McAfee MAP-3300-SWG Product Guide - Page 99

Overview of Email features Email Configuration Postmaster address McAfee recommends that you assign a postmaster, so that queries from your users are handled promptly. The postmaster must be someone who reads email regularly. You can use the name of a single user or a distribution list. Table 76 Option definitions Option Definition Postmaster address Specifies an email address that the appliance uses to deliver email that has a recipient of postmaster. We recommend that you specify an email address here, so that any delivery problems are handled promptly. You can specify a distribution list or a single user who reads email regularly. DKIM signing The Domain Keys Identified Mail (DKIM) technique uses RSA private and public keys and DNS TXT records to enable the recipient to verify the identity of an email sender. The sender signs the email message with a private key, by adding an extra header - the DKIM-Signature header. The header provides the email message with a cryptographic signature. The signature is typically derived from the message body and email headers such as From and Subject, then encrypted by the sender's private key. Recipients can verify that the message is genuine by making a query on the signer's domain to retrieve the signer's public key from a DNS TXT record. The recipient then verifies that the email and its signature match. The recipient can therefore be confident that the email was sent from the stated sender and was not altered during transit. The appliance can verify signatures from incoming mail and attach signatures to outgoing mail. For information about Domain Keys Identified Mail (DKIM), visit the Internet Engineering Task Force website, http://www.ietf.org and http://www.dkim.org. Use this section to create a Domain Keys Identified Mail (DKIM) key. Table 77 Option definitions Option Enable DKIM signing Definition When selected, adds a DKIM header (like a digital signature) to each email message as it is sent. You must add a key before you can enable DKIM signing. Domain name and Selector During verification, the recipient extracts your Domain Name and Selector from the signature to retrieve the public key associated with the appliance's private signing key. For example, if your Selector is mail and your Domain Name is example.com, the recipient must issue a DNS query for the TXT record of mail._domainkey.example.com. Signing key Select the key to be used to sign the messages. DKIM signing keys Allows you to create signing keys from numerous parameters. Export When clicked, allows you to save the private key to a file, in case the original private key is lost or erased. View Public Key Place the public key on your DNS server or give it to your Internet Service Provider, so that recipients can verify email from your organization. McAfee Email and Web Security Appliances 5.6.0 Product Guide 99