diff --git a/client/pages/config/email.vue b/client/pages/config/email.vue
index 33fbdd32..19aef5f1 100644
--- a/client/pages/config/email.vue
+++ b/client/pages/config/email.vue
@@ -46,6 +46,26 @@
           </div>
         </div>
 
+        <div class="flex items-center mb-2 py-1">
+          <div class="w-full px-1">
+            <div class="flex items-center">
+              <ui-toggle-switch labeledBy="email-settings-advanced-tls" v-model="showAdvancedTlsSettings" :disabled="savingSettings" />
+              <ui-tooltip :text="$strings.LabelEmailSettingsTlsServerNameHelp">
+                <div class="pl-4 flex items-center">
+                  <span id="email-settings-advanced-tls">{{ $strings.LabelEmailSettingsAdvancedTls }}</span>
+                  <span class="material-symbols text-lg pl-1">info</span>
+                </div>
+              </ui-tooltip>
+            </div>
+          </div>
+        </div>
+
+        <div v-if="showAdvancedTlsSettings" class="flex items-center -mx-1 mb-2">
+          <div class="w-full px-1">
+            <ui-text-input-with-label ref="tlsServerNameInput" v-model="newSettings.tlsServerName" :disabled="savingSettings" :label="$strings.LabelEmailSettingsTlsServerName" />
+          </div>
+        </div>
+
         <div class="flex items-center -mx-1 mb-2">
           <div class="w-full md:w-1/2 px-1">
             <ui-text-input-with-label ref="userInput" v-model="newSettings.user" :disabled="savingSettings" :label="$strings.LabelUsername" />
@@ -140,8 +160,10 @@ export default {
         user: null,
         pass: null,
         testAddress: null,
-        fromAddress: null
+        fromAddress: null,
+        tlsServerName: null
       },
+      showAdvancedTlsSettings: false,
       newEReaderDevice: {
         name: '',
         email: ''
@@ -163,6 +185,13 @@ export default {
       return this.settings?.ereaderDevices || []
     }
   },
+  watch: {
+    showAdvancedTlsSettings(newVal) {
+      if (!newVal) {
+        this.newSettings.tlsServerName = null
+      }
+    }
+  },
   methods: {
     resetChanges() {
       this.newSettings = {
@@ -278,7 +307,8 @@ export default {
         user: this.newSettings.user,
         pass: this.newSettings.pass,
         testAddress: this.newSettings.testAddress,
-        fromAddress: this.newSettings.fromAddress
+        fromAddress: this.newSettings.fromAddress,
+        tlsServerName: this.newSettings.tlsServerName
       }
       this.savingSettings = true
       this.$axios
@@ -313,6 +343,7 @@ export default {
           this.newSettings = {
             ...this.settings
           }
+          this.showAdvancedTlsSettings = !!this.settings.tlsServerName
         })
         .catch((error) => {
           console.error('Failed to get email settings', error)
diff --git a/client/strings/en-us.json b/client/strings/en-us.json
index 6dba7adb..4e925ff2 100644
--- a/client/strings/en-us.json
+++ b/client/strings/en-us.json
@@ -325,12 +325,15 @@
   "LabelEbooks": "Ebooks",
   "LabelEdit": "Edit",
   "LabelEmail": "Email",
+  "LabelEmailSettingsAdvancedTls": "Advanced TLS Settings",
   "LabelEmailSettingsFromAddress": "From Address",
   "LabelEmailSettingsRejectUnauthorized": "Reject unauthorized certificates",
   "LabelEmailSettingsRejectUnauthorizedHelp": "Disabling SSL certificate validation may expose your connection to security risks, such as man-in-the-middle attacks. Only disable this option if you understand the implications and trust the mail server you are connecting to.",
   "LabelEmailSettingsSecure": "Secure",
   "LabelEmailSettingsSecureHelp": "If true the connection will use TLS when connecting to server. If false then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false. (from nodemailer.com/smtp/#authentication)",
   "LabelEmailSettingsTestAddress": "Test Address",
+  "LabelEmailSettingsTlsServerName": "TLS Server Name",
+  "LabelEmailSettingsTlsServerNameHelp": "Specify the hostname for TLS certificate validation when using an IP address as the host. This enables proper certificate validation while avoiding hostname resolution issues.",
   "LabelEmbeddedCover": "Embedded Cover",
   "LabelEnable": "Enable",
   "LabelEncodingBackupLocation": "A backup of your original audio files will be stored in:",
diff --git a/server/objects/settings/EmailSettings.js b/server/objects/settings/EmailSettings.js
index db3ad754..a97638d8 100644
--- a/server/objects/settings/EmailSettings.js
+++ b/server/objects/settings/EmailSettings.js
@@ -21,6 +21,7 @@ class EmailSettings {
     this.pass = null
     this.testAddress = null
     this.fromAddress = null
+    this.tlsServerName = null
 
     /** @type {EreaderDeviceObject[]} */
     this.ereaderDevices = []
@@ -39,6 +40,7 @@ class EmailSettings {
     this.pass = settings.pass
     this.testAddress = settings.testAddress
     this.fromAddress = settings.fromAddress
+    this.tlsServerName = settings.tlsServerName || process.env.SMTP_TLS_SERVERNAME || null
     this.ereaderDevices = settings.ereaderDevices?.map((d) => ({ ...d })) || []
 
     // rejectUnauthorized added after v2.10.1 - defaults to true
@@ -58,6 +60,7 @@ class EmailSettings {
       pass: this.pass,
       testAddress: this.testAddress,
       fromAddress: this.fromAddress,
+      tlsServerName: this.tlsServerName,
       ereaderDevices: this.ereaderDevices.map((d) => ({ ...d }))
     }
   }
@@ -128,9 +131,14 @@ class EmailSettings {
       }
     }
     // Allow self-signed certs (https://nodemailer.com/smtp/#3-allow-self-signed-certificates)
-    if (!this.rejectUnauthorized) {
-      payload.tls = {
-        rejectUnauthorized: false
+    // And allows hostname validation for IP addresses (https://nodemailer.com/smtp/#general-options)
+    if (!this.rejectUnauthorized || this.tlsServerName) {
+      payload.tls = payload.tls || {}
+      if (!this.rejectUnauthorized) {
+        payload.tls.rejectUnauthorized = false
+      }
+      if (this.tlsServerName) {
+        payload.tls.servername = this.tlsServerName
       }
     }