diff --git a/CHANGELOG.md b/CHANGELOG.md
index 84ce443..680ce59 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,9 @@
 
 ## 0.2.41
 
-* added **smtp_tls_mandatory_protocols**
+* added postfix settings:
+  - **smtp_tls_mandatory_protocols**
+  - **smtp_tls_ca_path** for **smtp_tls_CApath**
 
 ## 0.2.40
 
diff --git a/manifests/init.pp b/manifests/init.pp
index 4490b28..5aa2713 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -81,6 +81,7 @@
                 $smtpd_use_tls                       = false,
                 $smtpd_tls_protocols                 = [ '!SSLv2', '!SSLv3' ],
                 $smtp_tls_mandatory_protocols        = [],
+                $smtp_tls_ca_path                    = undef,
                 $smtp_use_tls                        = false,
                 $smtp_tls_exclude_ciphers            = [],
                 $smtpd_tls_mandatory_ciphers         = undef,
diff --git a/templates/main.cf.erb b/templates/main.cf.erb
index b3f3775..7b72f55 100644
--- a/templates/main.cf.erb
+++ b/templates/main.cf.erb
@@ -818,6 +818,10 @@ smtpd_tls_key_file=/etc/pki/tls/private/postfix-key.key
 smtp_tls_mandatory_protocols = <%= @smtp_tls_mandatory_protocols.join(',') %>
 <% end -%>
 
+<% if defined?(@smtp_tls_ca_path) -%>
+smtp_tls_CApath = <%= @smtp_tls_ca_path %>
+<% end -%>
+
 <%- if defined?(@biff) -%>
 biff = <%= scope.function_bool2yesno([@biff]) %>
 <%- end -%>