OpenText product name changes coming to the community soon! Learn more.

Wikis - Page

Knowledge Document: How can I configure DKIM with the Secure Messaging Gateway ( SMG )

1 Likes

Environment

SLES 15 Appliance Server
Secure Messaging Gateway 23.3.4

Situation

How can I configure SMG to work  with DKIM

Cause

n / a

Resolution

Assumptions for this example :

  - SMG server = "smg1.example.com"
  
  - SMG fronts the GroupWise system, which is "gwmail.example.com"
  
  - GroupWise e-mail sender e-mail address is:  "user1@gwmail.example.com"
  
  - opentext documentation on SMG and DKIM configuruation and signing :
  
       https://www.novell.com/documentation/secure-messaging-gateway/secure-messaging-gateway/data/t44kudeqbeaz.html
       
       
  - Have access to your DNS server in order to create a DNS .txt record when required in the steps in this document.
    In this document's example, I used a Windows Server 2022 DNS server.  My root DNS Zone name on my Windows DNS server 
    is:  "example.com"
  
       
1.  Note:  It is a good idea to have the latest current patch version of SMG, as of the date of this document,
           It is "23.3.4: 1.0.1-502.1".
           
2.  Note:  It is suggested that before any changes are made to the configuration of SMG, that you make a snapshot of the SMG server, as a precaution, to go back to if needed.
           
3.  Note:  Be aware that the e-mail sender ( The From: user ), in this case a GroupWise client sender, as noted in the above Assumptions area of this document.

           Notice that the domain name of the GroupWise System and the domain name noted in the sender's e-mail address MATCHES
           AND this domain name MUST MATCH the domain name configured in the DKIM configuration.
           
           
  Steps in the SMG console "System Administration" :
  
4.  Go to "Organizational / Policy Management", "Domain Management", expand server, "DKIM Signing".

5.  In the "Domain" field, type the fully qualified domain name (FQDN) of the GroupWise server.

6.  Press TAB and CLICK the SAVE disk icon in the upper right.  

       Note:  Be aware of the listed pre-defined “Selector” chosen by the SMG Admin UI, will be part of your DKIM key.
       
7.  Click the “Create Keys” button.

      Note the message it gives you :

      “Key information has been generated. Access the public key DNS records by pressing the 'Public Key' button beside the DKIM record.”
      
8.  Click the “Public Key” button.

9.  You should see your Public DKIM key , it will be similar to this :

20240209._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEdHWVEeW0WgNN6GcQWKXS0bMR351IsMfFVfjkDJ+nZdQH7n9lnyaVa8ANFCCfdi44BBce3zzhJ4MC8eln8Dejf1IelA8tiTL3wy0yYEF1os36edkO
wmgfItp8Nfv2UhMpGypxv0jg4VbWp+RSDkHOAt8ZuSJWJmidlPBpcocKwxXNyCIHffAgZQeIjXTmoJA9jOD9kSZqs2aU" "8YNFlAGlQjlDBI2DFeiMbOHB286yNCdZQI059wLrF5zd4IOkhyi6kL+QZuMKG7mkzz1iWnHCvOfKszFKPvVIIYPcmL2qk4iS4IlRjNkILSeEd6EfPetUZK7
RLqXuL3Iauid7pfAQIDAQAB" ) ; ----- DKIM key 20240209 for gwmail.example.com


10.  Copy the above public key to a text file, like on your desktop, like "dkim-public-key.txt" , for safe keeping.

11.  I would suggest you use what I used, a "Notepad++" editor and COPY the below on the first line of a new Notepad++ document

  <DKIM selector>._domainkey, so that would be, in this example, 20240209._domainkey.<Groupwise-FQDN>

  
12.  On the 2nd line of the Notepad++ document, COPY the DATA portion into it the document.


     the DATA portion of the public key is just AFTER "20240209._domainkey IN TXT ", no quotes.
     
     The DATA portion of the Public key , in this example would be:
     
     ( "v=DKIM1; k=rsa; s=email; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEdHWVEeW0WgNN6GcQWKXS0bMR351IsMfFVfjkDJ+nZdQH7n9lnyaVa8ANFCCfdi44BBce3zzhJ4MC8eln8Dejf1IelA8tiTL3wy0yYEF1os36edkO
wmgfItp8Nfv2UhMpGypxv0jg4VbWp+RSDkHOAt8ZuSJWJmidlPBpcocKwxXNyCIHffAgZQeIjXTmoJA9jOD9kSZqs2aU" "8YNFlAGlQjlDBI2DFeiMbOHB286yNCdZQI059wLrF5zd4IOkhyi6kL+QZuMKG7mkzz1iWnHCvOfKszFKPvVIIYPcmL2qk4iS4IlRjNkILSeEd6EfPetUZK7
RLqXuL3Iauid7pfAQIDAQAB" ) ; ----- DKIM key 20240209 for gwmail.example.com

Note:  You will want to remove double quote marks and spaces, and "(" and ")" and make it look like this, again with no hard returns, it should all be on 1 line.


v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEdHWVEeW0WgNN6GcQWKXS0bMR351IsMfFVfjkDJ+nZdQH7n9lnyaVa8ANFCCfdi44BBce3zzhJ4MC8eln8Dejf1IelA8tiTL3wy0yYEF1os36edkO
wmgfItp8Nfv2UhMpGypxv0jg4VbWp+RSDkHOAt8ZuSJWJmidlPBpcocKwxXNyCIHffAgZQeIjXTmoJA9jOD9kSZqs2aU8YNFlAGlQjlDBI2DFeiMbOHB286yNCdZQI059wLrF5zd4IOkhyi6kL+QZuMKG7mkzz1iWnHCvOfKszFKPvVIIYPcmL2qk4iS4IlRjNkILSeEd6EfPetUZK7
RLqXuL3Iauid7pfAQIDAQAB

13.  Now create your DNS .txt record, in this case, again, it is a Microsoft Server 2022 server DNS.
     
     Note: In this example, again, the DNS zone name is "example.com", no quotes.  So the "Record name" (Name) will be "20240209._domainkey.gwmail" , no quotes.  As what is listed in your above Notepad++ first line.
     
14.  The FQDN in the not yet completed .txt DNS record is "20240209._domainkey.gwmail.example.com" , no quotes.

15.  Now COPY the 2nd line that contains the edited DATA portion of the DKIM public key as is listed on the 2nd line in the Notepad++ document, PASTE it into the "Text" field of the 
     unfinished .txt DNS record.
     
16.  Click OK, Done

17.  To verify your DNS .txt record, execute this nslookup command on a computer that you know uses the 
     correct DNS server in which you added the .txt DNS record into :   This is what you should see .

 nslookup -q=txt 20240209._domainkey.gwmail.example.com
Server:         192.168.10.11
Address:        192.168.10.11#53

20240209._domainkey.gwmail.example.com     text = "v=DKIM1;p=p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gW6640vPj9usNHQqAsSo08ifI+0Aoj8KeXZHdow0BXlRgL19DKI/5SMcAxZkCoiBTNpqFSak/zZvLu46Nho0c+aNaPJ"

18.  Now in the section called "Setting up DKIM Signing", Do Step # 3 ONLY, in the SMG Admin Console, System Administration, Orgainization / Policy Management, OUTBOUND Mail Filter Policy.

     https://www.novell.com/documentation/secure-messaging-gateway/secure-messaging-gateway/data/t44kudeqbeaz.html
     
     
     Note:  Don't forget to click on the disk icon (SAVE) in the upper right.
     
     
19.  When you login to your GroupWise Windows client mailbox (GroupWise fronted by SMG ) and send an e-mail to someone on the Internet, the result is that you should have this attached to your SMTP mime of the message you sent ( recipients perspective ):   This is just a portion of the mime :  Notice the DKIM Signature :
          
          Return-path: <bperez@gwmail.example.com>
Received: from gwmail.example.com (smgl.example.com [192.168.10.194])
    by bp90.example.com with ESMTP (NOT encrypted); Fri, 09 Feb 2024 09:30:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=gwmail.example.com; s=20240209; t=1707496211;
    bh=mypVvyim0m6m0oJ01U29oWi6Mj63N1XiRXk22lK2oNQ=;
    h=Date:From:To:Subject;
    b=ekRL/sbZqtS3NrcFHodiEV2dH+x/8XtP3TDVR1G3X5AfN+iQRP0FjfzW5qGh4vGyP
     /Um3CmtCgttuevTcIWERMsql0cJUW6j28A0azSYNC4A7JRliqighy1JTiFuNmYfURE
     vsVE+67PAShRN03T0WFPqu/kuZtCsB9KY+wLOFSe4Lw/L/H6JSVDc/Re7oFprHhCbh
     jOuKuFnIm4cSbUWwjuWaKVPbQJqemmGz1N0pVU2WWEZoUUO1UCWNt2OalnMAHg1Wdv
     pzWQV2l04QTb2ZJQQicvRAz0xzPTsu8fotSgch1fUeQtk4GLWqYIBAMhbjLy6euaB8
     O2AwTfdgBXMWA==
Received: FROM gwmail.example.com (192.168.10.193) BY smg1l.example.com WITH ESMTP
 FOR bperez@bp90.example.com;
 Fri,  9 Feb 2024 09:30:11 -0600
Received: from UTAH-MTA by gwmail.example.com
    with Novell_GroupWise; Fri, 09 Feb 2024 09:30:10 -0700
Message-Id: <65C6530B0200009500000004@gwmail.example.com>
X-Mailer: Novell GroupWise Internet Agent 18.5.0 
Date: Fri, 09 Feb 2024 09:30:03 -0700
From: "Bob Perez" <bperez@gwmail.example.com>
To: <bperez@bp90.example.com>
Subject: Test for dkim
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=__Part83872D1B.0__="

20.  Be aware, if, you have a situation where you follow this procedure and you do not have the DKIM signature in the mime of the sent message, it could be that the SMG directories and files are not owned by the correct linux user, this is what it should be so be aware :  You may have to change ownership, but first always make a snapshot back up as a precaution.




21.  You are done.

Access article on support portal

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended