Cisco Cisco Email Security Appliance C190 Guía Del Usuario
5-3
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Chapter 5 Email Authentication
Figure 5-1
Authentication Work Flow
Step 1
Administrator (domain owner) publishes a public key into the DNS name space.
Step 2
Administrator loads a private key in the outbound Mail Transfer Agent (MTA).
Step 3
Email submitted by an authorized user of that domain is digitally signed with the
respective private key. The signature is inserted in the email as a DomainKey or
DKIM signature header and the email is transmitted.
respective private key. The signature is inserted in the email as a DomainKey or
DKIM signature header and the email is transmitted.
Step 4
Receiving MTA extracts the DomainKeys or DKIM signature from the header and
the claimed sending domain (via the Sender: or From: header) from the email. The
public key is retrieved from the claimed signing domain which is extracted from
DomainKeys or DKIM signature header fields.
the claimed sending domain (via the Sender: or From: header) from the email. The
public key is retrieved from the claimed signing domain which is extracted from
DomainKeys or DKIM signature header fields.
Step 5
The public key is used to determine whether the DomainKeys or DKIM signature
was generated with the appropriate private key.
was generated with the appropriate private key.
To test your outgoing DomainKeys signatures, you can use a Yahoo! or Gmail
address, as these services are free and provide validation on incoming messages
that are DomainKeys signed.
address, as these services are free and provide validation on incoming messages
that are DomainKeys signed.
DomainKeys and DKIM Signing in AsyncOS
DomainKeys and DKIM signing in AsyncOS is implemented via domain profiles
and enabled via a mail flow policy (typically, the outgoing “relay” policy). For
more information, see the “Configuring the Gateway to Receive Mail” chapter in
the Cisco IronPort AsyncOS for Email Configuration Guide. Signing the message
is the last action performed by the appliance before the message is sent.
and enabled via a mail flow policy (typically, the outgoing “relay” policy). For
more information, see the “Configuring the Gateway to Receive Mail” chapter in
the Cisco IronPort AsyncOS for Email Configuration Guide. Signing the message
is the last action performed by the appliance before the message is sent.