diff --git a/common/server/gitea.nix b/common/server/gitea.nix
index 8b3e963..31ee0a7 100644
--- a/common/server/gitea.nix
+++ b/common/server/gitea.nix
@@ -32,12 +32,19 @@ in
         };
         mailer = {
           ENABLED = true;
-          MAILER_TYPE = "sendmail";
-          FROM = "do-not-reply@neet.dev";
-          SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
-          SENDMAIL_ARGS = "--";
+          MAILER_TYPE = "smtp";
+          SMTP_ADDR = "mail.neet.dev";
+          SMTP_PORT = "465";
+          IS_TLS_ENABLED = true;
+          USER = "robot@runyan.org";
+          FROM = "no-reply@neet.dev";
         };
       };
+      mailerPasswordFile = "/run/agenix/robots-email-pw";
+    };
+    age.secrets.robots-email-pw = {
+      file = ../../secrets/robots-email-pw.age;
+      owner = config.services.gitea.user;
     };
 
     # backups
diff --git a/common/server/mailserver.nix b/common/server/mailserver.nix
index 08723c0..b58cc9d 100644
--- a/common/server/mailserver.nix
+++ b/common/server/mailserver.nix
@@ -37,6 +37,14 @@ in
           # catchall for all domains
           aliases = map (domain: "@${domain}") domains;
         };
+        "robot@runyan.org" = {
+          aliases = [
+            "no-reply@neet.dev"
+            "robot@neet.dev"
+          ];
+          sendOnly = true;
+          hashedPassword = "$2b$05$hkmwXGJSKuG/1.SmLecWSuzlq1F5pjp2ScoipQoVLR0ssSN5MgRs.";
+        };
       };
       rejectRecipients = [
         "george@runyan.org"
diff --git a/secrets/robots-email-pw.age b/secrets/robots-email-pw.age
new file mode 100644
index 0000000..ff9a725
Binary files /dev/null and b/secrets/robots-email-pw.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 045bbb0..33f40c3 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -15,6 +15,7 @@ in
   # email
   "email-pw.age".publicKeys = all;
   "sasl_relay_passwd.age".publicKeys = all;
+  "robots-email-pw.age".publicKeys = all;
 
   # vpn
   "iodine.age".publicKeys = all;