diff --git a/defaults/main.yml b/defaults/main.yml
index c1107f5..a776ba1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,4 +4,5 @@
 #postfix_myorigin: "$mydomain"
 #postfix_mydestination: ""
 #postfix_mynetworks: ""
+#postfix_relay_domains: ""
 #postfix_relayhost: ""
diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2
index 0d1e2fb..4e7ef1c 100644
--- a/templates/etc/postfix/main.cf.j2
+++ b/templates/etc/postfix/main.cf.j2
@@ -123,10 +123,10 @@ mydomain = {{ postfix_mydomain }}
 # myorigin also specifies the default domain name that is appended
 # to recipient addresses that have no @domain part.
 #
-#myorigin = $myhostname
 {% if postfix_myorigin is defined %}
-myorigin = $mydomain
+myorigin = {{ postfix_myorigin }}
 {% else %}
+#myorigin = $myhostname
 #myorigin = $mydomain
 {% endif %}
 
@@ -342,7 +342,11 @@ mynetworks = {% for postfix_network in postfix_mynetworks %}{{ postfix_network }
 # list this system as their primary or backup MX host. See the
 # permit_mx_backup restriction description in postconf(5).
 #
+{% if postfix_relay_domains is defined %}
+relay_domains = {% for postfix_relay_domain in postfix_relay_domains %}{{ postfix_relay_domain }}{% if not loop.last %}, {% endif %}{% endfor %}
+{% else %}
 #relay_domains = $mydestination
+{% endif %}
 
 # INTERNET OR INTRANET
 
@@ -861,7 +865,12 @@ smtpd_helo_required = yes
 # Rejeter tout mail mal formate
 smtpd_helo_restrictions =
     permit_mynetworks,
+    permit_sasl_authenticated,
 #    check_client_access hash:/usr/local/etc/postfix/access,
+#    check_helo_access hash:/etc/postfix/helo_access,
+    reject_invalid_helo_hostname,
+    reject_non_fqdn_helo_hostname,
+    reject_unknown_helo_hostname,
     reject_non_fqdn_hostname
 
 # restrictions d'acces
@@ -870,7 +879,10 @@ smtpd_helo_restrictions =
 smtpd_sender_restrictions =
 #    hash:/etc/postfix/access,
     permit_mynetworks,
+    permit_sasl_authenticated,
     reject_unknown_sender_domain,
+    reject_unknown_reverse_client_hostname,
+    reject_unknown_client_hostname,
     warn_if_reject reject_unverified_sender
 
 smtpd_recipient_restrictions =
@@ -884,7 +896,13 @@ smtpd_recipient_restrictions =
     reject_unauth_pipelining,
     reject_invalid_hostname,
 #    check_policy_service inet:127.0.0.1:10031,
+#    check_policy_service unix:private/policyd-spf,
     check_policy_service unix:postgrey/socket,
+#    check_client_access hash:/etc/postfix/rbl_override,
+#    reject_rhsbl_helo dbl.spamhaus.org,
+#    reject_rhsbl_reverse_client dbl.spamhaus.org,
+#    reject_rhsbl_sender dbl.spamhaus.org,
+#    permit_dnswl_client swl.spamhaus.org,
 #    reject_rbl_client zen.spamhaus.org,
 #    reject_rbl_client korea.services.net,
 #    reject_rbl_client list.dsbl.org,