diff --git a/modules/kubernetes/mailserver/main.tf b/modules/kubernetes/mailserver/main.tf
index 38cd7bd9..d8a682fe 100644
--- a/modules/kubernetes/mailserver/main.tf
+++ b/modules/kubernetes/mailserver/main.tf
@@ -78,6 +78,12 @@ resource "kubernetes_config_map" "mailserver_config" {
     SigningTable  = "*@viktorbarzin.me mail._domainkey.viktorbarzin.me\n"
     TrustedHosts  = "127.0.0.1\nlocalhost\n"
     "sasl_passwd" = var.sasl_passwd
+    fail2ban_conf = <<-EOF
+    [DEFAULT]
+
+    #logtarget = /var/log/fail2ban.log
+    logtarget = SYSOUT
+    EOF
   }
   # Password hashes are different each time and avoid changing secret constantly. 
   # Either 1.Create consistent hashes or 2.Find a way to ignore_changes on per password
@@ -272,6 +278,12 @@ resource "kubernetes_deployment" "mailserver" {
             sub_path   = "sasl_passwd"
             read_only  = true
           }
+          volume_mount {
+            name       = "config"
+            mount_path = "/etc/fail2ban/fail2ban.local"
+            sub_path   = "fail2ban_conf"
+            read_only  = true
+          }
           port {
             name           = "smtp"
             container_port = 25
diff --git a/modules/kubernetes/mailserver/variables.tf b/modules/kubernetes/mailserver/variables.tf
index 164401f6..b50c1cc1 100644
--- a/modules/kubernetes/mailserver/variables.tf
+++ b/modules/kubernetes/mailserver/variables.tf
@@ -8,6 +8,9 @@ smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
 smtp_sasl_security_options = noanonymous
 smtp_sasl_tls_security_options = noanonymous
 smtp_tls_security_level = encrypt
+smtpd_tls_cert_file=/tmp/ssl/tls.crt
+smtpd_tls_key_file=/tmp/ssl/tls.key
+smtpd_use_tls=yes
 header_size_limit = 4096000
 
 # Debug mail tls
diff --git a/terraform.tfstate b/terraform.tfstate
index dab05bbf..eafff789 100644
Binary files a/terraform.tfstate and b/terraform.tfstate differ
diff --git a/terraform.tfvars b/terraform.tfvars
index 5ad77abf..31c172aa 100644
Binary files a/terraform.tfvars and b/terraform.tfvars differ