diff --git a/machines/DavidsServer/options.nix b/machines/DavidsServer/options.nix
index 9c6a4c4..aed903b 100644
--- a/machines/DavidsServer/options.nix
+++ b/machines/DavidsServer/options.nix
@@ -10,7 +10,7 @@ with lib;
   config.machine = rec {
     hostName = "DavidsServer";
     administrators = [ { name = "david"; id = 1000; } ];
-    mailAccounts = [ "david" ];
+    mailAccounts = [ { name = "david"; aliases = []; } ];
     domain = "davids-planet.de";
     allowUnfree = true;
     conffiles = [
diff --git a/machines/Ophanim/options.nix b/machines/Ophanim/options.nix
index 716ff51..4920405 100644
--- a/machines/Ophanim/options.nix
+++ b/machines/Ophanim/options.nix
@@ -11,7 +11,7 @@ with lib;
   config.machine = rec {
     hostName = "Ophanim";
     administrators = [ { name = "derped"; id = 1337; } ];
-    mailAccounts = [ "derped" "mailman3" ];
+    mailAccounts = [ { name = "derped"; aliases = [ "postmaster" ]; } { name = "mailman3"; aliases = []; } ];
     domain = "ophanim.de";
     allowUnfree = true;
     conffiles = [
diff --git a/options/machine.nix b/options/machine.nix
index 747a179..481b2da 100644
--- a/options/machine.nix
+++ b/options/machine.nix
@@ -48,7 +48,7 @@ with lib;
       '';
     };
     mailAccounts = mkOption {
-      type = types.listOf types.string;
+      type = types.listOf types.attrs;
       description = ''
         List of mail account user names.
       '';
diff --git a/services/mailserver.nix b/services/mailserver.nix
index be0d798..2ac6577 100644
--- a/services/mailserver.nix
+++ b/services/mailserver.nix
@@ -4,16 +4,19 @@ with lib;
 
 mkIf (elem "mailserver" config.machine.services) {
   mailserver = let
-    mkUser = username: {
-      name = "${username}@${config.machine.domain}";
+    domain = config.machine.domain;
+    mkFqdnAlias = name: [ "${name}@${domain}" "${name}@mail.${domain}" ];
+    mkUser = user: rec {
+      name = "${user.name}@${domain}";
       value = {
-        hashedPassword = (fileContents "/secret/${username}.mail");
+        hashedPassword = (fileContents "/secret/${user.name}.mail");
+        aliases = [ "${user.name}@mail.${domain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
       };
     };
   in rec {
     enable = true;
-    fqdn = "mail.${config.machine.domain}";
-    domains = [ config.machine.domain ];
+    fqdn = "mail.${domain}";
+    domains = [ domain ];
     loginAccounts = listToAttrs (map mkUser config.machine.mailAccounts);
 
     # Use Let's Encrypt certificates. Note that this needs to set up a stripped