Technical References
3-39
CLI Reference Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 3 The Commands: Reference Examples
Domain Keys
• Edit a verification profile:
Table 3-3 domainkeysconfig Verification Profile Options
Argument Description
--name
The name of DKIM verification profile.
--min_key_size
The smallest key to be accepted. Possible key-length
values (in bits) are
512, 768, 1024, 1536 and 2048.
Default is
512.
--max_key_size
The largest key to be accepted. Possible key-length
values (in bits) are
512, 768, 1024, 1536 and 2048.
Default is
2048.
--max_signatures_num
A maximum number of signatures in the message to
verify. Possible value is any positive number.
Default is
5.
--key_query_timeout
A number of seconds before the key query is timed
out. Possible value is any positive number. Default is
10.
--max_systemtime_diverge
nce
A number of seconds to tolerate wall clock
asynchronization between sender and verifier.
Possible value is any positive number. Default is 60.
--use_body_length
Whether to use a body length parameter. Possible
values are
yes or no. Default is yes.
--tempfail_action
The SMTP action should be taken in case of
temporary failure. Possible values are
accept or
reject. Default is accept.
--tempfail_response_code
The SMTP response code for rejected message in
case of temporary failure. Possible value is number
in
4XX format. Default is 451.
--tempfail_response_text
The SMTP response text for rejected message in
case of temporary failure. Default is
#4.7.5 Unable
to verify signature - key server unavailable
.
--permfail_action
The SMTP action should be taken in case of
permanent failure. Possible values are
accept or
reject. Default is accept.
--permfail_response_code
The SMTP response code for rejected message in
case of permanent failure. Possible value is number
in
5XX format. Default is 550.
--permfail_response_text
The SMTP response text for rejected message in
case of permanent failure. Default is #5.7.5 DKIM
unauthenticated mail is prohibited.
domainkeysconfig profiles verification edit <name>
<verification-profile-options>