Cisco Cisco Email Security Appliance C160 Mode D'Emploi
17-9
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 17 Email Authentication
Configuring DomainKeys and DKIM Signing
•
“i” Tag. The identity of the user or agent (e.g., a mailing list manager) on behalf of which this
message is signed. Enter the domain name prepended with the
message is signed. Enter the domain name prepended with the
@
symbol, such as the domain
@example.com
.
•
“q” Tag. A colon-separated list of query methods used to retrieve the public key. Currently, the only
valid value is dns/txt.
valid value is dns/txt.
•
“t” Tag. A timestamp for when the signature was created.
•
“x” Tag. The absolute date and time when the signature expires. Specify an expiration time (in
seconds) for the signature. The default is
seconds) for the signature. The default is
31536000
seconds.
•
“z” Tag. A vertical bar-separated (i.e.,
|
) list of header fields present when the message was signed.
This includes the names of the header fields and their values. For example:
z=From:admin@example.come|To:joe@example.com|
Subject:test%20message|Date:Date:August%2026,%202011%205:30:02%20PM%20-0700
Step 13
Enter users (email addresses, hosts, etc.) that will use the domain profile for signing.
Note
When you create domain profiles, be aware that a hierarchy is used in determining the profile to associate
with a particular user. For example, you create a profile for example.com and another profile for
joe@example.com. When mail is sent from joe@example.com, the profile for joe@example.com is
used. However, when mail is sent from adam@example.com, the profile for example.com is used.
with a particular user. For example, you create a profile for example.com and another profile for
joe@example.com. When mail is sent from joe@example.com, the profile for joe@example.com is
used. However, when mail is sent from adam@example.com, the profile for example.com is used.
Step 14
Submit and commit your changes.
Step 15
At this point (if you have not already) you should enable DomainKeys/DKIM signing on an outgoing
mail flow policy (see
mail flow policy (see
Note
If you create both a DomainKeys and DKIM profile, AsyncOS performs both DomainKeys and
DKIM signing on outgoing mail.
DKIM signing on outgoing mail.
Create a New Signing Key
Signing keys are required for domain profiles for DomainKeys and DKIM signing.
Procedure
Step 1
Choose Mail Policies > Signing Keys.
Step 2
Click Add Key.
Step 3
Enter a name for the key.
Step 4
Click Generate and select a key size.
Larger key sizes are more secure; however, larger keys can have an impact on performance. Cisco
recommends a key size of 768 bits, which should provide a good balance between security and
performance.
recommends a key size of 768 bits, which should provide a good balance between security and
performance.
Step 5
Submit and commit your changes.