Messaging Security Gateway - DKIM and DMARK configuration

Messaging Security Gateway - DKIM and DMARK configuration - F-Secure Community

Issue:

How to configure DKIM and DMARC in Messaging Security Gateway?

Resolution:

To configure DKIM:

Navigate to Email Protection > Email Authentication > DKIM > General
For Enable, select On. A Policy Routes section appears
Enable Restrict processing to selected policy routes...
Confirm that the policy route default_inbound is present in the Require Any Of-list
Add any other required inbound policy routes to the Require Any Of-list
Click Save Changes

To enable DKIM signing:

DKIM signing is not required for authenticating incoming email, but needs to be set up if you want others to be able to authenticate emails coming from your organization.

Navigate to Email Protection > Email Authentication > DKIM Signing> General
For Enable, select On
Set the DKIM Signing Error to Reject the message temporarily
1. Click Edit Rule...
2. Make sure Delivery Method is set to Retry
3. Click Save Changes
Navigate to Email Protection > Email Authentication > DKIM Signing> Keys
Click Generate Key
Set Domain to the domain that the key should be signing
Set Selector to any alphanumeric string, at your discretion. The important thing is to NOT leave the field empty
Set Scope to either Any, Domain Including Sub-Domains or Exact Domain
Tick the Disable processing for selected policy routes...-checkbox
Add all inbound policy routes to the Disable For Any Of-list

Once the key is generated, a DNS text record is also generated which will need to be published to your DNS servers. Click View in the DNS Text Record column to see the record for a specific key.

To enable DMARC:

If SPF is not enabled:
1. Navigate to Email Protection > Email Authentication > SPF > General
2. For Enable, select On. A Policy Routes section appears
3. Enable Restrict processing to selected policy routes...
4. Confirm that the policy route default_inbound is present in the Require Any Of-list
5. Add any other required inbound policy routes to the Require Any Of-list
6. Click Save Changes
If DKIM is not enabled:

Refer back to the instructions above, "To configure DKIM", regarding how to set up DKIM

Enable DMARC:
1. Before you enable DMARC, ensure that you have also enabled the SPF and DKIM modules
2. Navigate to Email Protection > Email Authentication > DMARC > General
3. For Enable, select On. A Policy Routes section appears
4. Enable Restrict processing to selected policy routes...
5. Confirm that the policy route default_inbound is present in the Require Any Of-list
6. Add any other required inbound policy routes to the Require Any Of-list
  - Important: Ensure that the same inbound policy routes that you selected for the SPF and DKIM modules are also on the Require Any Of-list
7. Click Save Changes

Article no: 000003216