This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM / Exchange 2013

Hi, I have 2 exchange servers 2013 configured as MBX and CAS, and I use Sophos UTM as Proxy SMTP, now I want to configure DKIM and DMARC, where should I configure them? in the cas, mbx or UTM?

 

Thanks 1000



This thread was automatically locked due to age.
Parents Reply
  • I think the only part of DMARC that the UTM doesn't do is the reporting back to the sending domain.

    From the dmarc.org/overview page:

    1. Deploy DKIM & SPF. You have to cover the basics, first.
    2. Ensure that your mailers are correctly aligning the appropriate identifiers.
    3. Publish a DMARC record with the “none” flag set for the policies, which requests data reports.
    4. Analyze the data and modify your mail streams as appropriate.
    5. Modify your DMARC policy flags from “none” to “quarantine” to “reject” as you gain experience

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • A summary of DMARC issues:

    For outbound DMARC, these components are needed:

    • DKIM signing of outbound messages
    • Appropriate DNS records (provided by the organization.)
    • Ideally, feedback capture (since this is what makes DMARC better than SPF and DKIM for senders.)    This can be very pricey, but SparkPost.com provides a free poor-man's implementation of DMARC report collection.   I have not yet used it, but I was told that incoming DMARC reports are converted to PDF and forwarded as email to the system administrator.

    UTM Status for outbound DMARC:

    •  UTM can apply DKIM signatures, although the signature can also be applied by the mail server before outbound traffic reaches UTM.

    For inbound DMARC processing, the receiving system features:

    • SPF and DKIM interpretation as required components of DMARC policy enforcement.
    • DMARC policy enforcement
    • Ideally, feedback reporting to the sending domains that request feedback.

    UTM Status for inbound DMARC:

    • No support for DMARC policy enforcement.
    • No support for DMARC feedback data collection and report generation.