CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo
Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
  1. Support
  2. MailMarshal Cloud
  3. Knowledge Base

HOWTO: Setting up DKIM signing for MailMarshal Cloud

 

This article applies to:

  • MailMarshal (SEG) Cloud
  • DKIM signing 

Question:

  • What are the required steps for a customer to enable DKIM signing of outgoing messages in MailMarshal Cloud?

Procedure:

To set up DKIM signing:

  1. Create a DKIM key and selector for each domain.
    • In the MailMarshal Cloud Console, see System Configuration > Domains > (edit a domain) > DKIM.
    • Click Add, and then generate a key (or import a key if you have an externally generated one.
    • Copy the DNS Name and DNS Record information.
    • Click Save.
  2. You must create DNS records using the information provided (see below).
  3. After the DNS records are created, wait for them to be publicly available (normally within a few hours). You can check availability by returning to the domain page and editing the DKIM Key. You should see DNS Record successfully retrieved. You can also check the record using Google Public DNS at 8.8.8.8.
  4. Once the record for a domain is available, select it on the domain DKIM tab, and click Toggle Active

Signing

A DKIM signature is applied to all outgoing messages where DKIM is configured for the domain and a selector/key is active. 

  • Signing is requested by the rule Global Policies - Domain Reputation Services (Outbound): DKIM Sign Email.
  • Signing is applied at the end of content processing. 

Creating the DNS record(s)

A DNS Resource Record is required for each local domain from which you are planning to send DKIM signed messages.

Copy the information created in the MailMarshal Cloud Console for each domain.

In your DNS provider interface, expand the zone for the desired local domain, and add a resource record of type TEXT. Name the record with DNS Name you copied. The name of the record should be like yourselector._domainkey.yourdomain.com

Paste the DNS record text. The text of the record may include more than one line.

  • 2048 bit keys are longer than the permitted line length for many DNS servers. Long keys generated by MailMarshal Cloud are formatted with linebreaks and can be pasted directly to most DNS servers. However, some DNS software may change the linebreak to a space or make other changes. Be sure to verify the actual DNS record using NSLookup or a web-based DKIM checker.
  • The full record will be similar to the below image.


  • Looking up the record with NSLookup returns a result as shown below:

    Trustwave MailMarshal Cloud KB article Q21085

    Last Modified: November 10, 2023

     Turn On Turn Off Highlight