Forum Discussion
Solved
DKIM behind Separate MTA
Hey Guys,
Quick Question here on DKIM. I want to get it setup and running and plan on using Office 365 to do the signing etc with. However my question is this we have an edge MTA where all messages are sent from our office 365 tenant.
Near as i can guess, that shouldn't be a problem but i wanted to check with you guys first so see if you thought enabling DKIM on office 365 and then having outbound messages sent via en edge device (Proofpoint) would cause any Signature problems.
The proofpoint MTA does show as an extra hop.
Thanks,
Robert
- No worries!
I can’t find it personally, here’s how to setup DKIM
https://docs.microsoft.com/en-us/office365/securitycompliance/use-dkim-to-validate-outbound-email
Here’s also an account of what happens when you do (as instructed by ProofPoint)
https://www.google.co.uk/amp/s/amp.reddit.com/r/msp/comments/bn5zld/proofpoint_with_office_365_spf_record_and_dkim/
So they do say it’s possible and pass through if you follow the 365 guide, but has some caveats.
I would personally spin up a test domain and a mailbox to simulate it.
Hope that helps
Best, Chris
5 Replies
- Hi Robert Bollinger
Just to ask - does your MTA handle inbound too and is your MX pointed towards it?
If so, you would typically setup DKIM there, on ProofPoint, as opposed to EOP.
Hope that helps!
Best, Chris- Thanks Robert,
I’m that case the recommended course of action would be to have SPF, DKIM and DMARC all set up with ProofPoint as opposed to EOP, being your smarthost
This is done regularly in the UK with several other well known brands. I can’t mention them specifically due to house rules but they would be competitors!
Hope that answers your question!
Best, Chris
