diff --git a/mail_system.yml b/mail_system.yml
index a589330..3d51a18 100644
--- a/mail_system.yml
+++ b/mail_system.yml
@@ -25,6 +25,7 @@
 #         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 #   postfix:
 #     overwrite_config: no
+#     reject_sender_login_mismatch: yes
 #     mynetworks: "10.0.0.0/24 [2a01:XXXX:XXXX:XXXX::]/64"
 #   dovecot:
 #     auth_default_realm: mymaindomain.org
diff --git a/mail_system/templates/postfix/master.cf b/mail_system/templates/postfix/master.cf
index 6c2fc0a..65fb6c2 100644
--- a/mail_system/templates/postfix/master.cf
+++ b/mail_system/templates/postfix/master.cf
@@ -140,7 +140,7 @@ submission inet n - y - - smtpd
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sender_login_maps=pgsql:/etc/postfix/email_existence_check.cf
- -o smtpd_sender_restrictions=reject_sender_login_mismatch
- -o smtpd_sasl_local_domain=$myhostname
+{% if mailserver.postfix.reject_sender_login_mismatch is not defined or mailserver.postfix.reject_sender_login_mismatch %} -o smtpd_sender_restrictions=reject_sender_login_mismatch
+{% endif %} -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject