diff --git a/default.nix b/default.nix
index c2b353f..b67e9ba 100644
--- a/default.nix
+++ b/default.nix
@@ -804,7 +804,7 @@ in
         Paths to opendkim private keys generated with `opendkim-genkey`,
         indexed by domain name.
         If `null`, then the keys are auto generated.
-        If not `null`, then there must be an entry for every domain in
+        If set, then there must be an entry for every domain in
         {option}`config.mailserver.domains`.
 
         >>> TODO: explain/assert how this interacts with `dkimKeyBits`. would
diff --git a/mail-server/opendkim.nix b/mail-server/opendkim.nix
index e81bf6a..2899b66 100644
--- a/mail-server/opendkim.nix
+++ b/mail-server/opendkim.nix
@@ -27,13 +27,11 @@ let
     let
       dkim_key = "${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key";
       dkim_txt = "${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.txt";
+      dkimPrivateKeyFile = cfg.dkimPrivateKeyFiles.${dom};
     in
       if cfg.dkimPrivateKeyFiles != null then
-        let
-          dkimPrivateKeyFile = cfg.dkimPrivateKeyFiles.${dom};
-        in
         ''
-          if [ ! -f "${dkimPrivateKeyFile}" ]; then
+          if [ ! -e "${dkimPrivateKeyFile}" ]; then
             echo "DKIM keyfile does not exist: ${dkimPrivateKeyFile}"
             exit 1
           fi
@@ -42,7 +40,7 @@ let
         ''
       else
         ''
-          if [ ! -f "${dkim_key}" ]; then
+          if [ ! -e "${dkim_key}" ]; then
               ${pkgs.opendkim}/bin/opendkim-genkey -s "${cfg.dkimSelector}" \
                                                    -d "${dom}" \
                                                    --bits="${toString cfg.dkimKeyBits}" \