Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
5-11
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 5 Email Authentication
Note
When you create domain profiles, be aware that a hierarchy is used in determining the profile to associate
with a particular user. For example, you create a profile for example.com and another profile for
joe@example.com. When mail is sent from joe@example.com, the profile for joe@example.com is
used. However, when mail is sent from adam@example.com, the profile for example.com is used.
with a particular user. For example, you create a profile for example.com and another profile for
joe@example.com. When mail is sent from joe@example.com, the profile for joe@example.com is
used. However, when mail is sent from adam@example.com, the profile for example.com is used.
Step 12
Submit and commit your changes.
Step 13
At this point (if you have not already) you should enable DomainKeys/DKIM signing on an outgoing
mail flow policy (see
mail flow policy (see
Note
If you create both a DomainKeys and DKIM profile, AsyncOS performs both DomainKeys and
DKIM signing on outgoing mail.
DKIM signing on outgoing mail.
Creating New Signing Keys
To create a new signing key:
Step 1
Click Add Key on the Mail Policies > Signing Keys page. The Add Key page is displayed.
Step 2
Enter a name for the key.
Step 3
Click Generate and Select a key size.
Larger key sizes are more secure; however, larger keys can have an impact on performance. Cisco
recommends a key size of 768 bits, which should provide a good balance between security and
performance.
recommends a key size of 768 bits, which should provide a good balance between security and
performance.
Step 4
Click Submit. The key is generated.
Step 5
Click the Commit Changes button, add an optional comment if necessary, and then click Commit
Changes to finish adding the new signing key.
Changes to finish adding the new signing key.
Note
If you have not done so already, you may need to edit your domain profile to assign the key.
Exporting Signing Keys
When you export signing keys, all of the keys currently existing on your Cisco IronPort appliance are
exported together in a single text file. To export signing keys:
exported together in a single text file. To export signing keys:
Step 1
Click Export Keys on the Signing Keys page. The Export Signing Keys page is displayed:
Figure 5-9
Export Signing Keys Page
Step 2
Enter a name for the file and click Submit.