diff --git a/Changes.md b/Changes.md
index 21c2f0008..202a665cf 100644
--- a/Changes.md
+++ b/Changes.md
@@ -9,11 +9,13 @@
 - use address-rfc2821 2.0.0
 - http: use CDN for bootstrap/jquery, drop bower #2891
 - drop support for node 10  #2890
+- outbound: disable outbound to localhost by default #2952
 
 ### New features
 
 - tls: require secure and verified sockets for configured hosts/domains
 - tls: add `no_starttls_ports` - an array of incoming ports where STARTTLS is not advertised
+- outbound: add local_mx_ok config #2952
 
 ### Fixes
 
diff --git a/docs/Outbound.md b/docs/Outbound.md
index 0983cce53..a575f969c 100644
--- a/docs/Outbound.md
+++ b/docs/Outbound.md
@@ -95,6 +95,12 @@ Set this to `0` to completely disable the pooling code.
 This value determines how many concurrent connections can be made to a single
 IP address (destination) in the pool. Default: 10 connections.
 
+* `local_mx_ok`
+
+Default: false. By default, outbound to a local IP is disabled, to avoid creating 
+outbound loops. Set this to true if you want to allow outbound to local IPs. 
+This could be useful if you want to deliver mail to localhost on another port.
+
 ### outbound.bounce\_message
 
 See "Bounce Messages" below for details.
diff --git a/outbound/config.js b/outbound/config.js
index f8dec7a2e..a339066aa 100644
--- a/outbound/config.js
+++ b/outbound/config.js
@@ -9,6 +9,7 @@ function load_config () {
             '-always_split',
             '+enable_tls',
             '-ipv6_enabled',
+            '-local_mx_ok',
         ],
     }, () => {
         load_config();
diff --git a/outbound/mx_lookup.js b/outbound/mx_lookup.js
index 2e4ca688b..c985191e7 100644
--- a/outbound/mx_lookup.js
+++ b/outbound/mx_lookup.js
@@ -3,6 +3,8 @@
 const dns         = require('dns');
 const net_utils   = require('haraka-net-utils')
 
+const obc         = require('./config');
+
 exports.lookup_mx = function lookup_mx (domain, cb) {
     const mxs = [];
 
@@ -33,8 +35,10 @@ exports.lookup_mx = function lookup_mx (domain, cb) {
         }
         else if (addresses && addresses.length) {
             for (let i=0,l=addresses.length; i < l; i++) {
-                const mx = wrap_mx(addresses[i]);
-                mxs.push(mx);
+                if (obc.cfg.local_mx_ok || !net_utils.is_local_ip(addresses[i].exchange)) {
+                    const mx = wrap_mx(addresses[i]);
+                    mxs.push(mx);
+                }
             }
             cb(null, mxs);
         }