diff --git a/roles/mail_forwarder/templates/main.cf.j2 b/roles/mail_forwarder/templates/main.cf.j2
index 7decd6e798f338efc12b5839f872fbc2b50c5df4..e37f5ff3c05d4e939d1e4e3f3edc81ffe4b94afa 100644
--- a/roles/mail_forwarder/templates/main.cf.j2
+++ b/roles/mail_forwarder/templates/main.cf.j2
@@ -52,3 +52,7 @@ smtp_host_lookup = dns, native
 
 # Explicitly set maximum allowed mail size that should be accepted.
 message_size_limit = {{ mail_message_size_limit }}
+
+# Allow relaying only from trusted networks. Do not relay mails for
+# domains for which the mail server is not responsible.
+smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination