Enabling DKIM checking
FortiMail can perform DKIM checking for the incoming mail by query the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature.
To enable DKIM checking and signing:
Go to Profile > Session > Session and click New, or edit an existing profile.
- Under Sender Validation, enable the various DKIM checking and signing options available.
To configure DKIM signing:
If you want to sign the outgoing mail with DKIM signatures so that the remote receiving server can verify the signatures, you can do so after you create the protected domains. Note that the DKIM signing settings only appear when configuring an existing protected domain.
- Go to Domain & User > Domain > Domain and click New, or edit an existing profile.
- Under Advanced Settings, click DKIM Setting.
- Click New.
- Enter a name in the New selector field.
- Set DKIM key to Auto Generation. The key pair will be automatically generated and the public key exported for publication on a DNS server.
- Click OK.
- The new selector will appear. Select the newly created selector and click Download to download the domain key DKIM file.
- Publish the public key by inserting the exported DNS record into the DNS zone file of the DNS server that resolves this domain name.
- From the DKIM Setting window in FortiMail, select the newly created selector and click Activate.
- Click Close, and click OK.