diff --git a/README.md b/README.md
index d2f081c..5fd96b4 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,7 @@ Feel free to pick your favourite distro.
       - [`POSTFIX_message_size_limit`](#postfix_message_size_limit)
       - [Overriding specific postfix settings](#overriding-specific-postfix-settings)
       - [`SKIP_ROOT_SPOOL_CHOWN`](#skip_root_spool_chown)
+      - [`ENABLE_TLSPROXY`](#enable_tlsproxy)
       - [`ANONYMIZE_EMAILS`](#anonymize_emails)
         - [The `default` (`smart`) filter](#the-default-smart-filter)
         - [The `paranoid` filter](#the-paranoid-filter)
@@ -384,6 +385,11 @@ want to set this option unless you're running into specific issues (e.g. [#97](h
 
 If unsure, leave it as is.
 
+#### `ENABLE_TLSPROXY`
+
+Setting this to `true` will enable the `tlsproxy` in `/etc/postfix/master.cf`. You want to enable this, if you enable
+[`smtp_tls_connection_reuse`](https://www.postfix.org/postconf.5.html#smtp_tls_connection_reuse).
+
 #### `ANONYMIZE_EMAILS`
 
 Anonymize email in Postfix logs. It mask the email content by putting `*` in the middle of the name and the domain.
diff --git a/scripts/common-run.sh b/scripts/common-run.sh
index 9705882..a0167d3 100755
--- a/scripts/common-run.sh
+++ b/scripts/common-run.sh
@@ -745,6 +745,15 @@ postfix_open_submission_port() {
 	sed -i -r -e 's/^#submission/submission/' /etc/postfix/master.cf
 }
 
+postfix_enable_tlsproxy() {
+	if [ ! -z "$ENABLE_TLSPROXY" ]; then
+		if [[ "${ENABLE_TLSPROXY}" == "true" ]]; then
+			info "Enabling tlsproxy."
+			sed -i -r -e 's/^#tlsproxy/tlsproxy/' /etc/postfix/master.cf
+		fi
+	fi
+}
+
 execute_post_init_scripts() {
 	if [ -d /docker-init.db/ ]; then
 		notice "Executing any found custom scripts..."
diff --git a/scripts/run.sh b/scripts/run.sh
index 644d65d..d42011c 100755
--- a/scripts/run.sh
+++ b/scripts/run.sh
@@ -39,6 +39,7 @@ postfix_setup_smtpd_sasl_auth           # Enable sender SASL auth, if defined
 postfix_custom_commands                 # Apply custom postfix settings
 opendkim_custom_commands                # Apply custom OpenDKIM settings
 postfix_open_submission_port            # Enable the submission port
+postfix_enable_tlsproxy                 # Optionally enable tlsproxy
 execute_post_init_scripts               # Execute any scripts found in /docker-init.db/
 unset_sensitive_variables               # Remove environment variables that contains sensitive values (secrets) that are read from conf files