Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

When you configure an AsyncOS appliance for DKIM verification, the following checks are performed:

AsyncOS checks for the DKIM-Signature field in incoming mail, the syntax of the signature header, 
valid tag values, and required tags. If the signature fails any of these checks, AsyncOS returns a permfail. 

After the signature check is performed, the public key is retrieved from the public DNS record, and the 
TXT record is validated. If errors are encountered during this process, AsyncOS returns a permfail. A 
tempfail occurs if the DNS query for the public key fails to get a response.

After retrieving the public key, AsyncOS checks the hashed values and verifies the signature. If any 
failures occur during this step, AsyncOS returns a permfail.

If the checks all pass, AsyncOS returns a pass.

When the message body is greater than the specified length, AsyncOS returns the following verdict: 

dkim = pass (partially verified [x bytes])

where X represents the number of bytes verified.

The final verification result is entered as an Authentication-Results header. For example, you might get 
a header that looks like one of the following:

Authentication-Results: example1.com

header.from=From:user123@example.com; dkim=pass (signature verified)

Authentication-Results: example1.com

header.from=From:user123@example.com; dkim=pass (partially verified [1000 bytes])

Authentication-Results: example1.com

Create a profile for verifying messages using 
DKIM.

(Optional) Create a custom mail flow policy to 
use for verifying incoming messages using 
DKIM.

Configure your mail flow policies to verify 
incoming messages using DKIM.

Define the action that the Email Security 
appliance takes on verified messages.

Associate the action with groups of specific 
senders or recipients.