diff --git a/data/assets/passwd/generate_passwords.sh b/data/assets/passwd/generate_passwords.sh
new file mode 100755
index 00000000..78613150
--- /dev/null
+++ b/data/assets/passwd/generate_passwords.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+echo DBPASS=$(openssl rand -base64 32 | tr -dc _A-Z-a-z-0-9)
+echo DBROOT=$(openssl rand -base64 32 | tr -dc _A-Z-a-z-0-9)
diff --git a/mailcow.conf b/mailcow.conf
index 95d49ac3..191d2430 100644
--- a/mailcow.conf
+++ b/mailcow.conf
@@ -1,19 +1,33 @@
+# ------------------------------
 # mailcow web ui configuration
-# example.org is NOT a valid hostname, use a fqdn here.
+# ------------------------------
+# example.org is _not_ a valid hostname, use a fqdn here.
 # Default admin user is "admin"
 # Default password is "moohoo"
 
 MAILCOW_HOSTNAME=mail.example.org
 
+
+# ------------------------------
 # SQL database configuration
+# ------------------------------
+
 DBNAME=mailcow
 DBUSER=mailcow
+
 # Please use long, random alphanumeric strings (A-Za-z0-9)
+# Run data/assets/passwd/generate_passwords.sh to generate safe passwords
+
 DBPASS=mysafepasswd
 DBROOT=myothersafepasswd
 
+
+# ------------------------------
+# Misc configuration
+# ------------------------------
 # You should leave that alone
-# Can also be 11.22.33.44:25 or 0.0.0.0:465 etc. for specific binding
+# Can also be 11.22.33.44:25 or 0.0.0.0:465 etc. for specific bindings
+
 SMTP_PORT=25
 SMTPS_PORT=465
 SUBMISSION_PORT=587
@@ -22,5 +36,6 @@ IMAPS_PORT=993
 POP_PORT=110
 POPS_PORT=995
 SIEVE_PORT=4190
+HTTPS_PORT=443
 
 TZ="Europe/Berlin"