Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Exchange / How to Configure DKIM on Exchange Server 2010/2013

February 20, 2018 Exchange

How to Configure DKIM on Exchange Server 2010/2013

It started when I decided to reduce the number of common e-mails that regularly got to the Spam folder in the recipient mailbox and were lost with no answer. By that time, SPF had been already configured in the domain, however, it seemed it was not enough for some of the mail servers. Thus, the idea to configure DKIM in MS Exchange Server 2010 originated.

DKIM Signer for Exchange

By default, MS Exchange Server does not support DKIM. While looking for a solution, a free transport agent Exchange DKIM Signer has been found.

If you have .NET Framework 4.5 installed, you can install the agent automatically. Otherwise, you will have to install and configure Exchange DKIM Signer manually. You can find a detailed guide on how to install it manually on the official website.

I decided to go and try the automatic installation.

  1. Back up your Exchange server just in case
  2. Download Configuration.DkimSigner.zip from https://github.com/Pro/dkim-exchange/releases/latest
  3. Unzip it into any folder and run Configuration.DkimSigner.exe
  4. Click Install
  5. Select the version to be installed in the next window
  6. Click Install and wait till the installation is complete
  7. Close the window

The new Exchange transport agent is installed. Now you have to configure it. Like in case with the installation, you can do it either manually (by editing the file C:\Program Files\Exchange DkimSigner\settigs.xml), or in the GUI (by running C:\Program Files\Exchange DkimSigner\Configuration.DkimSigner.exe).

configiring DkimSigner

Click Configure and make sure that Exchange DKIM Signer has the lowest priority (goes last in the list). It is necessary that the letters are signed at the last step after all possible modifications are made by other transport agents.

exchange transport agents

In DKIM Settings tab, specify what fields will be signed. By default, these are From, Subject, To, Date, Message-ID.

DKIM fields to sign

You can configure your domain in the Domain Settings tab. Specify the name of the domain, the selector (DNS name) and a file with the secrete key. The key can be generated right here. I had a couple of keys I got using OpenSSL:

openssl genrsa -out private.pem 1024
openssl rsa -pubout -in private.pem -out public.pem

exchnage domain key

After setting all parameters, click Save Domain. In theory, the settings should be applied right away automatically, but I have restarted Microsoft Exchange Transport just in case.

Only two DNS entries are left to be configured:

_domainkey.<your_domain_name>. TXT "t=s; o=~;"

mail._domainkey.<your_domain_name>. TXT "v=DKIM1; k=rsa; t=s; p=<public_key_contents>"

The o= parameter can take the following values:

  1. “~” — some e-mails from this domain are signed
  2. “-” — all e-mails from this domain are signed

“Mail” prior to “._domainkey” is the selector name.

It is also recommended to specify ADSP in your DNS:

_adsp._domainkey.<your_domain_name>. TXT "dkim=all"

The dkim parameter can take one of the following values:

  1. “unknown” — means there is no entry
  2. “all” — all e-mails must be signed
  3. “discardable” — unsigned e-mails must not be received

Send a text e-mail, say, to a Gmail mailbox, and look for dkim=pass in the headers:

dkim signature log

The strings are here, and it works well.

7 comments
0
Facebook Twitter Google + Pinterest
previous post
Outlook 2016: Not Responding, Hanging on Loading or Receiving Emails
next post
How to Install .NET Framework 3.5 on Windows Server 2012 R2

Related Reading

How to Delete or Rename Default Mailbox Database...

April 14, 2022

Get a List of Mailboxes a User Has...

April 5, 2022

Mailbox Audit Logging in Exchange and Microsoft 365

March 9, 2022

Outlook: The Name Cannot Be Matched to a...

February 28, 2022

Search and Delete Emails from User Mailboxes on...

February 22, 2022

7 comments

Pete Tronga August 29, 2018 - 1:45 am

Great info thank you.

Reply
Tak Miyahira December 20, 2018 - 12:00 am

Does this even work? I have Windows 2012 R2, Exchange 2013 CU20 and doesn’t even install.

Reply
admin December 20, 2018 - 10:01 am

Are there any errors when installing DKIM Signer?

Reply
Robert February 21, 2019 - 2:10 am

Any chance of an update so it can run on CU22? Many Thanks!

Reply
talex06 April 29, 2019 - 10:58 am

Merci beaucoup pour ce tuto, Excellent!

Reply
dante July 29, 2019 - 8:44 am

Hello, this program is ok for Multi domain exchange? ( my exhange version is Exchange Hosted an i have many domain in the same exchange))

Reply
yickfatng September 4, 2019 - 11:08 am

Hello,after click “Configuration.DkimSigner.exe” on information page > changelog:Couldn’t get current version.
Check your Internet connection or restart the application.
Please help

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Create Organizational Units (OU) Structure in Active Directory with PowerShell

    May 17, 2022
  • Windows Security Won’t Open or Shows a Blank Screen on Windows 10/ 11

    May 17, 2022
  • How to Manually Install Windows Updates from CAB and MSU Files?

    May 16, 2022
  • RDS and RemoteApp Performance Issues on Windows Server 2019/2016

    May 16, 2022
  • Deploying Software (MSI Packages) Using Group Policy

    May 12, 2022
  • Updating VMware ESXi Host from the Command Line

    May 11, 2022
  • Enable or Disable MFA for Users in Azure/Microsoft 365

    April 27, 2022
  • Fix: You’ll Need a New App to Open This Windows Defender Link

    April 27, 2022
  • How to Reset an Active Directory User Password with PowerShell and ADUC?

    April 27, 2022
  • How to Completely Uninstall Previous Versions of Office with Removal Scripts?

    April 26, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Configuring Anti-Spam Protection on Exchange 2013, 2016 – RBL Providers
  • New-MailboxRepairRequest: Fixing Corrupted Mailboxes in Exchange 2016/2013/2010
  • Outlook 2016: Manual Setup Exchange Account
  • Get-MessageTrackingLog: Search Message Tracking Logs on Exchange Server
  • How to Import and Export Mailbox to PST in Exchange 2016/2013/2010?
  • Calculating the Number of Client Access Licenses (CAL) for Exchange Server
  • Fix: Outlook 2016/2013 Always Starts in Offline Mode
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top