diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 1cd42ad..0a77dd1 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -1,22 +1,13 @@
 ---
 
-- name: Read Authelia use Postfix
-  set_fact:
-    authelia_use_postfix: "{{ (AUTHELIA_USE_POSTFIX | default(lookup('env', 'AUTHELIA_USE_POSTFIX') | default('false', true), true)) | bool }}"
-  no_log: true
-
-- name: Configure Postfix (send-only relay)
+- name: Configure Postfix (send-only)
   block:
     - name: Read Postfix relay host
       set_fact:
-        postfix_relayhost: "{{ POSTFIX_RELAYHOST | default(lookup('env', 'POSTFIX_RELAYHOST')) }}"
+        postfix_relayhost: "{{ POSTFIX_RELAYHOST | default(lookup('env', 'POSTFIX_RELAYHOST') | default('smtp.postmarkapp.com', true), true) }}"
+        postfix_relayhost_port: "{{ POSTFIX_RELAYHOST_PORT | default(lookup('env', 'POSTFIX_RELAYHOST_PORT') | default('2525', true), true) }}"
       no_log: true
 
-    - name: Fail if Postfix relay host is missing
-      fail:
-        msg: "POSTFIX_RELAYHOST is required"
-      when: postfix_relayhost | length == 0
-
     - name: Read Postfix relay host username
       set_fact:
         postfix_relayhost_username: "{{ POSTFIX_RELAYHOST_USERNAME | default(lookup('env', 'POSTFIX_RELAYHOST_USERNAME') | default('', true), true) }}"
@@ -61,4 +52,3 @@
       command: docker compose up -d
       args:
         chdir: /opt/postfix
-  when: authelia_use_postfix
diff --git a/roles/postfix/templates/docker-compose.yml.j2 b/roles/postfix/templates/docker-compose.yml.j2
index 8c52fd0..fa9c232 100644
--- a/roles/postfix/templates/docker-compose.yml.j2
+++ b/roles/postfix/templates/docker-compose.yml.j2
@@ -2,15 +2,23 @@ services:
   postfix:
     image: boky/postfix:latest
     environment:
-      RELAYHOST: "{{ postfix_relayhost }}"
+{% if postfix_relayhost | length > 0 %}
+      RELAYHOST: "[{{ postfix_relayhost }}]:{{ postfix_relayhost_port | default('587') }}"
 {% if postfix_relayhost_username | length > 0 %}
       RELAYHOST_USERNAME: "{{ postfix_relayhost_username }}"
       RELAYHOST_PASSWORD: "{{ postfix_relayhost_password }}"
+{% endif %}
 {% endif %}
       POSTFIX_smtp_tls_security_level: "{{ postfix_smtp_tls_security_level }}"
-      ALLOWED_SENDER_DOMAINS: "{{ postfix_allowed_sender_domains }}"
+      POSTFIX_smtpd_tls_security_level: none
+      POSTFIX_relay_domains: "*"
+      POSTFIX_smtpd_relay_restrictions: "permit_mynetworks,reject"
+      POSTFIX_smtpd_recipient_restrictions: "permit_mynetworks,reject_unauth_destination"
+      ALLOWED_SENDER_DOMAINS: "{{ postfix_allowed_sender_domains }},services"
       ALLOW_EMPTY_SENDER_DOMAINS: "{{ postfix_allow_empty_sender_domains | ternary('true', 'false') }}"
       POSTFIX_mynetworks: "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
+    ports:
+      - "25:25"
     networks:
       - proxy
     restart: unless-stopped