Hi all, I recently set up Amazon SES as a Relayhost for some of my ISPConfig email domains but I have some questions: When DKIM signing is enabled in SES, do I need to disable DKIM for the email domain in ISPConfig or can I keep it enabled? If I can keep it enabled, did someone manage to set up "Bring Your Own DKIM" successfully using SES and ISPConfig? I pasted ISPConfig's generated DKIM private key into the SES web interface and needed to create a CNAME record for verification. However, that collides with ISPConfig's own DKIM signing then (as ISPConfig creates a TXT record for the same DKIM selector). When email forwarding is set up for a domain that uses SES as a Relayhost, some messages cannot be delivered: Code: <[email protected]> (expanded from <[email protected]>): host email-smtp.eu-central-1.amazonaws.com[35.157.209.90] said: 554 Transaction failed: Duplicate header 'DKIM-Signature'. (in reply to end of DATA command) Any help is appreciated.
As far as I know, you can't use DKIM twice, so either use it in ISPConfig or in SES. If you want to use DKIM in SES, disable it in ISPConfig.
You can sign multiple times, but you might need to use a different dkim selector at each place, and then the TXT record ispconfig uses won't interfere with the CNAME you create for SES. While you're setting things up, you may as well generate a different dkim key pair for each as well.
