Microsoft’s Exchange servers are mail servers and calendering servers developed by Microsoft. The on-prem exchange servers refer to the ones that are established locally (offline). Microsoft’s on-prem exchange servers do not currently support DKIM signing, so it has to be installed externally and set up on the servers in order to ensure email protection with DKIM. Here’s how you can do it:

Steps to Install DKIM for On-Prem Servers

Step 1: Download the latest version of DKIM-Exchange from Github

You can download your GUI package of the latest version on Github, or by directly going to this link: https://github.com/Pro/dkim-exchange/releases/latest

Step 2: Extract it on your Exchange Server

To start the installation process, DKIM-exchange signer must be extracted and run on your exchange server.

Step 3: Begin Running Configuration.DkimSigner.exe

To prevent errors, start running Configuration.DkimSigner.exe on your exchange server. You should be able to see the Exchange DKIM Signer window prompting you to start the installation.

Step 4: Click on Install

Under the DKIM-signer section click on “Install”.

Click on the close button once the installation process is complete.

Steps to Configure DKIM for On-Prem Servers

Step 1: Launch the Configuration Executable

To start your configuration process you will need to launch the configuration executable connecting the DKIM signer to the installed GUI.

Step 2: Move DKIM signer priority to 1

On the Exchange DKIM signer window (information tab), click on Configure, then click on “move up” to keep moving up the Exchange DKIMSigner priority until it reaches 1.

Step 3: Change the Header & Body Canonicalization to relaxed

Click on the DKIM Settings tab and select “relaxed” settings for both the Header and the Body canonicalization.

Step 4: Generate New Key Pair

Open the Domain Settings tab to generate a new pair of DKIM keys by entering your domain name and DKIM selector. Choose an appropriate key length (e.g 2048 bits) and click on “Generate new key”.

Step 5: Save keys

A new window will open urging you to save your newly created keys in

“C:\Program Files\Exchange DkimSigner\keys”.

Step 6: Publish your DKIM DNS TXT Record

You need to publish the generated public key on your DNS, this is the “Suggested DNS record” that appears on the signer along with the “Suggested DNS Name” where it needs to be published on.

Steps to Check and Validate Your On-Prem Server Signatures

Step 1: Click “Check” in the Domain Settings tab

Once you are done with publishing the record, head over to the Domain Settings tab and click on “Check”. This will help the DKIM signer to look up your DNS and check the configurations. Once verification is complete, it should reflect on your screen and you can click on “Save Domain” to save your settings.

Step 2: Restart Exchange Transport Service

Navigate back to the Information tab and click on “Restart”.

Step 3: Validate your DKIM on-prem implementation

Use our free DKIM checker tool to validate your record and make sure it is functioning properly. This will help you discover errors and fix them at once.

About
Latest Posts

Ahona Rudra

Digital Marketing & Content Writer Manager at PowerDMARC

Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.

Setting Up DKIM on On-Prem Exchange Servers