diff --git a/iptables/tasks/main.yml b/iptables/tasks/main.yml
index b27f396..3c6163c 100644
--- a/iptables/tasks/main.yml
+++ b/iptables/tasks/main.yml
@@ -4,18 +4,20 @@
   with_items:
     - iptables
     - iptables-persistent
-  tags:
-    - iptables
+  tags: iptables
 
+- name: Create the /etc/iptables directory when needed
+  file: dest=/etc/iptables state=directory owner=root group=root mode=0755
+  when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6
+  tags: iptables
+  
 - name: Install the IPv4 rules with a different name. Needed by Ubuntu < 12.04
   template: src=iptables-{{ item }}.j2 dest=/etc/iptables/rules owner=root group=root mode=0640
   with_items:
     - rules.v4
   when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6
   notify: Start the iptables service on Ubuntu < 12.04
-  tags:
-    - iptables
-    - iptables_rules
+  tags: [ 'iptables', 'iptables_rules' ]
 
 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On precise
   template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640
@@ -24,9 +26,7 @@
     - rules.v6
   when: is_precise
   notify: Start the iptables service
-  tags:
-    - iptables
-    - iptables_rules
+  tags: [ 'iptables', 'iptables_rules' ]
 
 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On trusty
   template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640
@@ -35,9 +35,7 @@
     - rules.v6
   when: is_trusty
   notify: Start the iptables service
-  tags:
-    - iptables
-    - iptables_rules
+  tags: [ 'iptables', 'iptables_rules' ]
 
 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7
   template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640
@@ -46,9 +44,7 @@
     - rules.v6
   when: is_debian7
   notify: Start the iptables service
-  tags:
-    - iptables
-    - iptables_rules
+  tags: [ 'iptables', 'iptables_rules' ]
 
 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8
   template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640
@@ -57,7 +53,5 @@
     - rules.v6
   when: is_debian8
   notify: Start the netfilter service
-  tags:
-    - iptables
-    - iptables_rules
+  tags: [ 'iptables', 'iptables_rules' ]
 
diff --git a/postfix-relay/tasks/smtp-sasl-auth.yml b/postfix-relay/tasks/smtp-sasl-auth.yml
index 44ccf94..34ef4e0 100644
--- a/postfix-relay/tasks/smtp-sasl-auth.yml
+++ b/postfix-relay/tasks/smtp-sasl-auth.yml
@@ -2,7 +2,10 @@
 - name: Write sasl hash file
   template: src=sasl_passwd.j2 dest=/etc/postfix/sasl_passwd owner=root group=root mode=0400
   when: postfix_use_sasl_auth
-  notify: Update SASL hash
-  tags:
-    - postfix-relay
+  register: update_sasl_hash
+  tags: postfix-relay
 
+- name: Update SASL hash
+  shell: postmap hash:/etc/postfix/sasl_passwd
+  when: ( update_sasl_hash | changed )
+  tags: postfix-relay