diff --git a/default.nix b/default.nix
index 1ca367c..b0b64cf 100644
--- a/default.nix
+++ b/default.nix
@@ -25,6 +25,12 @@ in
   options.mailserver = {
     enable = mkEnableOption "nixos-mailserver";
 
+    openFirewall = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Automatically open ports in the firewall.";
+    };
+
     fqdn = mkOption {
       type = types.str;
       example = "mx.example.com";
diff --git a/mail-server/networking.nix b/mail-server/networking.nix
index 8c8a500..e8a222e 100644
--- a/mail-server/networking.nix
+++ b/mail-server/networking.nix
@@ -20,7 +20,7 @@ let
   cfg = config.mailserver;
 in
 {
-  config = with cfg; lib.mkIf enable {
+  config = with cfg; lib.mkIf (enable && openFirewall) {
 
     networking.firewall = {
       allowedTCPPorts = [ 25 ]