diff --git a/certbot-postfix/certbot_postfix/installer.py b/certbot-postfix/certbot_postfix/installer.py
index efaeb1e7b..649e56c6b 100644
--- a/certbot-postfix/certbot_postfix/installer.py
+++ b/certbot-postfix/certbot_postfix/installer.py
@@ -48,7 +48,8 @@ class Installer(plugins_common.Installer):
             help="Only set params to enable opportunistic TLS and install certificates.")
         add("server-only", action="store_true", default=constants.CLI_DEFAULTS["server_only"],
             help="Only set server params (prefixed with smtpd*)")
-        add("ignore-master-overrides", action="store_true", default=constants.CLI_DEFAULTS["ignore_master_overrides"],
+        add("ignore-master-overrides", action="store_true",
+            default=constants.CLI_DEFAULTS["ignore_master_overrides"],
             help="Ignore errors reporting overridden TLS parameters in master.cf.")
 
     def __init__(self, *args, **kwargs):
diff --git a/certbot-postfix/certbot_postfix/postconf.py b/certbot-postfix/certbot_postfix/postconf.py
index 2f17ed069..8248468ee 100644
--- a/certbot-postfix/certbot_postfix/postconf.py
+++ b/certbot-postfix/certbot_postfix/postconf.py
@@ -12,7 +12,6 @@ class ConfigMain(util.PostfixUtilBase):
         super(ConfigMain, self).__init__(executable, config_dir)
         # Whether to ignore overrides from master.
         self._ignore_master_overrides = ignore_master_overrides
-        print(self._ignore_master_overrides)
         # List of all current Postfix parameters, from `postconf` command.
         self._db = {}
         # List of current master.cf overrides from Postfix config. Dictionary
diff --git a/certbot-postfix/certbot_postfix/tests/postconf_test.py b/certbot-postfix/certbot_postfix/tests/postconf_test.py
index 35c9637cc..91617d410 100644
--- a/certbot-postfix/certbot_postfix/tests/postconf_test.py
+++ b/certbot-postfix/certbot_postfix/tests/postconf_test.py
@@ -22,7 +22,15 @@ class PostConfTest(unittest.TestCase):
                         'service/type/overridden_by_master = master_value\n'
                         'service2/type/overridden_by_master = master_value2\n'
                     )
-                    self.config = ConfigMain('postconf', lambda x, y, z: None)
+                    self.config = ConfigMain('postconf', False)
+
+    @mock.patch('certbot_postfix.util.PostfixUtilBase._get_output')
+    @mock.patch('certbot_postfix.postconf.util.verify_exe_exists')
+    def test_get_output_master(self, mock_verify_exe, mock_get_output):
+        from certbot_postfix.postconf import ConfigMain
+        mock_verify_exe.return_value = True
+        ConfigMain('postconf', lambda x, y, z: None)
+        mock_get_output.assert_called_with('-P')
 
     @mock.patch('certbot_postfix.util.PostfixUtilBase._get_output')
     def test_read_default(self, mock_get_output):
@@ -59,17 +67,18 @@ class PostConfTest(unittest.TestCase):
                           ('service2/type', 'master_value2')])
 
     def test_set_check_override(self):
-        expected_overrides = [
-            ('service/type', 'master_value'),
-            ('service2/type', 'master_value2')]
-        def _check_overrides(name, overrides, acceptable_overrides):
-            # pylint: disable=unused-argument
-            self.assertEqual('overridden_by_master', name)
-            self.assertEqual(expected_overrides, overrides)
+        self.assertRaises(errors.PluginError, self.config.set,
+            'overridden_by_master', 'new_value')
+
+    def test_ignore_check_override(self):
         # pylint: disable=protected-access
-        self.config._handle_overrides = _check_overrides
+        self.config._ignore_master_overrides = True
         self.config.set('overridden_by_master', 'new_value')
 
+    def test_check_acceptable_overrides(self):
+        self.config.set('overridden_by_master', 'new_value',
+                        ('master_value', 'master_value2'))
+
     @mock.patch('certbot_postfix.util.PostfixUtilBase._get_output')
     def test_flush(self, mock_out):
         self.config.set('default_parameter', 'new_value')
diff --git a/certbot-postfix/certbot_postfix/util.py b/certbot-postfix/certbot_postfix/util.py
index afa30f4a6..465e9c343 100644
--- a/certbot-postfix/certbot_postfix/util.py
+++ b/certbot-postfix/certbot_postfix/util.py
@@ -229,6 +229,10 @@ def report_master_overrides(name, overrides, acceptable_overrides=None):
 def is_acceptable_value(parameter, value, acceptable):
     """ Returns whether the `value` for this `parameter` is acceptable,
     given a string or tuple `acceptable`
+
+    :param str parameter:       The name of the parameter being set.
+    :param str value:           Proposed new value for parameter.
+    :param tuple acceptable:    List of acceptable values for parameter.
     """
     # If it's a tuple, there's multiple acceptable options.
     # Only set a param if it's not acceptable.
@@ -276,9 +280,9 @@ def _has_acceptable_tls_versions(parameter_string):
     if inclusion_list: # For any inclusion list, we still require TLS 1.2.
         if "TLSv1.2" not in supported_version_list or "!TLSv1.2" in supported_version_list:
             return False
-    else: 
+    else:
         for bad_version in bad_versions:
             if "!" + bad_version not in supported_version_list:
-               return False
+                return False
     return True
 
diff --git a/tox.cover.sh b/tox.cover.sh
index 95e128af7..2908d1f9a 100755
--- a/tox.cover.sh
+++ b/tox.cover.sh
@@ -44,7 +44,7 @@ cover () {
   elif [ "$1" = "certbot_nginx" ]; then
     min=97
   elif [ "$1" = "certbot_postfix" ]; then
-    min=99
+    min=100
   elif [ "$1" = "letshelp_certbot" ]; then
     min=100
   else