diff --git a/nixos/modules/mail.nix b/nixos/modules/mail.nix
index 0ba0f07..9330b39 100644
--- a/nixos/modules/mail.nix
+++ b/nixos/modules/mail.nix
@@ -113,7 +113,7 @@ in {
             dkim.sign = [
               {
                 "if" = "is_local_domain('', sender_domain) || sender_domain == 'lists.mathebau.de'";
-                "then" = "['rsa-' + sender_domain, 'ed25519-' + sender_domain]";
+                "then" = "['rsa_' + sender_domain, 'ed25519_' + sender_domain]";
               }
               {"else" = false;}
             ];
@@ -214,14 +214,14 @@ in {
             ++ ["sieve.trusted.*"]; #for macros to be able to include our redirection script
           sieve.trusted = {
             scripts.redirects.contents = "%{file:/tmp/virt_aliases}%"; # generated redirect script
-            trusted.from-addr = "sender"; # set the from-address to the original sender as specified in the MAIL FROM.
-            from-name = "sender";
+            from-addr = "sender"; # set the from-address to the original sender as specified in the MAIL FROM.
+            from-namo = "sender";
             return-path = "sender";
             # If we are the sender, we sign the message with DKIM. Else we leave it alone.
             sign = [
               {
                 "if" = "is_local_domain('', sender_domain) || sender_domain == 'lists.mathebau.de'";
-                "then" = "['rsa-' + sender_domain, 'ed25519-' + sender_domain]";
+                "then" = "['rsa_' + sender_domain, 'ed25519_' + sender_domain]";
               }
               {"else" = false;}
             ];
@@ -230,11 +230,12 @@ in {
               out-messages = 50;
             };
           };
+
           # See https://stalw.art/docs/smtp/authentication/dkim/sign
           # We need two blocks per domain because the domain setting in the blocks does not accept variables like `sender_domain`.
           signature = let
             signatureTemplate = domain: {
-              "rsa-${domain}" = {
+              "rsa_${domain}" = {
                 private-key = "%{file:/run/secrets/dkim_rsa}%";
                 domain = "${domain}";
                 selector = "rsa-default";
@@ -242,7 +243,7 @@ in {
                 algorithm = "rsa-sha256";
                 canonicalization = "relaxed/relaxed";
               };
-              "ed25519-${domain}" = {
+              "ed25519_${domain}" = {
                 private-key = "%{file:/run/secrets/dkim_ed25519}%";
                 domain = "${domain}";
                 selector = "ed-default";
@@ -254,15 +255,6 @@ in {
           in
             map signatureTemplate (["lists.mathebau.de"] ++ (map ({domain, ...}: domain) cfg.domains));
 
-          # Sign *our* outgoing mails with the configured signatures.
-          auth.dkim.sign = [
-            {
-              "if" = "is_local_domain('', sender_domain) || sender_domain == 'lists.mathebau.de'";
-              "then" = "['rsa-' + sender_domain, 'ed25519-' + sender_domain]";
-            }
-            {"else" = false;}
-          ];
-
           authentication.fallback-admin = {
             user = "admin";
             # see passwd on azathoth for plaintext or machine secret in encoded format for HTTP Basic AUTH