diff --git a/mail/postfix/src/opnsense/mvc/app/controllers/OPNsense/Postfix/forms/general.xml b/mail/postfix/src/opnsense/mvc/app/controllers/OPNsense/Postfix/forms/general.xml
index 009ee894a..74bd657b2 100644
--- a/mail/postfix/src/opnsense/mvc/app/controllers/OPNsense/Postfix/forms/general.xml
+++ b/mail/postfix/src/opnsense/mvc/app/controllers/OPNsense/Postfix/forms/general.xml
@@ -41,4 +41,52 @@
         <type>text</type>
         <help>The smtpd_banner parameter specifies the text that follows the 220 code in the SMTP server's greeting banner. Default is "'System Hostname' ESMTP Postfix".</help>
     </field>
+    <field>
+        <id>general.reject_unauth_pipelining</id>
+        <label>Reject Unauthenticated Pipelining</label>
+        <type>checkbox</type>
+    </field>
+    <field>
+        <id>general.reject_unknown_sender_domain</id>
+        <label>Reject Unknown Sender Domain</label>
+        <type>checkbox</type>
+        <help>This will reject mails from domains which do not exist.</help>
+    </field>
+    <field>
+        <id>general.reject_unknown_recipient_domain</id>
+        <label>Reject Unknown Recipient Domain</label>
+        <type>checkbox</type>
+    </field>
+    <field>
+        <id>general.reject_non_fqdn_sender</id>
+        <label>Reject Non FQDN Sender</label>
+        <type>checkbox</type>
+        <help>For example senders without a domain or only a hostname.</help>
+    </field>
+    <field>
+        <id>general.reject_non_fqdn_recipient</id>
+        <label>Reject Non FQDN Recipient</label>
+        <type>checkbox</type>
+        <help>For example recipients without a domain or only a hostname.</help>
+    </field>
+    <field>
+        <id>general.permit_sasl_authenticated</id>
+        <label>Permit SASL Authenticated</label>
+        <type>checkbox</type>
+    </field>
+    <field>
+        <id>general.permit_tls_clientcerts</id>
+        <label>Permit TLS Client Certificate Authenticated Users</label>
+        <type>checkbox</type>
+    </field>
+    <field>
+        <id>general.permit_mynetworks</id>
+        <label>Permit My Networks</label>
+        <type>checkbox</type>
+    </field>
+    <field>
+        <id>general.reject_unauth_destination</id>
+        <label>Reject Unauthenticated Destination</label>
+        <type>checkbox</type>
+    </field>
 </form>
diff --git a/mail/postfix/src/opnsense/mvc/app/models/OPNsense/Postfix/General.xml b/mail/postfix/src/opnsense/mvc/app/models/OPNsense/Postfix/General.xml
index 715a781c8..3a79d890a 100644
--- a/mail/postfix/src/opnsense/mvc/app/models/OPNsense/Postfix/General.xml
+++ b/mail/postfix/src/opnsense/mvc/app/models/OPNsense/Postfix/General.xml
@@ -31,5 +31,45 @@
             <default></default>
             <Required>N</Required>
         </banner>
+        <check_recipient_access type="ArrayField">
+        </check_recipient_access>
+        <reject_unauth_pipelining type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </reject_unauth_pipelining>
+        <check_sender_access type="ArrayField">
+        </check_sender_access>
+        <reject_unknown_sender_domain type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </reject_unknown_sender_domain>
+        <reject_unknown_recipient_domain type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </reject_unknown_recipient_domain>
+        <reject_non_fqdn_sender type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </reject_non_fqdn_sender>
+        <reject_non_fqdn_recipient type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </reject_non_fqdn_recipient>
+        <permit_sasl_authenticated type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </permit_sasl_authenticated>
+        <permit_tls_clientcerts type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </permit_tls_clientcerts>
+        <permit_mynetworks type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </permit_mynetworks>
+        <reject_unauth_destination type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </reject_unauth_destination>
     </items>
 </model>
diff --git a/mail/postfix/src/opnsense/scripts/OPNsense/Postfix/setup.sh b/mail/postfix/src/opnsense/scripts/OPNsense/Postfix/setup.sh
index 83d3bf83f..5a153a51e 100755
--- a/mail/postfix/src/opnsense/scripts/OPNsense/Postfix/setup.sh
+++ b/mail/postfix/src/opnsense/scripts/OPNsense/Postfix/setup.sh
@@ -28,3 +28,5 @@ chown -R root:postfix /var/spool/postfix/pid
 
 # Create Transporttable
 postmap /usr/local/etc/postfix/transport
+postmap /usr/local/etc/postfix/recipient_access
+postmap /usr/local/etc/postfix/sender_access
