diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2
index 9a7f8ea..1cb1b72 100644
--- a/templates/etc/postfix/main.cf.j2
+++ b/templates/etc/postfix/main.cf.j2
@@ -40,7 +40,7 @@ command_directory = /usr/sbin
 # daemon programs (i.e. programs listed in the master.cf file). This
 # directory must be owned by root.
 #
-daemon_directory = /usr/libexec/postfix
+daemon_directory = {{ __postfix_relay_daemon_directory }}
 
 # The data_directory parameter specifies the location of Postfix-writable
 # data files (caches, random numbers). This directory must be owned
@@ -699,7 +699,7 @@ smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 # Enable STARTTLS encryption
 smtp_use_tls = yes
 # Where to find CA certificates
-smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
+smtp_tls_CAfile = {{ __postfix_relay_smtp_tls_cafile }}
 
 # rewrite outgoing header
 sender_canonical_maps = hash:/etc/postfix/sender_canonical
diff --git a/vars/debian.yml b/vars/debian.yml
new file mode 100644
index 0000000..6440e24
--- /dev/null
+++ b/vars/debian.yml
@@ -0,0 +1,8 @@
+---
+__postfix_relay_packages:
+  - postfix
+  - libsasl2-modules
+  - mailutils
+
+__postfix_relay_daemon_directory: /usr/lib/postfix/sbin
+__postfix_relay_smtp_tls_cafile: /etc/ssl/certs/ca-certificates.crt
diff --git a/vars/default.yml b/vars/default.yml
index 9a65829..9812601 100644
--- a/vars/default.yml
+++ b/vars/default.yml
@@ -3,3 +3,6 @@ __postfix_relay_packages:
   - postfix
   - cyrus-sasl-plain
   - mailx
+
+__postfix_relay_daemon_directory: /usr/libexec/postfix
+__postfix_relay_smtp_tls_cafile: /etc/ssl/certs/ca-bundle.crt