From 9b2589b477f3ce60002dffceb8bce0e7bbae3989 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuli=20Sepp=C3=A4nen?= <samuli.seppanen@gmail.com>
Date: Wed, 14 Feb 2024 16:18:15 +0200
Subject: [PATCH 1/2] Support smtpd_tls_security_level option

---
 README.md                        | 1 +
 templates/etc/postfix/main.cf.j2 | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 412604c..809a6fe 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,7 @@ None
  * `postfix_smtpd_tls_cert_file` [default: `/etc/ssl/certs/ssl-cert-snakeoil.pem`]: Path to certificate file
  * `postfix_smtpd_tls_key_file` [default: `/etc/ssl/certs/ssl-cert-snakeoil.key`]: Path to key file
 
+ * `postfix_smtpd_security_level` [optional]: The SMTP TLS security level for the Postfix SMTP server ([see](http://www.postfix.org/postconf.5.html#smtpd_tls_security_level))
  * `postfix_raw_options` [default: `[]`]: List of lines (to pass extra (unsupported) configuration)
 
 ## Dependencies
diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2
index 0ca384e..6ad8ea4 100644
--- a/templates/etc/postfix/main.cf.j2
+++ b/templates/etc/postfix/main.cf.j2
@@ -27,6 +27,9 @@ smtpd_tls_cert_file = {{ postfix_smtpd_tls_cert_file }}
 smtpd_tls_key_file = {{ postfix_smtpd_tls_key_file }}
 smtpd_use_tls=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+{% if postfix_smtpd_tls_security_level is defined -%}
+smtpd_tls_security_level = {{ postfix_smtpd_tls_security_level }}
+{% endif %}
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

From a3b33f1357337f374ece84e05ccb73514a911554 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Wed, 20 Mar 2024 10:29:01 +0100
Subject: [PATCH 2/2] Cleanup

---
 templates/etc/postfix/main.cf.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2
index 6ad8ea4..2be8118 100644
--- a/templates/etc/postfix/main.cf.j2
+++ b/templates/etc/postfix/main.cf.j2
@@ -25,11 +25,11 @@ compatibility_level = {{ postfix_compatibility_level }}
 # TLS parameters
 smtpd_tls_cert_file = {{ postfix_smtpd_tls_cert_file }}
 smtpd_tls_key_file = {{ postfix_smtpd_tls_key_file }}
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-{% if postfix_smtpd_tls_security_level is defined -%}
+smtpd_use_tls = yes
+{% if postfix_smtpd_tls_security_level is defined %}
 smtpd_tls_security_level = {{ postfix_smtpd_tls_security_level }}
 {% endif %}
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for