mail/postfix: make CA file static if not selected (#2709)

mail/postfix/Makefile

@@ -1,5 +1,5 @@
 PLUGIN_NAME=		postfix
-PLUGIN_VERSION=		1.20
+PLUGIN_VERSION=		1.21
 PLUGIN_COMMENT=		SMTP mail relay
 PLUGIN_DEPENDS=		postfix35
 PLUGIN_MAINTAINER=	m.muenz@gmail.com

mail/postfix/pkg-descr

@@ -6,6 +6,10 @@ is completely different.
 Plugin Changelog
 ================
 
+1.21
+
+* Add static link to root certficiates
+
 1.20
 
 * Make 'delay_warning_time' configurable in the UI

mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf

@@ -37,6 +37,7 @@ recipient_bcc_maps = hash:/usr/local/etc/postfix/recipientbcc
 sender_canonical_maps = regexp:/usr/local/etc/postfix/sendercanonical
 header_checks = regexp:/usr/local/etc/postfix/header_checks_receiving
 smtp_header_checks = regexp:/usr/local/etc/postfix/header_checks_delivering
+smtp_tls_CAfile = /etc/ssl/cert.pem
 ##########################
 # END SYSTEM DEFAULTS
 ##########################
@@ -115,6 +116,8 @@ smtpd_tls_cert_file = /usr/local/etc/postfix/cert_opn.pem
 {% endif %}
 {% if helpers.exists('OPNsense.postfix.general.ca') and OPNsense.postfix.general.ca != '' %}
 smtpd_tls_CAfile = /usr/local/etc/postfix/ca_opn.pem
+{% else %}
+smtpd_tls_CAfile = /etc/ssl/cert.pem
 {% endif %}
 {% if helpers.exists('OPNsense.postfix.general.tls_server_compatibility') %}
 {% if OPNsense.postfix.general.tls_server_compatibility == 'modern' %}