diff --git a/.env.sample b/.env.sample
index 6848751..c0f831f 100644
--- a/.env.sample
+++ b/.env.sample
@@ -25,6 +25,8 @@ SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_JWT_SECRET_VERSION=v1 # length=43
 SECRET_SECRET_KEY_VERSION=v1 # length=64
 
-# Email
-#GITEA_MAILER_HOST=mail.gandi.net:465
-SECRET_SMTP_PASSWORD_VERSION=v1
+# SMTP Mailer
+# COMPOSE_FILE="compose.yml:compose.smtp.yml"
+# GITEA_SMTP_MAILER_ENABLED=1
+# GITEA_MAILER_HOST=mail.gandi.net:465
+# SECRET_SMTP_PASSWORD_VERSION=v1
diff --git a/app.ini.tmpl b/app.ini.tmpl
index 4a779b1..b5c9eee 100644
--- a/app.ini.tmpl
+++ b/app.ini.tmpl
@@ -44,6 +44,7 @@ SECRET_KEY = {{ secret "secret_key" }}
 [oauth2]
 JWT_SECRET = {{ secret "jwt_secret" }}
 
+{{ if eq (env "GITEA_SMTP_MAILER_ENABLED") "1" }}
 [mailer]
 ENABLED        = true
 FROM           = {{ env "GITEA_MAILER_FROM" }}
@@ -52,6 +53,7 @@ USER           = {{ env "GITEA_MAILER_USER" }}
 PASSWD         = {{ secret "smtp_passwd" }}
 MAILER_TYPE    = smtp
 IS_TLS_ENABLED = true
+{{ end }}
 
 [markup.restructuredtext]
 ENABLED         = true
diff --git a/compose.smtp.yml b/compose.smtp.yml
new file mode 100644
index 0000000..7bba113
--- /dev/null
+++ b/compose.smtp.yml
@@ -0,0 +1,15 @@
+version: "3.8"
+services:
+  app:
+    environment:
+      - GITEA_MAILER_FROM
+      - GITEA_MAILER_HOST
+      - GITEA_MAILER_USER
+    secrets:
+      - smtp_passwd
+# Note(decentral1se): migrate from passwd -> password
+# See https://git.autonomic.zone/coop-cloud/abra/pulls/33
+secrets:
+  smtp_passwd:
+    name: ${STACK_NAME}_smtp_passwd_${SECRET_SMTP_PASSWORD_VERSION}
+    external: true
diff --git a/compose.yml b/compose.yml
index c21fa4c..3e50095 100644
--- a/compose.yml
+++ b/compose.yml
@@ -10,7 +10,6 @@ services:
       - internal_token
       - jwt_secret
       - secret_key
-      - smtp_passwd
     environment:
       - GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION
       - GITEA_APP_NAME
@@ -24,9 +23,6 @@ services:
       - GITEA_ENABLE_NOTIFY_MAIL
       - GITEA_ENABLE_OPENID_SIGNIN
       - GITEA_ENABLE_OPENID_SIGNUP
-      - GITEA_MAILER_FROM
-      - GITEA_MAILER_HOST
-      - GITEA_MAILER_USER
       - GITEA_SSH_PORT
     volumes:
       - "git:/data"
@@ -100,9 +96,6 @@ secrets:
   secret_key:
     name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
     external: true
-  smtp_passwd:
-    name: ${STACK_NAME}_smtp_passwd_${SECRET_SMTP_PASSWORD_VERSION}
-    external: true
 volumes:
   git:
   mariadb: