Microsoft’s Exchange servers are mail servers and calendering servers developed by Microsoft. The on-prem exchange servers refer to the ones that are established locally (offline). Microsoft’s on-prem exchange servers do not currently support DKIM signing, so it has to be installed externally and set up on the servers in order to ensure email protection with DKIM. Here’s how you can do it:
Steps to Install DKIM for On-Prem Servers
Step 1: Download the latest version of DKIM-Exchange from Github
You can download your GUI package of the latest version on Github, or by directly going to this link: https://github.com/Pro/dkim-exchange/releases/latest
Step 2: Extract it on your Exchange Server
To start the installation process, DKIM-exchange signer must be extracted and run on your exchange server.
Step 3: Begin Running Configuration.DkimSigner.exe
To prevent errors, start running Configuration.DkimSigner.exe on your exchange server. You should be able to see the Exchange DKIM Signer window prompting you to start the installation.
Step 4: Click on Install
Under the DKIM-signer section click on “Install”.
Click on the close button once the installation process is complete.
Steps to Configure DKIM for On-Prem Servers
Step 1: Launch the Configuration Executable
To start your configuration process you will need to launch the configuration executable connecting the DKIM signer to the installed GUI.
Step 2: Move DKIM signer priority to 1
On the Exchange DKIM signer window (information tab), click on Configure, then click on “move up” to keep moving up the Exchange DKIMSigner priority until it reaches 1.
Step 3: Change the Header & Body Canonicalization to relaxed
Click on the DKIM Settings tab and select “relaxed” settings for both the Header and the Body canonicalization.
Step 4: Generate New Key Pair
Open the Domain Settings tab to generate a new pair of DKIM keys by entering your domain name and DKIM selector. Choose an appropriate key length (e.g 2048 bits) and click on “Generate new key”.
Step 5: Save keys
A new window will open urging you to save your newly created keys in
“C:\Program Files\Exchange DkimSigner\keys”.
Step 6: Publish your DKIM DNS TXT Record
You need to publish the generated public key on your DNS, this is the “Suggested DNS record” that appears on the signer along with the “Suggested DNS Name” where it needs to be published on.
Steps to Check and Validate Your On-Prem Server Signatures
Step 1: Click “Check” in the Domain Settings tab
Once you are done with publishing the record, head over to the Domain Settings tab and click on “Check”. This will help the DKIM signer to look up your DNS and check the configurations. Once verification is complete, it should reflect on your screen and you can click on “Save Domain” to save your settings.
Step 2: Restart Exchange Transport Service
Navigate back to the Information tab and click on “Restart”.
Step 3: Validate your DKIM on-prem implementation
Use our free DKIM checker tool to validate your record and make sure it is functioning properly. This will help you discover errors and fix them at once.
- BreakSPF Attacks: Outsmart the Hackers and Protect Your Email - November 13, 2024
- PowerDMARC Integrates with ConnectWise - October 31, 2024
- What is Datagram Transport Layer Security (DTLS): Benefits & Challenges - October 29, 2024