From ec1b1ece11a8a0321f84cb73dcc4dad25167a03e Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Tue, 19 May 2020 16:00:05 +0200
Subject: [PATCH] Update to 2020-05-19 16:00

---
 roles/postfix/defaults/main.yml    | 2 +-
 roles/postfix/templates/main.cf.j2 | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/postfix/defaults/main.yml b/roles/postfix/defaults/main.yml
index 688516b..35f2efb 100644
--- a/roles/postfix/defaults/main.yml
+++ b/roles/postfix/defaults/main.yml
@@ -7,7 +7,7 @@
 # postfix_relay_host: 'smtp.example.com'
 # postfix_relay_user: 'account'
 # postfix_relay_pass: 'p@ssw0rd'
-# postfix_relay_use_tls: true
+# postfix_relay_transport: plain | tls | starttls (default is starttls)
 # postfix_relay_ca_path: '/etc/pki/tls/certs'
 #
 # If set, outgoing email will be rewritten
diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2
index d81d88d..d76a3a0 100644
--- a/roles/postfix/templates/main.cf.j2
+++ b/roles/postfix/templates/main.cf.j2
@@ -33,8 +33,12 @@ relayhost = {{ postfix_relay_host }}
 smtp_sasl_auth_enable = yes
 smtp_sasl_password_maps = hash:/etc/postfix/relay_auth
 {% endif %}
-{% if postfix_relay_use_tls | default(True) %}
+{% if postfix_relay_transport | default('starttls') == 'starttls' or postfix_relay_transport | default('starttls') == 'tls' %}
+{% if postfix_relay_transport | default('starttls') == 'starttls' %}
 smtp_use_tls = yes
+{% elif postfix_relay_transport | default('starttls') == 'tls' %}
+smtp_tls_wrappermode = yes
+{% endif %}
 smtp_sasl_security_options = noanonymous
 smtp_sasl_tls_security_options = noanonymous
 smtp_tls_note_starttls_offer = yes