diff --git a/roles/system/postfix/handlers/main.yml b/roles/system/postfix/handlers/main.yml
index c4c4dd5493a638fb23ce7e5795a81176ee5c204d..85879aeaec5a292947cc15b2936d0eca7afd4202 100644
--- a/roles/system/postfix/handlers/main.yml
+++ b/roles/system/postfix/handlers/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "Postmap sasl"
-  ansible.builtin.command: postmap hash:/etc/postfix/sasl-passwords
+  ansible.builtin.command: postmap hash:/etc/postfix/sasl_passwd
   changed_when: false
 
 - name: "Postmap generic"
diff --git a/roles/system/postfix/tasks/configure/postfix_authentication.yml b/roles/system/postfix/tasks/configure/postfix_authentication.yml
index c805395ca1dd4b21c1ce92f53a396c876dd3df85..9f11433bc5dad518c976ade87292545c5209310b 100644
--- a/roles/system/postfix/tasks/configure/postfix_authentication.yml
+++ b/roles/system/postfix/tasks/configure/postfix_authentication.yml
@@ -4,8 +4,10 @@
   notify: "Postmap sasl"
   ansible.builtin.template:
     backup: true
-    src: sasl-passwords.j2
-    dest: /etc/postfix/sasl-passwords
-    mode: "644"
+    src: sasl_passwd.j2
+    dest: /etc/postfix/sasl_passwd
+    owner: "root"
+    group: "root"
+    mode: "600"
 
 ...
diff --git a/roles/system/postfix/templates/main.cf.j2 b/roles/system/postfix/templates/main.cf.j2
index 4427f01a6d16f919e73c93b11e7cbbef902bceda..8f5cbe6ba25a388e79ebb590fc0e7aef10bdb0ad 100644
--- a/roles/system/postfix/templates/main.cf.j2
+++ b/roles/system/postfix/templates/main.cf.j2
@@ -43,6 +43,6 @@ bounce_notice_recipient = bounces@{{ postfix_mailname }}
 
 # SMTP relay authentication
 smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = hash:/etc/postfix/sasl-passwords
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_sasl_security_options = noanonymous
 {% endif %}
diff --git a/roles/system/postfix/templates/sasl-passwords.j2 b/roles/system/postfix/templates/sasl_passwd.j2
similarity index 100%
rename from roles/system/postfix/templates/sasl-passwords.j2
rename to roles/system/postfix/templates/sasl_passwd.j2