Currently I have 1 of our 30 domains setup to sign emails using a dkim key on the appliances. This is working as expected.
Emails are received from 29 of the 30 domains. The other one is hybrid, on prem & O365. All emails go through the email gateways.
I dont have too much choice of what policy is applied to this working DKIM key, as all of the emails are received from the on prem exchange system.
Got a phone call from a support person we are working with saying you are aware that doman joebloggs.com is using a dkim key for billybob.com. Immediately raised this with mcafee. There should be no dkim key on joebloggs.com as I do not have a DKIM key setup for that domain.
The MEG 7.6 does not look at the domain (even though you need to configure it as part of assigning the key) just where the emails come from. All of ours come from the exchange servers so they are all being signed by the one key that is configured.
I need to look at another way of DKIM signing the emails coming out of exchange.
There is the IIS plugin for Exchange that can sign different domains with different keys.
I would like to then configure the primary domain to have it's emails dkim signed by the key on the appliance, all others to be signed by exchange & as such a catch all for any that are not signed for any reason.
Does anybody know if an email is DKIM signed when it gets to the mail appliance does it just ignore & pass the email through, rather than attempting to sign the email with the default key?