diff --git a/sites-available/mail b/sites-available/mail
new file mode 100644
index 0000000..01aad66
--- /dev/null
+++ b/sites-available/mail
@@ -0,0 +1,67 @@
+server {
+	listen 80;
+
+	server_name _;
+
+	root /usr/share/nginx/mail;
+
+	if ($http_user_agent !~* Thunderbird) {
+		return 301 https://$host$request_uri;
+	}
+
+	rewrite /.well-known/autoconfig/mail/config-v1.1.xml /autoconfig.xml permanent;
+}
+
+server {
+	listen 443;
+
+	server_name _;
+
+	ssl on;
+	ssl_certificate         /etc/ssl/mail/mail.crt;
+	ssl_certificate_key     /etc/ssl/mail/mail.key;
+
+	ssl_prefer_server_ciphers on;
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+	ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
+	add_header Strict-Transport-Security max-age=15768000;
+
+	root /usr/share/nginx/mail;
+	index index.html index.htm index.php;
+
+    location ^~ /rc/logs {
+        deny all;
+    }
+
+	location ~ /(\.ht) {
+		deny all;
+		return 404;
+	}
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /robots.txt {
+		allow all;
+		log_not_found off;
+		access_log off;
+	}
+
+	location / {
+		try_files $uri $uri/ index.php;
+		limit_req zone=one burst=25 nodelay;
+	}
+
+    location ~ \.php$ {
+        include fastcgi_params;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/var/run/php5-fpm-mail.sock;
+        fastcgi_index index.php;
+        fastcgi_param HTTPS on;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_read_timeout 630;
+		fastcgi_keep_conn on;
+    }
+}
diff --git a/sites-enabled/mail b/sites-enabled/mail
new file mode 120000
index 0000000..739c70f
--- /dev/null
+++ b/sites-enabled/mail
@@ -0,0 +1 @@
+../sites-available/mail
\ No newline at end of file