diff --git a/roles/email/tasks/main.yml b/roles/email/tasks/main.yml
index 6d42eb1abc9ea7463128a8196c36dd6bae65f129..7a12bc5c239f49854f42afc8ce3991e1e6ea3184 100644
--- a/roles/email/tasks/main.yml
+++ b/roles/email/tasks/main.yml
@@ -64,6 +64,15 @@
     - pwgen
     - whois
 
+- name: Postfix smtpd_relay_restrictions set
+  command: postconf -e "smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination"
+
+- name: Postfix set not to use /etc/aliases
+  command: postconf -e "alias_maps = "
+
+- name: Postfix mydestination set to localhost 
+  command: postconf -e "mydestination = localhost"
+
 - name: Get the app container IP address
   command: "docker inspect --format '{''{ .NetworkSettings.IPAddress }''}' app"
   register: app_ip_address
@@ -74,24 +83,11 @@
 - name: Postfix my networks set to include {{ app_ip_address.stdout }}
   command: postconf -e "mynetworks = 127.0.0.0/8, {{ app_ip_address.stdout }}" 
 
-- name: Postfix mydestination set to contain {{ hostname }}
-  # command: postconf -e "mydestination = {{ hostname }}, localhost.localnetwork, localhost"
-  command: postconf -e "mydestination = localhost"
-
 - name: Postfix relay domains set to {{ hostname }}
   command: postconf -e "relay_domains = {{ hostname }}"
 
-- name: Postfix set not to use /etc/aliases
-  command: postconf -e "alias_maps = "
-
-- name: Postfix set for ipv4 only
-  command: postconf -e "inet_protocols = ipv4"
-
-- name: Postfix stopped for inet_protocols change
-  command: postfix stop
-
-- name: Postfix started after inet_protocols change
-  command: postfix start
+- name: Postfix smtpd_recipient_restrictions set
+  command: postconf -e "smtpd_recipient_restrictions = permit_mynetworks, check_policy_service unix:private/policy"
 
 - name: Postfix opportunistic TLS enabled
   command: postconf -e "smtp_tls_security_level = may"
@@ -105,6 +101,9 @@
 - name: Postfix Time Zone and Lang set 
   command: postconf -e "export_environment='TZ LANG'"
 
+- name: Postfix set for ipv4 only
+  command: postconf -e "inet_protocols = ipv4"
+
 - name: Postfix set to use /usr/local/bin/receive-mail
   command: postconf -M -e "discourse/unix=discourse unix - n n - - pipe user=nobody:nogroup argv=/usr/local/bin/receive-mail ${recipient}"
 
@@ -120,7 +119,6 @@
 - name: Postmap run with Transport Maps file
   command: postmap /etc/postfix/transport
 
-
 - name: Postfix set to reject incorrect email addresses 
   command: postconf -M -e "policy/unix=policy unix - n n - - spawn user=nobody argv=/usr/local/bin/discourse-smtp-fast-rejection"
 
@@ -139,8 +137,11 @@
 
   when: le_cert.stat.exists == True
 
-- name: Postfix reloaded
-  command: postfix reload
+- name: Postfix stopped 
+  command: postfix stop
+
+- name: Postfix started
+  command: postfix start
 
 - name: Root .forward in place
   template: