diff --git a/roles/nginx/mail_proxy/defaults/main.yml b/roles/nginx/mail_proxy/defaults/main.yml
new file mode 100644
index 0000000..9f21079
--- /dev/null
+++ b/roles/nginx/mail_proxy/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+domain: "example.com"
+# port: 12345
+# backend: "127.0.0.1:12345"
+# protocol: smtp / imap / pop3
diff --git a/roles/nginx/mail_proxy/meta/main.yml b/roles/nginx/mail_proxy/meta/main.yml
new file mode 100644
index 0000000..cf3cd67
--- /dev/null
+++ b/roles/nginx/mail_proxy/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+  - role: acme/certificate
+    domain: "{{ domain }}"
+  - role: nginx/application
diff --git a/roles/nginx/mail_proxy/tasks/main.yml b/roles/nginx/mail_proxy/tasks/main.yml
new file mode 100644
index 0000000..64d3426
--- /dev/null
+++ b/roles/nginx/mail_proxy/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Configure proxy for {{ protocol }} on {{ domain }}:{{ port }}
+  template:
+    src: mail_proxy.conf
+    dest: "{{ nginx_streams_directory }}/{{ domain }}:{{ port }}"
+    owner: "{{ nginx_system_user }}"
+    group: "{{ nginx_system_user }}"
+    mode: "u=rw,g=r,o=r"
+
+- name: Allow {{ protocol }} in firewall
+  ufw:
+    rule: allow
+    port: "{{ port }}"
+    proto: tcp
diff --git a/roles/nginx/mail_proxy/templates/mail_proxy.conf b/roles/nginx/mail_proxy/templates/mail_proxy.conf
new file mode 100644
index 0000000..fc74421
--- /dev/null
+++ b/roles/nginx/mail_proxy/templates/mail_proxy.conf
@@ -0,0 +1,16 @@
+server {
+  listen {{ port }};
+  protocol {{ protocol }};
+  proxy_pass {{ backend }};
+
+  server_name {{ domain }};
+
+  proxy_pass_error_message on;
+
+  starttls on;
+  ssl_certificate {{ acme_certificate_location }};
+  ssl_certificate_key {{ acme_key_location }};
+
+  {{ nginx_ssl_configuration }}
+
+}