diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
new file mode 100644
index 0000000..2bfa3b0
--- /dev/null
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,58 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+   release:
+    types: [published]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
+        with:
+          cosign-release: 'v2.2.4'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GHTOKEN }}
+
+      - name: Build the Docker images
+        run: docker buildx build --push --tag=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$(basename ${GITHUB_REF}) --tag=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest ./
diff --git a/Dockerfile b/Dockerfile
index 27d9d8b..ae51390 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,22 @@
-FROM debian:12
+ARG ARCH
+
+FROM ${ARCH}debian:12
 LABEL maintainer="Ralph Schuster <github@ralph-schuster.eu>"
+ARG PF_REVISION="0"
+ARG PF_PACKAGE=""
 
 RUN echo "postfix postfix/mailname string mail.example.com" | debconf-set-selections
 RUN echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
 
-ENV PF_VERSION="3.7.9"
-ENV PF_REVISION="0"
-ENV PF_PACKAGE="3.7.9-0+deb12u1"
 RUN export DEBIAN_FRONTEND=noninteractive \
-    && PF_VERSION=${PF_PACKAGE} \
+    && { ! [ -z "${PF_PACKAGE}" ] && export PF_VERSION="=${PF_PACKAGE}" || export PF_VERSION=""; } \
     && apt-get update \
     && apt-get install -y --no-install-recommends \
     default-mysql-client \
     apt-utils \
     procps \
-    postfix=${PF_VERSION} \
-    postfix-mysql=${PF_VERSION} \
+    postfix${PF_VERSION} \
+    postfix-mysql${PF_VERSION} \
     dovecot-core \
     dovecot-imapd \
     dovecot-pop3d \
@@ -70,7 +71,8 @@ RUN chmod 755 /usr/local/mailserver/*.sh \
     && cd /etc/opendkim \
     && opendkim-genkey --selector=key1 --bits=2048 --directory=keys \
     && chown opendkim /etc/opendkim/keys/key1.private \
-    && usermod -aG opendkim postfix
+    && usermod -aG opendkim postfix \
+    && mv -f /etc/postfix /etc/postfix_orig && ln -s /etc/postfix_orig /etc/postfix
 
 #####################################################################
 #  Image OCI labels
@@ -78,7 +80,7 @@ RUN chmod 755 /usr/local/mailserver/*.sh \
 ARG ARG_CREATED
 ARG ARG_URL=https://github.com/technicalguru/docker-mailserver-postfix
 ARG ARG_SOURCE=https://github.com/technicalguru/docker-mailserver-postfix
-ARG ARG_VERSION="${PF_VERSION}.${PF_REVISION}"
+ARG ARG_VERSION="${PF_PACKAGE}.${PF_REVISION}"
 ARG ARG_REVISION="${PF_REVISION}"
 ARG ARG_VENDOR=technicalguru
 ARG ARG_TITLE=technicalguru/mailserver-postfix
@@ -117,6 +119,11 @@ EXPOSE 993
 EXPOSE 995
 # SMTP Port (used for internal delivery from amavis, do not expose to the outside world!)
 EXPOSE 10025
-#CMD ["/usr/local/mailserver/loop.sh"]
+
+# populate persistent data
+VOLUME ["/etc/postfix", "/var/spool/postfix", "/var/vmail"]
+
 CMD ["/usr/local/mailserver/entrypoint.sh"]
+#CMD ["/usr/local/mailserver/loop.sh"]
+
 
