Jump to content


Photo

Outbound DKIM

dkim

  • Please log in to reply
45 replies to this topic

#21 Robert Eckdale

Robert Eckdale
  • Members
  • 1 posts

Posted 22 August 2017 - 02:43 PM

Seriously, what gives? Nearly *all* SMTP gateways provide this feature.



#22 Numimi

Numimi
  • Members
  • 1 posts

Posted 06 September 2017 - 10:31 PM

Add my vote! 

 

 

 

----------------------------------------

You can visit me here: 
My website:  http://appnaz.com/android/sun-nxt-com.suntv.sunnxt
My facebook: https://www.facebook.com/allison.hadid.12


#23 Yuri de Jager

Yuri de Jager
  • Members
  • 4 posts
  • LocationThe Netherlands

Posted 12 September 2017 - 08:49 AM

Yes, this should be added ASAP.



#24 Jens Burkowski

Jens Burkowski
  • Members
  • 1 posts

Posted 19 September 2017 - 07:47 AM

The DKIM Feature is a must for any MTA.

We also had WebSense before, where this Feature was available.

Why no one responds to this topic??



#25 Max M. Strzelecki

Max M. Strzelecki
  • Members
  • 5 posts
  • LocationSouth Florida, USA

Posted 19 September 2017 - 09:31 AM

The DKIM Feature is a must for any MTA.

We also had WebSense before, where this Feature was available.

Why no one responds to this topic??

 

Barracuda is not very active on their own forums. I'm starting to think they don't bother reading this



#26 Joyce Myers

Joyce Myers
  • Members
  • 4 posts

Posted 26 September 2017 - 12:17 PM

I want to implement DKIM and thought for sure there would be way in the Barracuda to configure the outbound signing but no such luck. I agree with everyone else that this feature is long overdue.



#27 Brian Anderson

Brian Anderson
  • Members
  • 1 posts

Posted 13 October 2017 - 12:03 PM

Not that it will matter, but I would also like this feature added. I feel it's too risky to install a 3rd party program on my exchange server to accomplish this, so adding this feature on the email gateway would be an ideal solution!



#28 deusmachine

deusmachine
  • Members
  • 1 posts

Posted 25 October 2017 - 01:52 AM

This is an unneeded feature for the Barracuda Spam Firewall.

 

In reading posts on the web I assumed these complaints were because the barracuda would strip the DKIM headers as the mail passed through (which would be non-compliant) when you relay mail through it. Of course Barracuda support was beyond useless when trying to ask about it, however it was actually pretty easy to figure out.

 

DKIM works by your mail exchanger signing outbound email when it goes through your transport with a cert, you then put the cert in your DNS. This is NOT STRIPPED by the barracuda.

 

My setup was super easy, it would be easier if not using microsoft exchange server (which has no native DKIM support. Microsoft and most other vendors aside from yahoo prefer to use SPF)

 

1. Setup DKIM transport agent on my exchange server using this open source tool: https://github.com/Pro/dkim-exchange

 

2. Verify SPF records include IPV4 for both my exchange server external IP and the barracuda (if they differ)

 

3. Setup DMARC ( I used this one because it checks SPF/DKIM/DMARC https://dmarcguide.globalcyberalliance.org )

 

4. Update DNS with DKIM, SPF, and DMARC

 

Because of how DKIM, SPF, and DMARC work I can't see a reason the barracuda would need to mangle your headers to do this for you. Only a very few oddball use cases would need this, and in such a case one would assume the much more widely used SPF records would be adequate for reasonable delivery.

 

Feel free to check our DNS records for examples of how ours is configured https://dmarcguide.globalcyberalliance.org/#/tool-select?d=alphaitoregon.com&r=sdm&s=dkim&lang=en. We have a microsoft exchange server with all outbound email going through our barracuda spam firewall, with SPF, DKIM, and DMARC all setup with all reports looking clean (as of October 2017)

 

As far as the concern of adding a third party transport to a microsoft exchange server, darn near everything on exchange does this. I mean, if you install an antivirus it puts a few transport agents in, same is true for every type of rule you add for exchange server, it would add a new transport agent or new rules to an existing agent.



#29 Chip Roberts

Chip Roberts
  • Members
  • 1 posts

Posted 18 December 2017 - 10:18 AM

 

This is an unneeded feature for the Barracuda Spam Firewall.

