diff --git a/defaults/main.yml b/defaults/main.yml
index 9a20850879aa16a4bc01097200b79ba5ae58e7ca..bc24882e0a964078cf450bd5b35d50bfe1a4dc54 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -59,5 +59,13 @@ postfix__inet_protocols: all
 # Valid <transport> and <nexthop> values are described in the postfix transport
 # documentation. http://www.postfix.org/transport.5.html
 postfix__transport_map: []
+
+
+
+# SASL Password Maps
+postfix__smtp_sasl_password_map: []
+postfix__smtp_sasl_auth_enable: yes
+postfix__smtp_sasl_security_options: noanonymous
+postfix__smtp_sasl_tls_security_options: '{{ postfix__smtp_sasl_security_options }}'
 ...
 # vi: set ts=2 sts=2 sw=2 et ft=yaml:
diff --git a/handlers/main.yml b/handlers/main.yml
index d9d57795c8abc9ce195e4f453e5464ad6fc19501..07ffa6c65984be8b153c1585e3490d147b1064eb 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,23 +1,23 @@
 ---
-- name: make postfix transport.db
+- name: make postfix sasl_passwd.db
   environment:
     LC_MESSAGES: 'C'
-  command: make transport.db
+  command: make sasl_passwd.db
   args:
     chdir: /etc/postfix
   register: result
   notify: ['reload postfix']
-  changed_when: "result.stdout != \"make: 'transport.db' is up to date.\""
+  changed_when: "result.stdout != \"make: 'sasl_passwd.db' is up to date.\""
 
-- name: make postfix
+- name: make postfix transport.db
   environment:
     LC_MESSAGES: 'C'
-  command: make
+  command: make transport.db
   args:
     chdir: /etc/postfix
   register: result
   notify: ['reload postfix']
-  changed_when: "result.stdout != \"make: Nothing to be done for 'all'.\""
+  changed_when: "result.stdout != \"make: 'transport.db' is up to date.\""
 
 - name: reload postfix
   command: /usr/sbin/postfix -c /etc/postfix check
diff --git a/tasks/main.yml b/tasks/main.yml
index d1febcdba0c5a8395f61f3bae44afc036420415c..11d98561884a4539610f12d3726cb76a19b8a213 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -25,7 +25,16 @@
     owner: root
     group: root
     mode: 0644
-  notify: ['make postfix']
+
+- name: Generate Postfix sasl_passwd map
+  template:
+    src: templates/sasl_passwd.in.j2
+    dest: /etc/postfix/sasl_passwd.in
+    owner: root
+    group: root
+    mode: 0600
+  when: postfix__smtp_sasl_password_map
+  notify: ['make postfix sasl_passwd.db']
 
 - name: Generate Postfix transport map
   template:
@@ -34,6 +43,7 @@
     owner: root
     group: root
     mode: 0644
+  when: postfix__transport_map
   notify: ['make postfix transport.db']
 ...
 # vi: set ts=2 sts=2 sw=2 et ft=yaml: 
diff --git a/templates/Makefile.j2 b/templates/Makefile.j2
index deee71e2ce84707bd87e7592d5b072bbd19d1edd..b2a390c8a03a7fd5c2407e3f62ed1542c96a3f61 100644
--- a/templates/Makefile.j2
+++ b/templates/Makefile.j2
@@ -2,7 +2,8 @@
 
 # Manage Postfix DB files idempotently
 
-MAPS = transport.db
+MAPS = sasl_passwd.db \
+       transport.db
 
 all: $(MAPS)
 
diff --git a/templates/main.cf.j2 b/templates/main.cf.j2
index 9a6c8e49ea6b6a8ff030459c4d174795788dc9a8..f77b0a07aea1365c3b0b222dbce435d0510f3a81 100644
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@@ -33,6 +33,19 @@ smtpd_use_tls = {{ 'yes' if postfix__smtpd_use_tls else 'no' }}
 smtpd_tls_session_cache_database = {{ postfix__smtpd_tls_session_cache_database }}
 smtp_tls_session_cache_database = {{ postfix__smtp_tls_session_cache_database }}
 
+{% if postfix__transport_map %}
+# Transport map(s)
+transport_maps = hash:/etc/postfix/transport
+{% endif %}
+
+{% if postfix__smtp_sasl_password_map %}
+# SASL authentication
+smtp_sasl_auth_enable = {{ 'yes' if postfix__smtp_sasl_auth_enable else 'no' }}
+smtp_sasl_security_options = {{ postfix__smtp_sasl_security_options }}
+smtp_sasl_tls_security_options = {{ postfix__smtp_sasl_tls_security_options }}
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+{% endif %}
+
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.
 
diff --git a/templates/sasl_passwd.in.j2 b/templates/sasl_passwd.in.j2
new file mode 100644
index 0000000000000000000000000000000000000000..eb2cb968464c6e09a33297c6fafabe61d48914c5
--- /dev/null
+++ b/templates/sasl_passwd.in.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for item in postfix__smtp_sasl_password_map %}
+{{ item.lookup }} {{ item.credentials }}
+{% endfor %}