diff --git a/charts/mok/Chart.yaml b/charts/mok/Chart.yaml
index 76128f7266064cebd193be9187f46244e3be0ebf..858b97c5fd15b31a8d187b53821b457ce4aa2650 100644
--- a/charts/mok/Chart.yaml
+++ b/charts/mok/Chart.yaml
@@ -3,7 +3,7 @@ name: mok
 description: |
   Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
 type: application
-version: 0.7.1
+version: 0.7.2
 sources:
   - https://de.postfix.org/ftpmirror/index.html
   - https://github.com/dovecot/core
diff --git a/charts/mok/README.md b/charts/mok/README.md
index 7971e50e393fdef5e1dc3ef478a5514dc26c49ab..e177905b6b77701ef173bcbbe59ba1d9c56cb333 100644
--- a/charts/mok/README.md
+++ b/charts/mok/README.md
@@ -1,6 +1,6 @@
 # mok
 
-![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.7.2](https://img.shields.io/badge/Version-0.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
 
@@ -56,7 +56,7 @@ Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that run
 | postfix.hostname | string | `nil` | explicitly set postfix hostname |
 | postfix.image.pullPolicy | string | `"IfNotPresent"` |  |
 | postfix.image.repository | string | `"quay.io/shivering-isles/postfix"` | postfix container image |
-| postfix.image.tag | string | `"0.4.1"` | Overrides the image tag whose default is "latest" |
+| postfix.image.tag | string | `"0.4.2"` | Overrides the image tag whose default is "latest" |
 | postfix.imagePullSecrets | list | `[]` |  |
 | postfix.nodeSelector | object | `{}` |  |
 | postfix.podAnnotations | object | `{}` |  |
diff --git a/charts/mok/values.yaml b/charts/mok/values.yaml
index 4e19505b2904df98e7e4211ba2c684618f635bcf..8639ae59d12de0241c523c0f4f3406c6203a3d6c 100644
--- a/charts/mok/values.yaml
+++ b/charts/mok/values.yaml
@@ -46,7 +46,7 @@ postfix:
     repository: quay.io/shivering-isles/postfix
     pullPolicy: IfNotPresent
     # -- Overrides the image tag whose default is "latest"
-    tag: "0.4.1"
+    tag: "0.4.2"
 
   imagePullSecrets: []
 
diff --git a/images/postfix/.release b/images/postfix/.release
index 802d813b703ec71847e4898dd388e8dd03e06d6d..332fb5fb60a512cd6c359134e8d9076e9c4b30ce 100644
--- a/images/postfix/.release
+++ b/images/postfix/.release
@@ -1 +1 @@
-release=0.4.1
+release=0.4.2
diff --git a/images/postfix/config/main.cf b/images/postfix/config/main.cf
index 41664e2188bfb9d30e114c8213d51c867e6b78c8..108194c9b6068ba496017e75e7b4c939ab0cf45e 100644
--- a/images/postfix/config/main.cf
+++ b/images/postfix/config/main.cf
@@ -123,8 +123,9 @@ smtpd_recipient_restrictions =
         reject_invalid_hostname,
         warn_if_reject reject_unauth_pipelining,
         permit_mynetworks,
-        reject_unverified_recipient,
         reject_unauth_destination,
+        reject_known_sender_login_mismatch,
+        reject_unverified_recipient,
         permit
 
 smtpd_sender_restrictions =
diff --git a/images/postfix/config/master.cf b/images/postfix/config/master.cf
index c0ea1bccb071e92e848f90250120994178bcfbf4..1b14853392112716571a84b165b5d6b265115abf 100644
--- a/images/postfix/config/master.cf
+++ b/images/postfix/config/master.cf
@@ -8,7 +8,6 @@
 smtpd     pass  -       -       -       -       -       smtpd
     -o smtpd_tls_received_header=yes
     -o content_filter=
-    -o smtpd_upstream_proxy_protocol=haproxy
 dnsblog   unix  -       -       -       -       0       dnsblog
 tlsproxy  unix  -       -       -       -       0       tlsproxy
 #smtps     inet  n       -       -       -       -       smtpd
@@ -116,8 +115,13 @@ submission inet  n       -       y       -       -       smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
     -o tls_preempt_cipherlist=yes
-    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+    -o smtpd_sasl_auth_enable=yes
+    -o smtpd_tls_auth_only=yes
+    -o smtpd_reject_unlisted_recipient=no
+    -o smtpd_recipient_restrictions=
+    -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
     -o smtpd_sender_login_maps=lmdb:/srv/tmp/sender-login-maps
+    -o sender_dependent_relayhost_maps=lmdb:/srv/tmp/relayhosts
     -o cleanup_service_name=headers-cleanup
 
 submissions inet  n       -       y       -       -       smtpd
@@ -125,8 +129,13 @@ submissions inet  n       -       y       -       -       smtpd
     -o smtpd_tls_wrappermode=yes
     -o smtpd_tls_security_level=encrypt
     -o tls_preempt_cipherlist=yes
-    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+    -o smtpd_sasl_auth_enable=yes
+    -o smtpd_tls_auth_only=yes
+    -o smtpd_reject_unlisted_recipient=no
+    -o smtpd_recipient_restrictions=
+    -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
     -o smtpd_sender_login_maps=lmdb:/srv/tmp/sender-login-maps
+    -o sender_dependent_relayhost_maps=lmdb:/srv/tmp/relayhosts
     -o cleanup_service_name=headers-cleanup
 
 dovecot   unix  -       n       n       -       -       pipe flags=DRhu