Microsoft’s Exchange servers are mail servers and calendering servers developed by Microsoft. The on-prem exchange servers refer to the ones that are established locally (offline). Microsoft’s on-prem exchange servers do not currently support DKIM signing, so it has to be installed externally and set up on the servers in order to ensure email protection with DKIM. Here’s how you can do it:

Key Takeaways

On-premise Exchange servers do not inherently support DKIM signing and require external installation for protection.
Downloading the latest version of DKIM-Exchange from GitHub is the first step in the installation process.
It is essential to configure the DKIM signer and set its priority to 1 for proper functionality.
Generating and saving a new DKIM key pair is crucial for ensuring email authenticity and security.
Validating the DKIM implementation with the appropriate tools helps to quickly identify and resolve configuration errors.

Steps to Install DKIM for On-Prem Servers

Step 1: Download the latest version of DKIM-Exchange from Github

You can download your GUI package of the latest version on Github, or by directly going to this link: https://github.com/Pro/dkim-exchange/releases/latest

Step 2: Extract it on your Exchange Server

To start the installation process, DKIM-exchange signer must be extracted and run on your exchange server.

Step 3: Begin Running Configuration.DkimSigner.exe

To prevent errors, start running Configuration.DkimSigner.exe on your exchange server. You should be able to see the Exchange DKIM Signer window prompting you to start the installation.

Step 4: Click on Install

Under the DKIM-signer section click on “Install”.

Click on the close button once the installation process is complete.

Simplify DKIM with PowerDMARC!

Start 15-day trial Book a demo

Steps to Configure DKIM for On-Prem Servers

Step 1: Launch the Configuration Executable

To start your configuration process you will need to launch the configuration executable connecting the DKIM signer to the installed GUI.

Step 2: Move DKIM signer priority to 1

On the Exchange DKIM signer window (information tab), click on Configure, then click on “move up” to keep moving up the Exchange DKIMSigner priority until it reaches 1.

Step 3: Change the Header & Body Canonicalization to relaxed

Click on the DKIM Settings tab and select “relaxed” settings for both the Header and the Body canonicalization.

Step 4: Generate New Key Pair

Open the Domain Settings tab to generate a new pair of DKIM keys by entering your domain name and DKIM selector. Choose an appropriate key length (e.g 2048 bits) and click on “Generate new key”.

Step 5: Save keys

A new window will open urging you to save your newly created keys in

“C:\Program Files\Exchange DkimSigner\keys”.

Step 6: Publish your DKIM DNS TXT Record

You need to publish the generated public key on your DNS, this is the “Suggested DNS record” that appears on the signer along with the “Suggested DNS Name” where it needs to be published on.

Steps to Check and Validate Your On-Prem Server Signatures

Step 1: Click “Check” in the Domain Settings tab

Once you are done with publishing the record, head over to the Domain Settings tab and click on “Check”. This will help the DKIM signer to look up your DNS and check the configurations. Once verification is complete, it should reflect on your screen and you can click on “Save Domain” to save your settings.

Step 2: Restart Exchange Transport Service

Navigate back to the Information tab and click on “Restart”.

Step 3: Validate your DKIM on-prem implementation

Use our free DKIM checker tool to validate your record and make sure it is functioning properly. This will help you discover errors and fix them at once.

About
Latest Posts

Yunes Tarada

Domain & Email Security Expert at PowerDMARC

Yunes is an Operations Team Lead at PowerDMARC with expert knowledge in email authentication and security. Yunes is a Microsoft-certified Azure Administrator Associate with certifications in CompTIA A+ and many more.

Setting Up DKIM on On-Prem Exchange Servers