diff --git a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/+TARGETS b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/+TARGETS
index be5ab0c93..3cbe5f21d 100644
--- a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/+TARGETS
+++ b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/+TARGETS
@@ -2,3 +2,5 @@ main.cf:/usr/local/etc/postfix/main.cf
 master.cf:/usr/local/etc/postfix/master.cf
 postfix:/etc/rc.conf.d/postfix
 transport:/usr/local/etc/postfix/transport
+recipient_access:/usr/local/etc/postfix/recipient_access
+sender_access:/usr/local/etc/postfix/sender_access
diff --git a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf
index 553604631..3c16140c1 100644
--- a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf
+++ b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf
@@ -72,4 +72,46 @@ milter_mail_macros =  i {mail_addr} {client_addr} {client_name} {auth_authen}
 milter_default_action = accept
 {% endif %}
 
+{# Sender Restrictions #}
+{% set smtpd_recipient_restrictions=[] %}
+{% if helpers.exists('OPNsense.postfix.general.check_recipient_access') %}
+{% do smtpd_recipient_restrictions.append('check_recipient_access hash:/usr/local/etc/postfix/recipient_access') %}
+{% endif %}
+{% if helpers.exists('OPNsense.postfix.general.reject_unauth_pipelining') and OPNsense.postfix.general.reject_unauth_pipelining == '1' %}
+{% do smtpd_recipient_restrictions.append('reject_unauth_pipelining') %}
+{% endif %}
+{% if helpers.exists('OPNsense.postfix.general.check_sender_access') %}
+{% do smtpd_recipient_restrictions.append('check_sender_access hash:/usr/local/etc/postfix/sender_access') %}
+{% endif %}
+{% if helpers.exists('OPNsense.postfix.general.reject_unknown_sender_domain') and OPNsense.postfix.general.reject_unknown_sender_domain == '1' %}
+{% do smtpd_recipient_restrictions.append('reject_unknown_sender_domain') %}
+{% endif %}
+{% if helpers.exists('OPNsense.postfix.general.reject_unknown_recipient_domain') and OPNsense.postfix.general.reject_unknown_recipient_domain == '1' %}
+{% do smtpd_recipient_restrictions.append('reject_unknown_recipient_domain') %}
+{% endif %}
+{% if helpers.exists('OPNsense.postfix.general.reject_non_fqdn_sender') and OPNsense.postfix.general.reject_non_fqdn_sender == '1' %}
+{% do smtpd_recipient_restrictions.append('reject_non_fqdn_sender') %}
+{% endif %}
+{% if helpers.exists('OPNsense.postfix.general.reject_non_fqdn_recipient') and OPNsense.postfix.general.reject_non_fqdn_recipient == '1' %}
+{% do smtpd_recipient_restrictions.append('reject_non_fqdn_recipient') %}
+{% endif %}
+{% if helpers.exists('OPNsense.postfix.general.permit_sasl_authenticated') and OPNsense.postfix.general.permit_sasl_authenticated == '1' %}
+{% do smtpd_recipient_restrictions.append('permit_sasl_authenticated') %}
+{% endif %}
+{% if helpers.exists('OPNsense.postfix.general.permit_tls_clientcerts') and OPNsense.postfix.general.permit_tls_clientcerts == '1' %}
+{% do smtpd_recipient_restrictions.append('permit_tls_clientcerts') %}
+{% endif %}
+{% if helpers.exists('OPNsense.postfix.general.permit_mynetworks') and OPNsense.postfix.general.permit_mynetworks == '1' %}
+{% do smtpd_recipient_restrictions.append('permit_mynetworks') %}
+{% endif %}
+{% if helpers.exists('OPNsense.postfix.general.reject_unauth_destination') and OPNsense.postfix.general.reject_unauth_destination == '1' %}
+{% do smtpd_recipient_restrictions.append('reject_unauth_destination') %}
+{% endif %}
+
+{% if smtpd_recipient_restrictions|length >= 1 %}
+smtpd_recipient_restrictions = {{ smtpd_recipient_restrictions | join(', ') }}
+{% endif %}
+
+smtpd_helo_required = yes
+
 {% endif %}
diff --git a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/recipient_access b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/recipient_access
new file mode 100644
index 000000000..c82b63b8b
--- /dev/null
+++ b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/recipient_access
@@ -0,0 +1,4 @@
+{% if helpers.exists('OPNsense.postfix.general.enabled') and OPNsense.postfix.general.enabled == '1' %}
+{%   if helpers.exists('OPNsense.postfix.general.check_recipient_access') %}
+{%   endif %}
+{% endif %}
diff --git a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/sender_access b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/sender_access
new file mode 100644
index 000000000..c82b63b8b
--- /dev/null
+++ b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/sender_access
@@ -0,0 +1,4 @@
+{% if helpers.exists('OPNsense.postfix.general.enabled') and OPNsense.postfix.general.enabled == '1' %}
+{%   if helpers.exists('OPNsense.postfix.general.check_recipient_access') %}
+{%   endif %}
+{% endif %}