diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md
index c438bfeb..5fc551cf 100644
--- a/docs/configuration/environment-variables.md
+++ b/docs/configuration/environment-variables.md
@@ -11,13 +11,14 @@ These are the core environment variables that need to be configured in your `.en
 When you use the MySQL service provided by docker-mailserver compose, you don't need to configure this.
 It is required to **always set** `MYSQL_PASSWORD`.
 
-| Variable         | Default                              | Description             |
-| ---------------- | ------------------------------------ | ----------------------- |
-| `MYSQL_HOST`     | `db`                                 | MySQL database hostname |
-| `MYSQL_PORT`     | `3306`                               | MySQL database port     |
-| `MYSQL_DATABASE` | `mailserver`                         | MySQL database name     |
-| `MYSQL_USER`     | `root` (MTA/MDA), `mailserver` (Web) | MySQL database username |
-| `MYSQL_PASSWORD` | _(empty)_                            | MySQL database password |
+| Variable                | Default                              | Description                        |
+| ----------------------- | ------------------------------------ | ---------------------------------- |
+| `MYSQL_HOST`            | `db`                                 | MySQL database hostname            |
+| `MYSQL_PORT`            | `3306`                               | MySQL database port                |
+| `MYSQL_DATABASE`        | `mailserver`                         | MySQL database name                |
+| `MYSQL_USER`            | `root` (MTA/MDA), `mailserver` (Web) | MySQL database username            |
+| `MYSQL_PASSWORD`        | _(empty)_                            | MySQL database password            |
+| `MYSQL_TLS_VERIFY_CERT` | `no`                                 | MySQL TLS certificate verification |
 
 ### Mail Server Identity
 
diff --git a/target/mta/Dockerfile b/target/mta/Dockerfile
index 8121a394..1d1d11e3 100644
--- a/target/mta/Dockerfile
+++ b/target/mta/Dockerfile
@@ -1,5 +1,5 @@
 FROM ghcr.io/jeboehm/dockerize:0.9.3@sha256:d4e824aa120670658d7012421d2fdf1b2437be34a6acbb7a4ad92ed52edec8eb AS dockerize
-FROM alpine:3.22@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412
+FROM alpine:3.23@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62
 
 LABEL maintainer="https://github.com/jeboehm/docker-mailserver"
 LABEL vendor="https://github.com/jeboehm/docker-mailserver"
@@ -11,6 +11,7 @@ ENV MAILNAME=mail.example.com \
     MYSQL_PORT=3306 \
     MYSQL_USER=root \
     MYSQL_DATABASE=mailserver \
+    MYSQL_TLS_VERIFY_CERT=no \
     MDA_LMTP_ADDRESS=mda:2003 \
     MDA_AUTH_ADDRESS=mda:2004 \
     FILTER_MILTER_ADDRESS=filter:11332 \
diff --git a/target/mta/rootfs/etc/postfix/mysql-email-submission.cf.templ b/target/mta/rootfs/etc/postfix/mysql-email-submission.cf.templ
index 4ffa1c2d..3c67668c 100644
--- a/target/mta/rootfs/etc/postfix/mysql-email-submission.cf.templ
+++ b/target/mta/rootfs/etc/postfix/mysql-email-submission.cf.templ
@@ -2,4 +2,5 @@ user = {{ .Env.MYSQL_USER }}
 password = {{ .Env.MYSQL_PASSWORD }}
 hosts = {{ .Env.MYSQL_HOST }}:{{ .Env.MYSQL_PORT }}
 dbname = {{ .Env.MYSQL_DATABASE }}
+tls_verify_cert = {{ .Env.MYSQL_TLS_VERIFY_CERT }}
 query = SELECT CONCAT(mail_users.name, '@', d1.name) AS email FROM mail_users JOIN mail_domains d1 ON mail_users.domain_id = d1.id HAVING email='%s' UNION SELECT destination AS email FROM mail_aliases JOIN mail_domains d2 ON mail_aliases.domain_id = d2.id WHERE CONCAT(mail_aliases.name, '@', d2.name)='%s'
diff --git a/target/mta/rootfs/etc/postfix/mysql-email2email.cf.templ b/target/mta/rootfs/etc/postfix/mysql-email2email.cf.templ
index d9fa4bc0..e9db2522 100644
--- a/target/mta/rootfs/etc/postfix/mysql-email2email.cf.templ
+++ b/target/mta/rootfs/etc/postfix/mysql-email2email.cf.templ
@@ -2,4 +2,5 @@ user = {{ .Env.MYSQL_USER }}
 password = {{ .Env.MYSQL_PASSWORD }}
 hosts = {{ .Env.MYSQL_HOST }}:{{ .Env.MYSQL_PORT }}
 dbname = {{ .Env.MYSQL_DATABASE }}
+tls_verify_cert = {{ .Env.MYSQL_TLS_VERIFY_CERT }}
 query = SELECT CONCAT(mail_users.name, '@', mail_domains.name) AS email FROM mail_users JOIN mail_domains ON mail_users.domain_id = mail_domains.id HAVING email='%s'
diff --git a/target/mta/rootfs/etc/postfix/mysql-recipient-access.cf.templ b/target/mta/rootfs/etc/postfix/mysql-recipient-access.cf.templ
index f2251344..696c88ec 100644
--- a/target/mta/rootfs/etc/postfix/mysql-recipient-access.cf.templ
+++ b/target/mta/rootfs/etc/postfix/mysql-recipient-access.cf.templ
@@ -2,4 +2,5 @@ user = {{ .Env.MYSQL_USER }}
 password = {{ .Env.MYSQL_PASSWORD }}
 hosts = {{ .Env.MYSQL_HOST }}:{{ .Env.MYSQL_PORT }}
 dbname = {{ .Env.MYSQL_DATABASE }}
+tls_verify_cert = {{ .Env.MYSQL_TLS_VERIFY_CERT }}
 query = SELECT IF(send_only = true, 'REJECT', 'OK') AS access FROM mail_users JOIN mail_domains ON mail_users.domain_id = mail_domains.id WHERE mail_users.name = '%u' AND mail_domains.name = '%d'
diff --git a/target/mta/rootfs/etc/postfix/mysql-virtual-alias-maps.cf.templ b/target/mta/rootfs/etc/postfix/mysql-virtual-alias-maps.cf.templ
index 5b477aa0..9676cec6 100644
--- a/target/mta/rootfs/etc/postfix/mysql-virtual-alias-maps.cf.templ
+++ b/target/mta/rootfs/etc/postfix/mysql-virtual-alias-maps.cf.templ
@@ -2,4 +2,5 @@ user = {{ .Env.MYSQL_USER }}
 password = {{ .Env.MYSQL_PASSWORD }}
 hosts = {{ .Env.MYSQL_HOST }}:{{ .Env.MYSQL_PORT }}
 dbname = {{ .Env.MYSQL_DATABASE }}
+tls_verify_cert = {{ .Env.MYSQL_TLS_VERIFY_CERT }}
 query = SELECT destination FROM mail_aliases JOIN mail_domains ON mail_aliases.domain_id = mail_domains.id WHERE CONCAT(mail_aliases.name, '@', mail_domains.name) = '%s'
diff --git a/target/mta/rootfs/etc/postfix/mysql-virtual-mailbox-domains.cf.templ b/target/mta/rootfs/etc/postfix/mysql-virtual-mailbox-domains.cf.templ
index 9573505f..470b10b9 100644
--- a/target/mta/rootfs/etc/postfix/mysql-virtual-mailbox-domains.cf.templ
+++ b/target/mta/rootfs/etc/postfix/mysql-virtual-mailbox-domains.cf.templ
@@ -2,4 +2,5 @@ user = {{ .Env.MYSQL_USER }}
 password = {{ .Env.MYSQL_PASSWORD }}
 hosts = {{ .Env.MYSQL_HOST }}:{{ .Env.MYSQL_PORT }}
 dbname = {{ .Env.MYSQL_DATABASE }}
+tls_verify_cert = {{ .Env.MYSQL_TLS_VERIFY_CERT }}
 query = SELECT 1 FROM mail_domains WHERE name='%s'
diff --git a/target/mta/rootfs/etc/postfix/mysql-virtual-mailbox-maps.cf.templ b/target/mta/rootfs/etc/postfix/mysql-virtual-mailbox-maps.cf.templ
index 26e854da..9e8be68b 100644
--- a/target/mta/rootfs/etc/postfix/mysql-virtual-mailbox-maps.cf.templ
+++ b/target/mta/rootfs/etc/postfix/mysql-virtual-mailbox-maps.cf.templ
@@ -2,4 +2,5 @@ user = {{ .Env.MYSQL_USER }}
 password = {{ .Env.MYSQL_PASSWORD }}
 hosts = {{ .Env.MYSQL_HOST }}:{{ .Env.MYSQL_PORT }}
 dbname = {{ .Env.MYSQL_DATABASE }}
+tls_verify_cert = {{ .Env.MYSQL_TLS_VERIFY_CERT }}
 query = SELECT 1 FROM mail_users JOIN mail_domains ON mail_users.domain_id = mail_domains.id WHERE mail_users.name = '%u' AND mail_domains.name = '%d' AND enabled = 1
diff --git a/target/ssl/Dockerfile b/target/ssl/Dockerfile
index e0c5ec1e..c58d6963 100644
--- a/target/ssl/Dockerfile
+++ b/target/ssl/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.22@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412
+FROM alpine:3.23@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62
 
 LABEL maintainer="https://github.com/jeboehm/docker-mailserver"
 LABEL vendor="https://github.com/jeboehm/docker-mailserver"
diff --git a/target/web/Dockerfile b/target/web/Dockerfile
index dfd9d895..9c551bcc 100644
--- a/target/web/Dockerfile
+++ b/target/web/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.22@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 AS base
+FROM alpine:3.23@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62 AS base
 
 LABEL maintainer="https://github.com/jeboehm/docker-mailserver"
 LABEL vendor="https://github.com/jeboehm/docker-mailserver"