diff --git a/configuration.nix b/configuration.nix
index e35471a..6496f03 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -43,6 +43,7 @@
     less
     killall
     screen
+    inetutils
   ];
 
   users.users.jaina = {
diff --git a/postfix.nix b/postfix.nix
index e7a1f5c..787aba5 100644
--- a/postfix.nix
+++ b/postfix.nix
@@ -3,8 +3,11 @@
 {
   networking.firewall.extraCommands = let user = config.services.postfix.user;
   in ''
-    iptables -I OUTPUT -m owner ! --uid-owner ${user} -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp-admin-prohibited
-    ip6tables -I OUTPUT -m owner ! --uid-owner ${user} -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp6-adm-prohibited
+    iptables -A OUTPUT -m owner ! --uid-owner ${user} -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp-admin-prohibited
+    ip6tables -A OUTPUT -m owner ! --uid-owner ${user} -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp6-adm-prohibited
+
+    iptables -I OUTPUT -m tcp -p tcp --dport 25 -d 127.0.0.1 -j ACCEPT
+    ip6tables -I OUTPUT -m tcp -p tcp --dport 25 -d 127.0.0.1 -j ACCEPT
   '';
 
   services.postfix = {