Messaging Security Gateway - DKIM and DMARK configuration - F-Secure Community
<main> <article class="userContent"> <h3 data-version="4" data-article="000003216">Issue:</h3> <p>How to configure DKIM and DMARC in Messaging Security Gateway?</p> <h3>Resolution:</h3> <p></p><p><b>To configure DKIM:</b></p> <ol><li>Navigate to <b>Email Protection > Email Authentication > DKIM > General</b></li><li>For <i>Enable</i>, select <b>On</b>. A <i>Policy Routes</i> section appears</li><li>Enable <b>Restrict processing to selected policy routes...</b></li><li>Confirm that the policy route <i>default_inbound</i> is present in the <i>Require Any Of-</i>list</li><li>Add any other required inbound policy routes to the <i>Require Any Of-</i>list</li><li>Click <b>Save Changes</b></li></ol><p><b>To enable DKIM signing:</b><br><br>DKIM signing is not required for authenticating incoming email, but needs to be set up if you want others to be able to authenticate emails coming from your organization.</p> <ol><li>Navigate to <b>Email Protection > Email Authentication > DKIM Signing> General</b></li><li>For <i>Enable</i>, select <b>On</b></li><li>Set the <i>DKIM Signing Error</i> to <i>Reject the message temporarily</i> <ol><li>Click <b>Edit Rule...</b></li><li>Make sure <i>Delivery Method</i> is set to <i>Retry</i></li><li>Click<i> </i><b>Save Changes</b></li></ol></li><li>Navigate to <b>Email Protection > Email Authentication > DKIM Signing> Keys</b></li><li>Click <b>Generate Key</b></li><li>Set <i>Domain </i>to the domain that the key should be signing</li><li>Set <i>Selector </i>to any alphanumeric string, at your discretion. The important thing is to NOT leave the field empty</li><li>Set <i>Scope</i> to either <i>Any</i>, <i>Domain Including Sub-Domains</i> or <i>Exact Domain</i></li><li>Tick the <b>Disable processing for selected policy routes...</b>-checkbox</li><li>Add all inbound policy routes to the <i>Disable For Any Of</i>-list</li></ol><p>Once the key is generated, a DNS text record is also generated which will need to be published to your DNS servers. Click <b>View </b>in the <i>DNS Text Record</i> column to see the record for a specific key.</p> <h3>To enable DMARC:</h3> <ol><li>If SPF is not enabled: <ol><li>Navigate to <b>Email Protection ></b> <b>Email Authentication > SPF > General</b></li><li>For <i>Enable</i>, select <b>On</b>. A <i>Policy Routes</i> section appears</li><li>Enable <b>Restrict processing to selected policy routes...</b></li><li>Confirm that the policy route <i>default_inbound</i> is present in the <i>Require Any Of-</i>list</li><li>Add any other required inbound policy routes to the <i>Require Any Of-</i>list</li><li>Click <b>Save Changes</b></li></ol></li><li>If DKIM is not enabled:</li></ol><ul><li>Refer back to the instructions above, "To configure DKIM", regarding how to set up DKIM</li></ul><ol><li>Enable DMARC: <ol><li>Before you enable DMARC, ensure that you have also enabled the SPF and DKIM modules</li><li>Navigate to <b>Email Protection > Email Authentication > DMARC > General</b></li><li>For <i>Enable</i>, select <b>On</b>. A <i>Policy Routes</i> section appears</li><li>Enable <b>Restrict processing to selected policy routes...</b></li><li>Confirm that the policy route <i>default_inbound</i> is present in the <i>Require Any Of-</i>list</li><li>Add any other required inbound policy routes to the <i>Require Any Of-</i>list <ul><li><b>Important:</b> Ensure that the same inbound policy routes that you selected for the SPF and DKIM modules are also on the <b><i>Require Any Of</i></b><i>-</i>list</li></ul></li><li>Click <b>Save Changes</b></li></ol></li></ol><p>Article no: 000003216</p> </article> </main>
