diff --git a/defaults/.main.yml.swp b/defaults/.main.yml.swp
new file mode 100644
index 0000000..513a5b3
Binary files /dev/null and b/defaults/.main.yml.swp differ
diff --git a/templates/main.cf.j2 b/templates/main.cf.j2
index 8d700a5..b7585b8 100644
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@@ -1,64 +1,51 @@
 # {{ ansible_managed }}
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+myhostname = {% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
+
 compatibility_level= {{ postfix_compatibility_level }}
 
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
 myorigin = /etc/mailname
+mydestination = $myhostname, localhost.$mydomain, localhost, {% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
+mynetworks_style = {{ postfix_mynetworks_style }}
+mynetworks = {{ postfix_mynetworks | join(' ') }}
+inet_interfaces = {{ postfix_inet_interfaces }}
+inet_protocols = {{ postfix_inet_protocols }}
 
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
 biff = no
-
-# appending .domain is the MUA's job.
 append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
+append_at_myorigin = yes
 readme_directory = no
 
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-myhostname = {% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
-
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
-mydestination = $myhostname, localhost.$mydomain, localhost, {% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
 
-mynetworks = {{ postfix_networks | default('127.0.0.0/8') }}
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = {{ postfix_interfaces | default('all') }}
-inet_protocols = {{ postfix_protocols | default('all') }}
-#masquerade_domains = XXX
-message_size_limit = 10000000
-home_mailbox = /
-mailbox_size_limit = 0
-#mailbox_command = /usr/bin/procmail -f- -a $USER
+relayhost = {{ postfix_relayhost }}
+smtpd_relay_restrictions = {{ postfix_smtpd_relay_restrictions|join(' ') }}
+recipient_delimiter = {{ postfix_recipient_delimiter }}
+mailbox_size_limit = {{ postfix_mailbox_size_limit }}
+message_size_limit = {{ postfix_message_size_limit }}
 
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+{% if postfix_sasl_password_map is defined %}
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options = noanonymous
+smtp_sasl_tls_security_options = noanonymous
+{% endif %}
+
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtp_tls_security_level = {{ postfix_smtp_tls_security_level }}
+smtp_tls_ciphers = {{ postfix_smtp_tls_ciphers }}
+smtp_tls_loglevel = {{ postfix_smtp_tls_loglevel }}
+smtp_tls_protocols = {{ postfix_smtp_tls_protocols | join(', ') }}
+smtp_tls_exclude_ciphers = {{ postfix_smtp_tls_exclude_ciphers | join(', ') }}
+
+smtpd_use_tls=yes
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 
 {% if postfix_sender_relay is defined %}
 sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
-smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = noanonymous
-smtp_sasl_tls_security_options = noanonymous
-smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
-smtp_sasl_auth_enable = yes
-smtp_tls_security_level = may
-smtp_tls_ciphers = medium
-smtp_tls_loglevel = 0
-smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1
-smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
 smtp_sender_dependent_authentication = yes
 {% endif %}