OpenDKIM / Postfix sign console-sent mail, but not from a mail client / SMTP

I have Postfix running on a Debian 9 machine, and installed opendkim (both from the Debian repositories). The milter socket/connection is inet:localhost:8892, and the iptables firewall allows that connection (a telnet localhost 8892 succeeds).

However, I only get signed messages if I send e-mail from the console (with mail -s "testing DKIM" my-address@not-the-same-domain), but not if I send it from Thunderbird. Notice, with Thunderbird, I use ssh tunneling, so that the mail server sees the connection as originating from localhost. (that is, on my desktop, I run ssh -Llocalhost:2525:my-server:25 tunnel@my-server, and I tell Thunderbird that the outgoing mail server is localhost, port 2525.

This is an example of the signature I get when sending from the console:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=[omitted -- but it shows the correct domain];
    s=mail; t=1557228588;
    bh=slJTHzrIw+6TkIIPpFmGER34xtLwMLZ2md99gvHoFTE=;
    h=To:Subject:Date:From:From;
    b=jtOM5OOM83l [ ··· several lines of "gibberish" ··· ] 4qdpSt4l86DEA==

Any ideas on what could be causing this issue?

[[EDIT]] The problem gets more puzzling. While inspecting the logs, I noticed a warning external host XXXX.my-service-provider.com attempted to send as my-domain.com

I adjusted /etc/hosts, /etc/hostname … Finally I realized that I had to adjust the reverse DNS lookup, and I did that. Now, the command hostname responds with the FQDN (the correct domain for which I'm configuring DKIM).

Now, in /var/log/syslog when I send an e-mail, I'm getting the message external host *the-correct-FQDN* attempted to send as *the-correct-FQDN*. And the transmitted message does not contain a DKIM signature.

If I do telnet localhost 25, greet the SMTP server with helo the-correct-FQDN, the message is DKIM-signed; the logs show that a connection from localhost (127.0.0.1) was responsible for the transmission.

Any ideas?
[[ END EDIT ]]