diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 51c15bc..bd2e24a 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -16,6 +16,8 @@ NixOS 25.11
   instead. If you still require this feature you can reenable it using
   ``mailserver.enableImap``, but it is scheduled for removal after the 25.11
   release.
+- SMTP server and client now support and prefer a hybrid key exchange
+  (X25519MLKEM768)
 - SMTP access over STARTTLS on port ``587/tcp`` is now default disabled in line
   with `RFC 8314 3.3`_. If you still require this feature you can renable it using
   ``mailserver.enableSubmission``.
diff --git a/flake.lock b/flake.lock
index 9e0be9d..09b3269 100644
--- a/flake.lock
+++ b/flake.lock
@@ -79,11 +79,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1762616480,
-        "narHash": "sha256-vLjEPWbntbVNKIDbQW7fUj6y3bkIJaSCuy6sJ2cXeNI=",
+        "lastModified": 1762721782,
+        "narHash": "sha256-ftv0n3xkKawHQgxZ6FGr2F1GdaYT/79aESm4t1LQ6X4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8ea611305a7db12c49446f9c40c609614419ec4b",
+        "rev": "e5d07586ec39f74b390308f2e00040c23bdef530",
         "type": "github"
       },
       "original": {
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index 7baa49c..84de67e 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -35,6 +35,8 @@ let
   inherit (lib.strings) concatStringsSep;
   cfg = config.mailserver;
 
+  iniFormat = pkgs.formats.iniWithGlobalSection { };
+
   # Merge several lookup tables. A lookup table is a attribute set where
   # - the key is an address (user@example.com) or a domain (@example.com)
   # - the value is a list of addresses
@@ -386,15 +388,29 @@ in
         # Restrict and prioritize the following curves in the given order
         # Excludes curves that have no widespread support, so we don't bloat the handshake needlessly.
         # https://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves
-        # https://ssl-config.mozilla.org/#server=postfix&version=3.10&config=intermediate&openssl=3.4.1&guideline=5.7
-        tls_eecdh_auto_curves = [
-          "X25519"
-          "prime256v1"
-          "secp384r1"
-        ];
+        tls_config_file =
+          let
+            mkGroupString = groups: concatStringsSep " / " (map (concatStringsSep ":") groups);
+          in
+          "${iniFormat.generate "postfix-openssl.cnf" {
+            globalSection.postfix = "postfix_settings";
+            sections = {
+              postfix_settings.ssl_conf = "postfix_ssl_settings";
+              postfix_ssl_settings.system_default = "baseline_postfix_settings";
+              baseline_postfix_settings.Groups = mkGroupString [
+                [ "*X25519MLKEM768" ]
+                [ "*X25519" ]
+                [
+                  "P-256"
+                  "P-384"
+                ]
+              ];
+            };
+          }}";
+        tls_config_name = "postfix";
 
-        # Disable FFDHE on TLSv1.3 because it is slower than elliptic curves
-        # https://www.postfix.org/postconf.5.html#tls_ffdhe_auto_groups
+        # Algorithm selection happens through `tls_config_file` instead.
+        tls_eecdh_auto_curves = [ ];
         tls_ffdhe_auto_groups = [ ];
 
         # As long as all cipher suites are considered safe, let the client use its preferred cipher