diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml
index 42cd1c4..b09df08 100644
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@@ -24,14 +24,22 @@
     - "{{ loki_image }}"
     - "{{ promtail_image }}"
     - "{{ crowdsec_image }}"
-    - "{{ authelia_image }}"
     - "{{ uptime_kuma_image }}"
+    - "tecnativa/postfix-relay"
   register: pull_result
   changed_when: "'Status: Downloaded newer image' in pull_result.stdout"
   retries: 5
   delay: 30
   until: pull_result.rc == 0
 
+- name: Allow SMTP relay port from tools server
+  community.general.ufw:
+    rule: allow
+    port: "1025"
+    proto: tcp
+    src: "{{ ip_tools }}"
+    comment: "SMTP relay for tools-server Outline"
+
 - name: Deploy Docker Compose stack
   community.docker.docker_compose_v2:
     project_src: "{{ services_root }}"
diff --git a/roles/services/templates/docker-compose.yml.j2 b/roles/services/templates/docker-compose.yml.j2
index 756ee18..2a7979f 100644
--- a/roles/services/templates/docker-compose.yml.j2
+++ b/roles/services/templates/docker-compose.yml.j2
@@ -570,3 +570,28 @@ services:
       interval: 30s
       timeout: 5s
       retries: 3
+
+  # ── SMTP Relay ─────────────────────────────────────────────────────────────
+  # Forwards mail from tools-server (85.193.83.9) to Resend SMTP.
+  # tools-server has outbound SMTP blocked by the VPS provider.
+  # Listens on 85.193.83.9:1025 (UFW allows only from ip_tools).
+  smtp-relay:
+    image: tecnativa/postfix-relay
+    container_name: smtp-relay
+    restart: unless-stopped
+    ports:
+      - "{{ ip_tools }}:1025:25"
+    networks:
+      - proxy
+    environment:
+      - MAILNAME={{ domain_base }}
+      - MAIL_RELAY_HOST=smtp.resend.com
+      - MAIL_RELAY_PORT=587
+      - MAIL_RELAY_USER=resend
+      - MAIL_RELAY_PASS={{ resend_api_key }}
+      - MAIL_RELAY_MYHOSTNAME=mail.{{ domain_base }}
+    logging:
+      driver: json-file
+      options:
+        max-size: "5m"
+        max-file: "2"
diff --git a/roles/tools/templates/env.j2 b/roles/tools/templates/env.j2
index 571f25a..aaba16e 100644
--- a/roles/tools/templates/env.j2
+++ b/roles/tools/templates/env.j2
@@ -27,14 +27,12 @@ FILE_STORAGE=s3
 # Auth
 AUTH_PROVIDERS=email
 
-# SMTP via Resend
-SMTP_HOST=smtp.resend.com
-SMTP_PORT=465
-SMTP_USERNAME=resend
-SMTP_PASSWORD={{ resend_api_key }}
+# SMTP via relay on main server (tools-server has outbound SMTP blocked)
+SMTP_HOST={{ ip_main }}
+SMTP_PORT=1025
 SMTP_FROM_EMAIL=noreply@{{ domain_base }}
 SMTP_FROM_NAME=Visual Wiki
-SMTP_SECURE=true
+SMTP_SECURE=false
 
 # Outline DB password (used in docker-compose)
 OUTLINE_DB_PASSWORD={{ outline_db_password }}