Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
21-18
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 21 Email Authentication
How to Verify Incoming Messages Using DKIM
You can import DKIM verification profiles that you previously exported. Importing DKIM verification
profiles causes all of the current DKIM verification profiles on the machine to be replaced. See
profiles causes all of the current DKIM verification profiles on the machine to be replaced. See
for more information.
Related Topics
•
•
•
•
•
Creating a DKIM Verification Profile
Procedure
Step 1
Click Mail Policies > Verification Profiles.
Step 2
Click Add Profile.
Step 3
Enter the name of the profile.
Step 4
Select the minimum key size you want the appliance to accept for signing keys.
Step 5
Select the maximum key size you want the appliance to accept for signing keys.
Step 6
Select the maximum number of signatures to verify in a single message. The default is five signatures.
Step 7
Select the number of seconds before the key query times out. The default is 10 seconds.
Step 8
Select maximum allowed difference in time (in seconds) between the sender’s system time and verifier’s.
The default is 60 seconds.
The default is 60 seconds.
Step 9
Select whether to use the body-length parameter in the signature to verify the message.
Step 10
Select whether the Email Security appliance accepts or rejects the message if there is a temporary failure
when verifying its signature. If you want the appliance to reject the message, you can choose to have it
send the default 451 SMTP response code or another SMTP response code and text.
when verifying its signature. If you want the appliance to reject the message, you can choose to have it
send the default 451 SMTP response code or another SMTP response code and text.
Step 11
Select whether the Email Security appliance accepts or rejects the message if there is a permanent failure
when verifying its signature. If you want the appliance to reject the message, you can choose to have it
send the default 451 SMTP response code or another SMTP response code and text.
when verifying its signature. If you want the appliance to reject the message, you can choose to have it
send the default 451 SMTP response code or another SMTP response code and text.
Step 12
Submit your changes.
The new profile appears in the DKIM Verification Profiles table.
Step 13
Commit your changes.
Step 14
At this point you should enable DKIM verification on an incoming mail flow policy and select the
verification profile you want to use.
verification profile you want to use.
Exporting DKIM Verification Profiles
All DKIM verification profiles on the appliance are exported as a single text file and saved in the
configuration
directory on the appliance.