diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml
index c2ec49f..6ab1c53 100644
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@@ -186,3 +186,5 @@ alloy_hosts:
 ansible_pull_hosts:
   hosts:
     netbox:
+msmtp_hosts:
+  hosts:
diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml
index c11a0e7..dc3a22d 100644
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@@ -83,5 +83,10 @@
   roles:
     - ansible_pull
 
+- name: Ensure msmtp is setup on msmtp_hosts
+  hosts: msmtp_hosts
+  roles:
+    - msmtp
+
 - name: Run ensure_eh22_styleguide_dir Playbook
   ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml
diff --git a/roles/msmtp/README.md b/roles/msmtp/README.md
new file mode 100644
index 0000000..e333527
--- /dev/null
+++ b/roles/msmtp/README.md
@@ -0,0 +1,21 @@
+# Role `msmtp`
+
+A role for setting up msmtp for mail sending.
+
+The role only supports mail servers supporting either STARTTLS or SMTPS.
+
+## Supported Distributions
+
+Should work on Debian-based distributions.
+
+## Required Arguments
+
+- `msmtp__smtp_host`: The SMTP host to use.
+- `msmtp__smtp_port`: The SMTP port to use.
+- `msmtp__smtp_tls_method`: The SMTP TLS method to use.  
+  Possible choices:
+  - `starttls`: Use STARTTLS to connect to the server.
+  - `smtps`: Use SMTPS to connect to the server.
+- `msmtp__smtp_user`: The SMTP user to use for authentication.
+- `msmtp__smtp_password`: The SMTP password to use for authentication.
+- `msmtp__smtp_from`: The SMTP from address to use when sending mails.
diff --git a/roles/msmtp/meta/argument_specs.yaml b/roles/msmtp/meta/argument_specs.yaml
new file mode 100644
index 0000000..84f940f
--- /dev/null
+++ b/roles/msmtp/meta/argument_specs.yaml
@@ -0,0 +1,24 @@
+argument_specs:
+  main:
+    options:
+      msmtp__smtp_host:
+        type: str
+        required: true
+      msmtp__smtp_port:
+        type: int
+        required: true
+      msmtp__smtp_tls_method:
+        type: str
+        required: true
+        choices:
+          - "starttls"
+          - "smtps"
+      msmtp__smtp_user:
+        type: str
+        required: true
+      msmtp__smtp_password:
+        type: str
+        required: true
+      msmtp__smtp_from:
+        type: str
+        required: true
diff --git a/roles/msmtp/tasks/main.yaml b/roles/msmtp/tasks/main.yaml
new file mode 100644
index 0000000..7689ddc
--- /dev/null
+++ b/roles/msmtp/tasks/main.yaml
@@ -0,0 +1,14 @@
+- name: ensure msmtp is installed
+  ansible.builtin.apt:
+    name: msmtp
+    state: present
+  become: true
+
+- name: ensure msmtp config for root user
+  ansible.builtin.template:
+    src: msmtprc.j2
+    dest: /root/.msmtprc
+    owner: root
+    group: root
+    mode: "0600"
+  become: true
diff --git a/roles/msmtp/templates/msmtprc.j2 b/roles/msmtp/templates/msmtprc.j2
new file mode 100644
index 0000000..3c4faa7
--- /dev/null
+++ b/roles/msmtp/templates/msmtprc.j2
@@ -0,0 +1,17 @@
+# ansible-managed
+
+# defaults
+defaults
+auth on
+tls on
+
+# ansible-managed-account
+account ansible-managed-account
+host {{ msmtp__smtp_host }}
+port {{ msmtp__smtp_port }}
+tls_starttls {% if msmtp__smtp_tls_method == "starttls" %}on{% else %}off{% endif +%}
+user {{ msmtp__smtp_user }}
+password {{ msmtp__smtp_password }}
+from {{ msmtp__smtp_from }}
+
+account default: ansible-managed-account