diff --git a/roles/mail/files/main.cf b/roles/mail/files/main.cf
index 3214888..5234e32 100644
--- a/roles/mail/files/main.cf
+++ b/roles/mail/files/main.cf
@@ -53,7 +53,7 @@ smtpd_sender_login_maps=hash:/etc/postfix/enabled_senders
 smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policyd-spf,check_sender_access hash:/etc/postfix/sender_blacklist
 #smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject_unauth_destination,check_sender_access hash:/etc/postfix/sender_blacklist
 #smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_sender
-smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch,reject_non_fqdn_sender,permit_sasl_authenticated
+smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch,reject_non_fqdn_sender,check_sender_access hash:/etc/postfix/sender_access,permit_sasl_authenticated
 
 # USER mappings (not reliant on unix users)
 
diff --git a/roles/mail/files/sender_access b/roles/mail/files/sender_access
new file mode 100644
index 0000000..6ef14b7
--- /dev/null
+++ b/roles/mail/files/sender_access
@@ -0,0 +1 @@
+rejected-send@atlantishq.de REJECT
diff --git a/roles/mail/handlers/main.yml b/roles/mail/handlers/main.yml
new file mode 100644
index 0000000..1e8624a
--- /dev/null
+++ b/roles/mail/handlers/main.yml
@@ -0,0 +1,12 @@
+- name: postmap all
+  shell:
+    cmd: "/usr/sbin/postmap {{ item }}"
+    chdir: "/etc/postfix/"
+  with_items:
+    - sender_access
+    - enabled_senders
+    - relocated
+    - sender_blacklist
+    - tls_policy
+    - transport
+    - virtual
diff --git a/roles/mail/tasks/main.yaml b/roles/mail/tasks/main.yaml
index e44af6f..f6f6341 100644
--- a/roles/mail/tasks/main.yaml
+++ b/roles/mail/tasks/main.yaml
@@ -26,7 +26,10 @@
     - transport
     - virtual
     - header_checks
-  notify: restart postfix
+    - sender_access
+  notify:
+    - postmap all
+    - restart postfix
 
 - name: Deploy dmark/opendkim config (main)
   copy: