--- /dev/null
+
+# TLS certs
+smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem
+smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem
+
+# OpenDKIM milter
+non_smtpd_milters = inet:localhost:8892
+
+# transport mail to dovecot; not strictly needed, as even without this
+# postfix will throw mail to /var/mail/USER to be found by dovecot for
+# serving via IMAP etc.; but using dovecot's LMTP server for delivery
+# allows us to do stuff like dovecot-side sieve filtering.
+mailbox_transport = lmtp:inet:127.0.0.1:2424
+
+# use dovecot SASL for SMTP access
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_sasl_auth_enable = yes