This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM verification V18

I installed V18 yesterday on our xg 210v3 and now all outgoing email is in quarantaine because of the DKIM verification feature, the odd thing is that we never enabled that feature and turning it on or off, or making an exception for this mail server nothing works so i guess we have to roll back and wait till a proper release....



This thread was automatically locked due to age.
  • Pascal,

    emails are quarantined by XG or by the target server?

    Thanks

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • the emails are quarantined by the XG it's our own (exchange) mail server that sends the mail through the Sophos XG (antispam module)

  • Ok.

    Did you generate the public and private key via ssh commands?

    Then, did you upload the private key and the key selector in the web UI?

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  •  DKIM signing and DKIM verification are not enabled (and never were) on the XG. so no i did not do that.

  • Pascal,

    if the feature in UI is off, you should log a ticket with support. Once you created the ticket, update the thread.

    I fully understand the issue and maybe rollback to 17.5.9 is the only option.

    Regards

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • I am curious, will setting DKIM on, saving, turning it off, saving - Resolve this issue? 

    But DKIM should not be enabled by default (was not on any on my tests appliances). 

    __________________________________________________________________________________________________________________

  • It isn't enabled (well apparently it is somehow but it doesn't say so in the UI) and i never enabled it! , turning it on and use the option to accept when DKIM fails even doesnt resolve it. even when i make an exception for this server (and check DKIM verification)  it won't pass the mails through....

    the only workaround for now is configuring DKIM signing for this domain on the XG so i did that (which offcourse isn't a bad thing but i like to have it as an option and now it is somewhat mandatory ;) )

    the other strange thing is that this doesn't affect our other mail server which is also behind this XG... (different zone / vLAN)

  • Do you have a subscription on your Product? I would likely open a support case to get the Logs analyzed. 

    Or you try it at your own.

    __________________________________________________________________________________________________________________

  • Yeah it's a 2 month old xg210 (v3)  i've got an Fullguard subscription on it, the workaround (configuring DKIM) fixes our problem but i can imagine you guys wanna check our logs as it's likely more customers will run into this.

  • Pascal,

    please open a ticket ASAP and let us know.

    Regards

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect