diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 51c15bc..bd2e24a 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -16,6 +16,8 @@ NixOS 25.11
   instead. If you still require this feature you can reenable it using
   ``mailserver.enableImap``, but it is scheduled for removal after the 25.11
   release.
+- SMTP server and client now support and prefer a hybrid key exchange
+  (X25519MLKEM768)
 - SMTP access over STARTTLS on port ``587/tcp`` is now default disabled in line
   with `RFC 8314 3.3`_. If you still require this feature you can renable it using
   ``mailserver.enableSubmission``.
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index 7baa49c..84de67e 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -35,6 +35,8 @@ let
   inherit (lib.strings) concatStringsSep;
   cfg = config.mailserver;
 
+  iniFormat = pkgs.formats.iniWithGlobalSection { };
+
   # Merge several lookup tables. A lookup table is a attribute set where
   # - the key is an address (user@example.com) or a domain (@example.com)
   # - the value is a list of addresses
@@ -386,15 +388,29 @@ in
         # Restrict and prioritize the following curves in the given order
         # Excludes curves that have no widespread support, so we don't bloat the handshake needlessly.
         # https://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves
-        # https://ssl-config.mozilla.org/#server=postfix&version=3.10&config=intermediate&openssl=3.4.1&guideline=5.7
-        tls_eecdh_auto_curves = [
-          "X25519"
-          "prime256v1"
-          "secp384r1"
-        ];
+        tls_config_file =
+          let
+            mkGroupString = groups: concatStringsSep " / " (map (concatStringsSep ":") groups);
+          in
+          "${iniFormat.generate "postfix-openssl.cnf" {
+            globalSection.postfix = "postfix_settings";
+            sections = {
+              postfix_settings.ssl_conf = "postfix_ssl_settings";
+              postfix_ssl_settings.system_default = "baseline_postfix_settings";
+              baseline_postfix_settings.Groups = mkGroupString [
+                [ "*X25519MLKEM768" ]
+                [ "*X25519" ]
+                [
+                  "P-256"
+                  "P-384"
+                ]
+              ];
+            };
+          }}";
+        tls_config_name = "postfix";
 
-        # Disable FFDHE on TLSv1.3 because it is slower than elliptic curves
-        # https://www.postfix.org/postconf.5.html#tls_ffdhe_auto_groups
+        # Algorithm selection happens through `tls_config_file` instead.
+        tls_eecdh_auto_curves = [ ];
         tls_ffdhe_auto_groups = [ ];
 
         # As long as all cipher suites are considered safe, let the client use its preferred cipher