From 5437b0e30bdc336d911b2e10783bc0a92bc09d04 Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Sun, 5 Jun 2022 12:04:16 +1200
Subject: [PATCH] fix: Opt-out of implicit TLS for Amavis SMTP client transport
 (#2607)

Presently relay-host support modifies `main.cf` settings directly. This adjusts the default transport (`smtp`) which other transports in `master.cf` inherit from.

When configuring for implicit TLS to a `relay-host` this would set `main.cf:smtp_tls_wrappermode = yes` and affect the transport `master.cf:smtp-amavis` which does not set an override like it does for `smtp_tls_security_level`. This causes Amavis to fail working which the default transport relies on due to `main.cf:content_filter`.

Easy fix, by explicitly adding the override `smtp_tls_wrappermode=no`.`no` is default in `main.cf` so inheriting this setting hasn't been a problem in the past for other relay-hosts using StartTLS.
---
 target/postfix/master.cf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/postfix/master.cf b/target/postfix/master.cf
index fdc95f69..747a8bef 100644
--- a/target/postfix/master.cf
+++ b/target/postfix/master.cf
@@ -82,13 +82,16 @@ policyd-spf  unix  -       n       n       -       0       spawn
 #
 
 smtp-amavis     unix    -       -       n       -       2       smtp
+  -o syslog_name=postfix/$service_name
   -o smtp_data_done_timeout=1200
   -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes
   -o max_use=20
   -o smtp_tls_security_level=none
+  -o smtp_tls_wrappermode=no
 
 127.0.0.1:10025 inet    n       -       n       -       -       smtpd
+  -o syslog_name=postfix/smtpd-amavis
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=