diff --git a/default.nix b/default.nix
index ad6a53a..4d9b68b 100644
--- a/default.nix
+++ b/default.nix
@@ -41,7 +41,15 @@ in
       type = types.listOf types.str;
       example = [ "example.com" ];
       default = [];
-      description = "The domains that this mail server serves.";
+      description = "The domains that this mail server serves and provides an mailbox.";
+    };
+
+    relayDomains = mkOption {
+      type = types.listOf types.str;
+      example = [ "lists.example.com" ];
+      default = [];
+      defaultText = lib.literalExpression "config.mailserver.domains";
+      description = "The domains that this mail server relays.";
     };
 
     certificateDomains = mkOption {
@@ -1334,4 +1342,8 @@ in
     ./mail-server/kresd.nix
     ./mail-server/post-upgrade-check.nix
   ];
+
+  config = {
+     mailserver.relayDomains = cfg.domains;
+  };
 }
diff --git a/mail-server/opendkim.nix b/mail-server/opendkim.nix
index cdb283c..5fd096d 100644
--- a/mail-server/opendkim.nix
+++ b/mail-server/opendkim.nix
@@ -41,13 +41,13 @@ let
               echo "Generated key for domain ${dom} selector ${cfg.dkimSelector}"
           fi
         '';
-  createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.domains);
+  createAllCerts = lib.concatStringsSep "\n" (map createDomainDkimCert cfg.relayDomains);
 
   keyTable = pkgs.writeText "opendkim-KeyTable"
-    (lib.concatStringsSep "\n" (lib.flip map cfg.domains
+    (lib.concatStringsSep "\n" (lib.flip map cfg.relayDomains
       (dom: "${dom} ${dom}:${cfg.dkimSelector}:${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key")));
   signingTable = pkgs.writeText "opendkim-SigningTable"
-    (lib.concatStringsSep "\n" (lib.flip map cfg.domains (dom: "${dom} ${dom}")));
+    (lib.concatStringsSep "\n" (lib.flip map cfg.relayDomains (dom: "${dom} ${dom}")));
 
   dkim = config.services.opendkim;
   args = [ "-f" "-l" ] ++ lib.optionals (dkim.configFile != null) [ "-x" dkim.configFile ];
@@ -58,7 +58,7 @@ in
         enable = true;
         selector = cfg.dkimSelector;
         keyPath = cfg.dkimKeyDirectory;
-        domains = "csl:${builtins.concatStringsSep "," cfg.domains}";
+        domains = "csl:${builtins.concatStringsSep "," cfg.relayDomains}";
         configFile = pkgs.writeText "opendkim.conf" (''
           Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization}
           UMask 0002
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index 5a93dc2..93409f1 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -157,6 +157,7 @@ let
     tls_ca_cert_file = ${cfg.ldap.tlsCAFile}
     tls_require_cert = yes
 
+    domain = ${lib.concatStringsSep ", " cfg.domains}
     search_base = ${cfg.ldap.searchBase}
     scope = ${cfg.ldap.searchScope}