1 files changed, 10 insertions, 10 deletions

diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2
index 0922b49..59bf0ba 100644
--- a/roles/common/templates/etc/postfix/main.cf.j2
+++ b/roles/common/templates/etc/postfix/main.cf.j2
@@ -11,11 +11,9 @@ mydomain            = {{ ansible_domain }}
 append_dot_mydomain = no
 
 # This server is for internal use only
-mynetworks_style  = host
-inet_interfaces   = loopback-only
-inet_protocols    = ipv4
-# Tunnel everything through IPSec
-smtp_bind_address = 172.16.0.1
+mynetworks_style = host
+inet_interfaces  = loopback-only
+inet_protocols   = ipv4
 
 # No local delivery
 mydestination        =
@@ -33,15 +31,17 @@ smtp_generic_maps = pcre:$config_directory/generic.pcre
 
 # Forward everything to our internal mailhub
 {% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:2525
+# TODO: use a UNIX socket instead
+relay_transport = lmtp:unix:private/mta-out
 {% else %}
-relayhost = [outgoing.fripost.org]:2525
+relayhost       = [{{ MTA_out.IPv4 }}]:{{ MTA_out.port }}
 {% endif %}
+relay_domains   =
 
-# This server is for internal use only; external connections are
-# protected by IPSec already
-smtpd_tls_security_level = none
+# Tunnel everything through IPSec
 smtp_tls_security_level  = none
+smtp_bind_address        = 172.16.0.1
+smtpd_tls_security_level = none
 
 # Turn off all TCP/IP listener ports except that dedicated to
 # samhain(8), which sadly cannot use pickup through the sendmail binary.