By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Amazon SES: How To Get Rid Of The Duplicate Header 'DKIM-Signature' Problem?

0

Hi,

I'm trying to set up a transactional email for my forum.

I followed these instructions: https://a1saas.com/how-to-configure-amazon-ses-amazon-workmail/

I have created a new mailbox for this purpose using Amazon WorkMail and set up sending via Amazon SES SMTP gateway.

My current SES setup is 50,000 emails per day (ie out of the sandbox).

Both services, i.e. SES and WorkMail are located in the same region (N. Virginia). This is the only thing different from the instructions above.

The problem occurs when I send a message. It comes back with this error message:

*An error occurred while trying to deliver the mail to the following recipients: example@example.com

2024-03-05 11:38:12: An error occurred while trying to deliver the mail to the following recipients: example@example.com

Technical report:

Reporting-MTA: dns; a11-174.smtp-out.amazonses.com

Action: failed Final-Recipient: rfc822; example@example.com Diagnostic-Code: smtp; 554 Transaction failed: Duplicate header 'DKIM-Signature'. Status: 5.3.0*

What could be causing this problem? How to solve it?

Could the reason be the same region for both services?

Thank you.

Topics
Front-End Web & MobileBusiness Applications
Tags
Amazon Simple Email ServiceAmazon WorkMail
Language
English
Daniel
asked 2 months ago233 views
3 Answers
1

I solved this problem as follows:

  1. In SES settings I disabled DKIM signing for the domain.
  2. I added the email addresses that I use in WorkMail to the identities (SES settings) and set DKIM signing and a custom MAIL FROM domain for each (same as the one for the main domain).
  3. I created SMTP credentials in SES and then added those to the "SMTP gateways" tab in WorkMail.
  4. Then just create a rule in the "Outbound rules" tab for all email addresses to send messages through the selected SMTP gateway.

That's it.

Daniel
answered 2 months ago
0

Hi Osvaldo,

Thank you for your suggestions. Unfortunately, nothing with the proposed solutions is possible.

  1. I haven't found any option/settings to change DKIM signatures.
  2. There is no such option.
  3. My DKIMs are set correctly. If I disable DKIM signing, amazonses.com appears in the signatures instead of my domain. However, in this case I can send emails.
  4. As I wrote, with DKIM signatures disabled in SES you can send emails without any problems.

I have tried sending emails from both Amazon WorkMail Webmail and Outlook. I have experienced the problem with both.

Based on the information available, I understand that Workmail uses SES as the default option for sending and receiving emails.

So if I define and use my own SES SMTP gateway, it will probably insert the DKIM signature information twice in the header.

Any other suggestions?

Daniel
answered 2 months ago
  • Osvaldo Marte EXPERT
    2 months ago

    You might find this guide helpful for configuring your WorkMail and SES: Link to the guide. It could provide you with more insights into the configuration process.

0

The error message Duplicate header 'DKIM-Signature suggests that there are two DKIM-Signature headers in the email being sent, which is not allowed by the SMTP protocol. This is not typically related to the region in which your services are located. Here are a few steps you can take to troubleshoot and resolve this issue:

  1. Ensure that your email does not include multiple DKIM-Signature headers. This could happen if your email client or server is adding a DKIM-Signature header and Amazon SES is also adding one.

  2. Double-check your Amazon WorkMail configuration to ensure that it is not adding a DKIM-Signature header to outgoing emails. If it is, you might need to disable this feature or adjust the settings to prevent duplicate headers.

  3. Review your Amazon SES configuration to ensure that it is correctly set up for DKIM. Make sure that the DKIM settings in SES are not conflicting with any headers added by your email client or server.

  4. Try sending a simple test email without any additional headers or customizations.

This can help determine if the issue is with the email content or the configuration of your services.

The fact that both SES and WorkMail are in the same region should not be the cause of this issue. Also you can try to debug this using the SMTP 554 transaction failed post.

Resource:

profile picture
EXPERT
Osvaldo Marte
answered 2 months ago
  • hads
    10 days ago

    Can you point to an RFC that states a duplicate DKIM-Signature headers is not allowed? I do not believe that is correct, RFC6376 explicitly states that multiple DKIM signatures are allowed.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content