diff --git a/README.md b/README.md
index 9effd9765c1de60822cef23a725877fafaf4736f..82679bbf836c9851f41688c59816ce2ea2c3c0e3 100644
--- a/README.md
+++ b/README.md
@@ -160,6 +160,11 @@ A string to define the e-mail address to which all mail directed to root should
 Default: 'nobody'.  
 Example: 'root_catch@example.com'.
 
+##### `chroot`
+A boolean to define if postfix should be run in a chroot jail or not. If not defined, '-' is used (OS dependant)
+Default: Undefined.
+Example: true
+
 ##### `satellite`
 A Boolean to define whether to configure postfix as a satellite relay host.  This setting is mutually exclusive with the mta Boolean.  
 Default: False.
diff --git a/manifests/files.pp b/manifests/files.pp
index c8205f488ef3e41c8c826b134a364024a4beba4a..d8f09ba738a139b3ea172a9647b86aae11857f11 100644
--- a/manifests/files.pp
+++ b/manifests/files.pp
@@ -14,6 +14,7 @@ class postfix::files {
   $myorigin            = $postfix::myorigin
   $manage_root_alias   = $postfix::manage_root_alias
   $root_mail_recipient = $postfix::root_mail_recipient
+  $chroot              = $postfix::chroot
   $smtp_listen         = $postfix::_smtp_listen
   $use_amavisd         = $postfix::use_amavisd
   $use_dovecot_lda     = $postfix::use_dovecot_lda
@@ -24,6 +25,12 @@ class postfix::files {
   assert_type(Optional[String], $master_smtp)
   assert_type(Optional[String], $master_smtps)
 
+  $jail = $chroot ? {
+    undef   => '-',
+    true    => 'y',
+    default => 'n',
+  }
+
   File {
     replace => $manage_conffiles,
   }
@@ -56,9 +63,9 @@ class postfix::files {
     $mastercf_content = undef
   } else {
     $mastercf_content = template(
-        $postfix::params::master_os_template,
-        'postfix/master.cf.common.erb'
-      )
+      $postfix::params::master_os_template,
+      'postfix/master.cf.common.erb'
+    )
   }
 
   file { '/etc/postfix/master.cf':
@@ -89,7 +96,7 @@ class postfix::files {
     'myorigin':         value => $myorigin;
   }
 
-  case $::osfamily {
+  case $facts['os']['family'] {
     'RedHat': {
       ::postfix::config {
         'mailq_path':       value => '/usr/bin/mailq.postfix';
diff --git a/manifests/init.pp b/manifests/init.pp
index 23565f298810d1d1b0f9388d379f85ba09d11876..69990dd213c8d21139665281ab68a233e5eab1d3 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -50,6 +50,8 @@
 #
 # [*root_mail_recipient*] - (string)
 #
+# [*chroot*]              - (undef/boolean) Whether postfix should be run in a chroot
+#
 # [*satellite*]           - (boolean) Whether to use as a satellite
 #                           (implies MTA)
 #
@@ -97,6 +99,7 @@ class postfix (
   Optional[String]                $relayhost           = undef,         # postfix_relayhost
   Boolean                         $manage_root_alias   = true,
   Variant[Array[String], String]  $root_mail_recipient = 'nobody',      # root_mail_recipient
+  Optional[Boolean]               $chroot              = undef,
   Boolean                         $satellite           = false,
   String                          $smtp_listen         = '127.0.0.1',   # postfix_smtp_listen
   Boolean                         $use_amavisd         = false,         # postfix_use_amavisd
diff --git a/spec/acceptance/postfix_spec.rb b/spec/acceptance/postfix_spec.rb
index b03b54cd84605a591d8108b32668bac2f474be71..e85cdde24274683919d4f4a2ef57e705b4bf438f 100644
--- a/spec/acceptance/postfix_spec.rb
+++ b/spec/acceptance/postfix_spec.rb
@@ -21,7 +21,9 @@ describe 'postfix class' do
           }
         }
 
-        class { 'postfix': }
+        class { 'postfix':
+          smtp_listen => 'all',
+        }
       EOS
 
       # Run it twice and test for idempotency
diff --git a/templates/master.cf.SLES11.2.erb b/templates/master.cf.SLES11.2.erb
index 0cccd7ea27c0df80370bb371aebe6791e5e91c89..855519c3258277320358860c4160c30199efde27 100644
--- a/templates/master.cf.SLES11.2.erb
+++ b/templates/master.cf.SLES11.2.erb
@@ -10,9 +10,9 @@
 #               (yes)   (yes)   (yes)   (never) (100)                                                                                                                                                                                        
 # ==========================================================================                                                                                                                                                                 
 <% if @smtp_listen == 'all' -%>
-smtp      inet  n       -       n       -       -       smtpd
+smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% else -%>
-<%= @smtp_listen %>:smtp      inet  n       -       n       -       -       smtpd
+<%= @smtp_listen %>:smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% end -%>
 #smtp      inet  n       -       n       -       -       smtpd
 #submission inet n      -       n       -       -       smtpd                                                                                                                                                                                
@@ -24,32 +24,32 @@ smtp      inet  n       -       n       -       -       smtpd
