diff --git a/system/hosts/mcp/containers.nix b/system/hosts/mcp/containers.nix
index 7f6fd29..505dc44 100644
--- a/system/hosts/mcp/containers.nix
+++ b/system/hosts/mcp/containers.nix
@@ -4,6 +4,7 @@
   # Additional configuration
   imports = [
     ./containers/bookstack.nix
+    ./containers/email.nix
     ./containers/gitea.nix
     ./containers/grafana.nix
     ./containers/jobhunt.nix
diff --git a/system/hosts/mcp/containers/email.nix b/system/hosts/mcp/containers/email.nix
new file mode 100644
index 0000000..85fc556
--- /dev/null
+++ b/system/hosts/mcp/containers/email.nix
@@ -0,0 +1,36 @@
+{ config, ... }:
+let
+  inherit (import ../lib.nix config) blazestar;
+in {
+  
+  virtualisation.oci-containers.containers.docker-mailserver = {
+    image = "ghcr.io/docker-mailserver/docker-mailserver:latest";
+    hostname = "mail.${blazestar}";
+    autoStart = true;
+    ports = [
+      "465:465"
+      "587:587"
+      "993:993"
+    ];
+    volumes = [
+      "/tank/mailserver/mail-data:/var/mail"
+      "/tank/mailserver/mail-state:/var/mail-state"
+      "/tank/mailserver/mail-logs:/var/log/mail"
+      "/tank/mailserver/config:/tmp/docker-mailserver"
+      "/etc/localtime:/etc/localtime:ro"
+    ];
+    environment = {
+      ENABLE_RSPAMD="1";
+      ENABLE_CLAMAV="1";
+      ENABLE_FAIL2BAN="1";
+    };
+    extraOptions = [
+      # add network admin capability for Fail2Ban
+      "--cap-add=NET_ADMIN"
+    ];
+    labels = {
+      "traefik.enable" = "true";
+      "traefik.tcp.routers.mail.service" = "mailserver";
+    };
+  };
+}