diff --git a/README.md b/README.md
index 40685a0..5d67a15 100644
--- a/README.md
+++ b/README.md
@@ -8,9 +8,20 @@ Use this role to setup a Postfix mail server. It comes with the following additi
 - optional: [OnionMX](https://github.com/ehloonion/onionmx)
 - optional: Unbound
 
+## General type of mail server configuration
+
+You can select via the variable `postfix_type` a pre-defined set of configuraion options that best meets your needs.
+- `internet`: Mail is send received directly using SMTP. TLS is enabled.
+- `internal`: Mail is sent to another machine on the same network for delivery. TLS is disabled. Only listens on port 25.
 
 ## Variables
 
+### Required
+
+| Variable | Value | Default | Note |
+|--|--|--|--|
+| `postfix_type` | str | `internet` | Determines how to setup Postfix. Choose `internet` or `internal` |
+
 ### Scope: misc
 
 | Variable | Value | Default | Note |
diff --git a/defaults/main.yml b/defaults/main.yml
index db4604a..dc7fc4f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -11,6 +11,8 @@ postfix_daemon_dir: /usr/lib/postfix/sbin
 postfix_default_db_type: cdb
 postfix_dhparam_file: /etc/ssl/private/dhparam.pem
 postfix_pflogsum_mail_subject: "Mailserver Statistics"
+postfix_myhostname: "$myorigin"
+postfix_type: internet
 
 tls_helper_domains_file: tls_domains
 tls_helper_postfix_dir: /var/lib/postfix/tls-helper
diff --git a/templates/postfix/main.cf.j2 b/templates/postfix/main.cf.j2
index afa08c7..58bde48 100644
--- a/templates/postfix/main.cf.j2
+++ b/templates/postfix/main.cf.j2
@@ -1,6 +1,8 @@
 ### {{ ansible_managed }}
 
+{% if postfix_smtp_banner is defined %}
 smtpd_banner = {{ postfix_smtpd_banner }}
+{% endif %}
 
 {% if postfix_debug_peer_list is defined %}
 ### Debug Logging
@@ -11,11 +13,18 @@ debug_peer_list = {{ postfix_debug_peer_list | join(', ') }}
 inet_interfaces = all
 inet_protocols = ipv4
 
-myhostname = $myorigin
+myhostname = {{ postfix_myhostname }}
+{% if postfix_myorigin is defined %}
 myorigin = {{ postfix_myorigin }}
+{% endif %}
+{% if postfix_mydestination is defined %}
 mydestination = {{ postfix_mydestination | join(', ') }}
+{% endif %}
+{% if postfix_mynetworks is defined %}
 mynetworks = {{ postfix_mynetworks | join(', ') }}
+{% endif %}
 
+{% if postfix_type == "internet" %}
 ### TLS settings
 tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
 tls_preempt_cipherlist = no
@@ -58,6 +67,7 @@ smtp_tls_fingerprint_digest = sha1
 smtp_tls_loglevel = 1
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 smtp_pix_workarounds = disable_esmtp
+{% endif %}
 
 ### Domains and recipients
 {% if postfix_virtual_mailbox_domains is defined %}
@@ -67,7 +77,6 @@ virtual_mailbox_domains =
 {% endfor %}
 {% endif %}
 {% if postfix_virtual_mailbox_maps is defined %}
-# Check for existing recipients
 virtual_mailbox_maps =
 {% for map in postfix_virtual_mailbox_maps %}
     {{ map.type }}:{{ map.path }}
@@ -132,6 +141,7 @@ smtp_sasl_password_maps =
 smtp_sasl_security_options = noanonymous
 {% endif %}
 
+{% if postfix_type == "internet" %}
 #### Postscreen
 postscreen_access_list =
     permit_mynetworks
@@ -150,7 +160,9 @@ postscreen_dnsbl_sites =
 {% endfor %}
 {% endif %}
 postscreen_dnsbl_action = drop
+{% endif %}
 
+{% if postfix_type == "internet" %}
 # Postfix runs restrictions with the following order
 # - smtpd_client_restriction
 # - smtpd_helo_restriction
@@ -229,6 +241,7 @@ smtpd_recipient_restrictions =
     permit_mynetworks,
     permit_sasl_authenticated,
     reject_unverified_recipient
+{% endif %}
 
 # Configuration for reject_unverified_recipient
 unverified_recipient_reject_reason = User unknown / Nutzer unbekannt
@@ -253,6 +266,7 @@ default_destination_concurrency_failed_cohort_limit = 10
 
 header_checks = pcre:{{ postfix_conf_dir }}/header_checks
 
+{% if postfix_type == "internet" %}
 ### Spam and DKIM
 {% if postfix_smtpd_milters is defined %}
 smtpd_milters =
@@ -274,6 +288,7 @@ milter_connect_timeout = 20s
 
 # Prevent DKIM signatures (don't allow spam header to change the signature)
 disable_mime_output_conversion = yes
+{% endif %}
 
 ### Misc
 
diff --git a/templates/postfix/master.cf b/templates/postfix/master.cf
index dbce963..894dcde 100644
--- a/templates/postfix/master.cf
+++ b/templates/postfix/master.cf
@@ -4,9 +4,13 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
+{% if postfix_type == "internet" %}
 smtp      inet  n       -       y       -       1       postscreen
 smtpd     pass  -       -       y       -       100     smtpd
     -o cleanup_service_name=smtpd-in
+{% else %}
+smtp      inet  n       -       y       -       -       smtpd
+{% endif %}
 dnsblog   unix  -       -       y       -       0       dnsblog
 tlsproxy  unix  -       -       y       -       0       tlsproxy
 {% if postfix_submission is defined and postfix_submission %}