Thanks Ralph. That was the step-by-step guide I was looking for. The simplest things are always the hardest to find information for.
Esteban -- https://little-beak.com "Doing what we can." -----Original Message----- From: Ralph Seichter <ab...@monksofcool.net> To: postfix-users@postfix.org Subject: Re: dkim updating keys Date: Sun, 23 Jun 2019 15:20:42 +0200 * Esteban L.: > Trying to figure this out with as little disruption as possible. I sugest you do the following, in order: * Generate new key. * Add new key's data, using a new DKIM selector, to your DNS. * Wait for your domain zone's DNS TTL to expire (typically 1-2 days). * Switch to signing with the new key. * Wait another 1-2 days, in case messages signed with the previous key are still in limbo somewhere (low risk of that, but still). * Remove old key's data from DNS. As long as you make sure to use a different DKIM selector for each key, that should suffice for a key rollover. -Ralph
signature.asc
Description: This is a digitally signed message part
