Cisco Cisco Email Security Appliance X1070 User Guide
20-9
Cisco AsyncOS 9.1 for Email User Guide
Chapter 20 Email Authentication
Configuring DomainKeys and DKIM Signing
Step 6
Enter a selector. Selectors are arbitrary names prepended to the "_domainkey." namespace, used to help
support multiple concurrent public keys per sending domain. A selector value and length must be legal
in the DNS namespace and in email headers with the additional provision that they cannot contain a
semicolon.
support multiple concurrent public keys per sending domain. A selector value and length must be legal
in the DNS namespace and in email headers with the additional provision that they cannot contain a
semicolon.
Step 7
Select the canonicalization for the header. Choose from the following options:
•
Relaxed. The “relaxed” header canonicalization algorithm performs the following: header names
are changed to lowercase, headers are unfolded, linear white spaces are reduced to a single space,
leading and trailing spaces are stripped.
are changed to lowercase, headers are unfolded, linear white spaces are reduced to a single space,
leading and trailing spaces are stripped.
•
Simple. No changes to headers are made.
Step 8
Select the canonicalization for the body. Choose from the following options:
•
Relaxed. The “relaxed” header canonicalization algorithm performs the following: empty lines are
stripped at the end of the body, white spaces are reduced to a single space within lines, and trailing
white spaces are stripped in lines.
stripped at the end of the body, white spaces are reduced to a single space within lines, and trailing
white spaces are stripped in lines.
•
Simple. Empty lines at the end of the body are stripped.
Step 9
If you have already created a signing key, select a signing key. Otherwise, skip to the next step. You must
create (or import) at least one signing key in order to have signing keys to choose from in the list. See
create (or import) at least one signing key in order to have signing keys to choose from in the list. See
Step 10
Select the list of headers to sign. You can select from the following headers:
•
All. AsyncOS signs all the headers present at the time of signature. You may want to sign all headers
if you do not expect headers to be added or removed in transit.
if you do not expect headers to be added or removed in transit.
•
Standard. You may want to select the standard headers if you expect that headers may be added or
removed in transit. AsyncOS signs only the following standard headers (if the header is not present
in the message, the DKIM signature indicates a null value for the header):
removed in transit. AsyncOS signs only the following standard headers (if the header is not present
in the message, the DKIM signature indicates a null value for the header):
–
From
–
Sender, Reply To-
–
Subject
–
Date, Message-ID
–
To, Cc
–
MIME-Version
–
Content-Type, Content-Transfer-Encoding, Content-ID, Content-Description
–
Resent-Date, Resent-From, Resent-Sender, Resent-To, Resent-cc, Resent-Message-ID
–
In-Reply-To, References
–
List-Id, List-Help, List-Unsubscribe, LIst-Subscribe, List-Post, List-Owner, List-Archive
Note
When you select “Standard”, you can add additional headers to sign.
Step 11
Specify how to sign the message body. You can choose to sign the message body, and/or how many bytes
to sign. Select one of the following options:
to sign. Select one of the following options:
•
Whole Body Implied. Do not use the “l=” tag to determine body length. The entire message is
signed and no changes are allowed.
signed and no changes are allowed.
•
Whole Body Auto-determined. The entire message body is signed, and appending some additional
data to the end of body is allowed during transit.
data to the end of body is allowed during transit.