diff --git a/roles/mail_forwarder/handlers/main.yml b/roles/mail_forwarder/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ef33ee95cca4a6187cf7bb801d0a34a70c80a2b9
--- /dev/null
+++ b/roles/mail_forwarder/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Purge Exim configuration
+  apt: name="exim4*" state=absent purge=yes
+
+- name: Rebuild mail aliases
+  command: /usr/bin/newaliases
+
+- name: Restart Postfix
+  service: name="postfix" state="restarted"
\ No newline at end of file
diff --git a/roles/mail_forwarder/tasks/main.yml b/roles/mail_forwarder/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5ed5ab44c3897767f6530d1860f3d0ec152dfc42
--- /dev/null
+++ b/roles/mail_forwarder/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+
+- name: Install Postfix
+  apt: name="postfix" state=installed
+  notify:
+    - Purge Exim configuration
+
+- name: Deploy Postfix main configuration
+  template: src="main.cf.j2" dest="/etc/postfix/main.cf"
+  notify:
+    - Restart Postfix
+
+- name: Set-up local mail aliases
+  lineinfile:
+    dest: "/etc/aliases"
+    line: "{{ item.key }}: {{ item.value }}"
+    regexp: "^{{ item.key }}"
+    state: present
+  with_dict: local_mail_aliases
+  notify:
+    - Rebuild mail aliases
diff --git a/roles/mail_forwarder/templates/main.cf.j2 b/roles/mail_forwarder/templates/main.cf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..fd64ecd016ef4d175d8be54cf8f0e5aa1d0bf152
--- /dev/null
+++ b/roles/mail_forwarder/templates/main.cf.j2
@@ -0,0 +1,39 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = ansible
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = {{ inventory_hostname }}, {{ inventory_hostname_short }}, localhost.localdomain, localhost
+relayhost = {{ smtp_relay_host }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128{% for network in smtp_mynetworks  %} {{ network }}{% endfor %}
+mailbox_command = procmail -a "$EXTENSION"
+mailbox_size_limit = 0
+recipient_delimiter = +
diff --git a/testsite/group_vars/ldap.yml b/testsite/group_vars/ldap.yml
index 29a783c5a5ffd2926faeaf12e5f4c3bc32cdcffe..793b19138abdb0c274cc1595cb12788c3e48deb6 100644
--- a/testsite/group_vars/ldap.yml
+++ b/testsite/group_vars/ldap.yml
@@ -1,5 +1,13 @@
 ---
 
+local_mail_aliases:
+  root: "root john.doe@example.com"
+
+smtp_mynetworks:
+  - mail.example.com
+
+smtp_relay_host: mail.example.com
+
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
diff --git a/testsite/group_vars/xmpp.yml b/testsite/group_vars/xmpp.yml
index 9e61b6193e235b231160c54c85d484aef6f0a54a..0ac44b4a7f6857cb660df38dcba5a6e9e3137716 100644
--- a/testsite/group_vars/xmpp.yml
+++ b/testsite/group_vars/xmpp.yml
@@ -14,6 +14,14 @@ ldap_client_config:
     option: TLS_CACERT
     value: /etc/ssl/certs/truststore.pem
 
+local_mail_aliases:
+  root: "root john.doe@example.com"
+
+smtp_mynetworks:
+  - mail.example.com
+
+smtp_relay_host: mail.example.com
+
 prosody_administrators:
   - john.doe@example.com
 
diff --git a/testsite/playbooks/ldap.yml b/testsite/playbooks/ldap.yml
index 2b1520969aaeb00efe3f12e424aa4be2fe472d32..190de3d66bc53a47263236d175602a3e085c91ab 100644
--- a/testsite/playbooks/ldap.yml
+++ b/testsite/playbooks/ldap.yml
@@ -5,5 +5,6 @@
   sudo: yes
   roles:
     - common
+    - mail_forwarder
     - ldap_client
     - ldap_server
diff --git a/testsite/playbooks/xmpp.yml b/testsite/playbooks/xmpp.yml
index d34017b9ae58e6ca4a400c49bc1fc0d492443662..59bce9facad60d887760189bb737e082ee501f4b 100644
--- a/testsite/playbooks/xmpp.yml
+++ b/testsite/playbooks/xmpp.yml
@@ -6,4 +6,5 @@
   roles:
     - common
     - ldap_client
+    - mail_forwarder
     - prosody