From 8e7e56851b9c06018b2ec39f19b26ae184dc79ae Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Sat, 6 Jun 2026 12:58:51 +0900
Subject: [PATCH] postfix: add tlsmgr service to enable STARTTLS

Without tlsmgr, smtpd has no PRNG/entropy source and disables TLS,
rejecting STARTTLS with "454 4.7.0 TLS not available due to local problem".
---
 docker/postfix/master.cf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker/postfix/master.cf b/docker/postfix/master.cf
index 9c2ac57..822d56e 100644
--- a/docker/postfix/master.cf
+++ b/docker/postfix/master.cf
@@ -3,6 +3,9 @@
 # SMTP service
 smtp      inet  n       -       n       -       -       smtpd
 
+# TLS session cache and PRNG manager (required for STARTTLS)
+tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+
 # Pickup service
 pickup    unix  n       -       n       60      1       pickup