diff --git a/README.md b/README.md
index ae2d3b6914932223b9dc98d9158c35aeb6a730d6..b4f76346c15d409fbd67c64c0be488c28c3e85c1 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,22 @@ ldap:
   enabled: 'false'
   servers: {}
 
+# configure smtp server for outgoing mail
+smtp:
+  enabled: false
+  server: ~
+  port: 465
+  user: ~
+  password: ~
+  domain: ~
+  authentication: 'login' # Can be: 'login', 'plain'
+  starttls: true
+  tls: false
+  verify_ssl: 'peer' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'
+  #ca_path: '/etc/ssl/certs'
+  #ca_file: '/etc/ssl/certs/ca-certificates.crt'
+
+
 # array of groups to create
 groups: []
 ```
diff --git a/defaults/main.yml b/defaults/main.yml
index dfbbd160e2fc3d16f5fa6856942c46cd6212deff..5432ecade7a8fe56caf3dc395de0235c34aee4e9 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -31,3 +31,16 @@ gitlab:
   mail: {}
     #from: 'git@domain'
     #reply_to: 'git@domain'
+  smtp:
+    enabled: false
+    server: ~
+    port: 465
+    user: ~
+    password: ~
+    domain: ~
+    authentication: 'login' # Can be: 'login', 'plain'
+    starttls: true
+    tls: false
+    verify_ssl: 'peer' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'
+    ca_path: ~ # eg '/etc/ssl/certs'
+    ca_file: ~ # eg '/etc/ssl/certs/ca-certificates.crt'
diff --git a/templates/gitlab.rb.j2 b/templates/gitlab.rb.j2
index 0e8506a463b8e71b3156ad690a9aadacfe6ef70c..a40dc8ba5934023579c9bdaf3af998c2e790a754 100644
--- a/templates/gitlab.rb.j2
+++ b/templates/gitlab.rb.j2
@@ -628,22 +628,30 @@ gitlab_rails['initial_root_password'] = "{{ gitlab.initial_root_password }}"
 ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
 ###! **Use smtp instead of sendmail/postfix.**
 
-# gitlab_rails['smtp_enable'] = true
-# gitlab_rails['smtp_address'] = "smtp.server"
-# gitlab_rails['smtp_port'] = 465
-# gitlab_rails['smtp_user_name'] = "smtp user"
-# gitlab_rails['smtp_password'] = "smtp password"
-# gitlab_rails['smtp_domain'] = "example.com"
-# gitlab_rails['smtp_authentication'] = "login"
-# gitlab_rails['smtp_enable_starttls_auto'] = true
-# gitlab_rails['smtp_tls'] = false
+{% if gitlab.smtp.enabled %}
+gitlab_rails['smtp_enable'] = {{ gitlab.smtp.enabled|to_json }}
+gitlab_rails['smtp_address'] = "{{ gitlab.smtp.server }}"
+gitlab_rails['smtp_port'] = {{ gitlab.smtp.port }}
+gitlab_rails['smtp_user_name'] = "{{ gitlab.smtp.user }}"
+gitlab_rails['smtp_password'] = "{{ gitlab.smtp.password }}"
+{% if gitlab.smtp.domain %}
+gitlab_rails['smtp_domain'] = "{{ gitlab.smtp.domain }}"
+{% endif %}
+gitlab_rails['smtp_authentication'] = "{{ gitlab.smtp.authentication }}"
+gitlab_rails['smtp_enable_starttls_auto'] = {{ gitlab.smtp.starttls|to_json }}
+gitlab_rails['smtp_tls'] = {{ gitlab.smtp.tls|to_json }}
 
 ###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
 ###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
-# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
+gitlab_rails['smtp_openssl_verify_mode'] = '{{ gitlab.smtp.verify_ssl }}'
 
-# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
-# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
+{% if gitlab.smtp.ca_path %}
+gitlab_rails['smtp_ca_path'] = "{{ gitlab.smtp.ca_path }}"
+{% endif %}
+{% if gitlab.smtp.ca_file %}
+gitlab_rails['smtp_ca_file'] = "{{ gitlab.smtp.ca_file }}"
+{% endif %}
+{% endif %}
 
 ################################################################################
 ## Container Registry settings