diff --git a/roles/postfix/files/stunnel-smtps.service b/roles/postfix/files/stunnel-smtps.service
new file mode 100644
index 0000000..c03b281
--- /dev/null
+++ b/roles/postfix/files/stunnel-smtps.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Stunnel for SMTPs connections
+After=network.target
+After=syslog.target
+
+[Service]
+Type=simple
+PrivateTmp=true
+User=smtps
+Group=smtps
+ExecStart=/usr/bin/stunnel /etc/stunnel/smtps.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml
index bea754c..b70dc88 100644
--- a/roles/postfix/handlers/main.yml
+++ b/roles/postfix/handlers/main.yml
@@ -3,3 +3,8 @@
   service:
     name: postfix
     state: restarted
+
+- name: restart stunnel-smtps
+  service:
+    name: stunnel-smtps
+    state: restarted
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 4f93a99..f1a15e1 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -9,6 +9,11 @@
     name: postfix
     state: installed
 
+- name: set postfix as system mta
+  alternatives:
+    name: mta
+    path: /usr/sbin/sendmail.postfix
+
 - name: configure myhostname
   lineinfile:
     path: /etc/postfix/main.cf
@@ -37,32 +42,91 @@
     - mail_domain is defined
     - mail_server is defined
 
-- name: configure relayhost
-  lineinfile:
-    path: /etc/postfix/main.cf
-    regexp: '^relayhost\s*='
-    insertafter: '^#relayhost\s*='
-    line: "relayhost = [{{ mail_server }}]:465"
-  notify: restart postfix
-  when: mail_server is defined
+- block:
+  - name: install stunnel
+    package:
+      name: stunnel
+      state: installed
 
-- name: configure smtp_tls_security_level
-  lineinfile:
-    path: /etc/postfix/main.cf
-    regexp: '^smtp_tls_security_level\s*='
-    insertafter: '^#?relayhost\s*='
-    line: "smtp_tls_security_level = encrypt"
-  notify: restart postfix
-  when: mail_server is defined
+  - name: create group smtps
+    group:
+      name: smtps
+      system: true
 
-- name: configure smtp_tls_wrappermode
-  lineinfile:
-    path: /etc/postfix/main.cf
-    regexp: '^smtp_tls_wrappermode\s*='
-    insertafter: '^#?relayhost\s*='
-    line: "smtp_tls_wrappermode = yes"
-  notify: restart postfix
-  when: mail_server is defined
+  - name: create user smtps
+    user:
+      name: smtps
+      comment: Service Stunnel-SMTPS
+      createhome: false
+      group: smtps
+      home: /var/empty
+      shell: /sbin/nologin
+      system: true
+ 
+  - name: create stunnel config
+    template:
+      src: stunnel.conf.j2
+      dest: /etc/stunnel/smtps.conf
+      mode: 0644
+      owner: root
+      group: "{{ ansible_wheel }}"
+    notify: restart stunnel-smtps
+
+  - name: create stunnel systemd service
+    copy:
+      src: stunnel-smtps.service
+      dest: /etc/systemd/system/stunnel-smtps.service
+      mode: 0644
+      owner: root
+      group: "{{ ansible_wheel }}"
+    notify: restart stunnel-smtps
+
+  - name: enable stunnel service
+    service:
+      name: stunnel-smtps
+      state: started
+      enabled: true
+
+  - name: configure relayhost
+    lineinfile:
+      path: /etc/postfix/main.cf
+      regexp: '^relayhost\s*='
+      insertafter: '^#relayhost\s*='
+      line: "relayhost = [localhost]:2525"
+    notify: restart postfix
+
+  when:
+    - ansible_distribution_major_version|int < 8
+    - mail_server is defined
+
+- block:
+  - name: configure relayhost
+    lineinfile:
+      path: /etc/postfix/main.cf
+      regexp: '^relayhost\s*='
+      insertafter: '^#relayhost\s*='
+      line: "relayhost = [{{ mail_server }}]:465"
+    notify: restart postfix
+ 
+  - name: configure smtp_tls_security_level
+    lineinfile:
+      path: /etc/postfix/main.cf
+      regexp: '^smtp_tls_security_level\s*='
+      insertafter: '^#?relayhost\s*='
+      line: "smtp_tls_security_level = encrypt"
+    notify: restart postfix
+
+  - name: configure smtp_tls_wrappermode
+    lineinfile:
+      path: /etc/postfix/main.cf
+      regexp: '^smtp_tls_wrappermode\s*='
+      insertafter: '^#?relayhost\s*='
+      line: "smtp_tls_wrappermode = yes"
+    notify: restart postfix
+
+  when:
+    - ansible_distribution_major_version|int >= 8
+    - mail_server is defined
 
 - name: enable postfix service
   service:
diff --git a/roles/postfix/templates/stunnel.conf.j2 b/roles/postfix/templates/stunnel.conf.j2
new file mode 100644
index 0000000..1862909
--- /dev/null
+++ b/roles/postfix/templates/stunnel.conf.j2
@@ -0,0 +1,7 @@
+foreground = yes
+pid = 
+
+[smtps-wrapper]
+accept = localhost:2525
+client = yes
+connect = {{ mail_server }}:465