Cisco Cisco Email Security Appliance C650 Guía Del Usuario
21-8
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 21 Email Authentication
Configuring DomainKeys and DKIM Signing
Step 6
Enter a selector. Selectors are arbitrary names prepended to the "_domainkey" namespace, used to help
support multiple concurrent public keys per sending domain. A selector value and length must be legal
in the DNS namespace and in email headers with the additional provision that they cannot contain a
semicolon.
support multiple concurrent public keys per sending domain. A selector value and length must be legal
in the DNS namespace and in email headers with the additional provision that they cannot contain a
semicolon.
Step 7
Select the canonicalization (no forwarding whitespaces or simple).
Step 8
If you have already created a signing key, select a signing key. Otherwise, skip to the next step. You must
create (or import) at least one signing key in order to have signing keys to choose from in the list. See
create (or import) at least one signing key in order to have signing keys to choose from in the list. See
Step 9
Enter users (email addresses, hosts, etc.) that will use the domain profile for signing.
Step 10
Submit and commit your changes.
Step 11
At this point (if you have not already) you should enable DomainKeys/DKIM signing on an outgoing
mail flow policy (see
mail flow policy (see
Note
If you create both a DomainKeys and DKIM profile, AsyncOS performs both DomainKeys and
DKIM signing on outgoing mail.
DKIM signing on outgoing mail.
Creating a New Domain Profile for DKIM Signing
Procedure
Step 1
Choose Mail Policies > Signing Profiles.
Step 2
In the Domain Signing Profiles section, click Add Profile.
Step 3
Enter a name for the profile.
Step 4
For the Domain Key Type, choose DKIM.
Additional options appear on the page.
Step 5
Enter the domain name.
Step 6
Enter a selector. Selectors are arbitrary names prepended to the "_domainkey." namespace, used to help
support multiple concurrent public keys per sending domain. A selector value and length must be legal
in the DNS namespace and in email headers with the additional provision that they cannot contain a
semicolon.
support multiple concurrent public keys per sending domain. A selector value and length must be legal
in the DNS namespace and in email headers with the additional provision that they cannot contain a
semicolon.
Step 7
Select the canonicalization for the header. Choose from the following options:
•
Relaxed. The “relaxed” header canonicalization algorithm performs the following: header names
are changed to lowercase, headers are unfolded, linear white spaces are reduced to a single space,
leading and trailing spaces are stripped.
are changed to lowercase, headers are unfolded, linear white spaces are reduced to a single space,
leading and trailing spaces are stripped.
•
Simple. No changes to headers are made.
Step 8
Select the canonicalization for the body. Choose from the following options:
•
Relaxed. The “relaxed” header canonicalization algorithm performs the following: empty lines are
stripped at the end of the body, white spaces are reduced to a single space within lines, and trailing
white spaces are stripped in lines.
stripped at the end of the body, white spaces are reduced to a single space within lines, and trailing
white spaces are stripped in lines.
•
Simple. Empty lines at the end of the body are stripped.