68 Configuring and Maintaining Your Server
Allow signing outgoing mail. Selecting this option allows you and your customers to
switch on support for DomainKeys e-mail signing on a per-domain basis through
the domain administration screens of the control panel (Domains > domain name >
Mail > Preferences > Use DomainKeys spam protection system to sign outgoing e-mail
messages option). It does not automatically switch on signing of outgoing e-mail
messages.
Verify incoming mail. Selecting this option will configure the DomainKeys system
to check all e-mail messages coming to e-mail users under all domains hosted
on the server.
4 Click OK.
Now your mail server will check all incoming e-mail messages to ensure that they come
from the claimed senders. All messages, sent from the domains that use DomainKeys
to sign e-mail, which fail verification will be discarded. All messages, sent from the
domains that do not participate in the DomainKeys program and do not sign e-mail, will
be accepted without verifying.
To switch on signing outgoing e-mail messages for a single domain:
1 Go to Domains > domain name > Mail > Preferences.
2 Select the Use DomainKeys spam protection system to sign outgoing e-mail
messages check box.
3 Click OK.
To switch on signing outgoing e-mail messages for a number of domains at once:
1 Click Domains.
2 Select the check boxes to the left of the domain names you need. To
select all domains in the list, select the upper left check box in the
column heading.
3 Click Group Operations.
4 Under Preferences, select the Switch on option next to the Use DomainKeys
spam protection system to sign outgoing e-mail messages field.
5 Click OK.
Now, the following will happen for the selected domains:
Private keys are generated and placed in the server's database.
Public keys are generated and placed in the TXT resource records created in the
domains' DNS zones.
The sender's policy advertised in the DNS TXT resource records is set to "all e-mail
messages sent from this domain must be cryptographically signed; if someone
receives an e-mail message claiming to originate from this domain, which is not
signed, then this e-mail must be discarded."
Outgoing e-mail messages are digitally signed: the "DomainKeys-Signature"
header containing a signature based on a private key is added to the message
headers.
