diff --git a/defaults/main.yml b/defaults/main.yml
index 8328bca..6bb5696 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,9 @@
 ---
 common_postfix_mail_relay: mail.{{ common_searchdomain }}
 common_postfix_mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+common_postfix_sender_canonical_maps: ""
+common_postfix_recipient_canonical_maps: ""
+common_postfix_configure_sasl: false
 common_X11Forwarding: false
 common_swappiness: 5
+
diff --git a/tasks/configure_postfix_relay.yml b/tasks/configure_postfix_relay.yml
index 230c685..1a22d6f 100644
--- a/tasks/configure_postfix_relay.yml
+++ b/tasks/configure_postfix_relay.yml
@@ -8,7 +8,9 @@
 
 - name: Installation postfix
   package:
-    name: postfix
+    name:
+      - postfix
+      - libsasl2-modules
     state: present
 
 - name: Configuration postfix
@@ -18,6 +20,21 @@
   notify:
     - restart postfix
 
+- name: Configuration postfix
+  template:
+    src: sasl-password-map
+    dest: /etc/postfix/sasl-password-map
+    mode: 0600
+    owner: root
+    group: root
+  register: _sasl_password_map
+  when: common_postfix_configure_sasl is true
+
+- shell: |
+    cd /etc/postfix/
+    postmap sasl-password-map
+  when: common_postfix_configure_sasl is true and _sasl_password_map.changed
+
 - name: Configuration aliases postfix
   template:
     src: aliases.j2
@@ -38,7 +55,7 @@
     mode: 0755
     create: yes
     block: |
-      # A completer
+      {{ common_postfix_sender_canonical_maps }}
   register: sender_canonical_maps_regexp
 
 - name: Configure recipient_canonical_maps_regexp
@@ -50,7 +67,7 @@
     mode: 0755
     create: yes
     block: |
-      # A completer
+      {{ common_postfix_recipient_canonical_maps }}
   register: recipiend_canonical_maps_regexp
 
 - name: postmap
diff --git a/templates/postfix-main.cf.j2 b/templates/postfix-main.cf.j2
index 8013dca..93ac03f 100644
--- a/templates/postfix-main.cf.j2
+++ b/templates/postfix-main.cf.j2
@@ -12,7 +12,11 @@ compatibility_level = 2
 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
+{% if common_postfix_configure_sasl is true %}
+relayhost = [{{ common_postfix_mail_relay }}]:587
+{% else %}
 relayhost = {{ common_postfix_mail_relay }}
+{% endif %}
 mynetworks = {{ common_postfix_mynetworks }}
 inet_interfaces = localhost
 inet_protocols = all
@@ -20,3 +24,10 @@ inet_protocols = all
 # reecritures d'adresses si besoin
 sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps_regexp
 recipient_canonical_maps = regexp:/etc/postfix/recipient_canonical_maps_regexp
+
+{% if common_postfix_configure_sasl is true %}
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl-password-map
+smtp_sasl_security_options = noanonymous
+smtp_tls_security_level = encrypt
+{% endif %}
diff --git a/templates/sasl-password-map b/templates/sasl-password-map
new file mode 100644
index 0000000..7f05298
--- /dev/null
+++ b/templates/sasl-password-map
@@ -0,0 +1,2 @@
+# {{ ansible_managed }}
+{{ common_postfix_mail_relay }}  {{ common_postfix_sasl_login }}:{{ common_postfix_sasl_password }}