From 1e141ca6e23b772bd1f147f4883b06dc37dd36e8 Mon Sep 17 00:00:00 2001
From: phil <phil@systemausfall.org>
Date: Wed, 14 Jun 2023 16:53:08 +0200
Subject: [PATCH] Enable TLS connection also for SASL auth instances

---
 templates/postfix/main.cf.j2 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/templates/postfix/main.cf.j2 b/templates/postfix/main.cf.j2
index 192f0bc..6eabc04 100644
--- a/templates/postfix/main.cf.j2
+++ b/templates/postfix/main.cf.j2
@@ -49,7 +49,9 @@ smtpd_tls_loglevel = 1
 smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 smtpd_tls_dh1024_param_file = {{ postfix_dhparam_file }}
 smtpd_tls_eecdh_grade = strong
+{% endif %}
 
+{% if postfix_type == "internet" or postfix_smtp_sasl_auth_enabled is defined and postfix_smtp_sasl_auth_enabled %}
 ### TLS settings for SMTP client
 smtp_tls_security_level = dane
 smtp_dns_support_level = dnssec
@@ -158,7 +160,8 @@ smtpd_sasl_exceptions_networks = {{ postfix_smtpd_sasl_exceptions_networks | joi
 ### SMTP Auth client side
 smtp_sasl_auth_enable = yes
 smtp_sasl_auth_soft_bounce = no
-smtp_sasl_password_maps = cdb:{{ postfix_conf_dir }}/smtp_sasl_auth_password
+smtp_sasl_password_maps =
+    cdb:{{ postfix_conf_dir }}/smtp_sasl_auth_password_maps
 smtp_sasl_security_options = noanonymous
 {% endif %}