diff --git a/postfix/files/master.cf b/postfix/files/master.cf
index 541b4429afefbc98673e6df237365fe969b79c9f..82c310bd34c9f341eae7416395b7f67ceb168150 100644
--- a/postfix/files/master.cf
+++ b/postfix/files/master.cf
@@ -11,11 +11,11 @@ dovecot   unix  -       n       n       -       -       pipe
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
-smtp      inet  n       -       y       -       -       smtpd
-#smtp      inet  n       -       y       -       1       postscreen
-#smtpd     pass  -       -       y       -       -       smtpd
-#dnsblog   unix  -       -       y       -       0       dnsblog
-#tlsproxy  unix  -       -       y       -       0       tlsproxy
+#smtp      inet  n       -       y       -       -       smtpd
+smtp      inet  n       -       y       -       1       postscreen
+smtpd     pass  -       -       y       -       -       smtpd
+dnsblog   unix  -       -       y       -       0       dnsblog
+tlsproxy  unix  -       -       y       -       0       tlsproxy
 submission inet n       -       y       -       -       smtpd 
 #  -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_security_options=noanonymous
diff --git a/postfix/files/postscreen_whitelist b/postfix/files/postscreen_whitelist
new file mode 100644
index 0000000000000000000000000000000000000000..887c952d74ae36452737bd4e1986745d42f85dce
--- /dev/null
+++ b/postfix/files/postscreen_whitelist
@@ -0,0 +1,16 @@
+# Django : 2014-10-29
+# access-Tabelle: Wer wird von postscreen ausgenommen und wer nicht?
+# Tabelle zum black- und whitelisten einzelner Hosts auf Basis ihrer 
+# IP-Adressen. In der rechten Tabellenspalte können die AKtionen 
+# "permit", "reject" und "dunno" gesetzt werden.
+# Nach dem Ändern und/oder Erweitern der Tabelle, muß ein
+# laufender Postfix über die Änderungen mit einem reload informiert 
+# werden: 
+#             $ systemctl reload postfix.service
+#
+# Es muss hier keine Datenbank mit postmap erzeugt werden, da 
+# Postfix die ASCII-Konfigurationsdatei direkt auswertet!
+#
+
+# roughly the RWTH network for the e-mail servers 
+134.130.5.32/27               permit                                                                                                                                                                                                                                   
diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml
index e209ea52fab4a42d4d7a9b19de27c9e1f76a7204..c884334d14ad88ad1a5ddd10ee304a39aec0080a 100644
--- a/postfix/tasks/main.yml
+++ b/postfix/tasks/main.yml
@@ -16,6 +16,7 @@
     - login_maps.pcre
     - master.cf
     - sender_login_map.hash
+    - postscreen_whitelist
   notify: 
     - restart postfix
   tags:
diff --git a/postfix/templates/main.cf.j2 b/postfix/templates/main.cf.j2
index ffec55eaf8edfa54c3a781e786731e353e2a23c9..ad580a7c1a5e5a574a8e3becfc80e3fa7a9b1a21 100644
--- a/postfix/templates/main.cf.j2
+++ b/postfix/templates/main.cf.j2
@@ -61,3 +61,60 @@ virtual_gid_maps = static:5000
 virtual_alias_maps = hash:/etc/postfix/virtual
 #smtpd_sender_login_maps = hash:/etc/postfix/sender_login_map
 smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
+
+################################################################################
+## POSTSCREEN - ERSTE STUFE DER SPAM/UCE/VIREN-ABWEHRMECHANISMEN
+#
+# Django : 2014-10-29 - PERMANENT WHITE/BLACKLIST TEST
+# default: postscreen_access_list = permit_mynetworks
+postscreen_access_list = permit_mynetworks
+                         cidr:/etc/postfix/postscreen_whitelist
+#
+# default: postscreen_blacklist_action = ignore
+postscreen_blacklist_action = drop
+ 
+ 
+# Django : 2014-10-29 - MAIL EXCHANGER POLICY TESTS
+# default: postscreen_whitelist_interfaces = static:all
+ 
+# Django : 2014-10-29 - PRE 220 GREETING TESTS
+#
+# default: postscreen_greet_banner = $smtpd_banner
+#
+# default: postscreen_greet_action = ignore
+postscreen_greet_action = enforce
+ 
+# default: postscreen_dnsbl_threshold = 1
+postscreen_dnsbl_threshold = 2
+#
+# default: postscreen_dnsbl_sites =
+postscreen_dnsbl_sites = zen.spamhaus.org*1
+                         bl.spamcop.net*1
+                         b.barracudacentral.org*1
+                         #swl.spamhaus.org*2
+			 list.dnswl.org*-5
+#                        
+# default: postscreen_dnsbl_action = ignore
+postscreen_dnsbl_action = enforce
+ 
+ 
+# Django : 2014-10-29 - POST 220 GREETING TESTS
+#
+# default: postscreen_dnsbl_whitelist_threshold = 0
+postscreen_dnsbl_whitelist_threshold = -1
+#
+# default: postscreen_pipelining_enable = no
+postscreen_pipelining_enable = yes
+#
+# default: postscreen_pipelining_action = enforce
+#
+# default: postscreen_non_smtp_command_enable = no
+postscreen_non_smtp_command_enable = yes
+# default: postscreen_non_smtp_command_action = drop
+#
+# default: postscreen_bare_newline_enable = no
+postscreen_bare_newline_enable = yes
+#
+# default: postscreen_bare_newline_action = ignore
+postscreen_bare_newline_action = drop
+#