diff --git a/config/vufind/config.ini b/config/vufind/config.ini
index d28382d9143cacf1f40af1d4448b625732407ad9..dc6a0de2f0519147d72c9ac7336c0a2d17e24861 100644
--- a/config/vufind/config.ini
+++ b/config/vufind/config.ini
@@ -388,6 +388,10 @@ host            = localhost
 port            = 25
 ;username       = user
 ;password       = pass
+; If a login is required you can define which protocol to use for securing the
+; connection. If no explicit protocol ('tls' or 'ssl') is configured, a protocol
+; based on the configured port is chosen (587 -> tls, 487 -> ssl).
+;secure         = tls
 ; If set to false, users can send anonymous emails; otherwise, they must log in first
 require_login   = true
 ; Should we put the logged-in user's address in the "from" field by default?
diff --git a/module/VuFind/src/VuFind/Mailer/Factory.php b/module/VuFind/src/VuFind/Mailer/Factory.php
index f47a9a7c92f17f39150ed44bf4dc9a3a99e65f40..46ca1d9c3966285351dc5432e222cfc9f2dd3cd5 100644
--- a/module/VuFind/src/VuFind/Mailer/Factory.php
+++ b/module/VuFind/src/VuFind/Mailer/Factory.php
@@ -64,6 +64,17 @@ class Factory implements \Zend\ServiceManager\FactoryInterface
                 'username' => $config->Mail->username,
                 'password' => $config->Mail->password
             ];
+            if (isset($config->Mail->secure)) {
+                // always set user defined secure connection
+                $settings['connection_config']['ssl'] = $config->Mail->secure;
+            } else {
+                // set default secure connection based on configured port
+                if ($settings['port'] == '587') {
+                    $settings['connection_config']['ssl'] = 'tls';
+                } elseif ($settings['port'] == '487') {
+                    $settings['connection_config']['ssl'] = 'ssl';
+                }
+            }
         }
         $transport = new Smtp();
         $transport->setOptions(new SmtpOptions($settings));