If at least smtpd_tls_eccert_file or smtpd_tls_eckey_file

is defined in the main.cf we can't use ECDSA certificates
for smtpd_tls_cert_file and smtpd_tls_key_file in the
master.cf. Postfix then expects an RSA certificat as input
and fails to load the certificate.

templates/postfix/master.cf.j2

@@ -17,8 +17,16 @@ tlsproxy  unix  -       -       y       -       0       tlsproxy
 smtps      inet  n       -       y       -      100     smtpd
     -o syslog_name=postfix/smtps
     -o smtpd_tls_wrappermode=yes
+{% if postfix_submission_smtpd_tls_eccert_file is defined %}
+    -o smtpd_tls_eccert_file={{ postfix_submission_smtpd_tls_eccert_file }}
+{% else %}
     -o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
+{% endif %}
+{% if postfix_submission_smtpd_tls_eckey_file is defined %}
+    -o smtpd_tls_eckey_file={{ postfix_submission_smtpd_tls_eckey_file }}
+{% else %}
     -o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
+{% endif %}
     -o smtpd_tls_dh1024_param_file={{ dhparam_file }}
     -o smtpd_tls_mandatory_protocols=!TLSv1,!TLSv1.1
     -o smtpd_tls_protocols=!TLSv1,!TLSv1.1
@@ -32,8 +40,16 @@ smtps      inet  n       -       y       -      100     smtpd
 submission inet  n       -       y       -       -      smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
+{% if postfix_submission_smtpd_tls_eccert_file is defined %}
+    -o smtpd_tls_eccert_file={{ postfix_submission_smtpd_tls_eccert_file }}
+{% else %}
     -o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
+{% endif %}
+{% if postfix_submission_smtpd_tls_eckey_file is defined %}
+    -o smtpd_tls_eckey_file={{ postfix_submission_smtpd_tls_eckey_file }}
+{% else %}
     -o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
+{% endif %}
     -o smtpd_tls_dh1024_param_file={{ dhparam_file }}
     -o smtpd_client_restrictions=$submission_bad_smtp_user_check,permit_sasl_authenticated,reject
     -o smtpd_sasl_auth_enable=yes