Symptom
Mails are not being received by the recipients which are sent from custom sender domains after mail server migration.
Environment
S/4HANA Public Cloud and SAP Marketing Cloud
Cause
Overview of Mail server migration:
As a part of enhanced security and state of the art infrastructure, mail server is being migrated to the Converge Cloud Solution – Cronus on Amazon SES. To achieve this migration, DKIM enablement for custom domains is pre-requisite.
Overview on DKIM:
DKIM is an e-mail authentication technique involving a digital signature that allows the receiver to check that an e-mail was sent and authorized by the owner of that domain. The DKIM signature is a header that is added to the message and is secured with encryption. By enabling DKIM you can make sure messages aren't altered in transit between the sending and receiving email servers. It uses public-key cryptography to sign emails with a private key as it leaves a sending email server.
Resolution
- Navigate to your DNS console
- Go inside your domain for which you requested for DKIM setup
- Go inside the _domainkey subfolder/subaccount under the custom domain if it is present. If not directly proceed with Step 4.
-
Create a new TXT record
-
If it is asking to select key length, then please select 2048 (Only applicable to few DNS providers)
-
In field Name/Hostname/Record name (It varies to different DNS providers), please update the hostname which is provided by cloud operations team in the case. For example, if your DNS have _domainkey subaccount/subfolder, then the hostname should be s4h-busi-myXXXXXX-YYYY-com
For example, if your DNS doesn’t have _domainkey subaccount/subfolder, then the hostname should be s4h-busi-myXXXXXX-YYYY-com._domainkey
-
For few DNS providers, there will be field called Fully Qualified Domain Name (FQDN), which will auto populate once you updated the Name/Hostname/Record namefield.
-
In field Value/Text/Data name (It varies to different DNS providers), please update the key which is provided by cloud operations team in the case.
-
Apply and save.
Known Issues while updating DNS:
- Value/Text/Data field should not have more than 250/255 characters
Cause of Issue: Some DNS providers has the limitation of key length is only up to 250/255 characters
Solution: Customer needs to split the keys as described in the below blog.
DKIM keys and TXT record limits
In some DNS providers, quotation symbols (“”) are not allowed. In this case, try splitting the keys into multiple lines without any quotation marks like below, (Make sure to split in a way that any of the lines should not exceed the character limit length which is 250/255 in most of the cases)
- Field Name/Hostname/Record name is not updated properly
Solution : Customer needs to update the field Name/Hostname/Record name with the hostname provided by cloud operation team as mentioned in Step 6 in above section “How to Update the DNS with the provided DKIM Key”
- Customer created 2 separate TXT record to update the split Key
Solution: DKIM record should be single TXT record and the key needs to split inside a single record.
Keywords
S/4HANA Public Cloud, SAP Marketing Cloud, DKIM, DNS, Custom domain, Mail, mail server migration, no mail , KBA , XX-S4C-OPR-INC , S/4HANA Cloud Availability, Performance and Administration , XX-S4C-OPR-SRV , S/4HANA Cloud service requests , How To