Add parameters for ssl_cert and ssl_key.

[CtrlC-Root]

Allow the user to specify arbitrary ssl certificates and keys. There is no reason to lock the user to a specific file structure in this case.

[thias]

Hmm, the file structure used is the de-facto one on RHEL. I understand your change if you're using something else, but the problem is that it breaks existing deployments for no obvious good reason.

What do you think about something like this (for both files) instead?

<% if @tls_key_file -%>
smtpd_tls_key_file = <%= @tls_key_file %>
<% else -%>
smtpd_tls_key_file = /etc/pki/tls/private/<%= @ssl %>.key
<% end -%>

This keeps the old behavior of setting "ssl => 'mail.example.com'", but also allows to have "ssl => true, tls_key_file => /etc/postfix/my.key" (note that I also prefer having the parameters match the original postfix directive when possible, the "ssl" one was generic because it wasn't tied to one single postfix directive).

[CtrlC-Root]

Indeed, it does break compatibility. However I'm not sure I understand your argument about a "de-facto" file structure. What if you have multiple certificates with one key? What if you have chained and non-chained certificates? What if your certificates must be kept somewhere else to satisfy local security policies? My point is that I don't see a reason to impose a location for these files, whether that's the "de-facto" one or not. I just think it's a shame to force the sysadmin to work around something as simple as this.

EDIT: Your approach should work fine. Would you like me to make the change or will you?

[thias]

OK, I've made the change in 6e8e36638dc4cc0590334eca290f48a3061481d0. Do let me know if you have any further suggestions!