Exchange Server 2007/2010/2013/2016/2019 is a common Windows email server. DKIM is a method for associating a domain name to an email message, thereby allowing email sender claims some responsibility for the email.

Here at Ibmi Media, as part of our Server Management Services, we regularly perform Exchange Server related tasks for our Customers.

In this context, we shall look into the different methods to Configure DKIM.

How to configure DKIM on Exchange Server 2013 ?

We configure DKIM on Exchange Server 2013, to reduce the number of common e-mails in the Spam folder in the recipient mailbox.

However, it was not enough for some of the mail servers. Thus, the idea to configure DKIM originated.

By default, MS Exchange Server does not support DKIM. The best way to implement DKIM signing is via a third-party plugin, a free transport agent Exchange DKIM Signer.

Exchange DKIM Signer is an open-source, easy to install DKIM Signing Agent for Microsoft Exchange Server. It includes support for Exchange Server 2007 through to 2016.

DKIM (DomainKeys Identified Mail) is an email security standard making sure messages are not altered in transit between the sending and recipient servers. It uses public-key cryptography to sign the email with a private key as it leaves a sending server.

Recipient servers can then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message has not changed during transit.

Once the hash made with the private key is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.

If we have .NET Framework 4.5 installed, we can install the agent automatically. Otherwise, we will have to install and configure Exchange DKIM Signer manually.

How to perform Automatic Installation of Exchange DKIM Signer ?

To do this, follow the steps given below;

1. Back up Exchange server.

2. Download Configuration.DkimSigner.zip from https://github.com/Pro/dkim-exchange/releases/latest.

3. Then unzip it into any folder and run Configuration.DkimSigner.exe.

4. Now, click the Install option.

5. Here we can select the version to install.

6. Click Install and wait till the installation is complete.

7. Finally, close the window.

Now let us configure the installation. Like in the case with the installation, we can do it either manually, or in the GUI.

How to perform Configuration of Exchange DKIM Signer ?

To do this;

i. Click Configure and make sure that Exchange DKIM Signer has the lowest priority. It is necessary that the letters are signed at the last step after all modifications by other transport agents.

ii. In the DKIM Settings tab, specify what fields will be signed. By default, these are From, Subject, To, Date, Message-ID.

iii. We can configure the domain in the Domain Settings tab. Then, Specify the name of the domain, the selector, and a file with the secret key. 

We can generate the key can right here;

openssl genrsa -out private.pem 1024
openssl rsa -pubout -in private.pem -out public.pem

iv. After setting all parameters, click Save Domain. Restart Microsoft Exchange Transport.

v. Finally, we need to configure two DNS entries:

_domainkey.<your_domain_name>. TXT “t=s; o=~;”
mail._domainkey.<your_domain_name>. TXT “v=DKIM1; k=rsa; t=s; p=<public_key_contents>”

The o= parameter can take the following values:

i. “~” — sign some e-mails from this domain

ii. “-” — sign all e-mails from this domain

“Mail” prior to “._domainkey” is the selector name.

To specify ADSP in DNS:

_adsp._domainkey.<domain_name>. TXT “dkim=all”

The DKIM parameter can take one of the following values:

i. “unknown” — means there is no entry

ii. “all” — sign all e-mails

iii. “discardable” — unsigned e-mails must not receive

Send a text e-mail, say, to a Gmail mailbox, and look for dkim=pass in the headers:

In short, the strings are here, and it works well.

[Stuck with the DKIM configuration? We'd be happy to assist!]