diff --git a/Python/etc/postfix/main.cf b/Python/etc/postfix/main.cf
index a1af9ba..d46b8ee 100644
--- a/Python/etc/postfix/main.cf
+++ b/Python/etc/postfix/main.cf
@@ -203,9 +203,9 @@ tls_daemon_random_source = "dev:/dev/urandom"
 
 if main:
     @# Authentification SASL pour relayer du mail
-    smtpd_sasl_auth_enable = True
+    @smtpd_sasl_auth_enable=yes
     @# Auth que si tls pour eviter des pass en clair sur le reseau
-    smtpd_tls_auth_only = True
+    @smtpd_tls_auth_only=yes
 
 @# +--------------------------+
 @# | Filtrages et limitations |
@@ -213,16 +213,13 @@ if main:
 
 if main:
     @# Filtrage sur les sources de connexions
-    print "smtpd_client_restrictions = permit_mynetworks"
-    #print "    reject_rbl_client dnsbl.ahbl.org"
-    #print "    reject_rbl_client dnsbl.njabl.org"
-    #print "    reject_rbl_client dnsbl.inps.de"
+    @smtpd_client_restrictions=permit_mynetworks
     @
     @#
     @# Requiring this will stop some UCE software. 
     @# (UCE = Unsolicited Commercial Email = SPAM)
     @#
-    smtpd_require_helo = "yes"
+    @smtpd_require_helo=yes
     @
     @# Reject the request when the client HELO or EHLO parameter has a bad hostname syntax.
     @# reject_unknown_hostname value not recommended, because it may causes mail losting.
@@ -238,20 +235,20 @@ if main:
      
 @## Limitation des messages envoyés par minute
 @# On n'ignore que les messages venant d'adresses "protégées"
-smtpd_client_event_limit_exceptions = local_networks
+@smtpd_client_event_limit_exceptions=local_networks
 if mx:
     add(adm_networks)
 
 @# On limite à 10 messages par minute
-smtpd_client_message_rate_limit = 10
+@smtpd_client_message_rate_limit=10
 
 @## Filtrage au MAIL FROM
 @# Rejet si le domaine de l'envoyeur n'est pas dans un DNS
-smtpd_sender_restrictions = "reject_unknown_sender_domain"
+@smtpd_sender_restrictions=reject_unknown_sender_domain
 
 @## Filtrage au RCPT TO
 @# permet si le client est dans le reseau local
-smtpd_recipient_restrictions = "permit_mynetworks"
+@smtpd_recipient_restrictions=permit_mynetworks
 @# rejette les recipients sans nom de domaine totalement qualifie
 add("reject_non_fqdn_recipient")
 if main:
@@ -294,4 +291,36 @@ if not secondary:
     relayhost = "[ovh.adm.crans.org]:25"
 
 if has("titanic"):
-    @relayhost = "[ovh.adm.crans.org]:25"
+    @relayhost=[ovh.adm.crans.org]:25
+
+@# PostScreen configuration
+@# Access List
+@postscreen_access_list = cidr:/etc/postfix/postscreen_access.cidr
+@## Tu es blacklisté ? VTFF
+@postscreen_blacklist_action = drop
+@
+@# Bannière d'accueil multi valuée
+@postscreen_greet_banner = Bienvenue au crans, veuillez patienter quelques secondes.
+@## On fait semblant d'aller à RCPT TO, puis poubelle
+@postscreen_greet_action = enforce 
+@
+@# RBL, le retour
+@postscreen_dnsbl_sites =
+@    zen.spamhaus.org*2
+@    dnsbl.inps.de*2
+@    dnsbl.ahbl.org
+@    b.barracudacentral.org
+@
+@# Score >= 3 ? Bye bye
+@postscreen_dnsbl_threshold = 3
+@postscreen_dnsbl_action = enforce
+@
+@# Filtre utilisé par postfix, mis en amont via postscreen
+@postscreen_non_smtp_command_enable = yes
+@postscreen_non_smtp_command_action = enforce
+@
+@postscreen_bare_newline_enable = yes
+@postscreen_bare_newline_action = enforce
+@
+@postscreen_pipelining_enable = yes
+@postscreen_pipelining_action = enforce
diff --git a/Python/etc/postfix/master.cf b/Python/etc/postfix/master.cf
index 1bd00fd..21be67a 100644
--- a/Python/etc/postfix/master.cf
+++ b/Python/etc/postfix/master.cf
@@ -95,24 +95,24 @@ if has("titanic"):
 @# service type	private	unpriv	chroot	wakeup	maxproc	command + args
 @# 		(yes)	(yes)	(yes)	(never)	(50)
 @# ==========================================================================
+@smtp      inet  n       -       -       -       1       postscreen
+@smtpd     pass  -       -       -       -       -       smtpd
+if tracker:
+    @  -o receive_override_options=no_address_mappings
+@dnsblog   unix  -       -       -       -       0       dnsblog
 if main:
-    @smtp      inet  n       -       -       -       -       smtpd
+    @submission inet n       -       -       -       -       smtpd
+    @  -o smtpd_tls_security_level=encrypt
+    @  -o smtpd_sasl_auth_enable=yes
+    @  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+    @  -o milter_macro_daemon_name=ORIGINATING
     @smtps     inet  n       -       -       -       -       smtpd
     @  -o smtpd_tls_wrappermode=yes
     @  -o smtpd_sasl_auth_enable=yes
     @  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-elif tracker:
-    @smtp      inet  n       -       -       -       -       smtpd
-    @  -o receive_override_options=no_address_mappings
-else:
-    if has("titanic"):
-        print ext + ":smtp inet	n	-	-	-	-	smtpd"
-    print pub + ":smtp inet	n	-	-	-	-	smtpd"
-    print adm + ":smtp inet	n	-	-	-	-	smtpd"
     if not public:
         print "  -o content_filter=lmtp:[amavis.adm.crans.org]:10024"
-    print loc + ":smtp inet	n	-	-	-	-	smtpd"
-#628	  inet	n	-	-	-	-	qmqpd
+@#628	  inet	n	-	-	-	-	qmqpd
 @pickup   fifo	n	-	-	60	1	pickup
 @cleanup  unix	n	-	-	-	0	cleanup
 @qmgr     fifo	n	-	-	300	1	qmgr
@@ -159,8 +159,6 @@ if has("news"):
 @  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store $${nexthop} $${user} $${extension}
 
 @# only used by postfix-tls
-@smtps	  inet	n	-	-	-	-	smtpd -o smtpd_tls_wrappermode=yes
-@587	  inet	n	-	-	-	-	smtpd -o smtpd_enforce_tls=yes
 @tlsmgr    unix  -       -       n       300     1       tlsmgr
 
 if users:
diff --git a/Python/etc/postfix/postscreen_access.cidr b/Python/etc/postfix/postscreen_access.cidr
new file mode 100644
index 0000000..57385c4
--- /dev/null
+++ b/Python/etc/postfix/postscreen_access.cidr
@@ -0,0 +1,3 @@
+127.0.0.1           permit
+138.231.0.0/16      permit
+10.231.136.0/24     permit