From 1f6a7b2ee59a6f901ca053fb7b749da6dbb72781 Mon Sep 17 00:00:00 2001
From: "ljf (zamentur)" <zamentur@users.noreply.github.com>
Date: Fri, 11 May 2018 16:52:28 +0200
Subject: [PATCH 1/2] [fix] Untrusted TLS connection established to

---
 data/templates/postfix/main.cf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data/templates/postfix/main.cf b/data/templates/postfix/main.cf
index bdd364250..b96bb4860 100644
--- a/data/templates/postfix/main.cf
+++ b/data/templates/postfix/main.cf
@@ -45,6 +45,10 @@ smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
 smtp_tls_mandatory_ciphers= $smtpd_tls_mandatory_ciphers
 smtp_tls_loglevel=1
 
+# Fix "Untrusted TLS connection established to" message in log
+smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.
 

From 6461b3ec111de5d5c3b1f1ee8348dca5af88d79b Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 15 May 2018 17:52:49 +0200
Subject: [PATCH 2/2] Update comment about certificates

---
 data/templates/postfix/main.cf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/templates/postfix/main.cf b/data/templates/postfix/main.cf
index b96bb4860..7d7589c66 100644
--- a/data/templates/postfix/main.cf
+++ b/data/templates/postfix/main.cf
@@ -45,7 +45,8 @@ smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
 smtp_tls_mandatory_ciphers= $smtpd_tls_mandatory_ciphers
 smtp_tls_loglevel=1
 
-# Fix "Untrusted TLS connection established to" message in log
+# Configure Root CA certificates
+# (for example, avoids getting "Untrusted TLS connection established to" messages in logs)
 smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt