Bobcares

For every $500 you spend, we will provide you with a $500 credit on your account*

BLACK FRIDAY SPECIAL

*The maximum is $4000 in credits, Offer valid till December 6th, 2024, New Customers Only, Credit will be applied after purchase and expires after six (6) months

For every $500 you spend, we will provide you with a $500 credit on your account*

BLACK FRIDAY SPECIAL

*The maximum is $4000 in credits, Offer valid till December 6th, 2024, New Customers Only, Credit will be applied after purchase and expires after six (6) months

Configure DKIM on Exchange Server 2013/2010 – Do it with ease

by | Dec 31, 2020

We configure DKIM on Exchange Server 2013, to reduce the number of common e-mails in the Spam folder in the recipient mailbox.

At Bobcares we assist our customers in regards to installations as part of our Server Management Services.

Today, let’s see the effective methods our Support Engineers employ.

 

Configure DKIM on Exchange Server 2013

To reduce the number of common e-mails that regularly got to the Spam folder in the recipient mailbox, we configure SPF in the domain. However, it was not enough for some of the mail servers. Thus, the idea to configure DKIM originated.

Configure DKIM on Exchange Server 2013

By default, MS Exchange Server does not support DKIM. The best way to implement DKIM signing is via a third-party plugin, a free transport agent Exchange DKIM Signer.

Exchange DKIM Signer is an open-source, easy to install DKIM Signing Agent for Microsoft Exchange Server. It includes support for Exchange Server 2007 through to 2016.

DKIM (DomainKeys Identified Mail) is an email security standard making sure messages are not altered in transit between the sending and recipient servers. It uses public-key cryptography to sign the email with a private key as it leaves a sending server.

Recipient servers can then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message has not changed during transit.

Once the hash made with the private key is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.

If we have .NET Framework 4.5 installed, we can install the agent automatically. Otherwise, we will have to install and configure Exchange DKIM Signer manually.

  • Automatic Installation of Exchange DKIM Signer

  1. Back up Exchange server
  2. Download Configuration.DkimSigner.zip from https://github.com/Pro/dkim-exchange/releases/latest
  3. Then unzip it into any folder and run Configuration.DkimSigner.exe
  4. Now, click the Install option
  5. Here we can select the version to install
  6. Click Install and wait till the installation is complete
  7. Finally, close the window

Now let us configure the installation. Like in the case with the installation, we can do it either manually, or in the GUI.

  • Configuration of Exchange DKIM Signer

Click Configure and make sure that Exchange DKIM Signer has the lowest priority. It is necessary that the letters are signed at the last step after all modifications by other transport agents.
Configure DKIM on Exchange Server 2013
In the DKIM Settings tab, specify what fields will be signed. By default, these are From, Subject, To, Date, Message-ID

DKIM on Exchange Server

We can configure the domain in the Domain Settings tab. Then, Specify the name of the domain, the selector, and a file with the secret key. We can generate the key can right here.

openssl genrsa -out private.pem 1024
openssl rsa -pubout -in private.pem -out public.pem

DKIM on Exchange Server

After setting all parameters, click Save Domain. Restart Microsoft Exchange Transport.

Finally, we need to configure two DNS entries:

_domainkey.<your_domain_name>. TXT “t=s; o=~;”

mail._domainkey.<your_domain_name>. TXT “v=DKIM1; k=rsa; t=s; p=<public_key_contents>”

The o= parameter can take the following values:

  1. “~” — sign some e-mails from this domain
  2. “-” — sign all e-mails from this domain

“Mail” prior to “._domainkey” is the selector name.

Our Support Techs suggest to specify ADSP in DNS:

_adsp._domainkey.<domain_name>. TXT “dkim=all”

The DKIM parameter can take one of the following values:

  1. “unknown” — means there is no entry
  2. “all” — sign all e-mails
  3. “discardable” — unsigned e-mails must not receive

Send a text e-mail, say, to a Gmail mailbox, and look for dkim=pass in the headers:

In short, the strings are here, and it works well.

[Stuck with the configuration? We’d be happy to assist!]

 

Conclusion

To conclude, DKIM is an email security standard to make sure messages aren’t altered in transit between the sending and recipient servers. Today, we saw how our Support Tech Configure DKIM on Exchange Server 2013.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

1 Comment

  1. Neil

    good write up. thank you!

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.