From 02126f4539f4559390ba0e167cb0ddf24e897367 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 10 Oct 2020 18:20:53 +0200
Subject: fix provide TLS certificate for outbound opportunistic encryption
 only when available

---
 postfix/postfix.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'postfix')

diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index a32408d..62b228e 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -260,8 +260,13 @@ fi
 
 # outbound opportunistic encryption
 _postconf -e smtp_tls_security_level=may
-_postconf -e smtp_tls_cert_file=/etc/ssl/certs/postfix.pem
-_postconf -e smtp_tls_key_file=/etc/ssl/private/postfix.pem
+if [ -n "$tls_cert" ]; then
+	_postconf -e smtp_tls_cert_file=/etc/ssl/certs/postfix.pem
+	_postconf -e smtp_tls_key_file=/etc/ssl/private/postfix.pem
+else
+	_postconf -X smtp_tls_cert_file
+	_postconf -X smtp_tls_key_file
+fi
 _postconf -e smtp_tls_loglevel=1
 
 # Force TLS towards peers
-- 
cgit v1.2.3