Cisco Cisco Email Security Appliance X1070 Betriebsanweisung
5-253
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Chapter 5 Email Authentication
Figure 5-1
Authentication Work Flow
Step 1
Administrator (domain owner) publishes a public key into the DNS name space.
Step 2
Administrator loads a private key in the outbound Mail Transfer Agent (MTA).
Step 3
Email submitted by an authorized user of that domain is digitally signed with the
respective private key. The signature is inserted in the email as a DomainKey or
DKIM signature header and the email is transmitted.
respective private key. The signature is inserted in the email as a DomainKey or
DKIM signature header and the email is transmitted.
Step 4
Receiving MTA extracts the DomainKeys or DKIM signature from the header and
the claimed sending domain (via the Sender: or From: header) from the email. The
public key is retrieved from the claimed signing domain which is extracted from
DomainKeys or DKIM signature header fields.
the claimed sending domain (via the Sender: or From: header) from the email. The
public key is retrieved from the claimed signing domain which is extracted from
DomainKeys or DKIM signature header fields.
Step 5
The public key is used to determine whether the DomainKeys or DKIM signature
was generated with the appropriate private key.
was generated with the appropriate private key.
To test your outgoing DomainKeys signatures, you can use a Yahoo! or Gmail
address, as these services are free and provide validation on incoming messages
that are DomainKeys signed.
address, as these services are free and provide validation on incoming messages
that are DomainKeys signed.