
+      smtp_tls_exclude_ciphers = tls_disallow;
+      smtpd_tls_exclude_ciphers = tls_disallow;
+      smtp_tls_mandatory_exclude_ciphers = tls_disallow;
+      smtpd_tls_mandatory_exclude_ciphers = tls_disallow;
+ 
       smtp_tls_ciphers = "high";
       smtpd_tls_ciphers = "high";
       smtp_tls_mandatory_ciphers = "high";
       smtpd_tls_mandatory_ciphers = "high";
 
-      # Disable deprecated ciphers
-      smtpd_tls_mandatory_exclude_ciphers = tls_disallow;
-      smtpd_tls_exclude_ciphers = tls_disallow;
-      smtp_tls_mandatory_exclude_ciphers = tls_disallow;
-      smtp_tls_exclude_ciphers = tls_disallow;
-
       tls_preempt_cipherlist = true;
 
       smtpd_tls_auth_only = true;
diff --git a/hosts/hetzner-vm/services/mailserver/webmail.nix b/hosts/hetzner-vm/services/mailserver/webmail.nix
index eae898f..e40f8b3 100644
--- a/hosts/hetzner-vm/services/mailserver/webmail.nix
+++ b/hosts/hetzner-vm/services/mailserver/webmail.nix
@@ -10,6 +10,8 @@ in {
       $config['smtp_pass'] = "%p";
       $config['plugins'] = ["managesieve"];
       $config['managesieve_host'] = 'tls://${mail_config.fqdn}';
+      $config['session_lifetime'] = 168;
+      $config['product_name'] = 'Chaos Mail';
     '';
   };
 }