From 5e6531c821b9b67bbe6876037cb6376e4012d5eb Mon Sep 17 00:00:00 2001
From: Dominic Ricottone <me@dominic-ricottone.com>
Date: Thu, 29 Jun 2023 14:48:40 -0500
Subject: [PATCH] Fix encryption setup

Configuration was a bit confused on account of running both SMTPD and
Submission ports. I am going to prefer port 465 with implicit TLS, and
to correctly support that mode I am setting wrapper mode on.
---
 postfix/main.cf        | 1 +
 postfix/main.cf.tls-in | 1 +
 postfix/master.cf      | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/postfix/main.cf b/postfix/main.cf
index 9c2b059..4b2cf0e 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -39,6 +39,7 @@ smtpd_sasl_security_options = noanonymous
 smtpd_sasl_service = smtpd
 smtpd_sasl_tls_security_options = noanonymous
 smtpd_tls_auth_only = yes
+smtpd_tls_wrappermode=yes
 
 # Encryption
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
diff --git a/postfix/main.cf.tls-in b/postfix/main.cf.tls-in
index 1f5e6c6..e290f7c 100644
--- a/postfix/main.cf.tls-in
+++ b/postfix/main.cf.tls-in
@@ -37,6 +37,7 @@ smtpd_sasl_security_options = noanonymous
 smtpd_sasl_service = smtpd
 smtpd_sasl_tls_security_options = noanonymous
 smtpd_tls_auth_only = yes
+smtpd_tls_wrappermode=yes
 
 # Encryption
 smtpd_tls_chain_files = /var/letsencrypt/chain.pem
diff --git a/postfix/master.cf b/postfix/master.cf
index e1bff02..5137f04 100644
--- a/postfix/master.cf
+++ b/postfix/master.cf
@@ -14,7 +14,7 @@ smtp      inet  n       -       n       -       -       smtpd
 #smtpd     pass  -       -       n       -       -       smtpd
 #dnsblog   unix  -       -       n       -       0       dnsblog
 #tlsproxy  unix  -       -       n       -       0       tlsproxy
-submission inet n       -       n       -       -       smtpd
+#submission inet n       -       n       -       -       smtpd
 #  -o syslog_name=postfix/submission
 #  -o smtpd_tls_security_level=encrypt
 #  -o smtpd_sasl_auth_enable=yes
-- 
2.45.2