Cisco Cisco Email Security Appliance C160 Guía Del Usuario
20-13
Cisco AsyncOS 9.1 for Email User Guide
Chapter 20 Email Authentication
Configuring DomainKeys and DKIM Signing
Removing All Signing Keys
Procedure
Step 1
Choose Mail Policies > Signing Keys.
Step 2
Click Clear All Keys on the Signing Keys page.
Step 3
Confirm the deletion.
Generating a DNS Text Record
Procedure
Step 1
Choose Mail Policies > Signing Profiles.
Step 2
In the Domain Signing Profiles section, in the DNS Text Record column, click the Generate link for the
corresponding domain profile.
corresponding domain profile.
Step 3
Mark the checkbox for the attributes you wish to include in the DNS text record.
Step 4
Click Generate Again to re-generate the key with any changes you have made.
Step 5
The DNS text record is displayed in the text field at the bottom of the window (where you can now copy
it). In some cases, multi-string DNS text records are generated. See
it). In some cases, multi-string DNS text records are generated. See
Step 6
Click Done.
Related Topics
•
Multi-string DNS Text Records
Multi-string DNS text records may be generated if the key size of the signing key used to generate the
DNS text records are larger than 1024 bits. This is because not more than 255 characters are allowed in
a single string of a DNS text record. The DKIM authentication may fail as some of the DNS servers do
not accept or serve multi-string DNS text records.
DNS text records are larger than 1024 bits. This is because not more than 255 characters are allowed in
a single string of a DNS text record. The DKIM authentication may fail as some of the DNS servers do
not accept or serve multi-string DNS text records.
To avoid this scenario, it is recommended that you use double quotes to break up the multi-string DNS
text record into smaller strings not exceeding 255 bytes. The following is an example.
text record into smaller strings not exceeding 255 bytes. The following is an example.
s._domainkey.domain.com. IN TXT "v=DKIM1;"
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE"
"A4Vbhjq2n/3DbEk6EHdeVXlIXFT7OEl81amoZLbvwMX+bej"
"CdxcsFV3uS7G8oOJSWBP0z++nTQmy9ZDWfaiopU6k7tzoi"
"+oRDlKkhCQrM4oP2B2F5sTDkYwPY3Pen2jgC2OgbPnbo3o"
"m3c1wMWgSoZxoZUE4ly5kPuK9fTtpeJHNiZAqkFICiev4yrkL"
"R+SmFsJn9MYH5+lchyZ74BVm+16Xq2mptWXEwpiwOxWI"
"YHXsZo2zRjedrQ45vmgb8xUx5ioYY9/yBLHudGc+GUKTj1i4"
"mQg48yCD/HVNfsSRXaPinliEkypH9cSnvgvWuIYUQz0dHU;"
DKIM implementations reassemble DNS text records broken down this way into the full original single
string before processing them.
string before processing them.