Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
22-13
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 22 Email Authentication
Configuring DomainKeys and DKIM Signing
Generating a DNS Text Record
Procedure
Step 1
Choose Mail Policies > Signing Profiles.
Step 2
In the Domain Signing Profiles section, in the DNS Text Record column, click the Generate link for the
corresponding domain profile.
corresponding domain profile.
Step 3
Mark the checkbox for the attributes you wish to include in the DNS text record.
Step 4
Click Generate Again to re-generate the key with any changes you have made.
Step 5
The DNS text record is displayed in the text field at the bottom of the window (where you can now copy
it). In some cases, multi-string DNS text records are generated. See
it). In some cases, multi-string DNS text records are generated. See
Step 6
Click Done.
Related Topics
•
Multi-string DNS Text Records
Multi-string DNS text records may be generated if the key size of the signing key used to generate the
DNS text records are larger than 1024 bits. This is because not more than 255 characters are allowed in
a single string of a DNS text record. The DKIM authentication may fail as some of the DNS servers do
not accept or serve multi-string DNS text records.
DNS text records are larger than 1024 bits. This is because not more than 255 characters are allowed in
a single string of a DNS text record. The DKIM authentication may fail as some of the DNS servers do
not accept or serve multi-string DNS text records.
To avoid this scenario, it is recommended that you use double quotes to break up the multi-string DNS
text record into smaller strings not exceeding 255 bytes. The following is an example.
text record into smaller strings not exceeding 255 bytes. The following is an example.
s._domainkey.domain.com. IN TXT "v=DKIM1;"
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE"
"A4Vbhjq2n/3DbEk6EHdeVXlIXFT7OEl81amoZLbvwMX+bej"
"CdxcsFV3uS7G8oOJSWBP0z++nTQmy9ZDWfaiopU6k7tzoi"
"+oRDlKkhCQrM4oP2B2F5sTDkYwPY3Pen2jgC2OgbPnbo3o"
"m3c1wMWgSoZxoZUE4ly5kPuK9fTtpeJHNiZAqkFICiev4yrkL"
"R+SmFsJn9MYH5+lchyZ74BVm+16Xq2mptWXEwpiwOxWI"
"YHXsZo2zRjedrQ45vmgb8xUx5ioYY9/yBLHudGc+GUKTj1i4"
"mQg48yCD/HVNfsSRXaPinliEkypH9cSnvgvWuIYUQz0dHU;"
DKIM implementations reassemble DNS text records broken down this way into the full original single
string before processing them.
string before processing them.
Testing Domain Profiles
Once you have created a signing key, associated it with a domain profile, and generated and inserted the
DNS text into your authorized DNS, you can test your domain profile.
DNS text into your authorized DNS, you can test your domain profile.
Procedure
Step 1
Choose Mail Policies > Signing Profiles.