All Email Security Gateways, firmware version 3.5.12 and above.
The DomainKeys (or DKIM) feature of the Email Security Gateway recognizes a specific header in incoming mail messages and compares that header against specific DomainKeys DNS records. If DomainKeys is enabled, the Barraucda will query the configured DNS servers for the public key to use to verify the signature. If the signature verifies, the Barracuda will take no action and continue scanning the message. If the signature fails verification, The Barracuda will again query the DNS servers for the sending domain's signing practice. If the sending server signs all mail, then the Barracuda will take the action specified (Block, Quarantine, Tag, or Off); if the signing practice is anything else, the Barracuda will take no action and continue scanning the message. If the message is unsigned and Inspect All Mail for DomainKeys Policy is Yes, then the Barracuda will query DNS for the signing practice regardless of whether a DomainKeys header is present and proceed as above; if Inspect All Mail for DomainKeys Policy is No and the message is unsigned then the Barracuda will take no action and continue scanning.
To configure DomainKeys, go to the Block/Accept > Sender Authentication page and scroll down to the DomainKeys Configuration heading. To enable DomainKeys, set Enable DomainKeys Inspection to Yes. Bear in mind that there is a performance overhead with the cryptographic operations and DNS lookup of public keys. You can then specify whether to check the DomainKeys signing practice for all incoming mail, what action to take on those messages that fail the DomainKeys authentication (Block, Quarantine, Tag, or Off), and which (if any) domains to exempt from DomainKeys authentication.
In firmware versions 3.5.10 and 3.5.11, the DomainKeys options are configured on the Advanced > Email Protocol page. In firmware version 3.5.12, they were moved to the Block/Accept > Sender Authentication page.
Link to This Page: