Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 2731 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM / Exchange 2013

papali

Hi, I have 2 exchange servers 2013 configured as MBX and CAS, and I use Sophos UTM as Proxy SMTP, now I want to configure DKIM and DMARC, where should I configure them? in the cas, mbx or UTM?

 

Thanks 1000



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    You can configure DKIM on Sophos UTM SMTP proxy using this KBA: Sophos UTM: DomainKeys DKIM setup guide but you can not set up DMARC. There's a feature request for it here: https://ideas.sophos.com/forums/17359-sg-utm/suggestions/2554345-enable-dmarc.

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    I think the only part of DMARC that the UTM doesn't do is the reporting back to the sending domain.

    From the dmarc.org/overview page:

    1. Deploy DKIM & SPF. You have to cover the basics, first.
    2. Ensure that your mailers are correctly aligning the appropriate identifiers.
    3. Publish a DMARC record with the “none” flag set for the policies, which requests data reports.
    4. Analyze the data and modify your mail streams as appropriate.
    5. Modify your DMARC policy flags from “none” to “quarantine” to “reject” as you gain experience

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    A summary of DMARC issues:

    For outbound DMARC, these components are needed:

    • DKIM signing of outbound messages
    • Appropriate DNS records (provided by the organization.)
    • Ideally, feedback capture (since this is what makes DMARC better than SPF and DKIM for senders.)    This can be very pricey, but SparkPost.com provides a free poor-man's implementation of DMARC report collection.   I have not yet used it, but I was told that incoming DMARC reports are converted to PDF and forwarded as email to the system administrator.

    UTM Status for outbound DMARC:

    •  UTM can apply DKIM signatures, although the signature can also be applied by the mail server before outbound traffic reaches UTM.

    For inbound DMARC processing, the receiving system features:

    • SPF and DKIM interpretation as required components of DMARC policy enforcement.
    • DMARC policy enforcement
    • Ideally, feedback reporting to the sending domains that request feedback.

    UTM Status for inbound DMARC:

    • No support for DMARC policy enforcement.
    • No support for DMARC feedback data collection and report generation.
Reply
  • 0 in reply to BAlfson

    A summary of DMARC issues:

    For outbound DMARC, these components are needed:

    • DKIM signing of outbound messages
    • Appropriate DNS records (provided by the organization.)
    • Ideally, feedback capture (since this is what makes DMARC better than SPF and DKIM for senders.)    This can be very pricey, but SparkPost.com provides a free poor-man's implementation of DMARC report collection.   I have not yet used it, but I was told that incoming DMARC reports are converted to PDF and forwarded as email to the system administrator.

    UTM Status for outbound DMARC:

    •  UTM can apply DKIM signatures, although the signature can also be applied by the mail server before outbound traffic reaches UTM.

    For inbound DMARC processing, the receiving system features:

    • SPF and DKIM interpretation as required components of DMARC policy enforcement.
    • DMARC policy enforcement
    • Ideally, feedback reporting to the sending domains that request feedback.

    UTM Status for inbound DMARC:

    • No support for DMARC policy enforcement.
    • No support for DMARC feedback data collection and report generation.
Children
No Data
Unfiltered HTML