 

Really it is all necessary if you look at it this way.  We could always choose a different product to do spam filtering as well, and likely there is some semblance of an open-source product out there.

 

As far as the concern of adding a third party transport to a microsoft exchange server, darn near everything on exchange does this. I mean, if you install an antivirus it puts a few transport agents in, same is true for every type of rule you add for exchange server, it would add a new transport agent or new rules to an existing agent.

 

It's not the adding of a transport rule that's the problem, it's trusting unverified 3rd party software in the handling of your email, and also trusting it with running on a mission-critical Exchange box.  Yes, it likely won't cause any issues; but where security is concerned I'm not going to trust most open source software.  I mean, yeah, you can look through the source code....but really who is going to do that?  It'd be me getting thrown to the wolves if there was some sort of breach stemming from it's use.....better if there's a paid vendor I can throw under the bus.

 

The big thing is here is that we're PAYING Barracuda to handle outbound email security.  We don't have to route our mail through it to get spf/dkim/dmarc protection, or use their product at all for that matter; so it is in their best business interest to provide this feature.



#30 Joyce Myers

Joyce Myers
  • Members
  • 4 posts

Posted 19 January 2018 - 02:44 PM

I asked my account rep to check on getting outbound DKIM functionality (actually gave her the link to this forum thread) and the word from the product management team is that it's in their long term road map but isn't slated in the next 9 months.



#31 mozeskriebels

mozeskriebels
  • Members
  • 3 posts

Posted 06 February 2018 - 05:14 AM

I requested this functionality last year. I got respons from Barracuda that it is on a roadmap but delivery date isn't given.

 

I would like to know if this product is being developped / improved at all. Last firmware update is from april 2017. And we are getting more spam through the Barracuda.



#32 Guy Dawson

Guy Dawson
  • Members
  • 1 posts

Posted 25 April 2018 - 11:46 AM

I have to say I'm really disappointed by the lack of DKIM signing support on out going email.

 

We've had to start using Google services (we're G suite users) to relay outgoing email for our domain simply so we can use their DKIM signing abilities.

 

We'll be looking at alternatives to Barracuda when our renewal comes up in October this year precisely because of this lack of functionality.



#33 mozeskriebels

mozeskriebels
  • Members
  • 3 posts

Posted 29 May 2018 - 06:08 AM

Any update on this feature request?

 

Company's security policy is forcing us to implement DKIM and DMARC support.

I'm affraid we have to change email security products if the DKIM signing isn't implementated on the Barracuda Email Security gateway for outgoing email



#34 Admin Matt Dubay

Admin Matt Dubay
  • Members
  • 1 posts

Posted 31 July 2018 - 03:34 PM

We would like to implement DKIM and DMARC and we currently utilize Barracuda products.  Is this possible yet?



#35 Jonathan

Jonathan
  • Members
  • 1 posts

Posted 08 August 2018 - 01:31 PM

"since January 30, 2012, and within one year DMARC was estimated to protect 60% of the world's mailboxes" and Barracuda still not support this feature?

 

 



#36 Daryl McDaniel

Daryl McDaniel
  • Members
  • 1 posts

Posted 17 September 2018 - 12:58 PM

+1 for outbound DKIM signing support



#37 Beheer

Beheer
  • Members
  • 1 posts

Posted 21 September 2018 - 08:49 AM

Was trying to configure DKIM signing on our Barracuda email gateway today and found it isn't supported. So +1 for adding this feature. It should be a standard feature by now.



#38 Brian Tissue

Brian Tissue
  • Members
  • 1 posts

Posted 04 January 2019 - 02:01 PM

Another vote for DKIM; needed especially for 0365 clients!



#39 Guenther RUPITZ

Guenther RUPITZ
  • Members
  • 1 posts

Posted 08 January 2019 - 06:57 AM

As you can also see in Gartner Group SPAM Quadrant Barracuda SPAM filter is not a visionare and does not have the ability to execute.

 

I am waiting on DKIM support for years now.

 

If you have a look at the release notes of the last 2-3 years of this product there is no really innovation anymore. Only Bugfixes and really must-have features.

Also the interval of new firmware versions is getting longer and longer.

 

In my opinion DKIM is also a must-have!



#40 Thomas Rotter

Thomas Rotter
  • Members
  • 6 posts

Posted 07 March 2019 - 10:04 AM

I agree







Also tagged with one or more of these keywords: dkim