Mailing List Archive

Implementing DKIM/DMARC on your mail system
Has anyone implanted DKIM and DMARC on their system.

For DKIM did you implement full, partial or optional Digital Signing for incoming and/or outgoing messages?
Have you implemented it in an academic institute ?
What about verifying signatures, can you set it to allow unsigned messages through? Or does DKIM auto-sign them?
What about rejected messages which do not meet DKIM/DMARC requirements, how are those handled?
Where is get domain keys from ? Does JISC supply them?

Peter Hutchison MCP
Senior Network Systems Specialist
* 01484 473716
Networks Team
University of Huddersfield | Queensgate | Huddersfield | HD1 3DH

University of Huddersfield inspiring tomorrow's professionals.
[http://marketing.hud.ac.uk/_HOSTED/EmailSig2014/EmailSigFooter.jpg]

This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Implementing DKIM/DMARC on your mail system [ In reply to ]
On 06/26/2018 01:27 PM, Peter Hutchison via Exim-users wrote:
> Has anyone implanted DKIM and DMARC on their system.

Yes and no, respectively

> For DKIM did you implement full, partial or optional Digital Signing

Defined how?

> for incoming and/or outgoing messages?
> Have you implemented it in an academic institute ?

No

> What about verifying signatures, can you set it to allow unsigned messages through?

You can; that is up to your Exim configuration. I do.
Rejecting them would break mailing-lists.

> Or does DKIM auto-sign them?

Makes no sense. Verification is separate from signing.

> What about rejected messages which do not meet DKIM/DMARC requirements, how are those handled?

I don't test otherwise-rejected messages for DKIM, if thats what you're
asking about

> Where is get domain keys from ? Does JISC supply them?

What is a JISC?
For your own keys, you generate them. For those on incoming messages,
you get them from DNS.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Implementing DKIM/DMARC on your mail system [ In reply to ]
On Tue, 26 Jun 2018, Peter Hutchison via Exim-users wrote:

> Where is get domain keys from ?

If you mean the keys for your domain, as Phil said, you generate
yours yourself (and put them in the DNS for others to access)
and read the keys for other domains from the DNS.

(DomainKeys was an alternative proposal to DKIM,
https://en.wikipedia.org/wiki/DomainKeys
so that is a slightly ambiguous phrase.)

> Does JISC supply them?

If you mean jisc.ac.uk (aka the Joint Information Systems Committee),
no they don't supply domain keys.

--
Andrew C. Aitchison Cambridge, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/