Dockerfile

@@ -3,11 +3,16 @@ FROM python:3.12-slim
 WORKDIR /app
 ENV PYTHONUNBUFFERED=1
 
+# Create a dedicated non-root user and group to run the proxy.
+RUN groupadd --system appuser && useradd --system --gid appuser appuser
+
 COPY requirements.txt ./
 RUN pip install --no-cache-dir -r requirements.txt
 
-COPY proxy_server.py ./
+COPY --chown=appuser:appuser proxy_server.py ./
 
 EXPOSE 110 25
 
+USER appuser
+
 CMD ["python", "proxy_server.py"]