 #  -o smtpd_etrn_restrictions=reject                                                                                                                                                                                                         
 #  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes                                                                                                                                                                                    
 #628      inet  n       -       n       -       -       qmqpd                                                                                                                                                                                
-pickup    fifo  n       -       n       60      1       pickup                                                                                                                                                                               
-cleanup   unix  n       -       n       -       0       cleanup                                                                                                                                                                              
+pickup    fifo  n       -       <%= @jail %>       60      1       pickup                                                                                                                                                                               
+cleanup   unix  n       -       <%= @jail %>       -       0       cleanup                                                                                                                                                                              
 qmgr      fifo  n       -       n       300     1       qmgr                                                                                                                                                                                 
 #qmgr     fifo  n       -       n       300     1       oqmgr                                                                                                                                                                                
 #tlsmgr    unix  -       -       n       1000?   1       tlsmgr                                                                                                                                                                              
-rewrite   unix  -       -       n       -       -       trivial-rewrite                                                                                                                                                                      
-bounce    unix  -       -       n       -       0       bounce                                                                                                                                                                               
-defer     unix  -       -       n       -       0       bounce                                                                                                                                                                               
-trace     unix  -       -       n       -       0       bounce                                                                                                                                                                               
-verify    unix  -       -       n       -       1       verify                                                                                                                                                                               
-flush     unix  n       -       n       1000?   0       flush                                                                                                                                                                                
+rewrite   unix  -       -       <%= @jail %>       -       -       trivial-rewrite                                                                                                                                                                      
+bounce    unix  -       -       <%= @jail %>       -       0       bounce                                                                                                                                                                               
+defer     unix  -       -       <%= @jail %>       -       0       bounce                                                                                                                                                                               
+trace     unix  -       -       <%= @jail %>       -       0       bounce                                                                                                                                                                               
+verify    unix  -       -       <%= @jail %>       -       1       verify                                                                                                                                                                               
+flush     unix  n       -       <%= @jail %>       1000?   0       flush                                                                                                                                                                                
 proxymap  unix  -       -       n       -       -       proxymap                                                                                                                                                                             
