diff --git a/nomad-job/dockermailserver.nomad b/nomad-job/dockermailserver.nomad
new file mode 100644
index 0000000..c45ae72
--- /dev/null
+++ b/nomad-job/dockermailserver.nomad
@@ -0,0 +1,161 @@
+job "dockermailserver" {
+  datacenters = ["hetzner"]
+  priority    = 90
+  type        = "service"
+  meta {
+    forcedeploy = "0"
+  }
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  group "dockermailserver" {
+    network {
+      mode = "host"
+      port "smtp" {
+        to = 25
+      }
+      port "imap" {
+        to = 10993
+      }
+      port "esmtp" {
+        to = 465
+      }
+    }
+    service {
+      name = "smtp"
+      port = "smtp"
+      tags = [
+        "traefik.enable=true",
+        "traefik.tcp.routers.smtp.service=smtp",
+        "traefik.tcp.routers.smtp.entrypoints=smtp",
+        "traefik.tcp.routers.smtp.rule=HostSNI(`*`)",
+        "traefik.tcp.routers.smtp.tls.passthrough=true",
+        "traefik.tcp.routers.smtp.tls=false",
+        "traefik.tcp.services.smtp.loadbalancer.proxyProtocol.version=1",
+      ]
+      check {
+        name     = "smtp_probe"
+        type     = "tcp"
+        interval = "20s"
+        timeout  = "2s"
+      }
+    }
+    service {
+      name = "esmtp"
+      port = "esmtp"
+      tags = [
+        "traefik.enable=true",
+        "traefik.tcp.routers.esmtp.service=esmtp",
+        "traefik.tcp.routers.esmtp.entrypoints=esmtp",
+        "traefik.tcp.routers.esmtp.rule=HostSNI(`*`)",
+        "traefik.tcp.routers.esmtp.tls.passthrough=true",
+        "traefik.tcp.services.esmtp.loadbalancer.proxyProtocol.version=1",
+      ]
+      check {
+        name     = "esmtp_probe"
+        type     = "tcp"
+        interval = "20s"
+        timeout  = "2s"
+      }
+    }
+    service {
+      name = "imap"
+      port = "imap"
+      tags = [
+        "traefik.enable=true",
+        "traefik.tcp.routers.imap.service=imap",
+        "traefik.tcp.routers.imap.entrypoints=imap",
+        "traefik.tcp.routers.imap.rule=HostSNI(`*`)",
+        "traefik.tcp.routers.imap.tls.passthrough=true",
+        "traefik.tcp.services.imap.loadbalancer.proxyProtocol.version=2", 
+      ]
+      check {
+        name     = "imap_probe"
+        type     = "tcp"
+        interval = "20s"
+        timeout  = "2s"
+      }
+    }
+    service {
+      name = "certmail"
+      tags =[
+          "traefik.enable=true",
+          "traefik.http.routers.certmail.tls.domains[0].sans=mail.ducamps.eu",
+          "traefik.http.routers.certmail.tls.certresolver=myresolver",
+      ]
+    }
+    
+    #    vault{
+    #      policies= ["policy_name"]
+    #
+    #}
+    task "server" {
+      driver = "docker"
+      config {
+        image = "ghcr.io/docker-mailserver/docker-mailserver:edge"
+        ports = ["smtp", "esmtp", "imap"]
+        volumes = [
+          "/mnt/diskstation/nomad/dms/mail-data:/var/mail",
+          "/mnt/diskstation/nomad/dms/mail-state:/var/mail-state",
+          "/mnt/diskstation/nomad/dms/mail-logs:/var/log/mail",
+          "/mnt/diskstation/nomad/dms/config:/tmp/docker-mailserver",
+          "/etc/localtime:/etc/localtime",
+          "local/postfix-main.cf:/tmp/docker-mailserver/postfix-main.cf",
+          "local/postfix-master.cf:/tmp/docker-mailserver/postfix-master.cf",
+          "local/dovecot.cf:/tmp/docker-mailserver/dovecot.cf",
+          "/mnt/diskstation/nomad/traefik/acme.json:/etc/letsencrypt/acme.json"
+        ]
+      }
+
+      env {
+        OVERRIDE_HOSTNAME = "mail.ducamps.eu"
+        DMS_VMAIL_UID = 1000000
