Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
20-10
Cisco AsyncOS 9.0 for Email User Guide
Chapter 20 Email Authentication
Configuring DomainKeys and DKIM Signing
•
Sign first _ bytes. Sign the message body up to the specified number of bytes.
Step 12
Select the tags you want to include in the message signature’s header field. The information stored in
these tags are used for message signature verification. Select one or more of the following options:
these tags are used for message signature verification. Select one or more of the following options:
•
“i” Tag. The identity of the user or agent (e.g., a mailing list manager) on behalf of which this
message is signed. Enter the domain name prepended with the
message is signed. Enter the domain name prepended with the
@
symbol, such as the domain
@example.com
.
•
“q” Tag. A colon-separated list of query methods used to retrieve the public key. Currently, the only
valid value is dns/txt.
valid value is dns/txt.
•
“t” Tag. A timestamp for when the signature was created.
•
“x” Tag. The absolute date and time when the signature expires. Specify an expiration time (in
seconds) for the signature. The default is
seconds) for the signature. The default is
31536000
seconds.
•
“z” Tag. A vertical bar-separated (i.e.,
|
) list of header fields present when the message was signed.
This includes the names of the header fields and their values. For example:
z=From:admin@example.come|To:joe@example.com|
Subject:test%20message|Date:Date:August%2026,%202011%205:30:02%20PM%20-0700
Step 13
Enter users (email addresses, hosts, etc.) that will use the domain profile for signing.
Note
When you create domain profiles, be aware that a hierarchy is used in determining the profile to associate
with a particular user. For example, you create a profile for example.com and another profile for
joe@example.com. When mail is sent from joe@example.com, the profile for joe@example.com is
used. However, when mail is sent from adam@example.com, the profile for example.com is used.
with a particular user. For example, you create a profile for example.com and another profile for
joe@example.com. When mail is sent from joe@example.com, the profile for joe@example.com is
used. However, when mail is sent from adam@example.com, the profile for example.com is used.
Step 14
Submit and commit your changes.
Step 15
At this point (if you have not already) you should enable DomainKeys/DKIM signing on an outgoing
mail flow policy (see
mail flow policy (see
Note
If you create both a DomainKeys and DKIM profile, AsyncOS performs both DomainKeys and
DKIM signing on outgoing mail.
DKIM signing on outgoing mail.
Creating or Editing a Signing Key
•
•
Create a New Signing Key
Signing keys are required for domain profiles for DomainKeys and DKIM signing.
Procedure
Step 1
Choose Mail Policies > Signing Keys.
Step 2
Click Add Key.
Step 3
Enter a name for the key.