-smtp      unix  -       -       n       -       -       smtp                                                                                                                                                                                 
+smtp      unix  -       -       <%= @jail %>       -       -       smtp                                                                                                                                                                                 
 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops                                                                                                                                                                  
-relay     unix  -       -       n       -       -       smtp                                                                                                                                                                                 
+relay     unix  -       -       <%= @jail %>       -       -       smtp                                                                                                                                                                                 
         -o fallback_relay=
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       n       -       -       showq
-error     unix  -       -       n       -       -       error
-discard   unix  -       -       n       -       -       discard
+showq     unix  n       -       <%= @jail %>       -       -       showq
+error     unix  -       -       <%= @jail %>       -       -       error
+discard   unix  -       -       <%= @jail %>       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       n       -       -       lmtp
-anvil     unix  -       -       n       -       1       anvil
+lmtp      unix  -       -       <%= @jail %>       -       -       lmtp
+anvil     unix  -       -       <%= @jail %>       -       1       anvil
 #localhost:10025 inet   n       -       n       -       -       smtpd -o content_filter=
-scache    unix  -       -       n       -       1       scache
+scache    unix  -       -       <%= @jail %>       -       1       scache
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
diff --git a/templates/master.cf.SLES11.3.erb b/templates/master.cf.SLES11.3.erb
index 2b7c296eff94a14371c6e3ebbb2ab83006dbebd0..af5d34e23f55096dc244b8957b009fb48c125beb 100644
--- a/templates/master.cf.SLES11.3.erb
+++ b/templates/master.cf.SLES11.3.erb
@@ -10,9 +10,9 @@
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 <% if @smtp_listen == 'all' -%>
-smtp      inet  n       -       n       -       -       smtpd
+smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% else -%>
-<%= @smtp_listen %>:smtp      inet  n       -       n       -       -       smtpd
+<%= @smtp_listen %>:smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% end -%>
 #smtp      inet  n       -       n       -       -       smtpd
 #submission inet n      -       n       -       -       smtpd
@@ -24,32 +24,32 @@ smtp      inet  n       -       n       -       -       smtpd
 #  -o smtpd_etrn_restrictions=reject
 #  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
 #628      inet  n       -       n       -       -       qmqpd
-pickup    fifo  n       -       n       60      1       pickup
-cleanup   unix  n       -       n       -       0       cleanup
+pickup    fifo  n       -       <%= @jail %>       60      1       pickup
+cleanup   unix  n       -       <%= @jail %>       -       0       cleanup
 qmgr      fifo  n       -       n       300     1       qmgr
 #qmgr     fifo  n       -       n       300     1       oqmgr
 #tlsmgr    unix  -       -       n       1000?   1       tlsmgr
-rewrite   unix  -       -       n       -       -       trivial-rewrite
-bounce    unix  -       -       n       -       0       bounce
-defer     unix  -       -       n       -       0       bounce
-trace     unix  -       -       n       -       0       bounce
-verify    unix  -       -       n       -       1       verify
-flush     unix  n       -       n       1000?   0       flush
+rewrite   unix  -       -       <%= @jail %>       -       -       trivial-rewrite
+bounce    unix  -       -       <%= @jail %>       -       0       bounce
+defer     unix  -       -       <%= @jail %>       -       0       bounce
+trace     unix  -       -       <%= @jail %>       -       0       bounce
+verify    unix  -       -       <%= @jail %>       -       1       verify
+flush     unix  n       -       <%= @jail %>       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
-smtp      unix  -       -       n       -       -       smtp
+smtp      unix  -       -       <%= @jail %>       -       -       smtp
 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
-relay     unix  -       -       n       -       -       smtp
+relay     unix  -       -       <%= @jail %>       -       -       smtp
         -o smtp_fallback_relay=
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       n       -       -       showq
-error     unix  -       -       n       -       -       error
-discard   unix  -       -       n       -       -       discard
+showq     unix  n       -       <%= @jail %>       -       -       showq
+error     unix  -       -       <%= @jail %>       -       -       error
+discard   unix  -       -       <%= @jail %>       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       n       -       -       lmtp
