Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 3 answers
  • Subscribers 26 subscribers
  • Views 1673 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - Smarthost - DKIM Signatur wird nicht durchgeführt

Indimundur

Moin,

ich möchte gerne, dass die XG die ausgehenden Mails mit einer DKIM Signatur signiert.

Schlüsselpaare wurden generiert und eingefügt, DNS-Zone ebenfalls.

Es stellt sich aber heraus, dass die E-Mails ohne Signatur abgegeben werden.

Ich nehme an, dass bei jeder Domain ein eigener Eintrag in der XG bei "DKIM SIGNING" angelegt werden muss.

Als Beispiel nehmen wir hier im Forum "name@domain.tld", woraus sich der Eintrag unten ergibt.

Aktuelle Version: SFVH (SFOS 18.0.5 MR-5-Build586)

Mache ich etwas falsch oder worauf soll man achten?

Die Onlinehilfe von Sophos ist nicht mehr als das, was man in der GUI erkennen kann. https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/tasks/DKIMSignatureAdd.html

Gruß, Patrick



This thread was automatically locked due to age.
  • 0 in reply to FormerMember

    Do I then still need to trigger a restart of a service? Because during the test just now no signature was included so far.


    EDIT: well, i found the web-console now -.-'

     <File name="sfsysupdate_NC-73542.tar.gz.gpg">                               
          <location>d3tusa5dvomhzy.cloudfront.net/.../sfsysupdate_NC-7
    3542.tar.gz.gpg</location>                                                      
    DEBUG     May 27 18:31:29 [23438]: Received name : sfsysupdate_NC-73542.tar.gz.g
    pg                                                                              
    DEBUG     May 27 18:31:29 [23438]: Received location : https://d3tusa5dvomhzy.cl
    oudfront.net/SYSUPDATE/sfsysupdate_NC-73542.tar.gz.gpg                          
    Thu May 27 18:32:27 2021 dr_dload_checker: Starting download for file sfsysupdat
    e_NC-73542.tar.gz.gpg                                                           
    Thu May 27 18:33:28 2021 dr_dload_checker: Download completed for file sfsysupda
    te_NC-73542.tar.gz.gpg                                                          
    Thu May 27 18:33:28 2021 dr_dload_checker: Download for file sfsysupdate_NC-7354
    2.tar.gz.gpg passed integrity and gpg checks                                    
    SFVH_SO01_SFOS 18.0.5 MR-5-Build586#

    The log digest for the public here:

    15889 LOG: MAIN PANIC                                                           
    15889   signing_init: privkey PEM-block import: error:0906D06C:PEM routines:PEM_
    read_bio:no start line                                                          
    2021-05-27 20:25:46.666 [15889] j22kqi-3axN31-eG signing_init: privkey PEM-block
     import: error:0906D06C:PEM routines:PEM_read_bio:no start line                 
    15889 LOG: MAIN PANIC                                                           
    15889   DKIM: signing failed: PRIVKEY                                           
    2021-05-27 20:25:46.666 [15889] j22kqi-3axN31-eG DKIM: signing failed: PRIVKEY  
    15889 locking /sdisk/spool/output//db/wait-remote_smtp.lockfile                 
         ad

  • 0 in reply to Indimundur

    Well.

    You have to insert the WHOLE block, including BEGIN and END line.
    Now the message went through without errors and is signed correctly.

    -----BEGIN RSA PRIVATE KEY-----
    sieufhpseiufdpisuoefhioesuhf
    ppeuifdhsepiufh .....
    -----END RSA PRIVATE KEY-----