diff --git a/nixos/amon/configuration.nix b/nixos/amon/configuration.nix
index d76b96a..acf5555 100644
--- a/nixos/amon/configuration.nix
+++ b/nixos/amon/configuration.nix
@@ -64,9 +64,7 @@
       openFirewall = true;
 
       config = ''
-  # Minimal configuration with TLS disabled, adapted from upstream example
-  # configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
-  # Do not use this in production!
+  $(relay_domains) = kevink.dev 1in9.net 1in1.net
   
   tls file /var/lib/acme/$(hostname)/fullchain.pem /var/lib/acme/$(hostname)/key.pem
   
@@ -102,6 +100,12 @@
       reject 550 5.1.1 "User doesn't exist"
     }
   }
+
+  msgpipeline relay {
+    destination $(relay_domains) {
+      deliver_to &remote_queue
+    }
+  }
   
   smtp tcp://0.0.0.0:25 {
     limits {
@@ -121,6 +125,9 @@
       destination postmaster $(local_domains) {
         deliver_to &local_routing
       }
+      destination $(relay_domains) {
+        deliver_to &relay
+      }
       default_destination {
         reject 550 5.1.1 "User doesn't exist"
       }
@@ -185,6 +192,38 @@
     }
   }
   
+  target.remote relay_delivery {
+    limits {
+      destination rate 20 1s
+      destination concurrency 10
+    }
+    mx_auth {
+      dane
+      mtasts {
+        cache fs
+        fs_dir mtasts_cache/
+      }
+      local_policy {
+          min_tls_level encrypted
+          min_mx_level none
+      }
+    }
+  }
+  
+  target.queue relay_queue {
+    target &relay_delivery
+    autogenerated_msg_domain $(primary_domain)
+    bounce {
+      destination postmaster $(local_domains) {
+        deliver_to &local_routing
+      }
+      default_destination {
+        # Return DSN to sender using outbound queue
+        deliver_to &remote_queue
+      }
+    }
+  }
+  
   imap tcp://0.0.0.0:143 {
     auth &local_authdb
     storage &local_mailboxes