diff --git a/helmfile/apps/services/helmfile.yaml b/helmfile/apps/services/helmfile.yaml
index 482ecb9c..197b44c0 100644
--- a/helmfile/apps/services/helmfile.yaml
+++ b/helmfile/apps/services/helmfile.yaml
@@ -47,7 +47,7 @@ releases:
     condition: "mariadb.enabled"
   - name: "postfix"
     chart: "postfix/postfix"
-    version: "1.6.2"
+    version: "1.8.0"
     values:
       - "values-postfix.yaml"
       - "values-postfix.gotmpl"
diff --git a/helmfile/apps/services/values-postfix.gotmpl b/helmfile/apps/services/values-postfix.gotmpl
index 15e168db..118978f6 100644
--- a/helmfile/apps/services/values-postfix.gotmpl
+++ b/helmfile/apps/services/values-postfix.gotmpl
@@ -12,6 +12,9 @@ imagePullSecrets:
   - name: {{ . }}
 {{- end }}
 
+certificate:
+  secretName: "{{ .Values.ingress.tls.secretName }}"
+
 postfix:
   domain: "{{ .Values.global.domain }}"
   virtualMailboxDomains: "{{ .Values.global.domain }}"
@@ -20,6 +23,10 @@ postfix:
       content:
         - "{{ .Values.smtp.host }} {{ .Values.smtp.username }}:{{ .Values.smtp.password }}"
   relayHost: "[{{ .Values.smtp.host }}]:587"
+  relayNets: {{ .Values.global.internalNetwork | quote }}
+  virtualTransport: "lmtps:dovecot.{{ .Release.Namespace }}.{{ .Values.global.internalDomain }}:24"
+  smtpdSASLPath: "inet:dovecot:3659"
+  smtpdMilters: "inet:clamav-milter:7357"
 
 persistence:
   size: "{{ .Values.persistence.size.postfix }}"
@@ -29,8 +36,4 @@ replicaCount: {{ .Values.replicas.postfix }}
 
 resources:
   {{ .Values.resources.postfix | toYaml | nindent 2 }}
-
-ingress:
-  tls:
-    secretName: "{{ .Values.ingress.tls.secretName }}"
 ...
diff --git a/helmfile/apps/services/values-postfix.yaml b/helmfile/apps/services/values-postfix.yaml
index df6a85f2..0a801b41 100644
--- a/helmfile/apps/services/values-postfix.yaml
+++ b/helmfile/apps/services/values-postfix.yaml
@@ -1,11 +1,11 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
+certificate:
+  request:
+    enabled: false
+
 postfix:
-  relayNets: "10.0.0.0/8"
-  virtualTransport: "lmtps:dovecot:24"
-  smtpdSASLPath: "inet:dovecot:3659"
-  smtpdMilters: "inet:clamav-milter:7357"
   hostname: "postfix"
   inetProtocols: "ipv4"
   smtpSASLAuthEnable: "yes"
diff --git a/helmfile/environments/default/global.gotmpl b/helmfile/environments/default/global.gotmpl
index 8d6ec2cb..298ae303 100644
--- a/helmfile/environments/default/global.gotmpl
+++ b/helmfile/environments/default/global.gotmpl
@@ -45,4 +45,14 @@ global:
   #
   imagePullSecrets:
     - "external-registry"
+
+  ## Define internal kubernetes domain, usually svc.cluster.local
+  ## Workaround for calico with postfix
+  #
+  internalDomain: "svc.cluster.local"
+
+  ## Define internal kubernetes network for postfix
+  ## Attention: Mail from this network can be sent without authentication!
+  #
+  internalNetwork: "10.0.0.0/8"
 ...