-anvil     unix  -       -       n       -       1       anvil
+lmtp      unix  -       -       <%= @jail %>       -       -       lmtp
+anvil     unix  -       -       <%= @jail %>       -       1       anvil
 #localhost:10025 inet   n       -       n       -       -       smtpd -o content_filter=
-scache    unix  -       -       n       -       1       scache
+scache    unix  -       -       <%= @jail %>       -       1       scache
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
diff --git a/templates/master.cf.SLES11.4.erb b/templates/master.cf.SLES11.4.erb
index 9f621478e2d44aa30ee6d0c9be3371f0f7401b89..0518183036e0199396131b6d6a603334a58aca2f 100644
--- a/templates/master.cf.SLES11.4.erb
+++ b/templates/master.cf.SLES11.4.erb
@@ -10,9 +10,9 @@
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 <% if @smtp_listen == 'all' -%>
-smtp      inet  n       -       n       -       -       smtpd
+smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% else -%>
-<%= @smtp_listen %>:smtp      inet  n       -       n       -       -       smtpd
+<%= @smtp_listen %>:smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% end -%>
 #submission inet n      -       n       -       -       smtpd
 #       -o smtpd_etrn_restrictions=reject
@@ -23,32 +23,32 @@ smtp      inet  n       -       n       -       -       smtpd
 #  -o smtpd_etrn_restrictions=reject
 #  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
 #628      inet  n       -       n       -       -       qmqpd
-pickup    fifo  n       -       n       60      1       pickup
-cleanup   unix  n       -       n       -       0       cleanup
+pickup    fifo  n       -       <%= @jail %>       60      1       pickup
+cleanup   unix  n       -       <%= @jail %>       -       0       cleanup
 qmgr      fifo  n       -       n       300     1       qmgr
 #qmgr     fifo  n       -       n       300     1       oqmgr
-tlsmgr    unix  -       -       n       1000?   1       tlsmgr
-rewrite   unix  -       -       n       -       -       trivial-rewrite
-bounce    unix  -       -       n       -       0       bounce
-defer     unix  -       -       n       -       0       bounce
-trace     unix  -       -       n       -       0       bounce
-verify    unix  -       -       n       -       1       verify
-flush     unix  n       -       n       1000?   0       flush
+tlsmgr    unix  -       -       <%= @jail %>       1000?   1       tlsmgr
+rewrite   unix  -       -       <%= @jail %>       -       -       trivial-rewrite
+bounce    unix  -       -       <%= @jail %>       -       0       bounce
+defer     unix  -       -       <%= @jail %>       -       0       bounce
+trace     unix  -       -       <%= @jail %>       -       0       bounce
+verify    unix  -       -       <%= @jail %>       -       1       verify
+flush     unix  n       -       <%= @jail %>       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
-smtp      unix  -       -       n       -       -       smtp
+smtp      unix  -       -       <%= @jail %>       -       -       smtp
 # When relaying mail as backup MX, disable smtp_fallback_relay to avoid MX loops
-relay     unix  -       -       n       -       -       smtp
+relay     unix  -       -       <%= @jail %>       -       -       smtp
         -o smtp_fallback_relay=
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       n       -       -       showq
-error     unix  -       -       n       -       -       error
-discard   unix  -       -       n       -       -       discard
+showq     unix  n       -       <%= @jail %>       -       -       showq
+error     unix  -       -       <%= @jail %>       -       -       error
+discard   unix  -       -       <%= @jail %>       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       n       -       -       lmtp
-anvil     unix  -       -       n       -       1       anvil
+lmtp      unix  -       -       <%= @jail %>       -       -       lmtp
+anvil     unix  -       -       <%= @jail %>       -       1       anvil
 #localhost:10025 inet   n       -       n       -       -       smtpd -o content_filter=
-scache    unix  -       -       n       -       1       scache
+scache    unix  -       -       <%= @jail %>       -       1       scache
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
diff --git a/templates/master.cf.common.erb b/templates/master.cf.common.erb
index c21f0e23ae25e69dd03468fe4ba4f4fc8efee493..fdd6c11c762d6c3a1c9973e1c4c9d940c104a2d9 100644
--- a/templates/master.cf.common.erb
+++ b/templates/master.cf.common.erb
@@ -1,9 +1,9 @@
 <% if @use_amavisd %>
-amavis unix - - - - 2 smtp
+amavis unix - - <%= @jail %> - 2 smtp
         -o smtp_data_done_timeout=1200
         -o smtp_send_xforward_command=yes
 
-127.0.0.1:10025 inet n - - - - smtpd
+127.0.0.1:10025 inet n - <%= @jail %> - - smtpd
         -o content_filter=
         -o local_recipient_maps=
         -o relay_recipient_maps=
diff --git a/templates/master.cf.debian.erb b/templates/master.cf.debian.erb
index aadcc286b90d39b363ebd60d5ae5c9fa95314078..748d9d9e7304b35c14ddd05466dc8ccc95bc8dbb 100644
--- a/templates/master.cf.debian.erb
+++ b/templates/master.cf.debian.erb
@@ -10,9 +10,9 @@
 <% if @master_smtp -%>
 <%= @master_smtp %>
 <% elsif @smtp_listen == 'all' -%>
-smtp      inet  n       -       -       -       -       smtpd
+smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% else -%>