+        DMS_VMAIL_GID = 100
+        SSL_TYPE= "letsencrypt"
+        SSL_DOMAIN= "mail.ducamps.eu"
+        LOG_LEVEL="debug"
+      }
+      template {
+        data        = <<EOH
+
+        EOH
+        destination = "secrets/config"
+        env         = true
+      }
+
+      template {
+        data        = <<EOH
+postscreen_upstream_proxy_protocol = haproxy
+        EOH
+        destination = "local/postfix-main.cf"
+      }
+      template {
+        data        = <<EOH
+submission/inet/smtpd_upstream_proxy_protocol=haproxy
+submissions/inet/smtpd_upstream_proxy_protocol=haproxy
+        EOH
+        destination = "local/postfix-master.cf"
+      }
+      template {
+        data        = <<EOH
+haproxy_trusted_networks = 10.0.0.0/24, 127.0.0.0/8, 172.17.0.1
+haproxy_timeout = 3 secs
+service imap-login {
+    inet_listener imaps {
+    haproxy = yes
+    ssl = yes
+    port = 10993
+  }
+}
+        EOH
+        destination = "local/dovecot.cf"
+      }
+      resources {
+        memory = 300
+      }
+    }
+
+  }
+}
diff --git a/nomad-job/traefik-ingress.nomad b/nomad-job/traefik-ingress.nomad
index 41dd504..7287a62 100644
--- a/nomad-job/traefik-ingress.nomad
+++ b/nomad-job/traefik-ingress.nomad
@@ -25,6 +25,18 @@ job "traefik-ingress" {
         static       = 2222
         host_network = "public"
       }
+      port "smtp" {
+        static = 25
+        host_network = "public"
+      }
+      port "esmtp" {
+        static = 465
+        host_network = "public"
+      }
+      port "imap" {
+        static= 993
+        host_network = "public"
+      }
     }
     vault {
       policies = ["traefik"]
@@ -60,7 +72,10 @@ job "traefik-ingress" {
           "http",
           "https",
           "admin",
-          "ssh"
+          "ssh",
+          "smtp",
+          "esmtp",
+          "imap",
         ]
         volumes = [
           "local/traefik.toml:/etc/traefik/traefik.toml",
@@ -96,6 +111,12 @@ job "traefik-ingress" {
             address = ":443"
           [entryPoints.traefik]
             address = ":9080"
+          [entrypoints.smtp]
+            address = ":25"
+          [entrypoints.esmtp]
+            address = ":465"
+          [entrypoints.imap]
+            address = ":993"
         [http.middlewares]
           [http.middlewares.https-redirect.redirectscheme]
             scheme = "https"
diff --git a/nomad-job/traefik-local.nomad b/nomad-job/traefik-local.nomad
index a4ce66d..1dc2e0a 100644
--- a/nomad-job/traefik-local.nomad
+++ b/nomad-job/traefik-local.nomad
@@ -15,6 +15,15 @@ job "traefik-local" {
       port "ssh" {
         static = 2222
       }
+      port "smtp" {
+        static = 25
+      }
+      port "esmtp" {
+        static = 465
+      }
+      port "imap" {
+        static= 993
+      }
       port "admin" {
         static = 9080
       }
@@ -54,7 +63,10 @@ job "traefik-local" {
           "http",
           "https",
           "admin",
-          "ssh"
+          "ssh",
+          "smtp",
+          "esmtp",
+          "imap",
         ]
         volumes = [
           "local/traefik.toml:/etc/traefik/traefik.toml",
@@ -91,6 +103,12 @@ job "traefik-local" {
             address = ":9080"
           [entrypoints.ssh]
             address = ":2222"
+          [entrypoints.smtp]
+            address = ":25"
+          [entrypoints.esmtp]
+            address = ":465"
+          [entrypoints.imap]
+            address = ":993"
         [http.middlewares]
           [http.middlewares.https-redirect.redirectscheme]
             scheme = "https"