diff --git a/defaults/main.yml b/defaults/main.yml
index b7d9532..309aa13 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -68,9 +68,26 @@ postfix_milter_action: tempfail
 # SMTP server that not accept authenticated clients. 
 #############################################################################
 postfix_smtpd_server: False
+postfix_smtpd_server_restrictions:
+  - permit_mynetworks
+  - reject_unknown_recipient_domain
+  - reject_non_fqdn_recipient
+  - reject_unauth_destination
+  - reject_unauth_pipelining
+  - reject_unlisted_recipient
+
 # SMTP server that routes emails coming from outside
 #############################################################################
 postfix_mx_server: False
+postfix_smtpd_mx_client_restrictions:
+  - reject_unknown_sender_domain
+  - reject_non_fqdn_sender
+  - reject_non_fqdn_recipient
+  - reject_invalid_hostname
+  - reject_unauth_destination
+  - reject_unknown_recipient_domain
+  - reject_unlisted_recipient
+
 #############################################################################
 # SMTP submission server: accepts authenticated clients
 #############################################################################
diff --git a/templates/main.cf.j2 b/templates/main.cf.j2
index 52acddd..9306ece 100644
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@@ -582,12 +582,9 @@ smtpd_milters =
 
 {% if postfix_smtpd_server %}
 smtpd_recipient_restrictions =
-        permit_mynetworks
-        reject_unknown_recipient_domain
-        reject_non_fqdn_recipient
-        reject_unauth_destination
-        reject_unauth_pipelining
-        reject_unlisted_recipient
+{% for recipient_rule in postfix_smtpd_server_restrictions %}
+        {{ recipient_rule }}
+{% endfor %}
 {% if postfix_rbl_enabled %}
         reject_rbl_client {{ postfix_rbl_list }}
 {% endif %}
@@ -599,13 +596,9 @@ smtpd_client_restrictions =
         permit_sasl_authenticated
 {% endif %}
 {% if postfix_mx_server %}
-        reject_unknown_sender_domain
-        reject_non_fqdn_sender
-        reject_non_fqdn_recipient
-        reject_invalid_hostname
-        reject_unauth_destination
-        reject_unknown_recipient_domain
-        reject_unlisted_recipient
+{% for client_rule in postfix_smtpd_mx_client_restrictions %}
+        {{ client_rule }}
+{% endfor %}
 {% if postfix_rbl_enabled %}
         reject_rbl_client {{ postfix_rbl_list }}
 {% endif %}