diff --git a/.env b/.env
index 33ebb174..a6d280a6 100644
--- a/.env
+++ b/.env
@@ -42,7 +42,18 @@ BANNER=""
 # In demo mode things it is not possible for a user to change his password and his settings.
 DEMO_MODE=0
 
-### End custom vars
-###> symfony/mailer ###
-# MAILER_DSN=smtp://localhost
-###< symfony/mailer ###
+###################################################################################
+# Email related settings
+###################################################################################
+
+# The DSN of the email server that should be used for sending emails (disabled by default)
+# See Transport section of https://symfony.com/doc/current/components/mailer.html for available providers and syntax
+MAILER_DSN=null://null
+#MAILER_DSN=smtp://user:password@smtp.mailserver.invalid:587
+
+# The email address from which all Part-DB emails should be sent. Change this when you configure email!
+EMAIL_SENDER_EMAIL=noreply@partdb.changeme
+
+# Set this to 1 to allow reset of a password per email
+ALLOW_EMAIL_PW_RESET=0
+
diff --git a/config/packages/twig.yaml b/config/packages/twig.yaml
index 0f445e82..b0009a53 100644
--- a/config/packages/twig.yaml
+++ b/config/packages/twig.yaml
@@ -12,3 +12,4 @@ twig:
         partdb_title: '%partdb_title%'
         default_currency: '%default_currency%'
         global_theme: '%global_theme%'
+        allow_email_pw_reset: '%allow_email_pw_reset%'
diff --git a/config/services.yaml b/config/services.yaml
index cdf9a90e..3a4e69cd 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -17,8 +17,9 @@ parameters:
     # Allow users to download attachments to server. Warning: This can be dangerous, because via that feature attackers maybe can access ressources on your intranet!
     allow_attachments_downloads: false
     demo_mode: '%env(bool:DEMO_MODE)%' # If set to true, all potentially dangerous things are disabled (like changing passwords of the own user)
-    sender_email: 'noreply@partdb.changeme'
-    sender_name: 'Part-DB Mailer'
+    sender_email: 'noreply@partdb.changeme' # The email address from which all emails are sent from
+    sender_name: 'Part-DB Mailer' # The name that will be used for all mails sent by Part-DB
+    allow_email_pw_reset: '%env(validMailDSN:MAILER_DSN)%' # Config if users are able, to reset their password by email. By default this enabled, when a mail server is configured.
 
 services:
     # default configuration for services in *this* file
@@ -103,6 +104,10 @@ services:
         arguments:
             $timezone: '%timezone%'
 
+    App\Controller\SecurityController:
+        arguments:
+            $allow_email_pw_reset: '%allow_email_pw_reset%'
+
     App\Services\Attachments\AttachmentPathResolver:
         arguments:
             $project_dir: '%kernel.project_dir%'
diff --git a/src/Controller/SecurityController.php b/src/Controller/SecurityController.php
index 2731111a..0a712d68 100644
--- a/src/Controller/SecurityController.php
+++ b/src/Controller/SecurityController.php
@@ -30,8 +30,10 @@ use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
 use Symfony\Component\Form\Extension\Core\Type\SubmitType;
 use Symfony\Component\Form\Extension\Core\Type\TextType;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\Mailer\MailerInterface;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
 use Symfony\Component\Validator\Constraints\Length;
 use Symfony\Component\Validator\Constraints\NotBlank;
@@ -40,10 +42,12 @@ use Symfony\Contracts\Translation\TranslatorInterface;
 class SecurityController extends AbstractController
 {
     protected $translator;
+    protected $allow_email_pw_reset;
 
-    public function __construct(TranslatorInterface $translator)
+    public function __construct(TranslatorInterface $translator, bool $allow_email_pw_reset)
     {
         $this->translator = $translator;
+        $this->allow_email_pw_reset = $allow_email_pw_reset;
     }
 
