diff --git a/ops/machines/public01/default.nix b/ops/machines/public01/default.nix
index 08e5cf2e3..0e720e8e1 100644
--- a/ops/machines/public01/default.nix
+++ b/ops/machines/public01/default.nix
@@ -128,6 +128,7 @@ in
         mode = "0440";
         group = "git";
       };
+      forgejo-smtp-passwd.file = secretFile "forgejo-smtp-passwd";
       grafana-oauth-secret = {
         file = secretFile "grafana-oauth-secret";
         mode = "0440";
diff --git a/ops/modules/forgejo.nix b/ops/modules/forgejo.nix
index 3ba949fa9..695c68272 100644
--- a/ops/modules/forgejo.nix
+++ b/ops/modules/forgejo.nix
@@ -102,7 +102,7 @@ in
       group = "git";
 
       # Secret mail config.
-      # mailerPasswordFile = config.age.secrets.forgejoSmtpSecret.path;
+      secrets.mailer.PASSWD = config.age.secrets.forgejo-smtp-passwd.path;
 
       # Server and database config.
       settings = {
@@ -198,15 +198,16 @@ in
           DISABLE_GIT_HOOKS = false;
         };
 
-        # Note: PASSWD is set by NixOS up.
-        # mailer = {
-        #   ENABLED = true;
-        #   PROTOCOL = "smtps";
-        #   SMTP_ADDR = "";
-        #   SMTP_PORT = 465;
-        #   USER = "";
-        #   FROM = "";
-        # };
+        # Note: PASSWD is set up by the NixOS module, which sets FORGEJO__MAILER__PASSWD__FILE.
+        # https://forum.gitea.com/t/email-could-not-initiate-smtp-session-error/8164/14
+        mailer = {
+          ENABLED = true;
+          PROTOCOL = "smtp+starttls";
+          SMTP_ADDR = "smtp.postmarkapp.com";
+          SMTP_PORT = 2525;
+          USER = "PM-T-forgejo-48CsFdjTEW5_tALcpact0HG";
+          FROM = "\"Snix Forgejo\" <forgejo@snix.dev>";
+        };
 
         ui = {
           # Add the used emojis from https://volpeon.ink/emojis/ as well as https://github.com/chr-1x/dragn-emoji
diff --git a/ops/secrets/forgejo-smtp-passwd.age b/ops/secrets/forgejo-smtp-passwd.age
new file mode 100644
index 000000000..670b7d00e
Binary files /dev/null and b/ops/secrets/forgejo-smtp-passwd.age differ
diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index e56f23c7a..6876825aa 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -41,6 +41,8 @@ in
   "gerrit-autosubmit.age" = gerrit01Default;
 
   "forgejo-oauth-secret.age" = public01Default;
+  "forgejo-smtp-passwd.age" = public01Default;
+
   "grafana-oauth-secret.age" = public01Default;
 
   "buildkite-agent-token.age" = build01Default;