use mail as dkim selector. explicitely give keysize. add localhost to sasl exceptions.

roles/mailserver/files/etc_rspamd_override.d_dkim_signing.conf

@@ -2,4 +2,7 @@
 path = "/var/lib/rspamd/dkim/$domain.$selector.key";
   
 # Default selector to use
-selector = "default";
+selector = "mail";
+
+# Enable DKIM signing for alias sender addresses
+allow_username_mismatch = true;

roles/mailserver/tasks/rspamd.yml

@@ -60,11 +60,12 @@
     group=_rspamd
 
 - name: Generate DKIM keys
-  shell: rspamadm dkim_keygen -s default -d {{ item.name }} -k {{ item.name }}.default.key > {{ item.name }}.default.txt
+  shell: rspamadm dkim_keygen -b 1024 -s mail -d {{ item.name }} -k {{ item.name }}.mail.key > {{ item.name }}.mail.txt
   args:
-    creates: /var/lib/rspamd/dkim/{{ item.name }}.default.key
+    creates: /var/lib/rspamd/dkim/{{ item.name }}.mail.key
     chdir: /var/lib/rspamd/dkim/
   with_items: "{{ virtual_domains }}"
+  notify: restart rspamd
 
 - name: Start redis
   service:

roles/mailserver/templates/etc_postfix_main.cf.j2

@@ -84,6 +84,7 @@ alias_database = hash:/etc/aliases
 mydestination = localhost
 relayhost =
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ ' '.join(friendly_networks) }}
+smtpd_sasl_exceptions_networks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ ' '.join(friendly_networks) }}
 #mailbox_command = procmail -a "$EXTENSION"
 mailbox_size_limit = 0
 recipient_delimiter = +