From 111a1c05ab1b037c6a060c907f276531231e46a5 Mon Sep 17 00:00:00 2001
From: phil <phil@systemausfall.org>
Date: Thu, 27 Jun 2024 14:31:13 +0200
Subject: [PATCH] If at least smtpd_tls_eccert_file or smtpd_tls_eckey_file is
 defined in the main.cf we can't use ECDSA certificates for
 smtpd_tls_cert_file and smtpd_tls_key_file in the master.cf. Postfix then
 expects an RSA certificat as input and fails to load the certificate.

---
 templates/postfix/master.cf.j2 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/templates/postfix/master.cf.j2 b/templates/postfix/master.cf.j2
index fa15c61..c0376e6 100644
--- a/templates/postfix/master.cf.j2
+++ b/templates/postfix/master.cf.j2
@@ -17,8 +17,16 @@ tlsproxy  unix  -       -       y       -       0       tlsproxy
 smtps      inet  n       -       y       -      100     smtpd
     -o syslog_name=postfix/smtps
     -o smtpd_tls_wrappermode=yes
+{% if postfix_submission_smtpd_tls_eccert_file is defined %}
+    -o smtpd_tls_eccert_file={{ postfix_submission_smtpd_tls_eccert_file }}
+{% else %}
     -o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
+{% endif %}
+{% if postfix_submission_smtpd_tls_eckey_file is defined %}
+    -o smtpd_tls_eckey_file={{ postfix_submission_smtpd_tls_eckey_file }}
+{% else %}
     -o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
+{% endif %}
     -o smtpd_tls_dh1024_param_file={{ dhparam_file }}
     -o smtpd_tls_mandatory_protocols=!TLSv1,!TLSv1.1
     -o smtpd_tls_protocols=!TLSv1,!TLSv1.1
@@ -32,8 +40,16 @@ smtps      inet  n       -       y       -      100     smtpd
 submission inet  n       -       y       -       -      smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
+{% if postfix_submission_smtpd_tls_eccert_file is defined %}
+    -o smtpd_tls_eccert_file={{ postfix_submission_smtpd_tls_eccert_file }}
+{% else %}
     -o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
+{% endif %}
+{% if postfix_submission_smtpd_tls_eckey_file is defined %}
+    -o smtpd_tls_eckey_file={{ postfix_submission_smtpd_tls_eckey_file }}
+{% else %}
     -o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
+{% endif %}
     -o smtpd_tls_dh1024_param_file={{ dhparam_file }}
     -o smtpd_client_restrictions=$submission_bad_smtp_user_check,permit_sasl_authenticated,reject
     -o smtpd_sasl_auth_enable=yes