diff --git a/integration-tests/basic-test/docker-compose.yml b/integration-tests/basic-test/docker-compose.yml
index ea492cf..7556f3f 100644
--- a/integration-tests/basic-test/docker-compose.yml
+++ b/integration-tests/basic-test/docker-compose.yml
@@ -25,7 +25,7 @@ services:
       - "../tester:/code"
     build:
       context: ../tester
-    command: "/"
+    command: "/" # relative path to /code
     environment:
       FROM: "demo@example.org"
       TO: "test@gmail.com"
\ No newline at end of file
diff --git a/integration-tests/deprecated/docker-compose.yml b/integration-tests/deprecated/docker-compose.yml
index 82432fd..80cc23b 100644
--- a/integration-tests/deprecated/docker-compose.yml
+++ b/integration-tests/deprecated/docker-compose.yml
@@ -26,7 +26,7 @@ services:
       - "../tester:/code"
     build:
       context: ../tester
-    command: "/"
+    command: "/" # relative path to /code
     environment:
       FROM: "demo@example.org"
       TO: "test@gmail.com"
diff --git a/integration-tests/generate-dkim-keys/docker-compose.yml b/integration-tests/generate-dkim-keys/docker-compose.yml
index 16f3496..0f11ba4 100644
--- a/integration-tests/generate-dkim-keys/docker-compose.yml
+++ b/integration-tests/generate-dkim-keys/docker-compose.yml
@@ -24,7 +24,7 @@ services:
       - "../tester:/code"
     build:
       context: ../tester
-    command: "/"
+    command: "/" # relative path to /code
     environment:
       FROM: "demo@example.org"
       TO: "test@gmail.com"
\ No newline at end of file
diff --git a/integration-tests/no-dkim-test/docker-compose.yml b/integration-tests/no-dkim-test/docker-compose.yml
index d8b8bd6..3b415d4 100644
--- a/integration-tests/no-dkim-test/docker-compose.yml
+++ b/integration-tests/no-dkim-test/docker-compose.yml
@@ -26,7 +26,7 @@ services:
       - "../tester:/code"
     build:
       context: ../tester
-    command: "/"
+    command: "/" # relative path to /code
     environment:
       FROM: "demo@example.org"
       TO: "test@gmail.com"
diff --git a/integration-tests/non-allowed-networks/docker-compose.yml b/integration-tests/non-allowed-networks/docker-compose.yml
new file mode 100644
index 0000000..041f004
--- /dev/null
+++ b/integration-tests/non-allowed-networks/docker-compose.yml
@@ -0,0 +1,32 @@
+version: '3.7'
+services:
+  postfix_test_587:
+    hostname: "postfix"
+    image: "boky/postfix"
+    build:
+      context: ../..
+    restart: always
+    healthcheck:
+      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 587 | fgrep -q LISTEN" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    environment:
+      FORCE_COLOR: "1"
+      ALLOWED_SENDER_DOMAINS: "example.org"
+      POSTFIX_mynetworks: "1.1.1.1/32"
+      POSTFIX_smtpd_end_of_data_restrictions: "check_client_access static:discard"
+      LOG_FORMAT: "json"
+  tests:
+    image: "boky/postfix-integration-test"
+    restart: "no"
+    volumes:
+      - ".:/code"
+    build:
+      context: ../tester
+    command: "/"
+    environment:
+      FROM: "demo@example.org"
+      TO: "test@gmail.com"
+      SKIP_INVALID_DOMAIN_SEND: "1"
\ No newline at end of file
diff --git a/integration-tests/non-allowed-networks/test.bats b/integration-tests/non-allowed-networks/test.bats
new file mode 100755
index 0000000..3d53426
--- /dev/null
+++ b/integration-tests/non-allowed-networks/test.bats
@@ -0,0 +1,25 @@
+#!/usr/bin/env bats
+
+FROM=$1
+TO=$2
+
+if [ -z "$FROM" ]; then
+    FROM="demo@example.org"
+fi
+
+if [ -z "$TO" ]; then
+    TO="test@gmail.com"
+fi
+
+# Wait for postfix to startup
+wait-for-service -q tcp://postfix_test_587:587
+
+SMTP_DATA="-smtp postfix_test_587 -port 587"
+
+@test "Make sure postfix rejects the message from us" {
+	! mailsend \
+		-sub "Test email 1" $SMTP_DATA \
+			-from "$FROM" -to "$TO" \
+		body \
+			-msg "Hello world!\nThis is a simple test message!"
+}
diff --git a/scripts/common-run.sh b/scripts/common-run.sh
index 82fcfe4..d214477 100644
--- a/scripts/common-run.sh
+++ b/scripts/common-run.sh
@@ -71,8 +71,12 @@ postfix_restrict_message_size() {
 postfix_reject_invalid_helos() {
 	do_postconf -e smtpd_delay_reject=yes
 	do_postconf -e smtpd_helo_required=yes
+	# Fast reject -- reject straight away when the client is connecting
+	do_postconf -e "smtpd_client_restrictions=permit_mynetworks,reject"
+	# Reject / accept on EHLO / HELO command
 	do_postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit"
-	do_postconf -e "smtpd_sender_restrictions=permit_mynetworks"
+	# Delayed reject -- reject on MAIL FROM command. Not strictly neccessary to have both, but doesn't hurt
+	do_postconf -e "smtpd_sender_restrictions=permit_mynetworks,reject"
 }
 
 postfix_set_hostname() {
diff --git a/unit-tests/Dockerfile b/unit-tests/Dockerfile
index 9c70e2e..bf8f3db 100644
--- a/unit-tests/Dockerfile
+++ b/unit-tests/Dockerfile
@@ -13,5 +13,4 @@ RUN        apk add --no-cache bash bats && \
 
 WORKDIR    /code
 ENTRYPOINT ["/usr/bin/bats"]
-
 CMD        ["-v"]
\ No newline at end of file
diff --git a/unit-tests/dkim_auto_generate.bats b/unit-tests/dkim_auto_generate.bats
index c770ce8..987c8e7 100644
--- a/unit-tests/dkim_auto_generate.bats
+++ b/unit-tests/dkim_auto_generate.bats
@@ -19,4 +19,4 @@ chown -R opendkim:opendkim /etc/opendkim
 
     su opendkim -s /bin/bash -c 'cat /etc/opendkim/keys/example.org.private' > /dev/null
     su opendkim -s /bin/bash -c 'cat /etc/opendkim/keys/example.org.txt' > /dev/null
-}
\ No newline at end of file
+}