diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index 6a6395a..c859a49 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -125,7 +125,7 @@ in
         smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 
         # quota
-        smtpd_recipient_restrictions = check_policy_service inet:mailstore.example.com:12340
+        smtpd_recipient_restrictions = check_policy_service inet:localhost:12340
 
         # TLS settings, inspired by https://github.com/jeaye/nix-files
         # Submission by mail clients is handled in submissionOptions
diff --git a/mail-server/systemd.nix b/mail-server/systemd.nix
index a59e8ce..e009f44 100644
--- a/mail-server/systemd.nix
+++ b/mail-server/systemd.nix
@@ -41,9 +41,13 @@ let
   createDhParameterFile =
     ''
       # Create a dh parameter file
-      ${pkgs.openssl}/bin/openssl \
-            dhparam ${builtins.toString cfg.dhParamBitLength} \
-            > "${cfg.certificateDirectory}/dh.pem"
+      if [ ! -f "''${cfg.certificateDirectory}/dh.pem" ]
+      then
+          mkdir -p "${cfg.certificateDirectory}"
+          ${pkgs.openssl}/bin/openssl \
+                dhparam ${builtins.toString cfg.dhParamBitLength} \
+                > "${cfg.certificateDirectory}/dh.pem"
+      fi
     '';
 
   createDomainDkimCert = dom: