diff --git a/client/src/Pages/Settings/index.jsx b/client/src/Pages/Settings/index.jsx
index b0e3c476b..b51fb0110 100644
--- a/client/src/Pages/Settings/index.jsx
+++ b/client/src/Pages/Settings/index.jsx
@@ -56,17 +56,21 @@ const Settings = () => {
 
 	// Handlers
 	const handleChange = async (e) => {
-		const { name, value } = e.target;
+		const { name, value, checked } = e.target;
 
 		// Special case for showURL until handled properly in the backend
 		if (name === "showURL") {
 			dispatch(setShowURL(value));
 			return;
 		}
+		let newValue;
+		if (name === "systemEmailIgnoreTLS" || name === "systemEmailRequireTLS" || name === "systemEmailRejectUnauthorized") {
+			newValue = checked;
+		}
 		// Build next state early
 		const newSettingsData = {
 			...settingsData,
-			settings: { ...settingsData.settings, [name]: value },
+			settings: { ...settingsData.settings, [name]: newValue ?? value },
 		};
 
 		// Validate
diff --git a/client/src/Validation/validation.js b/client/src/Validation/validation.js
index 043e88f50..cb2d4e797 100644
--- a/client/src/Validation/validation.js
+++ b/client/src/Validation/validation.js
@@ -294,6 +294,10 @@ const settingsValidation = joi.object({
 	systemEmailPassword: joi.string().allow(""),
 	systemEmailUser: joi.string().allow(""),
 	systemEmailConnectionHost: joi.string().allow(""),
+	systemEmailTLSServername: joi.string().allow(""),
+	systemEmailIgnoreTLS: joi.boolean().optional(),
+	systemEmailRequireTLS: joi.boolean().optional(),
+	systemEmailRejectUnauthorized: joi.boolean().optional(),
 });
 
 const dayjsValidator = (value, helpers) => {
diff --git a/server/service/emailService.js b/server/service/emailService.js
index ad0cdac3a..3b627fb95 100755
--- a/server/service/emailService.js
+++ b/server/service/emailService.js
@@ -105,6 +105,10 @@ class EmailService {
 			systemEmailAddress,
 			systemEmailPassword,
 			systemEmailConnectionHost,
+			systemEmailTLSServername,
+			systemEmailIgnoreTLS,
+			systemEmailRequireTLS,
+			systemEmailRejectUnauthorized,
 		} = config;
 
 		const baseEmailConfig = {
@@ -126,7 +130,10 @@ class EmailService {
 					name: systemEmailConnectionHost || "localhost",
 					secure: false,
 					pool: true,
-					tls: { rejectUnauthorized: false },
+					tls: { rejectUnauthorized: systemEmailRejectUnauthorized },
+					ignoreTLS: systemEmailIgnoreTLS,
+					requireTLS: systemEmailRequireTLS,
+					servername: systemEmailTLSServername,
 				}
 			: baseEmailConfig;