diff --git a/nixos/machines/hera/mail.nix b/nixos/machines/hera/mail.nix
index 43c69aaa..96672d17 100644
--- a/nixos/machines/hera/mail.nix
+++ b/nixos/machines/hera/mail.nix
@@ -12,8 +12,8 @@ in
     }
   ];
 
-  imports =
-    [ ../../roles "${(import ../../../nix/sources.nix).nixos-mailserver}" ];
+  imports = [ ../../roles "${(import ../../../nix/sources.nix).nixos-mailserver}" ];
+
   systemd.services = {
     rspamd = {
       serviceConfig = {
@@ -36,7 +36,7 @@ in
       };
     };
     postfix = {
-      networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
+      networks = [ "[::1]/128" "127.0.0.1/32" "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
       transport = "email2matrix.maralorn.de smtp:[::1]:2525";
       config = {
         # Allow TLSv1 because we need to be able to receive mail from legacy servers.
@@ -44,12 +44,13 @@ in
           "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
       };
     };
-    opendkim.keyPath = "/var/dkim";
   };
   mailserver = {
+    dkimKeyDirectory = "/var/lib/opendkim/keys";
     enable = true;
     enableImapSsl = true;
     fqdn = "hera.m-0.eu";
+    rewriteMessageId = true;
     domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
     forwards = pkgs.privateValue { } "mail/forwards";
     loginAccounts = pkgs.privateValue { } "mail/users";