Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
prin
New Contributor

Created on ‎07-18-2022 02:48 AM

Scope of Enable DKIM signing for outgoing messages

Hello everybody,

 

I do have a FortiMail question that may seem very basic but it may potentially have a big impact on the whole configuration. Basically, I just want to make sure that I do understand "Enable DKIM signing for outgoing messages" correctly.

I'm currently in the process of testing DKIM for outgoing messages on a production FortiMail (v. 7.2.0).

  • I've configured the test domain as a separate protected domain,
  • configured a matching selector (is it true that the selector has to be named just like the domain? If so: Why can you even configure different names? It would make sense to use different names if the resulting dns-name is already taken. Moreover, it can only be applied to the protected domain, no associated domains) and
  • downloaded and implemented the TXT in our DNS.

Now, all that seems to be left is to "Enable DKIM signing for outgoing messages" in the SessionProfile for Outgoing Mails. My concern is the following: If I do this, it will be enabled for all of our outgoing mails from our mailserver environment. My guess is that the setting will only be applied to mails that match my test domain that is currently the only domain with a DKIM selector configured on the FortiMail. Is that correct? We do have another protected domain with a number of associatiated domains. Will the setting have any impact on the Domains without a DKIM selector? I see no other way than to enable it for all of our outgoing traffic as it is merely IP-based and session profiles and IP policies cannot be configured domain-based.

 

Thank you in advance for your help!

Labels:
631
0 Kudos
3 REPLIES 3
Anonymous
Not applicable

Created on ‎07-20-2022 01:30 PM

Hello @prin,
 
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
 
Thanks,
597
0 Kudos
gtreminio
Staff
Staff

Created on ‎07-21-2022 02:28 AM

Hi Prin,

 

Based on the information provided, If you enable DKIM signing for outgoing messages for a protected domain from the given settings as shown below:

 

gtreminio_0-1658395303029.png

This setting will be only applied to the domain that is enabled, in your case will be the test domain that has the only DKIM selector configured.

This setting doesn't impact the other domains without the DKIM selector.

Please also notice that you can use any name for the DKIM selector, there is not a restriction in this option.

 

Best regards,

 

587
prin
New Contributor
In response to gtreminio

Created on ‎07-22-2022 07:24 AM

Hi gtreminio and Aashiq_Z,

thank you very much for your replies. We'll start testing soon. One more piece of advice: In the Fortinet Document Library it says: "Note that the selector name must match its corresponding domain name (in this example fortinet.com)". Source: docs.fortinet.com If this is incorrent, it should be changed. 

Thanks and kind regards

576
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.