Hello everybody,
I do have a FortiMail question that may seem very basic but it may potentially have a big impact on the whole configuration. Basically, I just want to make sure that I do understand "Enable DKIM signing for outgoing messages" correctly.
I'm currently in the process of testing DKIM for outgoing messages on a production FortiMail (v. 7.2.0).
Now, all that seems to be left is to "Enable DKIM signing for outgoing messages" in the SessionProfile for Outgoing Mails. My concern is the following: If I do this, it will be enabled for all of our outgoing mails from our mailserver environment. My guess is that the setting will only be applied to mails that match my test domain that is currently the only domain with a DKIM selector configured on the FortiMail. Is that correct? We do have another protected domain with a number of associatiated domains. Will the setting have any impact on the Domains without a DKIM selector? I see no other way than to enable it for all of our outgoing traffic as it is merely IP-based and session profiles and IP policies cannot be configured domain-based.
Thank you in advance for your help!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 07-20-2022 01:30 PM
Hi Prin,
Based on the information provided, If you enable DKIM signing for outgoing messages for a protected domain from the given settings as shown below:
This setting will be only applied to the domain that is enabled, in your case will be the test domain that has the only DKIM selector configured.
This setting doesn't impact the other domains without the DKIM selector.
Please also notice that you can use any name for the DKIM selector, there is not a restriction in this option.
Best regards,
Hi gtreminio and Aashiq_Z,
thank you very much for your replies. We'll start testing soon. One more piece of advice: In the Fortinet Document Library it says: "Note that the selector name must match its corresponding domain name (in this example fortinet.com)". Source: docs.fortinet.com If this is incorrent, it should be changed.
Thanks and kind regards
Hello!
Just implementing DKIM signing of outgoing mails on a FortiMail. FortiMail is acting as a smarthost for M365 mail accounts. At M365 side DKIM signing is deactivated for both initial "onmicrosoft.com" and custom domain.
My understanding is that at FortiMail side BOTH settings
1) "Enable DKIM signing for outgoing messages" in the SessionProfile for outgoing mails
AND
2) "DKIM signing for outgoing email" for the protected domain (together with an active key selector)
have to be enabled in order to effectively have DKIM signing really in place (by FortiMail).
If 1) or 2) is not enabled then there should be no DKIM signing for outgoing mails.
Though my observations are different: If either 1) OR 2) is enabled then the DKIM signature is visible at the mail recipient side (for the mails sent by FortiMail acting as smarthost).
Is there anything missing or is my understanding wrong?
Thanks in advance for your feedback !
Hi Yoda
So if I understand well:
- Use 1 to enable dkim signing at session profile level (cause you may need it disabled on other session profiles)
- Use 2 to enable it globally for the domain
(My assumption needs to be double checked)
Hi AEK,
Yes - 1) and 2) settings are both enabled, so DKIM signing is taking place - as expected.
But I would expect that if one of "DKIM signing for outgoing messages/email" setting in 1) OR 2) is disabled then DKIM signing should NOT take place. In fact it needs only one of both settings to have DKIM signing in place (as observed at mail recipient side).
Yoda
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.