diff --git a/machines/vueko/configuration.nix b/machines/vueko/configuration.nix
index c3fa9bf..2fc8c36 100644
--- a/machines/vueko/configuration.nix
+++ b/machines/vueko/configuration.nix
@@ -24,6 +24,7 @@
         "psycho-power-papagei.de"
         "sbruder.de"
       ];
+      autoconfig.enable = true;
       users = import ./secrets/mail-users.nix;
       rejectSenders = import ./secrets/mail-reject-senders.nix;
     };
diff --git a/modules/mailserver.nix b/modules/mailserver.nix
index 2a8c287..07cf19c 100644
--- a/modules/mailserver.nix
+++ b/modules/mailserver.nix
@@ -27,6 +27,9 @@ in
       description = "Domains to serve";
       example = [ "example.com" "example.org" ];
     };
+    autoconfig = {
+      enable = mkEnableOption "autoconfiguration of compatible clients. Requires autoconfig.<domain> to exist for all specified domains";
+    };
     users = mkOption {
       type = listOf (submodule {
         options = {
@@ -541,5 +544,41 @@ in
     };
 
     users.users.postfix.extraGroups = lib.mkIf cfg.dkim.enable (lib.singleton config.users.users.opendkim.group);
+
+    # Autoconfig
+    services.nginx = lib.mkIf cfg.autoconfig.enable {
+      enable = true;
+      virtualHosts = lib.listToAttrs (map
+        (domain: lib.nameValuePair "autoconfig.${domain}" {
+          enableACME = true;
+          forceSSL = true;
+
+          locations."=/mail/config-v1.1.xml".alias = pkgs.writeText "config-v1.1.xml" ''
+            <?xml version="1.0" encoding="UTF-8"?>
+            <clientConfig version="1.1">
+              <emailProvider id="${lib.escapeXML domain}">
+                <domain>${lib.escapeXML domain}</domain>
+                <displayName>${lib.escapeXML domain}</displayName>
+                <displayShortName>${lib.escapeXML domain}</displayShortName>
+                <incomingServer type="imap">
+                  <hostname>${lib.escapeXML cfg.fqdn}</hostname>
+                  <port>993</port>
+                  <socketType>SSL</socketType>
+                  <authentication>password-cleartext</authentication>
+                  <username>%EMAILADDRESS%</username>
+                </incomingServer>
+                <outgoingServer type="smtp">
+                  <hostname>${lib.escapeXML cfg.fqdn}</hostname>
+                  <port>465</port>
+                  <socketType>SSL</socketType>
+                  <authentication>password-cleartext</authentication>
+                  <username>%EMAILADDRESS%</username>
+                </outgoingServer>
+              </emailProvider>
+            </clientConfig>
+          '';
+        })
+        cfg.domains);
+    };
   };
 }