From 6652b57ddaa1aee0b384a2ffb9eddafbf55f30ad Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Mon, 16 Jun 2025 06:20:15 +0200
Subject: [PATCH] postfix: rearrange smtpd_tls_chain_files option

---
 mail-server/postfix.nix | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index 8124a6a..e29983a 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -264,11 +264,6 @@ in
       ]);
 
       config = {
-        smtpd_tls_chain_files = [
-          "${keyPath}"
-          "${certificatePath}"
-        ];
-
         myhostname = cfg.sendingFqdn;
         mydestination = ""; # disable local mail delivery
         recipient_delimiter = cfg.recipientDelimiter;
@@ -297,6 +292,7 @@ in
           ]
         );
         virtual_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
+
         # Avoid leakage of X-Original-To, X-Delivered-To headers between recipients
         lmtp_destination_recipient_limit = "1";
 
@@ -323,6 +319,12 @@ in
           "check_policy_service unix:/run/dovecot2/quota-status"
         ];
 
+        # The X509 private key followed by the corresponding certificate
+        smtpd_tls_chain_files = [
+          "${keyPath}"
+          "${certificatePath}"
+        ];
+
         # TLS for incoming mail is optional
         smtpd_tls_security_level = "may";