diff --git a/modules/cloud/mail/default.nix b/modules/cloud/mail/default.nix
index e7a27d5..8bec312 100644
--- a/modules/cloud/mail/default.nix
+++ b/modules/cloud/mail/default.nix
@@ -31,6 +31,12 @@ in
       description = "The hostname where the server is run on";
     };
 
+    local_ip = mkOption {
+      type = types.str;
+      default = "";
+      description = "The local IP address used as the sender IP during delivery";
+    };
+
     primaryDomain = mkOption {
       type = types.str;
       default = "nkagami.me";
@@ -185,6 +191,7 @@ in
                     min_mx_level none
                 }
             }
+            ${if cfg.local_ip == "" then "" else "local_ip ${cfg.local_ip}"}
         }
 
         target.queue remote_queue {
diff --git a/nki-personal-do/configuration.nix b/nki-personal-do/configuration.nix
index 1d24461..f5d0e9d 100644
--- a/nki-personal-do/configuration.nix
+++ b/nki-personal-do/configuration.nix
@@ -74,6 +74,7 @@
   cloud.mail = {
     enable = true;
     debug = true;
+    local_ip = "178.128.135.11"; # resolved from mx1.nkagami.me
     tls.certFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/certificate.crt";
     tls.keyFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/privatekey.key";
     usersFile = config.sops.secrets.mail-users.path;