diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..28e8b60
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,18 @@
+# Please set these as explained in README.md
+SERVE_FROM_DOMAIN=
+MAILMAN_ADMIN_USER=
+MAILMAN_ADMIN_EMAIL=
+
+# only use URL safe characters for the secrets, else you will break at least the DATABASE_URL
+# i.e. do not use blanks ; / ? : @ = &   < > # % { } | \ ^ ~ [ ] `
+# you can use a commandline like `openssl rand -hex 24` to generate pseudo-random values for these secrets
+HYPERKITTY_API_KEY=
+DATABASE_PASSWORD=
+DJANGO_SECRET_KEY=
+
+# you might want to change the timezone to your local one
+TZ=UTC
+
+# likely, you don't need to change these:
+DATABASE_NAME=mailmandb
+DATABASE_USER=mailman
diff --git a/.gitignore b/.gitignore
index feb8f08..8eb0a3a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+.env
 */.sass-cache/*
 *.log
 *.log
diff --git a/README.md b/README.md
index 1aca307..2a13ac5 100644
--- a/README.md
+++ b/README.md
@@ -121,8 +121,11 @@ For other systems, you can read the official Docker documentation to install
 
 ## Configuration
 
-Most of the common configuration is handled through environment variables in the
-`docker-compose.yaml`. However, there is need for some extra configuration that
+Most of the common configuration is defined in `.env`. Please copy the content of `.env.example`
+into a fresh `.env` file (i.e. by running `cp -a .env.example .env`) and customise it there.
+Further custom environment variables should be set via a newly created docker-compose.override.yaml.
+
+Additionally, there is need for some extra configuration that
 interacts directly with the application. There are two configuration files on
 the host that interact directly with Mailman's settings. These files exist on
 the host running the containers and are imported at runtime in the containers.
@@ -151,7 +154,7 @@ mounted inside the containers.
    container.
 
 ### Mailman-web
-These are the settings that you MUST change in your docker-compose.yaml before deploying:
+These are the settings that you MUST change in your `.env` before deploying:
 
 - `SERVE_FROM_DOMAIN`: The domain name from which Django will be served. To be
   added to `ALLOWED_HOSTS` in django settings. Default value is not set. This
@@ -190,7 +193,7 @@ For more details on how to configure this image, please look at
 
 ### Mailman-Core
 
-These are the variables that you MUST change in your docker-compose.yaml before deploying:
+These are the variables that you MUST change in your `.env` before deploying:
 
 - `HYPERKITTY_API_KEY`: Hyperkitty's API Key, should be set to the same value as
   set for the mailman-web. Skip the variable in case of non-Hyperkitty deployment.
diff --git a/docker-compose-mysql.yaml b/docker-compose-mysql.yaml
index 78f0cf1..34c752e 100644
--- a/docker-compose-mysql.yaml
+++ b/docker-compose-mysql.yaml
@@ -13,10 +13,11 @@ services:
     - database:database
     depends_on:
     - database
-    environment:
-    - DATABASE_URL=mysql+pymysql://mailman:mailmanpass@database/mailmandb?charset=utf8mb4&use_unicode=1 # Do use mysql+pymysql:// here
+    environment: # 
+    - DATABASE_URL=mysql+pymysql://${DATABASE_USER}:${DATABASE_PASSWORD}@database/${DATABASE_NAME}?charset=utf8mb4&use_unicode=1 # Do use mysql+pymysql:// here
     - DATABASE_TYPE=mysql
-    - HYPERKITTY_API_KEY=someapikey
+    - HYPERKITTY_API_KEY=${HYPERKITTY_API_KEY}
+    - TZ=${TZ}
     ports:
     - "127.0.0.1:8001:8001" # API
     - "127.0.0.1:8024:8024" # LMTP - incoming emails
@@ -37,10 +38,11 @@ services:
     - /opt/mailman/web:/opt/mailman-web-data
     environment:
     - DATABASE_TYPE=mysql
-    - DATABASE_URL=mysql://mailman:mailmanpass@database/mailmandb?charset=utf8mb4 # Do use mysql:// here
-    - HYPERKITTY_API_KEY=someapikey
-    - SECRET_KEY=thisisaverysecretkey
+    - mysql+pymysql://${DATABASE_USER}:${DATABASE_PASSWORD}@database/${DATABASE_NAME}?charset=utf8mb4 # Do use mysql:// here
+    - HYPERKITTY_API_KEY=${HYPERKITTY_API_KEY}
+    - SECRET_KEY=${DJANGO_SECRET_KEY}
     - DYLD_LIBRARY_PATH=/usr/local/mysql/lib/
+    - TZ=${TZ}
     ports:
     - "127.0.0.1:8000:8000" # HTTP
     - "127.0.0.1:8080:8080" # uwsgi
@@ -49,9 +51,9 @@ services:
 
   database:
     environment:
-      MYSQL_DATABASE: mailmandb
-      MYSQL_USER: mailman
-      MYSQL_PASSWORD: mailmanpass
+      MYSQL_DATABASE: ${DATABASE_NAME}
+      MYSQL_USER: ${DATABASE_USER}
+      MYSQL_PASSWORD: ${DATABASE_PASSWORD}
       MYSQL_RANDOM_ROOT_PASSWORD: "yes"
     image: mariadb:10.5
     command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
diff --git a/docker-compose-postorius.yaml b/docker-compose-postorius.yaml
index 4e733cf..40e8139 100644
--- a/docker-compose-postorius.yaml
+++ b/docker-compose-postorius.yaml
@@ -14,9 +14,10 @@ services:
     depends_on:
     - database
     environment:
-    - DATABASE_URL=postgres://mailman:mailmanpass@database/mailmandb
+    - DATABASE_URL=postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@database/${DATABASE_NAME}
     - DATABASE_TYPE=postgres
     - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
+    - TZ=${TZ}
     ports:
     - "127.0.0.1:8001:8001" # API
     - "127.0.0.1:8024:8024" # LMTP - incoming emails
@@ -36,10 +37,11 @@ services:
     volumes:
     - /opt/mailman/web:/opt/mailman-web-data
     environment:
+    - DATABASE_URL=postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@database/${DATABASE_NAME}
     - DATABASE_TYPE=postgres
-    - DATABASE_URL=postgres://mailman:mailmanpass@database/mailmandb
-    - SECRET_KEY=ksjdbaksdba
-    - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static 
+    - SECRET_KEY=${DJANGO_SECRET_KEY}
+    - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static
+    - TZ=${TZ}
     ports:
     - "127.0.0.1:8000:8000" # HTTP
     - "127.0.0.1:8080:8080" # uwsgi
@@ -48,9 +50,9 @@ services:
 
   database:
     environment:
-      POSTGRES_DB: mailmandb
-      POSTGRES_USER: mailman
-      POSTGRES_PASSWORD: mailmanpass
+    - POSTGRES_DB=${DATABASE_NAME}
+    - POSTGRES_USER=${DATABASE_USER}
+    - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
     restart: always
     image: postgres:9.6-alpine
     volumes:
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 27d5001..daa4696 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -15,10 +15,11 @@ services:
       database:
         condition: service_healthy
     environment:
-    - DATABASE_URL=postgresql://mailman:mailmanpass@database/mailmandb
+    - DATABASE_URL=postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@database/${DATABASE_NAME}
     - DATABASE_TYPE=postgres
     - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
-    - HYPERKITTY_API_KEY=someapikey
+    - HYPERKITTY_API_KEY=${HYPERKITTY_API_KEY}
+    - TZ=${TZ}
     ports:
     - "127.0.0.1:8001:8001" # API
     - "127.0.0.1:8024:8024" # LMTP - incoming emails
@@ -39,9 +40,14 @@ services:
     volumes:
     - /opt/mailman/web:/opt/mailman-web-data
     environment:
+    - DATABASE_URL=postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@database/${DATABASE_NAME}
     - DATABASE_TYPE=postgres
-    - DATABASE_URL=postgresql://mailman:mailmanpass@database/mailmandb
-    - HYPERKITTY_API_KEY=someapikey
+    - HYPERKITTY_API_KEY=${HYPERKITTY_API_KEY}
+    - SECRET_KEY=${DJANGO_SECRET_KEY}
+    - TZ=${TZ}
+    - SERVE_FROM_DOMAIN=${SERVE_FROM_DOMAIN}
+    - MAILMAN_ADMIN_USER=${MAILMAN_ADMIN_USER}
+    - MAILMAN_ADMIN_EMAIL=${MAILMAN_ADMIN_EMAIL}
     ports:
     - "127.0.0.1:8000:8000" # HTTP
     - "127.0.0.1:8080:8080" # uwsgi
@@ -50,6 +56,10 @@ services:
 
   database:
     environment:
+    - POSTGRES_DB=${DATABASE_NAME}
+    - POSTGRES_USER=${DATABASE_USER}
+    - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+    image: postgres:11-alpine
     - POSTGRES_DB=mailmandb
     - POSTGRES_USER=mailman
     - POSTGRES_PASSWORD=mailmanpass