Cisco Cisco Email Security Appliance X1050 Troubleshooting Guide
Verify That DKIM Works
Document ID: 118571
Contributed by Cisco TAC Engineers.
Oct 14, 2014
Contents
Introduction
Verification
Related Information
Verification
Related Information
Introduction
This document describes how to verify that DKIM works.
Verification
On the Cisco Email Security Appliance (ESA), the easiest way to verify that DKIM is working is to send an
email to an outside account and check the headers. In the example below, a message was sent to a
@gmail.com account:
email to an outside account and check the headers. In the example below, a message was sent to a
@gmail.com account:
Delivered−To: user@gmail.com
Return−Path: <bob@example.com>
Received−SPF: pass (google.com: domain of bob@example.com
designates <IP Address> as permitted sender)
client−ip=<IP Address>;
Authentication−Results: mx.google.com; spf=pass
(google.com: domain of bob@example.com designates
<IP Address> as permitted sender) smtp.mail=bob@example.com;
dkim=pass (test mode) header.i=bob@example.com
You should see the dkim=pass in the Authentication−Results line.
Note: Please be aware that some clients such as Yahoo tend to strip many headers. Please check this on
multiple clients to be sure it is working.
multiple clients to be sure it is working.
You may also refer to some of these external sources for verifying your configuration:
http://www.kitterman.com/spf/validate.html
dkim−test@testing.dkim.org
There are various other Reflectors available as well:
Currently verifying with RFC4871:
Port 25: check−auth@verifier.port25.com
Port 25: check−auth@verifier.port25.com
Currently verifying both RFC4871 (and RFC4870):
Alt−N: dkim−test@altn.com
Alt−N: dkim−test@altn.com