-<%= @smtp_listen %>:smtp      inet  n       -       -       -       -       smtpd
+<%= @smtp_listen %>:smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% end -%>
 <% if @master_submission -%>
 <%= @master_submission %>
@@ -29,31 +29,31 @@ smtp      inet  n       -       -       -       -       smtpd
 #  -o smtpd_sasl_auth_enable=yes
 #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #628      inet  n       -       -       -       -       qmqpd
-pickup    fifo  n       -       -       60      1       pickup
-cleanup   unix  n       -       -       -       0       cleanup
+pickup    fifo  n       -       <%= @jail %>       60      1       pickup
+cleanup   unix  n       -       <%= @jail %>       -       0       cleanup
 qmgr      fifo  n       -       n       300     1       qmgr
-#qmgr     fifo  n       -       -       300     1       oqmgr
-tlsmgr    unix  -       -       -       1000?   1       tlsmgr
-rewrite   unix  -       -       -       -       -       trivial-rewrite
-bounce    unix  -       -       -       -       0       bounce
-defer     unix  -       -       -       -       0       bounce
-trace     unix  -       -       -       -       0       bounce
-verify    unix  -       -       -       -       1       verify
-flush     unix  n       -       -       1000?   0       flush
+#qmgr     fifo  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       <%= @jail %>       1000?   1       tlsmgr
+rewrite   unix  -       -       <%= @jail %>       -       -       trivial-rewrite
+bounce    unix  -       -       <%= @jail %>       -       0       bounce
+defer     unix  -       -       <%= @jail %>       -       0       bounce
+trace     unix  -       -       <%= @jail %>       -       0       bounce
+verify    unix  -       -       <%= @jail %>       -       1       verify
+flush     unix  n       -       <%= @jail %>       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
-smtp      unix  -       -       -       -       -       smtp
+smtp      unix  -       -       <%= @jail %>       -       -       smtp
 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
-relay     unix  -       -       -       -       -       smtp
+relay     unix  -       -       <%= @jail %>       -       -       smtp
 	-o fallback_relay=
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       -       -       -       showq
-error     unix  -       -       -       -       -       error
-discard   unix  -       -       -       -       -       discard
+showq     unix  n       -       <%= @jail %>       -       -       showq
+error     unix  -       -       <%= @jail %>       -       -       error
+discard   unix  -       -       <%= @jail %>       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       -       -       -       lmtp
-anvil     unix  -       -       -       -       1       anvil
-scache	  unix	-	-	-	-	1	scache
+lmtp      unix  -       -       <%= @jail %>       -       -       lmtp
+anvil     unix  -       -       <%= @jail %>       -       1       anvil
+scache    unix  -       -       <%= @jail %>       -       1       scache
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
diff --git a/templates/master.cf.redhat.erb b/templates/master.cf.redhat.erb
index bfaf972847fbd0dbab78919518d88ec5b66844a9..91a2aee33e4ff08eb30fb330528d1732fece1180 100644
--- a/templates/master.cf.redhat.erb
+++ b/templates/master.cf.redhat.erb
@@ -10,9 +10,9 @@
 <% if @master_smtp -%>
 <%= @master_smtp %>
 <% elsif @smtp_listen == 'all' -%>
-smtp      inet  n       -       n       -       -       smtpd
+smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% else -%>
-<%= @smtp_listen %>:smtp      inet  n       -       n       -       -       smtpd
+<%= @smtp_listen %>:smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% end -%>
 <% if @master_submission -%>
 <%= @master_submission %>
@@ -30,31 +30,31 @@ smtp      inet  n       -       n       -       -       smtpd
 #  -o smtpd_sasl_auth_enable=yes
 #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #628      inet  n       -       n       -       -       qmqpd
-pickup    fifo  n       -       n       60      1       pickup
-cleanup   unix  n       -       n       -       0       cleanup
+pickup    fifo  n       -       <%= @jail %>       60      1       pickup
+cleanup   unix  n       -       <%= @jail %>       -       0       cleanup
 qmgr      fifo  n       -       n       300     1       qmgr
 #qmgr     fifo  n       -       n       300     1       oqmgr
-tlsmgr    unix  -       -       n       1000?   1       tlsmgr
-rewrite   unix  -       -       n       -       -       trivial-rewrite
-bounce    unix  -       -       n       -       0       bounce
-defer     unix  -       -       n       -       0       bounce
-trace     unix  -       -       n       -       0       bounce
-verify    unix  -       -       n       -       1       verify
-flush     unix  n       -       n       1000?   0       flush
+tlsmgr    unix  -       -       <%= @jail %>       1000?   1       tlsmgr
+rewrite   unix  -       -       <%= @jail %>       -       -       trivial-rewrite
+bounce    unix  -       -       <%= @jail %>       -       0       bounce
+defer     unix  -       -       <%= @jail %>       -       0       bounce
+trace     unix  -       -       <%= @jail %>       -       0       bounce
