Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1156
Views
0
Helpful
1
Replies

ESA and O365 DKIM issue

nocallaghan1
Level 1
Level 1

‎08-10-2023 05:04 AM

Hi,

 

we have an O365 environment, hybrid at present and all the emails outbound route via on-premise to our ESAs, we also have multiple systems sending email directly to our ESAs via mail relay.

 

The issue is Microsoft sign the outbound emails with a DKIM header, we don't want this and you can't turn it off, we want to use one DKIM signature our ESAs apply outbound, O365 is not the last hop of the emails,we want all our O365 and our internally generated emails to be signed with one DKIM key, the on on the ESAs.

 

Can we strip the DKIM record from the O365 emails as the ESA processes it and apply the ESA DKIM key as the email leases the ESA?

 

Thanks

Neil

Labels:
0 Helpful
1 Reply 1

MatthewWilliams4257
Level 1
Level 1

‎08-21-2023 04:31 PM - edited ‎08-21-2023 04:34 PM

You can use strip-header in a message filter to try to remove the DKIM signature. But i dont know if MFPS are invoked before or after the DKIM authentication check. I believe it's after. But if you are not enforcing dkim actions for your appliance, you can always just remove all those headers before relaying it onwards. Example of the header filter:

 

DeleteMeHeaderFilter:

if header('DKIM-Signature')

{

strip-header('DKIM-Signature');
strip-header('Authentication-Results');
}


First one will remove the DKIM signature outright, second one is if you were doing a dkim check but ignoring the results. 

Because you don't want to send authentication results to a next hop where they may be using ARC or something that could quarantine the mail if they see something sus in it.

0 Helpful
Top