diff --git a/roles/base/files/postfix/main.cf/main.cf.smtp-auth b/roles/base/files/postfix/main.cf/main.cf.smtp-auth
index e235be4bce..7fb486dc9d 100644
--- a/roles/base/files/postfix/main.cf/main.cf.smtp-auth
+++ b/roles/base/files/postfix/main.cf/main.cf.smtp-auth
@@ -712,9 +712,9 @@ smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, RC4
 #tls_ssl_options = no_ticket, no_compression
 
 smtpd_tls_loglevel = 1
-smtpd_tls_cert_file = /etc/pki/tls/certs/gateway.crt
-smtpd_tls_key_file =  /etc/pki/tls/private/gateway.key
-smtpd_tls_CAfile  =   /etc/pki/tls/certs/ca-bundle.crt
+smtpd_tls_cert_file = /etc/pki/tls/certs/smtpd.crt
+smtpd_tls_key_file =  /etc/pki/tls/private/smtpd.key
+smtpd_tls_CAfile  =   /etc/pki/tls/certs/ca.crt
 smtpd_tls_session_cache_timeout = 3600s
 smtpd_tls_session_cache_database        = btree:${queue_directory}/smtpd_scache
 smtpd_tls_received_header               = yes
@@ -734,9 +734,15 @@ smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
 smtp_tls_mandatory_ciphers = high
 smtp_tls_mandatory_exclude_ciphers= aNULL, MD5, RC4
 smtp_tls_loglevel = 1
-smtp_tls_cert_file = /etc/pki/tls/certs/gateway.crt
-smtp_tls_key_file = /etc/pki/tls/private/gateway.key
-smtp_tls_CAfile  = /etc/pki/tls/certs/ca-bundle.crt
+smtp_tls_cert_file = /etc/pki/tls/certs/smtpd.crt
+smtp_tls_key_file = /etc/pki/tls/private/smtpd.key
+smtp_tls_CAfile  = /etc/pki/tls/certs/ca.crt
 
 # Deny email from some domains
 smtpd_sender_restrictions = regexp:/etc/postfix/sender_access
+
+# enable sasl smtp auth here.
+smtpd_sasl_auth_enable = yes
+
+# allow authenticated users to relay
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject