• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Find a partner
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • DMARC in Your Country
    • DMARC by Industry
    • Support
    • Blog
    • DMARC Training
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

Setting Up DKIM on On-Prem Exchange Servers

Blogs
Setting-Up-DKIM-on-On-Prem-Exchange-Servers

Microsoft’s Exchange servers are mail servers and calendering servers developed by Microsoft. The on-prem exchange servers refer to the ones that are established locally (offline). Microsoft’s on-prem exchange servers do not currently support DKIM signing, so it has to be installed externally and set up on the servers in order to ensure email protection with DKIM. Here’s how you can do it: 

Steps to Install DKIM for On-Prem Servers 

Step 1: Download the latest version of DKIM-Exchange from Github 

You can download your GUI package of the latest version on Github, or by directly going to this link: https://github.com/Pro/dkim-exchange/releases/latest 

Step 2: Extract it on your Exchange Server 

To start the installation process, DKIM-exchange signer must be extracted and run on your exchange server.

Step 3: Begin Running Configuration.DkimSigner.exe

To prevent errors, start running Configuration.DkimSigner.exe on your exchange server. You should be able to see the Exchange DKIM Signer window prompting you to start the installation. 

Step 4: Click on Install

Under the DKIM-signer section click on “Install”. 

Click on the close button once the installation process is complete. 

Steps to Configure DKIM for On-Prem Servers 

Step 1: Launch the Configuration Executable 

To start your configuration process you will need to launch the configuration executable connecting the DKIM signer to the installed GUI.

on-prem exchange server

Step 2: Move DKIM signer priority to 1 

On the Exchange DKIM signer window (information tab), click on Configure, then click on “move up” to keep moving up the Exchange DKIMSigner priority until it reaches 1. 

Step 3: Change the Header & Body Canonicalization to relaxed

Click on the DKIM Settings tab and select “relaxed” settings for both the Header and the Body canonicalization. 

Step 4: Generate New Key Pair

Open the Domain Settings tab to generate a new pair of DKIM keys by entering your domain name and DKIM selector. Choose an appropriate key length (e.g 2048 bits) and click on “Generate new key”.

Step 5: Save keys 

A new window will open urging you to save your newly created keys in

“C:\Program Files\Exchange DkimSigner\keys”.

Step 6: Publish your DKIM DNS TXT Record 

You need to publish the generated public key on your DNS, this is the “Suggested DNS record” that appears on the signer along with the “Suggested DNS Name” where it needs to be published on. 

Steps to Check and Validate Your On-Prem Server Signatures

Step 1: Click “Check” in the Domain Settings tab 

Once you are done with publishing the record, head over to the Domain Settings tab and click on “Check”. This will help the DKIM signer to look up your DNS and check the configurations. Once verification is complete, it should reflect on your screen and you can click on “Save Domain” to save your settings. 

Step 2: Restart Exchange Transport Service 

Navigate back to the Information tab and click on “Restart”. 

Step 3: Validate your DKIM on-prem implementation

Use our free DKIM checker tool to validate your record and make sure it is functioning properly. This will help you discover errors and fix them at once.

on-prem exchange server

  • About
  • Latest Posts
Ahona Rudra
Digital Marketing & Content Writer Manager at PowerDMARC
Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.
Latest posts by Ahona Rudra (see all)
  • Methods To Protect Yourself From Identity Theft - September 29, 2023
  • The Role of DNS in Email Security - September 29, 2023
  • New Age Phishing Threats and How to Plan Ahead - September 29, 2023
July 21, 2023/by Ahona Rudra
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • Methods To Protect Yourself From Identity Theft
    Methods To Protect Yourself From Identity TheftSeptember 29, 2023 - 12:11 pm
  • The Role of DNS in Email Security
    The Role of DNS in Email SecuritySeptember 29, 2023 - 12:08 pm
  • New Age Phishing Threats and How To Plan Ahead
    New Age Phishing Threats and How to Plan AheadSeptember 29, 2023 - 12:06 pm
  • How to View and Analyze Message Headers Online
    How to View and Analyze Message Headers Online?September 26, 2023 - 12:59 pm
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
10 Best Cybersecurity Youtube Channels of 202310-Best-Cybersecurity-Youtube-Channels-of-2023Cybersecurity Risks of Generative AICybersecurity Risks of Generative AI
Scroll to top