diff --git a/default.nix b/default.nix
index 3f46610..50f5cf1 100644
--- a/default.nix
+++ b/default.nix
@@ -41,7 +41,14 @@ in
       type = types.listOf types.str;
       example = [ "example.com" ];
       default = [];
-      description = "The domains that this mail server serves.";
+      description = "The domains served by this mail server for delivery into mailboxes and forwards.";
+    };
+
+    domainsWithoutMailbox = mkOption {
+      type = types.listOf types.str;
+      example = [ "lists.example.com" ];
+      default = [];
+      description = "The domains served by this mail server and forwards.";
     };
 
     certificateDomains = mkOption {
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index db3e581..dc928fa 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -94,7 +94,7 @@ let
   reject_recipients_file = builtins.toFile "reject_recipients" (lib.concatStringsSep "\n" (reject_recipients_postfix))  ;
 
   # vhosts_file :: Path
-  vhosts_file = builtins.toFile "vhosts" (concatStringsSep "\n" cfg.domains);
+  vhosts_file = builtins.toFile "vhosts" (concatStringsSep "\n" (cfg.domainsWithoutMailbox ++ cfg.domains));
 
   # vaccounts_file :: Path
   # see
diff --git a/mail-server/rspamd.nix b/mail-server/rspamd.nix
index fd94c84..06754d6 100644
--- a/mail-server/rspamd.nix
+++ b/mail-server/rspamd.nix
@@ -165,7 +165,7 @@ in
           SupplementaryGroups = [ config.services.redis.servers.rspamd.group ];
         }
         (lib.optionalAttrs cfg.dkimSigning {
-          ExecStartPre = map createDkimKeypair cfg.domains;
+          ExecStartPre = map createDkimKeypair (cfg.domainsWithoutMailbox ++ cfg.domains);
           ReadWritePaths = [ cfg.dkimKeyDirectory ];
         })
       ];