     /**
@@ -68,6 +72,14 @@ class SecurityController extends AbstractController
      */
     public function requestPwReset(PasswordResetManager $passwordReset, Request $request)
     {
+        if (!$this->allow_email_pw_reset) {
+            throw new AccessDeniedHttpException("The password reset via email is disabled!");
+        }
+
+        if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
+            throw new AccessDeniedHttpException("You are already logged in, so you can not reset your password!");
+        }
+
         $builder = $this->createFormBuilder();
         $builder->add('user', TextType::class, [
             'label' => $this->translator->trans('pw_reset.user_or_password'),
@@ -88,7 +100,7 @@ class SecurityController extends AbstractController
         if ($form->isSubmitted() && $form->isValid()) {
             $passwordReset->request($form->getData()['user']);
             $this->addFlash('success', $this->translator->trans('pw_reset.request.success'));
-            //return $this->redirectToRoute('login');
+            return $this->redirectToRoute('login');
         }
 
         return $this->render('security/pw_reset_request.html.twig', [
@@ -101,6 +113,14 @@ class SecurityController extends AbstractController
      */
     public function pwResetNewPw(PasswordResetManager $passwordReset, Request $request, string $user = null, string $token = null)
     {
+        if (!$this->allow_email_pw_reset) {
+            throw new AccessDeniedHttpException("The password reset via email is disabled!");
+        }
+
+        if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
+            throw new AccessDeniedHttpException("You are already logged in, so you can not reset your password!");
+        }
+
         $data = ['username' => $user, 'token' => $token];
         $builder = $this->createFormBuilder($data);
         $builder->add('username', TextType::class, [
diff --git a/src/Services/CustomEnvVarProcessor.php b/src/Services/CustomEnvVarProcessor.php
new file mode 100644
index 00000000..bb6df8da
--- /dev/null
+++ b/src/Services/CustomEnvVarProcessor.php
@@ -0,0 +1,55 @@
+<?php
+/**
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ * Copyright (C) 2019 Jan Böhmer (https://github.com/jbtronics)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+ */
+
+namespace App\Services;
+
+
+use Symfony\Component\DependencyInjection\EnvVarProcessorInterface;
+use Symfony\Component\DependencyInjection\Exception\EnvNotFoundException;
+
+class CustomEnvVarProcessor implements EnvVarProcessorInterface
+{
+
+    /**
+     * @inheritDoc
+     */
+    public function getEnv($prefix, $name, \Closure $getEnv)
+    {
+        if ('validMailDSN' === $prefix) {
+            try {
+                $env = $getEnv($name);
+                return !empty($env)  && $env !== 'null://null';
+            } catch (EnvNotFoundException $exception) {
+                return false;
+            }
+        }
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public static function getProvidedTypes()
+    {
+        return [
+            'validMailDSN' => 'bool',
+        ];
+    }
+}
\ No newline at end of file
diff --git a/templates/security/login.html.twig b/templates/security/login.html.twig
index 10602265..f51c3d61 100644
--- a/templates/security/login.html.twig
+++ b/templates/security/login.html.twig
@@ -5,7 +5,7 @@
 {% block card_title %}<h5>
     <i class="fa fa-sign-in-alt fa-fw" aria-hidden="true"></i>
     {% trans %}login.card_title{% endtrans %}
-</h5>
+    </h5>
 {% endblock %}
 
 {% block  content %}
@@ -20,7 +20,7 @@
 {% endblock %}
 
 {% block card_content %}
-    <form action="{{ path('login') }}" method="post" class="form-hor">
+    <form action="{{ path('login') }}" method="post" class="form-horizontal">
 
         <input type="hidden" name="_csrf_token"
                value="{{ csrf_token('authenticate') }}">
@@ -60,5 +60,7 @@
         </div>
     </form>
 
-    <a class="offset-2" href="{{ url('pw_reset_request') }}">{% trans %}pw_reset.password_forget{% endtrans %}</a>
+    {% if allow_email_pw_reset %}
+        <a class="offset-2" href="{{ url('pw_reset_request') }}">{% trans %}pw_reset.password_forget{% endtrans %}</a>
+    {% endif %}
 {% endblock %}
\ No newline at end of file