diff --git a/modules/setting/incoming_email.go b/modules/setting/incoming_email.go
index f5ee1368f1..314fdea137 100644
--- a/modules/setting/incoming_email.go
+++ b/modules/setting/incoming_email.go
@@ -47,6 +47,15 @@ func loadIncomingEmailFrom(rootCfg ConfigProvider) {
 		IncomingEmail.Password = sec.Key("PASSWD").String()
 	}
 
+	// Infer Port if not set
+	if IncomingEmail.Port == 0 {
+		if IncomingEmail.UseTLS {
+			IncomingEmail.Port = 993
+		} else {
+			IncomingEmail.Port = 143
+		}
+	}
+
 	if err := checkReplyToAddress(IncomingEmail.ReplyToAddress); err != nil {
 		log.Fatal("Invalid incoming_mail.REPLY_TO_ADDRESS (%s): %v", IncomingEmail.ReplyToAddress, err)
 	}
diff --git a/modules/setting/incoming_email_test.go b/modules/setting/incoming_email_test.go
index 9e8ee0e6b7..0fdd44d333 100644
--- a/modules/setting/incoming_email_test.go
+++ b/modules/setting/incoming_email_test.go
@@ -10,15 +10,65 @@ import (
 )
 
 func Test_loadIncomingEmailFrom(t *testing.T) {
-	cfg, _ := NewConfigProviderFromData("")
-	sec := cfg.Section("email.incoming")
-	sec.NewKey("ENABLED", "true")
-	sec.NewKey("USER", "jane.doe@example.com")
-	sec.NewKey("PASSWD", "y0u'll n3v3r gUess th1S!!1")
-	sec.NewKey("REPLY_TO_ADDRESS", "forge+%{token}@example.com")
+	makeBaseConfig := func() (ConfigProvider, ConfigSection) {
+		cfg, _ := NewConfigProviderFromData("")
+		sec := cfg.Section("email.incoming")
+		sec.NewKey("ENABLED", "true")
+		sec.NewKey("REPLY_TO_ADDRESS", "forge+%{token}@example.com")
 
-	loadIncomingEmailFrom(cfg)
+		return cfg, sec
+	}
+	resetIncomingEmailPort := func() func() {
+		return func() {
+			IncomingEmail.Port = 0
+		}
+	}
 
-	assert.EqualValues(t, "jane.doe@example.com", IncomingEmail.Username)
-	assert.EqualValues(t, "y0u'll n3v3r gUess th1S!!1", IncomingEmail.Password)
+	t.Run("aliases", func(t *testing.T) {
+		cfg, sec := makeBaseConfig()
+		sec.NewKey("USER", "jane.doe@example.com")
+		sec.NewKey("PASSWD", "y0u'll n3v3r gUess th1S!!1")
+
+		loadIncomingEmailFrom(cfg)
+
+		assert.EqualValues(t, "jane.doe@example.com", IncomingEmail.Username)
+		assert.EqualValues(t, "y0u'll n3v3r gUess th1S!!1", IncomingEmail.Password)
+	})
+
+	t.Run("Port settings", func(t *testing.T) {
+		t.Run("no port, no tls", func(t *testing.T) {
+			defer resetIncomingEmailPort()()
+			cfg, sec := makeBaseConfig()
+
+			// False is the default, but we test it explicitly.
+			sec.NewKey("USE_TLS", "false")
+
+			loadIncomingEmailFrom(cfg)
+
+			assert.EqualValues(t, 143, IncomingEmail.Port)
+		})
+
+		t.Run("no port, with tls", func(t *testing.T) {
+			defer resetIncomingEmailPort()()
+			cfg, sec := makeBaseConfig()
+
+			sec.NewKey("USE_TLS", "true")
+
+			loadIncomingEmailFrom(cfg)
+
+			assert.EqualValues(t, 993, IncomingEmail.Port)
+		})
+
+		t.Run("port overrides tls", func(t *testing.T) {
+			defer resetIncomingEmailPort()()
+			cfg, sec := makeBaseConfig()
+
+			sec.NewKey("PORT", "1993")
+			sec.NewKey("USE_TLS", "true")
+
+			loadIncomingEmailFrom(cfg)
+
+			assert.EqualValues(t, 1993, IncomingEmail.Port)
+		})
+	})
 }