Use submission port for client outgoing email

Currently client email is submitted via ssmtp (port 465).  This has been
deprecated for years.  The correct way to submit email is via
submission (port 587).

This patch adds port 587 as a second and the default way of submitting
email for delivery.  Port 465 remains open for backwards compatibility
with existing clients.

roles/mailserver/files/etc_postfix_master.cf

 smtpd      pass  -       -       -       -       -       smtpd
 dnsblog    unix  -       -       -       -       0       dnsblog
 tlsproxy   unix  -       -       -       -       0       tlsproxy
-#submission inet  n       -       -       -       -       smtpd
-#  -o syslog_name=postfix/submission
-#  -o smtpd_tls_security_level=encrypt
-#  -o smtpd_etrn_restrictions=reject
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
+submission inet  n       -       -       -       -       smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_etrn_restrictions=reject
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
+  -o smtpd_sasl_security_options=noanonymous,noplaintext
+  -o smtpd_sasl_tls_security_options=noanonymous
 
 # SMTP over SSL/TLS on port 465.
 smtps     inet  n       -       -       -       -       smtpd

roles/mailserver/tasks/postfix.yml

   with_items:
     - smtp
     - ssmtp
+    - submission
   tags: ufw

roles/mailserver/templates/var_www_autoconfig_mail_config-v1.1.j2

         </incomingServer>
         <outgoingServer type="smtp">
             <hostname>{{ mail_server_hostname }}</hostname>
-            <port>465</port>
-            <socketType>SSL</socketType>
+            <port>587</port>
+            <socketType>STARTTLS</socketType>
             <authentication>password-cleartext</authentication>
             <username>%EMAILADDRESS%</username>
         </outgoingServer>