diff --git a/02-selfhosting/monitoring/logwatch-fleet-setup.md b/02-selfhosting/monitoring/logwatch-fleet-setup.md
index 15696f1..75703f1 100644
--- a/02-selfhosting/monitoring/logwatch-fleet-setup.md
+++ b/02-selfhosting/monitoring/logwatch-fleet-setup.md
@@ -240,7 +240,7 @@ systemctl reload postfix
 
 ### 2. Empty `relayhost` quietly forces public-MX delivery
 
-If `postconf relayhost` returns an empty value, postfix doesn't fail — it just does an MX lookup for the destination domain and tries to deliver directly. For mail to your own mail server, that means going via the **public MX** (the domain's external MX record, e.g., `mail.majorshouse.com → 165.227.187.191:25`) instead of the **internal/Tailscale relay path** the rest of the fleet uses.
+If `postconf relayhost` returns an empty value, postfix doesn't fail — it just does an MX lookup for the destination domain and tries to deliver directly. For mail to your own mail server, that means going via the **public MX** (the domain's external MX record, e.g., `mail.majorshouse.com → 203.0.113.10:25`) instead of the **internal/Tailscale relay path** the rest of the fleet uses.
 
 The public-MX path is subject to whatever spam filtering, content checks, and trust rules the receiving MX has configured for external traffic. Internal Tailscale-IP traffic typically gets a faster trust shortcut (e.g., bypass spamchk pipe). So this single configuration drift causes one host's mail to land in a different code path than its siblings — and then silently get filtered.