change DKIM key pair?

Joachim

what are the necessary or recommended steps to change a DKIM key pair?

I was assuming I need to create a new key pair (probably with selector), publish the new key with new selector in DNS, then tell rspamd to use the new selector and private key. However it is unclear to me how to do this in practice using the mailcow UI or even docker compose exec…

When I add a new DKIM key pair via /admin, options, ARC/DKIM keys, entering my domain name example.com and a selector, selecting key length and then Add, but I get the error message “DKIM domain or selector invalid: example.com”. I suspect that the UI checks DNS for selector existance, but I need the public key first to update DNS.

I also tried docker compose exec rspamd-mailcow rspamadm dkim_keygen -s ‘dkim231022’ -d example.com, created the DNS record with my DNS service, and then tried to import the private key using the UI, but got message
A DKIM key for “example.com” exists and will not be overwritten even though I specified a new selector.

Yvan

Same issue here.

jdbertron

Same problem for me. Any insight from someone would really help.

DocFraggle

Just tried this with my test server. Create a new key pair for domain example.com with selector “dkim” and replaced the old one. Worked like a charm