diff --git a/src/encryptid/server.ts b/src/encryptid/server.ts
index 096de10..a8ec91e 100644
--- a/src/encryptid/server.ts
+++ b/src/encryptid/server.ts
@@ -213,17 +213,17 @@ const CONFIG = {
 
 let smtpTransport: Transporter | null = null;
 
-if (CONFIG.smtp.pass) {
+const isInternalSmtp = CONFIG.smtp.host.includes('mailcow') || CONFIG.smtp.host.includes('postfix');
+if (CONFIG.smtp.pass || isInternalSmtp) {
   smtpTransport = createTransport({
     host: CONFIG.smtp.host,
-    port: CONFIG.smtp.port,
-    secure: CONFIG.smtp.port === 465,
-    auth: {
-      user: CONFIG.smtp.user,
-      pass: CONFIG.smtp.pass,
-    },
+    port: isInternalSmtp ? 25 : CONFIG.smtp.port,
+    secure: !isInternalSmtp && CONFIG.smtp.port === 465,
+    ...(isInternalSmtp ? {} : {
+      auth: { user: CONFIG.smtp.user, pass: CONFIG.smtp.pass },
+    }),
     tls: {
-      rejectUnauthorized: false,  // Internal Mailcow uses self-signed cert
+      rejectUnauthorized: false,
     },
   });
 
@@ -232,11 +232,11 @@ if (CONFIG.smtp.pass) {
     console.log('EncryptID: SMTP connected to', CONFIG.smtp.host);
   }).catch((err) => {
     console.error('EncryptID: SMTP connection failed —', err.message);
-    console.error('EncryptID: Email recovery will not work until SMTP is configured');
+    console.error('EncryptID: Email delivery will not work until SMTP is configured');
     smtpTransport = null;
   });
 } else {
-  console.warn('EncryptID: SMTP_PASS not set — email recovery disabled (tokens logged to console)');
+  console.warn('EncryptID: SMTP not configured — email delivery disabled');
 }
 
 async function sendRecoveryEmail(to: string, token: string, username: string): Promise<boolean> {