diff --git a/build.sh b/build.sh
index cd988f7..b96cc71 100755
--- a/build.sh
+++ b/build.sh
@@ -1 +1,5 @@
-docker build --progress=plain -t technicalguru/mailserver-postfix:latest .
+#!/bin/sh
+docker build --progress=plain \
+  -t technicalguru/mailserver-postfix:latest \
+  --build-arg PF_PACKAGE="3.7.9-0+deb12u1" \
+  .
diff --git a/src/create_tables.sql b/src/create_tables.sql
index 00f86c7..8b13789 100644
--- a/src/create_tables.sql
+++ b/src/create_tables.sql
@@ -1,74 +1 @@
-CREATE TABLE IF NOT EXISTS `accounts` (
-  `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
-  `username` varchar(64) NOT NULL,
-  `domain` varchar(255) NOT NULL,
-  `password` varchar(255) NOT NULL,
-  `quota` int(10) UNSIGNED DEFAULT 0,
-  `enabled` tinyint(1) DEFAULT 0,
-  `sendonly` tinyint(1) DEFAULT 0,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `username` (`username`,`domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-
-CREATE TABLE IF NOT EXISTS `alias` (
-  `address` varchar(255) NOT NULL,
-  `goto` text NOT NULL,
-  `domain` varchar(255) NOT NULL,
-  `created` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
-  `modified` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
-  `active` tinyint(1) NOT NULL DEFAULT 1,
-  PRIMARY KEY (`address`)
-) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Aliases';
-
-CREATE TABLE IF NOT EXISTS `alias_domain` (
-  `alias_domain` varchar(255) NOT NULL DEFAULT '',
-  `target_domain` varchar(255) NOT NULL DEFAULT '',
-  `created` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
-  `modified` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
-  `active` tinyint(1) NOT NULL DEFAULT 1,
-  PRIMARY KEY (`alias_domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Domain Aliases';
-
-CREATE TABLE IF NOT EXISTS `domain` (
-  `domain` varchar(255) NOT NULL,
-  `description` varchar(255) CHARACTER SET utf8 NOT NULL,
-  `aliases` int(10) NOT NULL DEFAULT 0,
-  `mailboxes` int(10) NOT NULL DEFAULT 0,
-  `maxquota` bigint(20) NOT NULL DEFAULT 0,
-  `quota` bigint(20) NOT NULL DEFAULT 0,
-  `transport` varchar(255) NOT NULL,
-  `backupmx` tinyint(1) NOT NULL DEFAULT 0,
-  `created` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
-  `modified` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
-  `active` tinyint(1) NOT NULL DEFAULT 1,
-  PRIMARY KEY (`domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Domains';
-
-CREATE TABLE IF NOT EXISTS `mailbox` (
-  `username` varchar(255) NOT NULL,
-  `password` varchar(255) NOT NULL,
-  `name` varchar(255) CHARACTER SET utf8 NOT NULL,
-  `maildir` varchar(255) NOT NULL,
-  `quota` bigint(20) NOT NULL DEFAULT 0,
-  `local_part` varchar(255) NOT NULL,
-  `domain` varchar(255) NOT NULL,
-  `created` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
-  `modified` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
-  `active` tinyint(1) NOT NULL DEFAULT 1,
-  `phone` varchar(30) CHARACTER SET utf8 NOT NULL DEFAULT '',
-  `email_other` varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT '',
-  `token` varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT '',
-  `token_validity` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
-  PRIMARY KEY (`username`)
-) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Mailboxes';
-
-CREATE TABLE IF NOT EXISTS `tlspolicies` (
-  `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
-  `domain` varchar(255) NOT NULL,
-  `policy` enum('none','may','encrypt','dane','dane-only','fingerprint','verify','secure') NOT NULL,
-  `params` varchar(255) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `domain` (`domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-
 
diff --git a/src/entrypoint.sh b/src/entrypoint.sh
index 8b08015..ab48277 100755
--- a/src/entrypoint.sh
+++ b/src/entrypoint.sh
@@ -417,6 +417,10 @@ configure_sieve() {
 	chown -R vmail:vmail /var/vmail/sieve
 }
 
+create_persistent_data() {
+	[ -z "$(ls -A /etc/postfix)" ] && cp -arfp /etc/postfix_orig/. /etc/postfix/
+}
+
 # Stopping all (we got a TERM signal at this point)
 _sigterm() {
 	echo "Caught SIGTERM..."
@@ -426,6 +430,9 @@ _sigterm() {
 	kill -TERM "$TAIL_CHILD_PID" 2>/dev/null
 }
 
+# bootstrap data
+create_persistent_data
+
 #########################
 # Installation check
 #########################