This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM / Exchange 2013

Hi, I have 2 exchange servers 2013 configured as MBX and CAS, and I use Sophos UTM as Proxy SMTP, now I want to configure DKIM and DMARC, where should I configure them? in the cas, mbx or UTM?

Thanks 1000

This thread was automatically locked due to age.

Parents

0 Jaydeep over 4 years ago

Hi papali

You can configure DKIM on Sophos UTM SMTP proxy using this KBA: Sophos UTM: DomainKeys DKIM setup guide but you can not set up DMARC. There's a feature request for it here: https://ideas.sophos.com/forums/17359-sg-utm/suggestions/2554345-enable-dmarc.

Regards

Jaydeep
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 4 years ago in reply to Jaydeep
I think the only part of DMARC that the UTM doesn't do is the reporting back to the sending domain.

From the dmarc.org/overview page:

Deploy DKIM & SPF. You have to cover the basics, first.

Ensure that your mailers are correctly aligning the appropriate identifiers.

Publish a DMARC record with the “none” flag set for the policies, which requests data reports.

Analyze the data and modify your mail streams as appropriate.

Modify your DMARC policy flags from “none” to “quarantine” to “reject” as you gain experience

Cheers - Bob
Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 4 years ago in reply to Jaydeep
I think the only part of DMARC that the UTM doesn't do is the reporting back to the sending domain.

From the dmarc.org/overview page:

Deploy DKIM & SPF. You have to cover the basics, first.

Ensure that your mailers are correctly aligning the appropriate identifiers.

Publish a DMARC record with the “none” flag set for the policies, which requests data reports.

Analyze the data and modify your mail streams as appropriate.

Modify your DMARC policy flags from “none” to “quarantine” to “reject” as you gain experience

Cheers - Bob
Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 DouglasFoster over 4 years ago in reply to BAlfson
A summary of DMARC issues:

For outbound DMARC, these components are needed:

DKIM signing of outbound messages

Appropriate DNS records (provided by the organization.)

Ideally, feedback capture (since this is what makes DMARC better than SPF and DKIM for senders.) This can be very pricey, but SparkPost.com provides a free poor-man's implementation of DMARC report collection. I have not yet used it, but I was told that incoming DMARC reports are converted to PDF and forwarded as email to the system administrator.

UTM Status for outbound DMARC:

UTM can apply DKIM signatures, although the signature can also be applied by the mail server before outbound traffic reaches UTM.

For inbound DMARC processing, the receiving system features:

SPF and DKIM interpretation as required components of DMARC policy enforcement.

DMARC policy enforcement

Ideally, feedback reporting to the sending domains that request feedback.

UTM Status for inbound DMARC:

No support for DMARC policy enforcement.

No support for DMARC feedback data collection and report generation.
Cancel
Vote Up 0 Vote Down

Cancel