Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
norman623  
#1 Posted : Monday, May 11, 2015 6:27:05 PM(UTC)
norman623

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 27

Was thanked: 3 time(s) in 3 post(s)
Install and Deploy DKIM in Exchange Server (2013/2010/2007)

In this topic, I will introduce how to add DKIM signature to outbound emails in Exchange Server. I will also introduce the usage of DKIM "selector" and "sender rule".

How DKIM works?

When an email claims to originate from a certain domain, DKIM provides a mechanism by which the recipient system can determine that the email is authorized to be sent by that domain. The work flow is illustrated as follows:

How DKIM works in Exchange Server 2013/2010/2007

Edited by user Monday, May 11, 2015 6:44:09 PM(UTC)  | Reason: Not specified

thanks 1 user thanked norman623 for this useful post.
ivan on 5/12/2015(UTC)
norman623  
#2 Posted : Monday, May 11, 2015 6:30:01 PM(UTC)
norman623

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 27

Was thanked: 3 time(s) in 3 post(s)
How to install DKIM in Exchange Server?

To deploy DKIM signature in Exchange Server, you should download the DKIM Installer and install it on your machine.

https://www.emailarchite...oad/eaexchdomainkeys.exe

Double click installer file and the installation will be executed automatically.

Install DKIM in Exchange Server 2007/2010/2013

After the installation is complete, click "DKIM Plugin Manager" from "Windows Start menu"->"All Programs"->"EA DKIM for IIS SMTP and Exchange Server" to begin the configuration.

Edited by user Monday, May 11, 2015 6:31:59 PM(UTC)  | Reason: Not specified

norman623  
#3 Posted : Monday, May 11, 2015 6:41:30 PM(UTC)
norman623

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 27

Was thanked: 3 time(s) in 3 post(s)
Create DKIM for Domain

Click "DKIM" in Manager and click "New" to create a new domain DKIM signature. DKIM signature is based on the domain of sender email address, it is unrelated to the name of Exchange server.

Create DKIM for domain

You can simply input your sender domain, use default settings for other parameters, finally click "Save" to create your DKIM signature.
ivan  
#4 Posted : Monday, May 11, 2015 11:42:56 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,102

Thanks: 9 times
Was thanked: 48 time(s) in 48 post(s)
DKIM Parameters

Here is the detailed information about DKIM parameters:

DKIM Parameters
ivan  
#5 Posted : Monday, May 11, 2015 11:47:49 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,102

Thanks: 9 times
Was thanked: 48 time(s) in 48 post(s)
Export DKIM Public Key

As I have introduced, because The recipient mail system need to use public key to verify DKIM signature, so we need to deploy DKIM public key to domain DNS server, then recipient server can query DNS server to get public key.

Now open DKIM manager and select your domain and click "Export Public Key":

Export DKIM Public Key


After the public key is exported, you should deploy it in your domain DNS server.
ivan  
#6 Posted : Monday, May 11, 2015 11:56:13 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,102

Thanks: 9 times
Was thanked: 48 time(s) in 48 post(s)
Deploy DKIM Public Key to Windows DNS Server

If your domain is managed by Windows DNS server, you should deploy DKIM public key like this:

Deploy DKIM public key to Windows DNS server.
leo855  
#7 Posted : Tuesday, May 12, 2015 1:00:02 AM(UTC)
leo855

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 14

Add DKIM policy in Windows DNS Server (Optional*)

This DNS record is optional. If you do not set DKIM policy, and then "o=~;" is used by default.
The work flow is illustrated as follows:

DKIM Policy in Windows DNS Server
ivan749  
#8 Posted : Tuesday, May 12, 2015 1:02:51 AM(UTC)
ivan749

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 13

Was thanked: 1 time(s) in 1 post(s)
Deploy DKIM public key in "Network Solutions" DNS server, Bind DNS server or other DNS server

If your domain is managed by "Network Solutions" DNS server, Bind DNS server or other DNS server, you should deploy public key like this:

Deploy DKIM public key in other DNS server
uncharted313  
#9 Posted : Tuesday, May 12, 2015 4:05:41 AM(UTC)
uncharted313

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 10

DKIM Test

Now you can test DKIM signature by this online tool:
http://www.appmaildev.com/en/dkim

Test DKIM

If report email shows "DKIM Result: pass", that means your DKIM signature is verified successfully. If there is any error, please have a look at following section.
raymond819  
#10 Posted : Tuesday, May 12, 2015 5:13:21 AM(UTC)
raymond819

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 9

DKIM Troubleshooting

You can check the problem step by step as follows:
If you have any further problem, please contact support@emailarchitect.net for assistance.

DKIM troubleshooting

fanny852  
#11 Posted : Tuesday, May 12, 2015 6:18:44 AM(UTC)
fanny852

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 16

DKIM Sender Rule

Sometimes you need to send an email that sender address not belonged to your server.
In this case, you cannot add DKIM signature to such email, as you don't have permission to deploy DKIM public key to sender domain DNS server. Of course if you don't send email from outside email address, or you don't need to sign DKIM for those emails, you can simply ignore this topic.

You can use "Sender Rule" as follows:

DKIM Sender Rule
eddy522  
#12 Posted : Tuesday, May 12, 2015 6:34:53 AM(UTC)
eddy522

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 18

Was thanked: 2 time(s) in 2 post(s)
DKIM Selector

To support multiple concurrent public keys of sending domain, the DNS namespace is further subdivided by"selectors". "Selectors" is arbitrary names below the "_domainkey" namespace.

The most important thing is: "selector" indicates your DKIM public key location. For example: if your domain selector is: "s1024", your public key DNS record is "s1024._domainkey.yourdomain"; if your domain selector is: "mta1", your public key DNS record is "mta1._domainkey.yourdomain".

If you have only one Exchange server, you can ignore the following sections.

DKIM Selector
drake4  
#13 Posted : Tuesday, May 12, 2015 8:26:32 AM(UTC)
drake4

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 19

Was thanked: 1 time(s) in 1 post(s)
Using a single DKIM selector for the same domain on multiple Exchange Servers

If all of your servers are running with EA DKIM, you should deploy the certificate as follows:
DKIM Single Selector
dennis777  
#14 Posted : Tuesday, May 12, 2015 8:27:40 AM(UTC)
dennis777

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 13

Was thanked: 1 time(s) in 1 post(s)
Using multiple DKIM selectors for the same domain on multiple Exchange servers

If you don't want to copy the certificate to all servers or you have another server signing the DKIM with the key pair certificate not supported by EA DKIM, you can use different selector for different server.

DKIM multiple selector
ivan  
#15 Posted : Wednesday, May 13, 2015 6:46:14 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,102

Thanks: 9 times
Was thanked: 48 time(s) in 48 post(s)
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2021, Yet Another Forum.NET
This page was generated in 0.190 seconds.

EXPLORE TUTORIALS

© All Rights Reserved, AdminSystem Software Limited.