diff --git a/dovecot/templates/conf.d/10-ssl.conf.j2 b/dovecot/templates/conf.d/10-ssl.conf.j2
index ba928aebab5e312b069b454b070c4f2b38e1f918..7aadb4b754d5ea25cf58833e147ece7a16c39aa5 100644
--- a/dovecot/templates/conf.d/10-ssl.conf.j2
+++ b/dovecot/templates/conf.d/10-ssl.conf.j2
@@ -46,10 +46,12 @@ ssl_key = <{{ ssl_key }}
 ssl_dh_parameters_length = 4096
 
 # SSL protocols to use
-ssl_protocols = !SSLv3
+ssl_protocols = TLSv1.1 TLSv1.2 !SSLv3
 
 # SSL ciphers to use
-ssl_cipher_list = HIGH:!LOW:!SSLv2:!EXP:!aNULL:!MD5:!RC4:!SHA1
+#ssl_cipher_list = HIGH:!LOW:!SSLv2:!EXP:!aNULL:!MD5:!RC4:!SHA1
+#Supported Ciphers downto Android 2.3
+ssl_cipher_list = {{ tls_ciphers }}
 
 # Prefer the server's order of ciphers over client's.
 ssl_prefer_server_ciphers = yes
diff --git a/postfix/handlers/main.yml b/postfix/handlers/main.yml
index e2fa640b4e628462e2a419e1d6b56bec466221b4..0c29612f2b054f8c8a4255c86d083625a7867da6 100644
--- a/postfix/handlers/main.yml
+++ b/postfix/handlers/main.yml
@@ -3,6 +3,9 @@
 - name: restart postfix
   service: name=postfix state=restarted
 
+- name: restart memcached
+  service: name=memcached state=restarted
+
 - name: postmap system
   command: postalias cdb:/etc/aliases
 
diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml
index b50ddd8c75c75dfe6b0b4d93ccbf354fccc791e1..73ce164b753a7de6421864a29f1e1e3e28f756be 100644
--- a/postfix/tasks/main.yml
+++ b/postfix/tasks/main.yml
@@ -34,6 +34,14 @@
   tags:
     - postfix
     - mail
+
+- name: ensure memcached config is present
+  template: src=templates/memcached.conf.j2 dest=/etc/memcached.conf
+  notify:
+    - restart memcached
+  tags:
+    - postfix
+    - mail
     
 - name: ensure system alias database is present
   template: src=templates/aliases.j2 dest=/etc/aliases
diff --git a/postfix/templates/main.cf.j2 b/postfix/templates/main.cf.j2
index f21ff9fdf74838b97555b2894d226eaa5497ca5d..4b42739221144893e00533536c797c5268d03127 100644
--- a/postfix/templates/main.cf.j2
+++ b/postfix/templates/main.cf.j2
@@ -29,6 +29,15 @@ smtpd_tls_auth_only=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
+#ciphers supported downto android 2.3
+smtpd_tls_mandatory_protocols = !TLSv1 !SSLv2, !SSLv3
+smtpd_tls_protocols = !TLSv1 !SSLv2 !SSLv3
+smtpd_tls_mandatory_ciphers=high
+tls_high_cipherlist = {{ tls_ciphers }}
+smtpd_tls_eecdh_grade=ultra
+
+
+
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.
 smtpd_sasl_type = dovecot
diff --git a/postfix/templates/memcached.conf.j2 b/postfix/templates/memcached.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..c1d6ac1f4dfad1933fc08f1e2149eb50204cd384
--- /dev/null
+++ b/postfix/templates/memcached.conf.j2
@@ -0,0 +1,47 @@
+# memcached default config file
+# 2003 - Jay Bonci <jaybonci@debian.org>
+# This configuration file is read by the start-memcached script provided as
+# part of the Debian GNU/Linux distribution.
+
+# Run memcached as a daemon. This command is implied, and is not needed for the
+# daemon to run. See the README.Debian that comes with this package for more
+# information.
+-d
+
+# Log memcached's output to /var/log/memcached
+logfile /var/log/memcached.log
+
+# Be verbose
+# -v
+
+# Be even more verbose (print client commands as well)
+# -vv
+
+# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
+# Note that the daemon will grow to this size, but does not start out holding this much
+# memory
+-m 64
+
+# Default connection port is 11211
+-p 11211
+
+# Run the daemon as root. The start-memcached will default to running as root if no
+# -u command is present in this config file
+-u memcache
+
+# Specify which IP address to listen on. The default is to listen on all IP addresses
+# This parameter is one of the only security measures that memcached has, so make sure
+# it's listening on a firewalled interface.
+-l {{ tinc_vpnip }}
+
+# Limit the number of simultaneous incoming connections. The daemon default is 1024
+# -c 1024
+
+# Lock down all paged memory. Consult with the README and homepage before you do this
+# -k
+
+# Return error when memory is exhausted (rather than removing items)
+# -M
+
+# Maximize core file limit
+# -r
diff --git a/postfix/templates/postscreen_cache.j2 b/postfix/templates/postscreen_cache.j2
index 0a886f89523234675fe08ae9b4ff057f4125c824..9b861ab82dc7efbb107f29b0cf32254c88488020 100644
--- a/postfix/templates/postscreen_cache.j2
+++ b/postfix/templates/postscreen_cache.j2
@@ -3,9 +3,9 @@
 #
 
 {% for partner in groups['mail'] %}
-  {% if partner != ansible_hostname %}
-memcache = inet::{{hostvars[partner]["tinc_vpnip"]}}11211
-  {% endif %}
+{% if partner != ansible_hostname %}
+memcache = inet:{{hostvars[partner]["tinc_vpnip"]}}:11211
+{% endif %}
 {% endfor %}
 
 backup = proxy:btree:/var/lib/postfix/postscreen_cache