diff --git a/postfix.nix b/postfix.nix
index 62117bd..787aba5 100644
--- a/postfix.nix
+++ b/postfix.nix
@@ -1,28 +1,13 @@
 { pkgs, config, ... }:
 
 {
-  # Prevent outgoing connections to email ports from users other than postfix
-  # unless the destination is localhost
-  networking.firewall.extraCommands = let
-    user = config.services.postfix.user;
-    makeRules = port:
-      let p = builtins.toString port;
-      in ''
-        iptables -A OUTPUT -m owner ! --uid-owner ${user} -m tcp -p tcp --dport ${p} -j REJECT --reject-with icmp-admin-prohibited
-        ip6tables -A OUTPUT -m owner ! --uid-owner ${user} -m tcp -p tcp --dport ${p} -j REJECT --reject-with icmp6-adm-prohibited
+  networking.firewall.extraCommands = let user = config.services.postfix.user;
+  in ''
+    iptables -A OUTPUT -m owner ! --uid-owner ${user} -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp-admin-prohibited
+    ip6tables -A OUTPUT -m owner ! --uid-owner ${user} -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp6-adm-prohibited
 
-        iptables -I OUTPUT -m tcp -p tcp --dport ${p} -d 127.0.0.1 -j ACCEPT
-        ip6tables -I OUTPUT -m tcp -p tcp --dport ${p} -d ::1 -j ACCEPT
-      '';
-  in builtins.concatStringsSep "\n"
-  (builtins.map makeRules [ 25 587 465 2525 ]);
-  # The following is necessary to prevent the above rules from being added at every nixos-rebuild switch.
-  # See link for more info
-  # https://github.com/NixOS/nixpkgs/issues/201614
-  # Flush the firewall rules
-  networking.firewall.extraStopCommands = ''
-    iptables -F
-    ip6tables -F
+    iptables -I OUTPUT -m tcp -p tcp --dport 25 -d 127.0.0.1 -j ACCEPT
+    ip6tables -I OUTPUT -m tcp -p tcp --dport 25 -d 127.0.0.1 -j ACCEPT
   '';
 
   services.postfix = {