diff --git a/configuration.nix b/configuration.nix
index 3f8f29a..721d4f5 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -4,6 +4,7 @@
     ./misskey-service.nix
     ./heartles-xyz-proxy.nix
     ./ogdo.nix
+    ./postfix.nix
   ];
 
   nix.settings = {
diff --git a/flake.lock b/flake.lock
index 2f18b39..895f734 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1719838683,
-        "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=",
+        "lastModified": 1722221733,
+        "narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69",
+        "rev": "12bf09802d77264e441f48e25459c10c93eada2e",
         "type": "github"
       },
       "original": {
@@ -24,11 +24,11 @@
     },
     "unstable": {
       "locked": {
-        "lastModified": 1719848872,
-        "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
+        "lastModified": 1722185531,
+        "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
+        "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
         "type": "github"
       },
       "original": {
diff --git a/misskey-service.nix b/misskey-service.nix
index 465f8e9..98c2396 100644
--- a/misskey-service.nix
+++ b/misskey-service.nix
@@ -142,6 +142,11 @@ in {
         rewrite .* $path_full break;
         proxy_pass https://s3.us-west-1.wasabisys.com;
       '';
+
+      locations."/localfiles/" = {
+        root = "/srv/www/localfiles";
+        tryFiles = "$uri =404";
+      };
     };
 
     virtualHosts."egirls.gay" = {
diff --git a/postfix.nix b/postfix.nix
new file mode 100644
index 0000000..600a5d3
--- /dev/null
+++ b/postfix.nix
@@ -0,0 +1,23 @@
+{ pkgs, config, ... }:
+
+{
+  services.postfix = {
+    enable = true;
+    enableSubmission = true;
+    domain = config.networking.fqdn;
+
+    config = {
+      inet_interfaces = "loopback-only";
+      smtpd_milters = "inet:127.0.0.1:8891";
+      non_smtpd_milters = "$smtpd_milters";
+      milter_default_action = "accept";
+    };
+  };
+
+  services.opendkim = {
+    enable = true;
+    selector = "default";
+    socket = "inet:8891@127.0.0.1";
+    domains = "csl:${config.networking.fqdn}";
+  };
+}