diff --git a/src/infra_version.js b/src/infra_version.js
index 6c0bac8cf..47dcf11b1 100644
--- a/src/infra_version.js
+++ b/src/infra_version.js
@@ -19,7 +19,7 @@ exports = module.exports = {
         'postgresql': { repo: 'cloudron/postgresql', tag: 'cloudron/postgresql:2.0.2@sha256:6dcee0731dfb9b013ed94d56205eee219040ee806c7e251db3b3886eaa4947ff' },
         'mongodb': { repo: 'cloudron/mongodb', tag: 'cloudron/mongodb:2.0.2@sha256:95e006390ddce7db637e1672eb6f3c257d3c2652747424f529b1dee3cbe6728c' },
         'redis': { repo: 'cloudron/redis', tag: 'cloudron/redis:2.0.0@sha256:8a88dd334b62b578530a014ca1a2425a54cb9df1e475f5d3a36806e5cfa22121' },
-        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:2.0.1@sha256:deee3739011670d45abd8997a8a0b8d3c4cd577a93f235417614dea58338e0f9' },
+        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:2.1.0@sha256:fcb3d9b8d02494f24439e7c5623b59192f50bab6603cedaba6d5d13e8fbc097a' },
         'graphite': { repo: 'cloudron/graphite', tag: 'cloudron/graphite:2.0.2@sha256:454f035d60b768153d4f31210380271b5ba1c09367c9d95c7fa37f9e39d2f59c' }
     }
 };
diff --git a/src/mail.js b/src/mail.js
index 4ed17a178..1b6c105e9 100644
--- a/src/mail.js
+++ b/src/mail.js
@@ -552,7 +552,7 @@ function restartMail(callback) {
 
     const tag = infra.images.mail.tag;
     const memoryLimit = 4 * 256;
-    const cloudronToken = hat(8 * 128);
+    const cloudronToken = hat(8 * 128), relayToken = hat(8 * 128);
 
     // admin and mail share the same certificate
     reverseProxy.getCertificate(config.adminFqdn(), config.adminDomain(), function (error, bundle) {
@@ -585,6 +585,7 @@ function restartMail(callback) {
                             --dns 172.18.0.1 \
                             --dns-search=. \
                             -e CLOUDRON_MAIL_TOKEN="${cloudronToken}" \
+                            -e CLOUDRON_RELAY_TOKEN="${relayToken}" \
                             -v "${paths.MAIL_DATA_DIR}:/app/data" \
                             -v "${paths.PLATFORM_DATA_DIR}/addons/mail:/etc/mail" \
                             ${ports} \
diff --git a/src/mailer.js b/src/mailer.js
index 5567cc55a..41c165dc1 100644
--- a/src/mailer.js
+++ b/src/mailer.js
@@ -122,9 +122,21 @@ function sendMails(queue, callback) {
         var mailServerIp = safe.query(data, 'NetworkSettings.Networks.cloudron.IPAddress');
         if (!mailServerIp) return callback('Error querying mail server IP');
 
+        // extract the relay token for auth
+        const env = safe.query(data, 'Config.Env', null);
+        if (!env) return callback(new Error('Error getting mail env'));
+        const tmp = env.find(function (e) { return e.indexOf('CLOUDRON_RELAY_TOKEN') === 0; });
+        if (!tmp) return callback(new Error('Error getting CLOUDRON_RELAY_TOKEN env var'));
+        const relayToken = tmp.slice('CLOUDRON_RELAY_TOKEN'.length + 1); // +1 for the = sign
+        if (!relayToken)  return callback(new Error('Error parsing CLOUDRON_RELAY_TOKEN'));
+
         var transport = nodemailer.createTransport(smtpTransport({
             host: mailServerIp,
-            port: config.get('smtpPort')
+            port: config.get('smtpPort'),
+            auth: {
+                user: `no-reply@${config.adminDomain()}`,
+                pass: relayToken
+            }
         }));
 
         debug('Processing mail queue of size %d (through %s:2525)', queue.length, mailServerIp);