diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c75a20e7973189959cb34fa2e8e010801cca7300
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,27 @@
+---
+## Variables for the main.cf template, in top-down order
+postfix__myorigin:
+postfix__smtpd_banner: '$myhostname ESMTP $mail_name ({{ ansible_distribution }})'
+postfix__biff: no
+postfix__append_dot_mydomain: no
+postfix__generate_delayed_mail_warnings: no
+postfix__delay_warning_time: 4h
+postfix__readme_directory: no
+postfix__smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
+postfix__smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
+postfix__smtpd_use_tls: yes
+postfix__smtpd_tls_session_cache_database: 'btree:${data_directory}/smtpd_scache'
+postfix__smtp_tls_session_cache_database: 'btree:${data_directory}/smtp_scache'
+postfix__smtpd_relay_restrictions: 'permit_mynetworks permit_sasl_authenticated defer_unauth_destination'
+postfix__myhostname: '{{ ansible_hostname | d() }}'
+postfix__alias_maps: 'hash:/etc/aliases'
+postfix__alias_database: 'hash:/etc/aliases'
+postfix__mydestination: '$myhostname, localhost.localdomain, localhost'
+postfix__relayhost:
+postfix__mynetworks: '127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128'
+postfix__mailbox_size_limit: 0
+postfix__recipient_delimiter: '+'
+postfix__inet_interfaces: all
+postfix__inet_protocols: all
+...
+# vi: set ts=2 sts=2 sw=2 et ft=yaml:
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a4a28f32c2d226a388fed7fcc496fe75f443becc
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Generate Postfix 'main.cf' configuration
+  template:
+    src: templates/main.cf.j2
+    dest: /etc/postfix/main.cf
+    owner: root
+    group: root
+    mode: 0644
+  notify: ['reload postfix']
+...
+# vi: set ts=2 sts=2 sw=2 et ft=yaml: 
diff --git a/templates/main.cf.j2 b/templates/main.cf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..b38795aefdb16e3165421d71103397afce0d9f55
--- /dev/null
+++ b/templates/main.cf.j2
@@ -0,0 +1,49 @@
+# {{ ansible_managed }}
+
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+{% if 'debian' == ansible_os_family | lower %}
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+myorigin = {{ postfix__myorigin | default('/etc/mailname', true) }}
+{% else %}
+myorigin = {{ postfix__myorigin | default('$myhostname', true) }}
+{% endif %}
+
+smtpd_banner = {{ postfix__smtpd_banner }}
+biff = {{ postfix__biff }}
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = {{ postfix__append_dot_mydomain }}
+
+# Uncomment the next line to generate "delayed mail" warnings
+{% if postfix__generate_delayed_mail_warnings %}
+delay_warning_time = {{ postfix__delay_warning_time }}
+{% else %}
+#delay_warning_time = {{ postfix__delay_warning_time }}
+{% endif %}
+
+readme_directory = {{ postfix__readme_directory }}
+
+# TLS parameters
+smtpd_tls_cert_file = {{ postfix__smtpd_tls_cert_file }}
+smtpd_tls_key_file = {{ postfix__smtpd_tls_key_file }}
+smtpd_use_tls = {{ postfix__smtpd_use_tls }}
+smtpd_tls_session_cache_database = {{ postfix__smtpd_tls_session_cache_database }}
+smtp_tls_session_cache_database = {{ postfix__smtp_tls_session_cache_database }}
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+smtpd_relay_restrictions = {{ postfix__smtpd_relay_restrictions }}
+myhostname = {{ postfix__myhostname }}
+alias_maps = {{ postfix__alias_maps }}
+alias_database = {{ postfix__alias_database }}
+mydestination = {{ postfix__mydestination }}
+relayhost = {{ postfix__relayhost }}
+mynetworks = {{ postfix__mynetworks }}
+mailbox_size_limit = {{ postfix__mailbox_size_limit }}
+recipient_delimiter = {{ postfix__recipient_delimiter }}
+inet_interfaces = {{ postfix__inet_interfaces }}
+inet_protocols = {{ postfix__inet_protocols }}