From da2004e414f2e99de4f0559234bb819b97bf0e99 Mon Sep 17 00:00:00 2001
From: Michael <m.muenz@gmail.com>
Date: Wed, 15 Dec 2021 13:30:23 +0100
Subject: [PATCH] mail/postfix: make CA file static if not selected (#2709)

---
 mail/postfix/Makefile                                         | 2 +-
 mail/postfix/pkg-descr                                        | 4 ++++
 .../src/opnsense/service/templates/OPNsense/Postfix/main.cf   | 3 +++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/mail/postfix/Makefile b/mail/postfix/Makefile
index 84c6f2441..ba8f9944e 100644
--- a/mail/postfix/Makefile
+++ b/mail/postfix/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		postfix
-PLUGIN_VERSION=		1.20
+PLUGIN_VERSION=		1.21
 PLUGIN_COMMENT=		SMTP mail relay
 PLUGIN_DEPENDS=		postfix35
 PLUGIN_MAINTAINER=	m.muenz@gmail.com
diff --git a/mail/postfix/pkg-descr b/mail/postfix/pkg-descr
index 49ff2b05a..0fd8e0cca 100644
--- a/mail/postfix/pkg-descr
+++ b/mail/postfix/pkg-descr
@@ -6,6 +6,10 @@ is completely different.
 Plugin Changelog
 ================
 
+1.21
+
+* Add static link to root certficiates
+
 1.20
 
 * Make 'delay_warning_time' configurable in the UI
diff --git a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf
index 784b87b89..3dcc6292b 100644
--- a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf
+++ b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf
@@ -37,6 +37,7 @@ recipient_bcc_maps = hash:/usr/local/etc/postfix/recipientbcc
 sender_canonical_maps = regexp:/usr/local/etc/postfix/sendercanonical
 header_checks = regexp:/usr/local/etc/postfix/header_checks_receiving
 smtp_header_checks = regexp:/usr/local/etc/postfix/header_checks_delivering
+smtp_tls_CAfile = /etc/ssl/cert.pem
 ##########################
 # END SYSTEM DEFAULTS
 ##########################
@@ -115,6 +116,8 @@ smtpd_tls_cert_file = /usr/local/etc/postfix/cert_opn.pem
 {% endif %}
 {% if helpers.exists('OPNsense.postfix.general.ca') and OPNsense.postfix.general.ca != '' %}
 smtpd_tls_CAfile = /usr/local/etc/postfix/ca_opn.pem
+{% else %}
+smtpd_tls_CAfile = /etc/ssl/cert.pem
 {% endif %}
 {% if helpers.exists('OPNsense.postfix.general.tls_server_compatibility') %}
 {% if OPNsense.postfix.general.tls_server_compatibility == 'modern' %}