Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Lines such as the following are added to the mail logs upon DomainKeys signing:

Tue Aug 28 15:29:30 2007 Info: MID 371 DomainKeys: signing with 

dk-profile - matches user123@example.com

Tue Aug 28 15:34:15 2007 Info: MID 373 DomainKeys: cannot sign - no 

profile matches user12@example.com

Lines such as these are added to the mail logs upon DKIM signing:

Tue Aug 28 15:29:54 2007 Info: MID 372 DKIM: signing with 

dkim-profile - matches user@example.com

Tue Aug 28 15:34:15 2007 Info: MID 373 DKIM: cannot sign - no profile 

matches user2@example.com

In addition to signing outgoing mail, you can use DKIM to verify incoming mail. 

To configure DKIM verification, you need to:

Enable DKIM verification on a mail flow policy for inbound mail.

Optionally, configure a content filter to perform an action for DKIM verified 
emails using the DKIM authentication condition. 

When you configure an AsyncOS appliance for DKIM verification, the following 
checks are performed:

AsyncOS checks for the DKIM-Signature field in incoming mail, the syntax of the 
signature header, valid tag values, and required tags. If the signature fails any of 
these checks, AsyncOS returns a permfail. 

After the signature check is performed, the public key is retrieved from the public 
DNS record, and the TXT record is validated. If errors are encountered during this 
process, AsyncOS returns a permfail. A tempfail occurs if the DNS query for the 
public key fails to get a response.

After retrieving the public key, AsyncOS checks the hashed values and verifies the 
signature. If any failures occur during this step, AsyncOS returns a permfail.