Cisco Cisco Email Security Appliance C650 Guía Del Usuario
22-5
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 22 Email Authentication
Configuring DomainKeys and DKIM Signing
Figure 22-2
View Public Key Link on Signing Keys Page
Domain Profiles
A domain profile associates a sender domain with a signing key, along with some other information
needed for signing.
needed for signing.
•
A name for the domain profile.
•
A domain name (the domain to be included in the “d=” header).
•
A selector (a selector is used to form the query for the public key. In the DNS query type, this value
is prepended to the “_domainkey.” namespace of the sending domain).
is prepended to the “_domainkey.” namespace of the sending domain).
•
A canonicalization method (the method by which the headers and content are prepared for
presentation to the signing algorithm). AsyncOS supports both “simple” and “nofws” for
DomainKeys and “relaxed” and “simple” for DKIM.
presentation to the signing algorithm). AsyncOS supports both “simple” and “nofws” for
DomainKeys and “relaxed” and “simple” for DKIM.
•
A signing key (see
for more information).
•
A list of headers and the body length to sign (DKIM only).
•
A list of tags you want to include in the signature’s header (DKIM only). These tags store the
following information:
following information:
–
The identity of the user or agent (e.g., a mailing list manager) on whose behalf the message is
signed.
signed.
–
A comma-separated list of query methods used to retrieve the public key.
–
The timestamp of when the signature was created.
–
The expiration time of the signature, in seconds.
–
A vertical bar-separated (i.e.,
|
) list of header fields present when the message was signed.
•
The tags you want to include in the signature (DKIM only).
•
A list of Profile Users (addresses allowed to use the domain profile for signing).
Note
The domain in the addresses specified in the profile users must match the domain specified in the
Domain field.
Domain field.
You can search through all of your existing domain profiles for a specific term. See
for more information.
Additionally, you can choose whether to:
•
Sign system-generated messages with DKIM signatures
•
Use From header for DKIM signing
For instructions, see
.