+verify    unix  -       -       <%= @jail %>       -       1       verify
+flush     unix  n       -       <%= @jail %>       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
-smtp      unix  -       -       n       -       -       smtp
+smtp      unix  -       -       <%= @jail %>       -       -       smtp
 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
-relay     unix  -       -       n       -       -       smtp
+relay     unix  -       -       <%= @jail %>       -       -       smtp
 	-o fallback_relay=
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       n       -       -       showq
-error     unix  -       -       n       -       -       error
-discard   unix  -       -       n       -       -       discard
+showq     unix  n       -       <%= @jail %>       -       -       showq
+error     unix  -       -       <%= @jail %>       -       -       error
+discard   unix  -       -       <%= @jail %>       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       n       -       -       lmtp
-anvil     unix  -       -       n       -       1       anvil
-scache	  unix	-	-	n	-	1	scache
+lmtp      unix  -       -       <%= @jail %>       -       -       lmtp
+anvil     unix  -       -       <%= @jail %>       -       1       anvil
+scache	  unix	-	-	<%= @jail %>	-	1	scache
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
diff --git a/templates/master.cf.sles.erb b/templates/master.cf.sles.erb
index 6297e4e9fb042c768692066a04e3fd36e0acb40f..9c8fa01f07192d1aaca832cb833391da1c18ff4f 100644
--- a/templates/master.cf.sles.erb
+++ b/templates/master.cf.sles.erb
@@ -13,9 +13,9 @@
 <% if @master_smtp -%>
 <%= @master_smtp %>
 <% elsif @smtp_listen == 'all' -%>
-smtp      inet  n       -       n       -       -       smtpd
+smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% else -%>
-<%= @smtp_listen %>:smtp      inet  n       -       n       -       -       smtpd
+<%= @smtp_listen %>:smtp      inet  n       -       <%= @jail %>       -       -       smtpd
 <% end -%>
 <% if @master_submission -%>
 <%= @master_submission %>
@@ -56,32 +56,32 @@ smtp      inet  n       -       n       -       -       smtpd
 #    -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 #    -o milter_macro_daemon_name=ORIGINATING
 #628       inet  n       -       n       -       -       qmqpd
-pickup    unix  n       -       n       60      1       pickup
-cleanup   unix  n       -       n       -       0       cleanup
+pickup    unix  n       -       <%= @jail %>       60      1       pickup
+cleanup   unix  n       -       <%= @jail %>       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr
 #qmgr     unix  n       -       n       300     1       oqmgr
-tlsmgr    unix  -       -       n       1000?   1       tlsmgr
-rewrite   unix  -       -       n       -       -       trivial-rewrite
-bounce    unix  -       -       n       -       0       bounce
-defer     unix  -       -       n       -       0       bounce
-trace     unix  -       -       n       -       0       bounce
-verify    unix  -       -       n       -       1       verify
-flush     unix  n       -       n       1000?   0       flush
+tlsmgr    unix  -       -       <%= @jail %>       1000?   1       tlsmgr
+rewrite   unix  -       -       <%= @jail %>       -       -       trivial-rewrite
+bounce    unix  -       -       <%= @jail %>       -       0       bounce
+defer     unix  -       -       <%= @jail %>       -       0       bounce
+trace     unix  -       -       <%= @jail %>       -       0       bounce
+verify    unix  -       -       <%= @jail %>       -       1       verify
+flush     unix  n       -       <%= @jail %>       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
-smtp      unix  -       -       n       -       -       smtp
+smtp      unix  -       -       <%= @jail %>       -       -       smtp
 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
-relay     unix  -       -       n       -       -       smtp
+relay     unix  -       -       <%= @jail %>       -       -       smtp
 	-o fallback_relay=
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       n       -       -       showq
-error     unix  -       -       n       -       -       error
-retry     unix  -       -       n       -       -       error
-discard   unix  -       -       n       -       -       discard
+showq     unix  n       -       <%= @jail %>       -       -       showq
+error     unix  -       -       <%= @jail %>       -       -       error
+retry     unix  -       -       <%= @jail %>       -       -       error
+discard   unix  -       -       <%= @jail %>       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       n       -       -       lmtp
-anvil     unix  -       -       n       -       1       anvil
+lmtp      unix  -       -       <%= @jail %>       -       -       lmtp
+anvil     unix  -       -       <%= @jail %>       -       1       anvil
 #localhost:10025 inet   n       -       n       -       -       smtpd
 #  -o content_filter=
 #  -o smtpd_delay_reject=no
@@ -102,7 +102,7 @@ anvil     unix  -       -       n       -       1       anvil
 #  -o local_header_rewrite_clients=
 #  -o local_recipient_maps=
 #  -o relay_recipient_maps=
-scache    unix  -       -       n       -       1       scache
+scache    unix  -       -       <%= @jail %>       -       1       scache
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual