From 45c7bf0c50e75b51b4be79c3e9acba9abace68d4 Mon Sep 17 00:00:00 2001
From: phil <phil@systemausfall.org>
Date: Thu, 27 Jun 2024 18:52:09 +0200
Subject: [PATCH] Enable dual use of RSA and ECDSA certificates for submission
 und smtp port

---
 templates/postfix/master.cf.j2 | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/templates/postfix/master.cf.j2 b/templates/postfix/master.cf.j2
index c0376e6..d0e1598 100644
--- a/templates/postfix/master.cf.j2
+++ b/templates/postfix/master.cf.j2
@@ -17,15 +17,17 @@ tlsproxy  unix  -       -       y       -       0       tlsproxy
 smtps      inet  n       -       y       -      100     smtpd
     -o syslog_name=postfix/smtps
     -o smtpd_tls_wrappermode=yes
+{% if postfix_smtpd_tls_cert_file is defined %}
+    -o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
+{% endif %}
+{% if postfix_smtpd_tls_key_file is defined %}
+    -o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
+{% endif %}
 {% if postfix_submission_smtpd_tls_eccert_file is defined %}
     -o smtpd_tls_eccert_file={{ postfix_submission_smtpd_tls_eccert_file }}
-{% else %}
-    -o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
 {% endif %}
 {% if postfix_submission_smtpd_tls_eckey_file is defined %}
     -o smtpd_tls_eckey_file={{ postfix_submission_smtpd_tls_eckey_file }}
-{% else %}
-    -o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
 {% endif %}
     -o smtpd_tls_dh1024_param_file={{ dhparam_file }}
     -o smtpd_tls_mandatory_protocols=!TLSv1,!TLSv1.1
@@ -40,15 +42,17 @@ smtps      inet  n       -       y       -      100     smtpd
 submission inet  n       -       y       -       -      smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
+{% if postfix_smtpd_tls_cert_file is defined %}
+    -o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
+{% endif %}
+{% if postfix_smtpd_tls_key_file is defined %}
+    -o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
+{% endif %}
 {% if postfix_submission_smtpd_tls_eccert_file is defined %}
     -o smtpd_tls_eccert_file={{ postfix_submission_smtpd_tls_eccert_file }}
-{% else %}
-    -o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
 {% endif %}
 {% if postfix_submission_smtpd_tls_eckey_file is defined %}
     -o smtpd_tls_eckey_file={{ postfix_submission_smtpd_tls_eckey_file }}
-{% else %}
-    -o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
 {% endif %}
     -o smtpd_tls_dh1024_param_file={{ dhparam_file }}
     -o smtpd_client_restrictions=$submission_bad_smtp_user_check,permit_sasl_authenticated,reject