diff --git a/Dockerfile b/Dockerfile
index ca7e8a8..bcf6055 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,8 +13,49 @@ RUN sed -re "s/^(appendonly).*/\1 yes/" -i /etc/redis.conf
 RUN echo "pidfile /run/redis/redis.pid" >> /etc/redis.conf
 RUN echo "daemonize yes" >> /etc/redis.conf
 RUN echo "protected-mode no" >> /etc/redis.conf
-RUN echo "maxmemory-policy allkeys-lfu" >> /etc/redis.conf
 RUN echo "maxmemory 50mb" >> /etc/redis.conf
+RUN echo "maxmemory-policy volatile-ttl" >> /etc/redis.conf
+RUN echo "bind 127.0.0.1 ::1" >> /etc/redis.conf
+RUN sed -re "s/^(dir).*/\1 \/var\/lib\/rspamd-redis/" -i /etc/redis.conf
 
-EXPOSE 6379
-VOLUME "/var/lib/redis"
+RUN apk add --no-cache rspamd rspamd-client rspamd-proxy rspamd-controller
+RUN install -dm 755 /etc/rspamd/local.d
+RUN install -dm 750 -o rspamd -g rspamd /var/lib/rspamd
+RUN install -dm 750 -o redis -g redis /var/lib/rspamd-redis
+
+# TODO: Deprecate OpenDKIM
+RUN echo "enabled = false;" >> /etc/rspamd/local.d/dkim_signing.conf
+
+# Redis
+RUN echo "write_servers = \"localhost\";" >> /etc/rspamd/local.d/redis.conf
+RUN echo "read_servers = \"localhost\";" >> /etc/rspamd/local.d/redis.conf
+
+# Workers
+RUN echo "bind_socket = \"*:11332\";" >> /etc/rspamd/local.d/worker-proxy.inc
+RUN echo "bind_socket = \"*:11333\";" >> /etc/rspamd/local.d/worker-normal.inc
+RUN echo "bind_socket = \"*:11334\";" >> /etc/rspamd/local.d/worker-controller.inc
+# We don't really care about the password...
+RUN echo "password = \"`rspamadm pw -p '12345678'`\";" >> /etc/rspamd/local.d/worker-controller.inc
+
+# Options
+# Rspamd doesn't seem to write a pid file and upstream not really
+# helpful about it: https://github.com/rspamd/rspamd/issues/3096
+# RUN echo "pid_file = \"/tmp/rspamd.pid\";" >> /etc/rspamd/local.d/options.inc
+RUN echo "local_addrs = \"/etc/rspamd/local.d/maps.d/local_addrs\";" >> /etc/rspamd/local.d/options.inc
+
+# Logging
+RUN echo "type = \"syslog\";" >> /etc/rspamd/local.d/logging.inc
+RUN echo "facility = \"daemon\";" >> /etc/rspamd/local.d/logging.inc
+
+# Learn spam
+RUN echo "servers = \"localhost\";" >> /etc/rspamd/local.d/classifier-bayes.conf
+RUN echo "autolearn = [-5,5];" >> /etc/rspamd/local.d/classifier-bayes.conf
+
+COPY ./local_addrs.sh /usr/local/bin/local_addrs
+COPY ./rspamd.conf /etc/monit.d/rspamd.conf
+
+EXPOSE 11332
+EXPOSE 11333
+EXPOSE 11334
+VOLUME "/var/lib/rspamd-redis"
+VOLUME "/var/lib/rspamd"
diff --git a/local.conf b/local.conf
new file mode 100644
index 0000000..aac8fc1
--- /dev/null
+++ b/local.conf
@@ -0,0 +1 @@
+bind_socket = "*:11333";
diff --git a/local_addrs.sh b/local_addrs.sh
new file mode 100755
index 0000000..2aec2d7
--- /dev/null
+++ b/local_addrs.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+local_addrs="/etc/rspamd/local.d/maps.d/local_addrs"
+
+test -f "${local_addrs}" && exit
+
+ip -4 route | cut -d " " -f 1 | grep -v default >> "${local_addrs}"
+ip -6 route | cut -d " " -f 1 | grep -v default >> "${local_addrs}"
diff --git a/rspamd.conf b/rspamd.conf
new file mode 100644
index 0000000..24cfa50
--- /dev/null
+++ b/rspamd.conf
@@ -0,0 +1,8 @@
+check process rspamd with matching "rspamd: main"
+  start program = "/usr/sbin/rspamd" as uid "rspamd" and gid "rspamd"
+  stop program = "/usr/bin/killall rspamd"
+
+check program local_addrs
+  with path "/usr/local/bin/local_addrs"
+  every 1 cycle
+  if status = 0 then unmonitor