diff --git a/data/templates/postfix/main.cf b/data/templates/postfix/main.cf
index b15964241..43151e672 100644
--- a/data/templates/postfix/main.cf
+++ b/data/templates/postfix/main.cf
@@ -52,8 +52,12 @@ smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtpd_tls_loglevel=1
 
 # -- TLS for outgoing connections
+{% if smtp_relayhost %}
+smtp_tls_security_level = encrypt
+{% else %}
 # Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
-smtp_tls_security_level=may
+smtp_tls_security_level = may
+{% endif %}
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtp_tls_exclude_ciphers = aNULL, MD5, DES, ADH, RC4, 3DES
 smtp_tls_mandatory_ciphers= high