diff --git a/mailsystem/dovecot.nix b/mailsystem/dovecot.nix
index eddecc1..b18d785 100644
--- a/mailsystem/dovecot.nix
+++ b/mailsystem/dovecot.nix
@@ -204,7 +204,20 @@ in {
         mail_access_groups = ${cfg.vmailGroupName}
         ssl = required
         ssl_min_protocol = TLSv1.2
-        ssl_prefer_server_ciphers = yes
+        ssl_prefer_server_ciphers = no
+        ssl_cipher_list = ${
+          lib.concatStringsSep ":" [
+            # TLS1.3
+            "TLS_AES_128_GCM_SHA256"
+            "TLS_CHACHA20_POLY1305_SHA256"
+            "TLS_AES_256_GCM_SHA384"
+            # TLS1.2
+            "ECDHE-ECDSA-AES128-GCM-SHA256"
+            "ECDHE-ECDSA-CHACHA20-POLY1305"
+            "ECDHE-ECDSA-AES256-GCM-SHA384"
+          ]
+        }
+        ssl_curve_list = X25519MLKEM768:X25519:prime256v1:secp384r1
 
         service lmtp {
           unix_listener dovecot-lmtp {
diff --git a/mailsystem/postfix.nix b/mailsystem/postfix.nix
index 0f31417..fea0e58 100644
--- a/mailsystem/postfix.nix
+++ b/mailsystem/postfix.nix
@@ -44,8 +44,8 @@ with (import ./common.nix {inherit config pkgs;}); let
     /^Message-ID:\s+<(.*?)@.*?>/ REPLACE Message-ID: <$1@${cfg.fqdn}>
   '';
 
-  tls_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-  tls_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
+  tls_protocols = ">=TLSv1.2";
+  tls_exclude_ciphers = "SHA1, eNULL, aNULL";
 in {
   config = lib.mkIf cfg.enable {
     assertions = let
@@ -141,7 +141,35 @@ in {
         smtp_tls_mandatory_exclude_ciphers = tls_exclude_ciphers;
         smtp_tls_exclude_ciphers = tls_exclude_ciphers;
 
-        tls_preempt_cipherlist = true;
+        # As long as all cipher suites are considered safe, let the client use its preferred cipher
+        tls_preempt_cipherlist = false;
+
+        # Restrict and prioritize the following curves in the given order
+        # Excludes curves that have no widespread support, so we don't bloat the handshake needlessly.
+        # https://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves
+        tls_config_file = let
+          mkGroupString = groups: lib.concatStringsSep " / " (map (lib.concatStringsSep ":") groups);
+        in
+          (pkgs.formats.iniWithGlobalSection {}).generate "postfix-openssl.cnf" {
+            globalSection.postfix = "postfix_settings";
+            sections = {
+              postfix_settings.ssl_conf = "postfix_ssl_settings";
+              postfix_ssl_settings.system_default = "baseline_postfix_settings";
+              baseline_postfix_settings.Groups = mkGroupString [
+                ["*X25519MLKEM768"]
+                ["*X25519"]
+                [
+                  "P-256"
+                  "P-384"
+                ]
+              ];
+            };
+          };
+        tls_config_name = "postfix";
+
+        # Algorithm selection happens through `tls_config_file` instead.
+        tls_eecdh_auto_curves = [];
+        tls_ffdhe_auto_groups = [];
 
         # Allowing AUTH on a non-encrypted connection poses a security risk
         smtpd_tls_auth_only = true;