Cisco Cisco Email Security Appliance C650 Guia Do Utilizador
21-9
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 21 Email Authentication
Configuring DomainKeys and DKIM Signing
Step 9
If you have already created a signing key, select a signing key. Otherwise, skip to the next step. You must
create (or import) at least one signing key in order to have signing keys to choose from in the list. See
create (or import) at least one signing key in order to have signing keys to choose from in the list. See
Step 10
Select the list of headers to sign. You can select from the following headers:
•
All. AsyncOS signs all the headers present at the time of signature. You may want to sign all headers
if you do not expect headers to be added or removed in transit.
if you do not expect headers to be added or removed in transit.
•
Standard. You may want to select the standard headers if you expect that headers may be added or
removed in transit. AsyncOS signs only the following standard headers (if the header is not present
in the message, the DKIM signature indicates a null value for the header):
removed in transit. AsyncOS signs only the following standard headers (if the header is not present
in the message, the DKIM signature indicates a null value for the header):
–
From
–
Sender, Reply To-
–
Subject
–
Date, Message-ID
–
To, Cc
–
MIME-Version
–
Content-Type, Content-Transfer-Encoding, Content-ID, Content-Description
–
Resent-Date, Resent-From, Resent-Sender, Resent-To, Resent-cc, Resent-Message-ID
–
In-Reply-To, References
–
List-Id, List-Help, List-Unsubscribe, LIst-Subscribe, List-Post, List-Owner, List-Archive
Note
When you select “Standard”, you can add additional headers to sign.
Step 11
Specify how to sign the message body. You can choose to sign the message body, and/or how many bytes
to sign. Select one of the following options:
to sign. Select one of the following options:
•
Whole Body Implied. Do not use the “l=” tag to determine body length. The entire message is
signed and no changes are allowed.
signed and no changes are allowed.
•
Whole Body Auto-determined. The entire message body is signed, and appending some additional
data to the end of body is allowed during transit.
data to the end of body is allowed during transit.
•
Sign first _ bytes. Sign the message body up to the specified number of bytes.
Step 12
Select the tags you want to include in the message signature’s header field. The information stored in
these tags are used for message signature verification. Select one or more of the following options:
these tags are used for message signature verification. Select one or more of the following options:
•
“i” Tag. The identity of the user or agent (e.g., a mailing list manager) on behalf of which this
message is signed. Enter the domain name prepended with the
message is signed. Enter the domain name prepended with the
@
symbol, such as the domain
@example.com
.
•
“q” Tag. A colon-separated list of query methods used to retrieve the public key. Currently, the only
valid value is dns/txt.
valid value is dns/txt.
•
“t” Tag. A timestamp for when the signature was created.
•
“x” Tag. The absolute date and time when the signature expires. Specify an expiration time (in
seconds) for the signature. The default is
seconds) for the signature. The default is
31536000
seconds.
•
“z” Tag. A vertical bar-separated (i.e.,
|
) list of header fields present when the message was signed.
This includes the names of the header fields and their values. For example: