diff --git a/config/postal.defaults.yml b/config/postal.defaults.yml
index ffccd81..8655cc6 100644
--- a/config/postal.defaults.yml
+++ b/config/postal.defaults.yml
@@ -54,6 +54,9 @@ workers:
   quantity: 1
 
 smtp_server:
+  tls_enabled: false
+  tls_certificate_path: # Defaults to config/smtp.crt
+  tls_private_key_path: # Defaults to config/smtp.key
   proxy_protocol: false
   log_connect: true
   evented: true
diff --git a/lib/postal/config.rb b/lib/postal/config.rb
index ecf2dd9..6d8cb22 100644
--- a/lib/postal/config.rb
+++ b/lib/postal/config.rb
@@ -108,11 +108,11 @@ module Postal
   end
 
   def self.smtp_private_key_path
-    config_root.join('smtp.key')
+    config.smtp_server.tls_private_key_path || config_root.join('smtp.key')
   end
 
   def self.smtp_certificate_path
-    config_root.join('smtp.cert')
+    config.smtp_server.tls_certificate_path || config_root.join('smtp.cert')
   end
 
   def self.smtp_certificate_data
diff --git a/lib/postal/smtp_server/client.rb b/lib/postal/smtp_server/client.rb
index 99ff8ec..947797b 100644
--- a/lib/postal/smtp_server/client.rb
+++ b/lib/postal/smtp_server/client.rb
@@ -117,9 +117,13 @@ module Postal
       end
 
       def starttls
-        @start_tls = true
-        @tls = true
-        "220 Ready to start TLS"
+        if Postal.config.smtp_server.tls_enabled?
+          @start_tls = true
+          @tls = true
+          "220 Ready to start TLS"
+        else
+          "502 TLS not available"
+        end
       end
 
       def ehlo(data)
@@ -127,7 +131,7 @@ module Postal
         @helo_name = data.strip.split(' ', 2)[1]
         reset
         @state = :welcomed
-        ["250-My capabilities are", @tls ? nil : "250-STARTTLS", "250 AUTH CRAM-MD5 PLAIN LOGIN", ]
+        ["250-My capabilities are", Postal.config.smtp_server.tls_enabled? && !@tls ? "250-STARTTLS" : nil, "250 AUTH CRAM-MD5 PLAIN LOGIN", ]
       end
 
       def helo(data)