diff -ruN postfix-SuSE-orig/SuSEconfig.postfix postfix-SuSE/SuSEconfig.postfix
--- postfix-SuSE-orig/SuSEconfig.postfix	2011-05-11 10:30:56.000000000 +0200
+++ postfix-SuSE/SuSEconfig.postfix	2011-05-15 15:42:17.000000000 +0200
@@ -143,7 +143,6 @@
         if [ "$CAPATH" ]
         then
            cpifnewer "$CAPATH/*" ./$CAPATH
-	   mkdir ./etc/ssl
 	   rsync -avH /etc/ssl/certs ./etc/ssl
         fi
 	# smtpd_tls_CAfile
@@ -162,10 +161,12 @@
 	fi
 	# smtpd_tls_key_file
 	smtpd_tls_key_file=`postconf -h smtpd_tls_key_file`
-	if [ "$smtpd_tls_key_file" -a $smtpd_tls_key_file != '$smtpd_tls_cert_file' ]
-	then
-	   DIR=`dirname $smtpd_tls_key_file`
-           cpifnewer $smtpd_tls_key_file ./$DIR
+	if [ -n "$smtpd_tls_key_file" ]; then
+	    if [ "$smtpd_tls_key_file" -a $smtpd_tls_key_file != '$smtpd_tls_cert_file' ]
+	    then
+		DIR=`dirname $smtpd_tls_key_file`
+		cpifnewer $smtpd_tls_key_file ./$DIR
+	    fi
 	fi
 
 	# PAM
@@ -263,7 +264,6 @@
 
     # to be on the save side
     $PCONF -e "daemon_directory = @daemon_directory@"
-    $PCONF -e "program_directory = @daemon_directory@"
     $PCONF -e "readme_directory = @readme_directory@"
     $PCONF -e "html_directory = @html_directory@"
     $PCONF -e "sample_directory = @sample_directory@"
@@ -557,19 +557,28 @@
     fi
     if test "$POSTFIX_SMTP_TLS_SERVER" == "yes" -o "$POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT" == "yes"; then
 	$PCONF -e "smtpd_use_tls = yes"
-	$PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
+	if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then
+	    $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
+	else
+	    $PCONF -e "smtpd_tls_CApath = $POSTFIX_SSL_PATH/cacerts"
+	fi
 	$PCONF -e "smtpd_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE"
 	$PCONF -e "smtpd_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE"
-	$PCONF -e "smtpd_tls_received_header = yes"
-	$PCONF -e "tls_daemon_random_source = dev:/dev/urandom"
-	$PCONF -e "tls_random_source = dev:/dev/urandom"
 	$PCONF -e "relay_clientcerts = hash:/etc/postfix/relay_ccerts"
 	$PCONF -e "smtpd_tls_ask_ccert = yes"
+	$PCONF -e "smtpd_tls_received_header = yes"
         touch -m -d "1 minute ago" $TMPDIR/main.cf
 	CURRENT=$($PCONF -h smtpd_recipient_restrictions)
 	$PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT"
     else
 	$PCONF -e "smtpd_use_tls = no"
+	$PCONF -e "smtpd_tls_CAfile ="
+	$PCONF -e "smtpd_tls_CApath ="
+	$PCONF -e "smtpd_tls_cert_file ="
+	$PCONF -e "smtpd_tls_key_file ="
+	$PCONF -e "relay_clientcerts ="
+	$PCONF -e "smtpd_tls_ask_ccert = no"
+	$PCONF -e "smtpd_tls_received_header = no"
     fi
 
     if test "$POSTFIX_SMTP_TLS_CLIENT" == "no"; then
@@ -585,16 +594,22 @@
 	    $PCONF -e "smtp_enforce_tls = yes"
     fi
     if test "$POSTFIX_SMTP_TLS_CLIENT" = "yes" -o "$POSTFIX_SMTP_TLS_CLIENT" = "must" ; then
-	test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" && \
+	if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then
 	    $PCONF -e "smtp_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
+	else
+	    $PCONF -e "smtp_tls_CApath = $POSTFIX_SSL_PATH/cacerts"
+	fi
 	test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" && \
 	    $PCONF -e "smtp_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE"
 	test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" && \
 	    $PCONF -e "smtp_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE"
-	$PCONF -e "smtp_tls_session_cache_timeout = 3600s"
 	$PCONF -e "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache"
     else
-	$PCONF -e "smtp_use_tls = no"
+	$PCONF -e "smtp_tls_CAfile ="
+	$PCONF -e "smtp_tls_CApath ="
+	$PCONF -e "smtp_tls_cert_file ="
+	$PCONF -e "smtp_tls_key_file ="
+	$PCONF -e "smtp_tls_session_cache_database ="
     fi
 
     ALLMAPS="hash:/etc/aliases"
diff -ruN postfix-SuSE-orig/sysconfig.postfix postfix-SuSE/sysconfig.postfix
--- postfix-SuSE-orig/sysconfig.postfix	2011-05-11 10:30:56.000000000 +0200
+++ postfix-SuSE/sysconfig.postfix	2011-05-14 18:00:01.000000000 +0200
@@ -198,9 +198,8 @@
 # Note: This only has effect, if POSTFIX_BASIC_SPAM_PREVENTION is set
 # to either "medium" or "hard" or "custom". If left empty, no RBL checks will take place.
 #
-# Example: POSTFIX_RBL_HOSTS="rbl1.example.com, rbl2.example.com"
+# Example: POSTFIX_RBL_HOSTS="cbl.abuseat.org, dnsbl.sorbs.net, dnsbl.ahbl.org"
 #
-#POSTFIX_RBL_HOSTS="zen.spamhaus.org, cbl.abuseat.org, dnsbl.sorbs.net, dnsbl.ahbl.org"
 POSTFIX_RBL_HOSTS=""
 
 ## Type:        yesno
@@ -287,7 +286,7 @@
 # Note: "if set to "medium" default is "hash:/etc/postfix/access, reject_unknown_sender_domain"
 #
 # Example:
-# POSTFIX_SMTPD_SENDERNT_RESTRICTIONS="reject_unauth_pipelining,
+# POSTFIX_SMTPD_SENDER_RESTRICTIONS="reject_unauth_pipelining,
 #  check_client_access hash:/etc/postfix/pop-before-smtp,
 #  check_client_access hash:/etc/postfix/relay,
 #  check_client_access hash:/etc/postfix/access,
@@ -414,7 +413,12 @@
 ## Default:     "cacert.pem"
 ## Config:      postfix
 #
-# name of the CA file (below POSTFIX_SSL_PATH)
+# name of the CAfile (below POSTFIX_SSL_PATH)
+#
+# when having more than one CA you want to trust, then
+# leave it empty and CApath ( POSTFIX_SSL_PATH/cacerts )
+# is used instead. Do not forget to run c_rehash POSTFIX_SSL_PATH/cacerts
+# after storing the certs.
 # 
 POSTFIX_TLS_CAFILE="cacert.pem"