From f6dcee21823e788959a1d116a58f82a8f5f380fd Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Wed, 18 Dec 2019 15:46:23 +0100
Subject: [PATCH] The TLS level is now a paremeter everywhere.

---
 library/roles/postfix/defaults/main.yml      | 2 +-
 library/roles/postfix/templates/master.cf.j2 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/roles/postfix/defaults/main.yml b/library/roles/postfix/defaults/main.yml
index e8def685..cd19e647 100644
--- a/library/roles/postfix/defaults/main.yml
+++ b/library/roles/postfix/defaults/main.yml
@@ -27,7 +27,7 @@ postfix_tls_dhparam_file: /etc/postfix/dhparam.pem
 # Accepted values: none, may, encrypt
 postfix_smtpd_tls_security_level: encrypt
 # Accepted values: none, may, encrypt, fingerprint, verify, secure. And from 2.11: dane, dane-only
-postfix_smtp_tls_security_level: encrypt
+postfix_smtp_tls_security_level: may
 postfix_use_sasl_auth: True
 postfix_smtp_sasl_auth_enable: "yes"
 postfix_smtp_create_relay_user: True
diff --git a/library/roles/postfix/templates/master.cf.j2 b/library/roles/postfix/templates/master.cf.j2
index ed6d5a21..12b71d16 100644
--- a/library/roles/postfix/templates/master.cf.j2
+++ b/library/roles/postfix/templates/master.cf.j2
@@ -16,7 +16,7 @@ smtp      inet  n       -       n       -       -       smtpd
 {% if postfix_smtpd_server %}
 submission inet n       -       n       -       -       smtpd
   -o syslog_name=postfix/submission
-  -o smtpd_tls_security_level=encrypt
+  -o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }}
 {% if postfix_use_letsencrypt %}
   -o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert
   -o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey