How to configure DKIM and DMARC in Messaging Security Gateway?
To configure DKIM:
Navigate to Email Protection > Email Authentication > DKIM > General For Enable, select On. A Policy Routes section appears Enable Restrict processing to selected policy routes... Confirm that the policy route default_inbound is present in the Require Any Of-list Add any other required inbound policy routes to the Require Any Of-list Click Save Changes
To enable DKIM signing: DKIM signing is not required for authenticating incoming email, but needs to be set up if you want others to be able to authenticate emails coming from your organization.
Navigate to Email Protection > Email Authentication > DKIM Signing> General For Enable, select On Set the DKIM Signing Error to Reject the message temporarily
Click Edit Rule... Make sure Delivery Method is set to Retry Click Save Changes
Navigate to Email Protection > Email Authentication > DKIM Signing> Keys Click Generate Key Set Domain to the domain that the key should be signing Set Selector to any alphanumeric string, at your discretion. The important thing is to NOT leave the field empty Set Scope to either Any, Domain Including Sub-Domains or Exact Domain Tick the Disable processing for selected policy routes...-checkbox Add all inbound policy routes to the Disable For Any Of-list
Once the key is generated, a DNS text record is also generated which will need to be published to your DNS servers. Click View in the DNS Text Record column to see the record for a specific key.
To enable DMARC:
If SPF is not enabled:
Navigate to Email Protection > Email Authentication > SPF > General For Enable, select On. A Policy Routes section appears Enable Restrict processing to selected policy routes... Confirm that the policy route default_inbound is present in the Require Any Of-list Add any other required inbound policy routes to the Require Any Of-list Click Save Changes
If DKIM is not enabled:
Refer back to the instructions above, "To configure DKIM", regarding how to set up DKIM
Before you enable DMARC, ensure that you have also enabled the SPF and DKIM modules Navigate to Email Protection > Email Authentication > DMARC > General For Enable, select On. A Policy Routes section appears Enable Restrict processing to selected policy routes... Confirm that the policy route default_inbound is present in the Require Any Of-list Add any other required inbound policy routes to the Require Any Of-list
Important: Ensure that the same inbound policy routes that you selected for the SPF and DKIM modules are also on the Require Any Of-list
Click Save Changes
Article no: 000003216
Email messages are delivered but the sender gets an empty permerror email notification from MSG.
The PermError condition means the sender published SPF record could not be verified. Permerror are usually caused by an incorrect SPF syntax or format error in the SPF record. You may advise the sender to ensure their SPF record is set up correctly and does not have any extra spaces or unrecognizable characters in the DNS TXT record. To prevent the sender from getting the same message, please follow these instructions: 1. Logon to your MSG admin web user interface. 2. Click Email Protection tab. 3. Expand Email Authentication > SPF > Rules. 4. Click on the Edit Rule option of SPF Permanent Error. 5. Under Dispositions, untick the "Reply to sender based on detected language" check box. By disabling the option, senders should not receive the e-mail notification. If you want to use that option, leave the check box ticked and write some message in the Subject and Message field.
Article no: 000016530
A software in our environment sends out regular emails to internal and external recipients. A tag is added to the subject line to have these messages encrypted by MSG. Only the messages intended for internal recipients are being encrypted, all messages from the software to external recipients arrive unencrypted.
Start by verifying that these messages are being routed through the MSG-appliance. It is possible that the software has different routing rules based on domains and that the external traffic isn't routed to the MSG-appliance at all. In MSG, you can check the details of a message using Smart Search:
Log in to the MSG Web UI Make sure the System-tab is selected at the top On the left-hand menu, navigate down to Smart Search-> Search Use the sender and/or recipient information to search for the message. Do note that the Time-field usually is set to Last 24 Hours, which might be too restrictive, so expanding it to for example Last 7 Days is recommended. If you find messages, you can verify their encryption status by checking the envelope symbol at the left of the message row. If it has a small lock on it, the message is encrypted. Expand the message info by clicking the small + next to the envelope symbol to see more details. Here the Encryption-field should also be set to Proofpoint Encryption/Secure Reader Encrypted if the message is encrypted.
If you find messages that should be encrypted but aren't, open a support ticket so that it can be investigated. Provide the appliance-ID and information about the messages so that we can identify them (sender/recipient info, time when it was sent, subject field text). A sample message saved as .eml or .msg is also useful. To ensure that we can help you efficiently, please make sure that the following IP-addresses can access the MSG-appliance on ports 22 and 10000: 126.96.36.199 F-Secure Support / Kuala Lumpur 188.8.131.52 F-Secure Support / HTC Helsinki 184.108.40.206 Proofpoint 220.127.116.11 Proofpoint 18.104.22.168 Proofpoint
Article no: 000018154
Does MSG message encryption work normally when sending emails from a distribution list?
Yes, sending from a distribution list has no effect on the MSG message encryption functionality.
Article no: 000018149
After creating or modifying a Branding template, when adding the Title -information and clicking Save, the saving request keeps hanging (Saving... Please wait) and the Title -information is not being saved.
This happens if you are using empty spaces in the Title and also possibly when using different special characters, which are not supported. To resolve the issue, you will need to remove the spaces and the special characters.
Article no: 000006820