diff --git a/library/roles/iptables/templates/iptables-rules.v4.j2 b/library/roles/iptables/templates/iptables-rules.v4.j2
index b6360ec9..8520f085 100644
--- a/library/roles/iptables/templates/iptables-rules.v4.j2
+++ b/library/roles/iptables/templates/iptables-rules.v4.j2
@@ -243,7 +243,9 @@
 #
 # These are only needed on the machines that act as relay servers
 #
--A INPUT -p tcp -m multiport --dports 25,587,465 -s {{ network.nmis }} -j ACCEPT
+{% for cidr in postfix_relay_server_permitted_networks %}
+-A INPUT -p tcp -m multiport --dports 25,587,465 -s {{ cidr }} -j ACCEPT
+{% endfor %}
 -A INPUT -p tcp -m multiport --dports 25,587,465 -j REJECT --reject-with icmp-host-prohibited
 -A OUTPUT -p tcp -m multiport --dports 25,587,465 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
 {% if postfix_use_relay_host is defined and postfix_use_relay_host %}