I configured DKIM signing in the SMG/SLES appliance. Generated keys in Domain Management. Public key added in DNS. Checked record with online tool -> OK.
Then send a message and checked it with https://www.appmaildev.com/en/dkim. Result: DKIM none. Double-checked with gmail on the security button: no encryption.
How can I check in the logs what goes wrong?
I see in the supervisor log this:
 2020-04-09 19:58:35 (DBCB) DB notification: dkimupdate
 2020-04-09 19:58:35 (dkim) Processing DKIM signature updates start
 2020-04-09 19:58:35 (dkim) Add/update DKIM record for d=meerdaneen.nl, s=20200409
 2020-04-09 19:58:35 (dkim) Processing DKIM signature updates complete
SMG offers two parts to DKIM:
This release fixed the DKIM signature, that wasn't being attached. If that is the part that still isn't working for you I would recommend opening a ticket with support.
Hello all / @suziew
The creation of a DKIM policy for incomming message is not clear to me. Can anyone explain?
- Imho all messages should be scanned for a valid DKIM. DMARC policy should decide of the email is accepted or not. Does this SMG policy check DMARC for the acceptance policy?
- So why should I specify a domain in the search criteria field?
- If I have to specify a domain in the search criteria field, ar wildcards accepted? Like *@testdomain.com?
I'm glad you were able to get it working after recreating them, like Ken suggested.
You may end up with false positives (since every domain sending to you may not have a DKIM signature yet), if you don't specify which domains you want to check for, such as banks etc.
Yes, wildcards work. You can list them as *domain.com or *@domain.com.
@suziewOK. That's clear. And with this we take a very important step (happy for now!)
But officially it works like this:
DMARC record of the sender domain has a policy 'none', 'quarantine', or 'reject'. It tells recipients what to do if both SPF and DKIM fail.
But SMG implements it different: if DKIM fails, mails should be blocked or quarantined (whatever we choose) without looking at the policy in the DMARC record.
Thanks! I added my vote to it.
Here is the link if anyone else sees this and wants to add votes: https://community.microfocus.com/t5/SMG-Idea-Exchange/DKIM-check-for-incoming-messages/idi-p/2778555
Create and vote for enhancements in the Idea Exchange forums!
Don't forget to Like helpful posts and mark Solutions!