SMTP connection in an isolated docker container with reverse proxy

I have caddy running as a reverse proxy and exposing the Vaultwarden (VW) services as normal. Caddy is also fetching a cert from Cloudflare so SSL is enabled (making VW happy). My VW and Caddy containers are connected together via a bridge network. My Caddy container is also connected to a MACLAN network to expose it to my LAN so I can use VW.

My problem is how do I also proxy the SMTP connection out of the VW container so it can send emails? Connecting to the VW container to the MACLAN network would not be secure, since connections to VW can be non-SSL. So for maximum security the VW container should only connect to the bridge network. What’s the best secure method to allow the SMTP connection?

You could add an extra container that runs a SMTP relay. You can then add an internal only network between VW and the SMTP relay and configure VW to use the SMTP relay container instead.