We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Security Gateway

What is DomainKeys? How can I configure DomainKeys on my Barracuda Spam Firewall?

  • Type: Knowledgebase
  • Date changed: 2 years ago
Solution #00002752

Scope:
All Barracuda Spam Firewalls, firmware version 3.5.12 and above.

Answer:
The DomainKeys (or DKIM) feature of the Barracuda Spam Firewall recognizes a specific header in incoming mail messages and compares that header against specific DomainKeys DNS records. If DomainKeys is enabled, the Barraucda will query the configured DNS servers for the public key to use to verify the signature. If the signature verifies, the Barracuda will take no action and continue scanning the message. If the signature fails verification, The Barracuda will again query the DNS servers for the sending domain's signing practice. If the sending server signs all mail, then the Barracuda will take the action specified (Block, Quarantine, Tag, or Off); if the signing practice is anything else, the Barracuda will take no action and continue scanning the message. If the message is unsigned and Inspect All Mail for DomainKeys Policy is Yes, then the Barracuda will query DNS for the signing practice regardless of whether a DomainKeys header is present and proceed as above; if Inspect All Mail for DomainKeys Policy is No and the message is unsigned then the Barracuda will take no action and continue scanning.

To configure DomainKeys, go to the Block/Accept > Sender Authentication page and scroll down to the DomainKeys Configuration heading. To enable DomainKeys, set Enable DomainKeys Inspection to Yes. Bear in mind that there is a performance overhead with the cryptographic operations and DNS lookup of public keys. You can then specify whether to check the DomainKeys signing practice for all incoming mail, what action to take on those messages that fail the DomainKeys authentication (Block, Quarantine, Tag, or Off), and which (if any) domains to exempt from DomainKeys authentication.

Additional Notes:
In firmware versions 3.5.10 and 3.5.11, the DomainKeys options are configured on the Advanced > Email Protocol page. In firmware version 3.5.12, they were moved to the Block/Accept > Sender Authentication page.

Link to This Page:
https://campus.barracuda.com/solution/50160000000GzaFAAS