diff --git a/defaults/main.yml b/defaults/main.yml
index faa0c3221eb20ce18d94fcdb5ec4f455c68a3658..282b48194a91c1356318b414f6944c5364fba05d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,5 @@
 ---
+manage_mail: 'enabled'
 default_maintenance_email: "maintenance@example.org"
 default_smtp_server: "smtp.example.org"
 default_sshd_port: 10022
diff --git a/tasks/mail.yml b/tasks/mail.yml
new file mode 100644
index 0000000000000000000000000000000000000000..07b19e59c15af977bd3a5896bd8819a7730d5bbb
--- /dev/null
+++ b/tasks/mail.yml
@@ -0,0 +1,27 @@
+---
+- name: remove mail packages not necessary
+  apt:
+    name: [bsd-mailx mailutils postfix]
+    autoremove: true
+    state: absent
+  when: ansible_os_family == "Debian"
+
+- name: check that ssmtp is installed
+  package: name=ssmtp state=present
+
+- name: Check that sendmail redirects to ssmtp
+  file:
+    src: ssmtp
+    dest: /usr/sbin/sendmail
+    force: true
+    owner: root
+    group: mail
+    state: link
+
+- name: configuration file for ssmtp
+  template:
+    src: ssmtp.conf.j2
+    dest: /etc/ssmtp/ssmtp.conf
+    owner: root
+    group: mail
+    mode: '0640'
diff --git a/tasks/main.yml b/tasks/main.yml
index 33c59ca3e4ab74170261749a902fcf15ca19288b..2372cecfbd61134796fcf2c274cc8c47a72f461a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,14 +1,7 @@
 ---
-
-- name: remove mail packages not necessary
-  apt:
-    name: [bsd-mailx mailutils postfix]
-    autoremove: true
-    state: absent
-  when: ansible_os_family == "Debian"
-
-- name: check that ssmtp is installed
-  package: name=ssmtp state=present
+- name: import mail tasks
+  import_tasks: mail.yml
+  when: manage_mail == 'enabled'
 
 - name: install fail2ban, iptables-persistent and auditd
   package:
@@ -30,15 +23,6 @@
     state: present
   when: ansible_check_mode
 
-- name: Check that sendmail redirects to ssmtp
-  file:
-    src: ssmtp
-    dest: /usr/sbin/sendmail
-    force: true
-    owner: root
-    group: mail
-    state: link
-
 - name: make fail2ban persistent
   service: name=fail2ban enabled=yes state=started
 
@@ -136,11 +120,3 @@
     group: root
     mode: '0640'
   notify: restart auditd
-
-- name: configuration file for ssmtp
-  template:
-    src: ssmtp.conf.j2
-    dest: /etc/ssmtp/ssmtp.conf
-    owner: root
-    group: mail
-    mode: '0640'