diff --git a/defaults/main.yml b/defaults/main.yml
index d26ce0bdbf91d65bd06975e16a293682342c50ae..64a6f3ece84cb50febc6c135ff43cd3c0d3f773d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -24,31 +24,17 @@ postfix__tables:
   sasl_passwd: {}
   transport: {}
 
+# This dictionary is used to add or modify lines in the main.cf file. Each key
+# corresponds to a parameter in main.cf, and the value is what the parameter
+# should be set to. If the parameter already exists in the file, then that line
+# will be replaced. Otherwise, a new line will be added at the end of the file.
+postfix__main_cf: {}
+# This dictionary holds the default configuration for main.cf and all of its
+# keys can overridden in the postfix__main_cf dictionary.
+postfix__main_cf_default:
+  smtp_tls_security_level: may
+  smtp_sasl_password_maps: 'hash:/etc/postfix/sasl_passwd'
+  transport_maps: 'hash:/etc/postfix/transport'
 
-
-# Default variables for the main.cf template. These are always included.
-postfix__myorigin:
-postfix__smtpd_banner: '$myhostname ESMTP $mail_name ({{ ansible_distribution }})'
-postfix__biff: no
-postfix__append_dot_mydomain: no
-postfix__generate_delayed_mail_warnings: no
-postfix__delay_warning_time: 4h
-postfix__readme_directory: no
-postfix__smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
-postfix__smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
-postfix__smtpd_use_tls: yes
-postfix__smtpd_tls_session_cache_database: 'btree:${data_directory}/smtpd_scache'
-postfix__smtp_tls_session_cache_database: 'btree:${data_directory}/smtp_scache'
-postfix__smtpd_relay_restrictions: permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-postfix__myhostname: '{{ ansible_hostname | d() }}'
-postfix__alias_maps: 'hash:/etc/aliases'
-postfix__alias_database: 'hash:/etc/aliases'
-postfix__mydestination: '$myhostname, localhost.localdomain, localhost'
-postfix__relayhost:
-postfix__mynetworks: '127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128'
-postfix__mailbox_size_limit: 0
-postfix__recipient_delimiter: '+'
-postfix__inet_interfaces: all
-postfix__inet_protocols: all
 ...
 # vi: set ts=2 sts=2 sw=2 et ft=yaml:
diff --git a/tasks/main.yml b/tasks/main.yml
index a339487ac3dacf3ac4cfcee194580ee75d9c4b61..b74e9051b7cd5c4c1b340f74579673820b33939b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -9,15 +9,6 @@
     - tasks/install-postfix.{{ ansible_distribution | lower }}.yml
     - tasks/install-postfix.{{ ansible_os_family | lower }}.yml
 
-- name: Generate Postfix 'main.cf' configuration
-  template:
-    src: templates/main.cf.j2
-    dest: /etc/postfix/main.cf
-    owner: root
-    group: root
-    mode: 0644
-  notify: ['reload postfix']
-
 - name: Place the Postfix makefile
   template:
     src: templates/Makefile.j2
@@ -47,5 +38,29 @@
   vars:
     table: '{{ postfix__tables.transport }}'
   notify: ['make postfix transport.db']
+
+- name: Mark the 'main.cf' file as being managed by Ansible
+  lineinfile:
+    path: /etc/postfix/main.cf
+    insertbefore: BOF
+    state: present
+    line: "# This file is managed by Ansible, changes will be overwritten\n"
+    regexp: '^# This file is managed by Ansible'
+
+- name: Merge the main_cf dictionaries
+  set_fact:
+    __postfix__main_cf_merged: '{{ postfix__main_cf_default | combine(postfix__main_cf, recursive=True) }}'
+
+#- debug:
+#    var: __postfix__main_cf_merged
+
+- name: Configure the Postfix 'main.cf' file
+  lineinfile:
+    path: /etc/postfix/main.cf
+    line: '{{ item.key }} = {{ item.value }}'
+    regexp: '^\s*{{ item.key }}\s*='
+    state: present
+  with_dict: '{{ __postfix__main_cf_merged }}'
+  notify: ['reload postfix']
 ...
 # vi: set ts=2 sts=2 sw=2 et ft=yaml: