diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf
index bb374e7c..60887a47 100644
--- a/postfix/conf/main.cf
+++ b/postfix/conf/main.cf
@@ -31,6 +31,9 @@ relayhost = {{ RELAYHOST }}
 # Recipient delimiter for extended addresses
 recipient_delimiter = {{ RECIPIENT_DELIMITER }}
 
+# Only the front server is allowed to perform xclient
+smtpd_authorized_xclient_hosts={{ FRONT_ADDRESS }}
+
 ###############
 # TLS
 ###############
@@ -75,7 +78,6 @@ smtpd_delay_reject = yes
 # Allowed senders are: the user or one of the alias destinations
 smtpd_sender_login_maps = $virtual_alias_maps
 
-# Helo restrictions are specified for smtp only in master.cf
 # Restrictions for incoming SMTP, other restrictions are applied in master.cf
 smtpd_helo_required = yes
 
diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf
index 8593c0e1..c0f68233 100644
--- a/postfix/conf/master.cf
+++ b/postfix/conf/master.cf
@@ -6,7 +6,6 @@ smtp      inet  n       -       n       -       -       smtpd
 
 # Internal SMTP service
 10025     inet  n       -       n       -       -       smtpd
-  -o smtpd_authorized_xclient_hosts={{ FRONT_ADDRESS }}
   -o smtpd_recipient_restrictions=reject_unlisted_sender,reject_sender_login_mismatch,permit
   -o cleanup_service_name=outclean
 outclean  unix n       -       n       -       0       cleanup