diff --git a/changelog/unreleased/feature-mail-insecure.md b/changelog/unreleased/feature-mail-insecure.md
new file mode 100644
index 0000000000..0f94bdf900
--- /dev/null
+++ b/changelog/unreleased/feature-mail-insecure.md
@@ -0,0 +1,6 @@
+Enhancement: Introduce insecure flag for smtp email notifications
+
+We've introduced the `NOTIFICATIONS_SMTP_INSECURE` configuration option,
+that let's you skip certificate verification for smtp email servers.
+
+https://github.com/owncloud/ocis/pull/4279
diff --git a/deployments/continuous-deployment-config/ocis_traefik/latest.yml b/deployments/continuous-deployment-config/ocis_traefik/latest.yml
index 4ca0260b44..6f836dc4ae 100644
--- a/deployments/continuous-deployment-config/ocis_traefik/latest.yml
+++ b/deployments/continuous-deployment-config/ocis_traefik/latest.yml
@@ -35,6 +35,7 @@
           OCIS_DOCKER_TAG: latest
           OCIS_DOMAIN: ocis.ocis-traefik.latest.owncloud.works
           DEMO_USERS: "true"
+          INBUCKET_DOMAIN: mail.ocis-traefik.latest.owncloud.works
           COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
       - name: monitoring
         git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
diff --git a/deployments/continuous-deployment-config/ocis_traefik/released.yml b/deployments/continuous-deployment-config/ocis_traefik/released.yml
index 3b0d74660a..3aad41f506 100644
--- a/deployments/continuous-deployment-config/ocis_traefik/released.yml
+++ b/deployments/continuous-deployment-config/ocis_traefik/released.yml
@@ -35,6 +35,7 @@
           OCIS_DOCKER_TAG: 2.0.0-beta.5
           OCIS_DOMAIN: ocis.ocis-traefik.released.owncloud.works
           DEMO_USERS: "true"
+          INBUCKET_DOMAIN: mail.ocis-traefik.released.owncloud.works
           COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
       - name: monitoring
         git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
diff --git a/deployments/examples/ocis_traefik/.env b/deployments/examples/ocis_traefik/.env
index 478247e879..54dba3cf73 100644
--- a/deployments/examples/ocis_traefik/.env
+++ b/deployments/examples/ocis_traefik/.env
@@ -23,6 +23,10 @@ ADMIN_PASSWORD=
 # because their passwords are public. Defaults to "false".
 DEMO_USERS=
 
+### Email / Inbucket settings ###
+# Inbucket / Mail domain. Defaults to "mail.owncloud.test"
+INBUCKET_DOMAIN=
+
 # If you want to use debugging and tracing with this stack,
 # you need uncomment following line. Please see documentation at
 # https://owncloud.dev/ocis/deployment/monitoring-tracing/
diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml
index dfcff9ed1b..38e1405947 100644
--- a/deployments/examples/ocis_traefik/docker-compose.yml
+++ b/deployments/examples/ocis_traefik/docker-compose.yml
@@ -65,6 +65,11 @@ services:
       IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
       # demo users
       IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
+      # email server (in this case inbucket acts as mail catcher)
+      NOTIFICATIONS_SMTP_HOST: inbucket
+      NOTIFICATIONS_SMTP_PORT: 2500
+      NOTIFICATIONS_SMTP_SENDER: notifications@${OCIS_DOMAIN:-ocis.owncloud.test}
+      NOTIFICATIONS_SMTP_INSECURE: true # the mail catcher uses self signed certificates
     volumes:
       - ocis-config:/etc/ocis
       - ocis-data:/var/lib/ocis
@@ -79,6 +84,29 @@ services:
       driver: "local"
     restart: always
 
+  inbucket:
+    image: inbucket/inbucket
+    networks:
+      ocis-net:
+    entrypoint:
+      - /bin/sh
+    command: ["-c", "apk add openssl; openssl req -subj '/CN=inbucket.test' -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/server.key -out /tmp/server.crt; /start-inbucket.sh"]
+    environment:
+      INBUCKET_SMTP_TLSENABLED: "true"
+      INBUCKET_SMTP_TLSPRIVKEY: /tmp/server.key
+      INBUCKET_SMTP_TLSCERT: /tmp/server.crt
+      INBUCKET_STORAGE_MAILBOXMSGCAP: 1000
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.inbucket.entrypoints=https"
+      - "traefik.http.routers.inbucket.rule=Host(`${INBUCKET_DOMAIN:-mail.owncloud.test}`)"
+      - "traefik.http.routers.inbucket.tls.certresolver=http"
+      - "traefik.http.routers.inbucket.service=inbucket"
+      - "traefik.http.services.inbucket.loadbalancer.server.port=9000"
+    logging:
+      driver: "local"
+    restart: always
+
 volumes:
   certs:
   ocis-config:
diff --git a/docs/ocis/deployment/continuous_deployment.md b/docs/ocis/deployment/continuous_deployment.md
index 0308619a57..99a5983e34 100644
--- a/docs/ocis/deployment/continuous_deployment.md
+++ b/docs/ocis/deployment/continuous_deployment.md
@@ -25,10 +25,12 @@ Credentials:
 ## Latest
 
 - oCIS: [ocis.ocis-traefik.latest.owncloud.works](https://ocis.ocis-traefik.latest.owncloud.works)
+- Mail: [mail.ocis-traefik.latest.owncloud.works](https://mail.ocis-traefik.latest.owncloud.works)
 
 ## Released
 
 - oCIS: [ocis.ocis-traefik.released.owncloud.works](https://ocis.ocis-traefik.released.owncloud.works)
+- Mail: [mail.ocis-traefik.released.owncloud.works](https://mail.ocis-traefik.released.owncloud.works)
 
 # oCIS with WOPI server
 
diff --git a/go.mod b/go.mod
index 34fea25075..27843145b5 100644
--- a/go.mod
+++ b/go.mod
@@ -261,8 +261,6 @@ require (
 	golang.org/x/tools v0.1.10 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
 	gopkg.in/ini.v1 v1.66.2 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
diff --git a/go.sum b/go.sum
index db6f898f40..73c961943c 100644
--- a/go.sum
+++ b/go.sum
@@ -1916,8 +1916,6 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 gopkg.in/Acconut/lockfile.v1 v1.1.0/go.mod h1:6UCz3wJ8tSFUsPR6uP/j8uegEtDuEEqFxlpi0JI4Umw=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
-gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1927,10 +1925,6 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/gomail.v2 v2.0.0-20150902115704-41f357289737 h1:NvePS/smRcFQ4bMtTddFtknbGCtoBkJxGmpSpVRafCc=
-gopkg.in/gomail.v2 v2.0.0-20150902115704-41f357289737/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
-gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE=
-gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
 gopkg.in/h2non/gock.v1 v1.0.14/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE=
 gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE=
 gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaDva0=