Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
ivan  
#1 Posted : Saturday, July 6, 2013 5:52:43 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Exchange Server 2007/2010/2013/2016 is a common Windows email server. DKIM is a method for associating a domain name to an email message, thereby allowing email sender claims some responsibility for the email. In this topic, I will introduce how to add DKIM signature to outgoing emails in Exchange Server 2007/2010/2013. I will also introduce DKIM selector and sender rule usage.

How DKIM works?

DKIM combines of a public key cryptography and a DNS to provide credible domain-level authentication for email.

When an email claims to originate from a certain domain, DKIM provides a mechanism by which the recipient system can credibly determine that the email did in fact originate from a person or system authorized to send email for that domain.

Therefore, to sign an email with DKIM in Exchange Server, you MUST have a private key/public key pair for email signing. The work flow is illustrated as follows:

DKIM in Exchange Server 2007/2010/2013

Because DKIM signer uses private key to sign the email, recipient system uses public key to verify the signature, therefore, if signer doesn't expose the private key to third-party, the DKIM signature cannot be faked.

Here is a fast HTML version for this topic:

https://www.emailarchite...ange_2007_2010_2013.aspx

Here is a shorter version for this topic:

https://www.emailarchite...2007--Image-Version.aspx

Edited by user Thursday, January 12, 2017 8:45:46 PM(UTC)  | Reason: Not specified

ivan  
#2 Posted : Monday, July 8, 2013 4:35:57 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Install DKIM in Exchange Server 2007/2010/2013

To enable DKIM signature in Exchange Server 2007/2010/2013, you should download the DKIM Installer and install it on your machine at first.

Double click installer file and the installation will be executed automatically. Installer requires Exchange server to be installed. If no Exchange server detected in your operation system, Setup will be aborted.

DKIM installation for Exchange 2007/2010/2013

After the installation is complete, click "DKIM Plugin Manager" from "Windows Start menu->All Programs->EA DKIM for IIS SMTP and Exchange Server" to begin the setup.

DKIM Manager for Exchange 2007/2010/2013

After the installation is complete, I also strongly suggest that you check "Microsoft Exchange Transport Service" and "Microsoft Exchange Mail Submission Service" in Control Panel-> Administrative Tools->Services, and make sure those services are running, if the service is not running, please start it


Exchange Server on multiple servers.

Exchange Server Role

If you installed Exchange Server 2007/2010/2013 on multiple servers, you don't have to install DKIM plugin on every server.
If there is Exchange Edge Transport Server Role installed, you just need to install DKIM plugin on this server.
If there is no Exchange Edge Transport Server Role installed, you just need to install DKIM plugin on every Exchange Hub Transport Server Role.

Certificate for Key Pair
You don’t have to use certificate issued by third-party authorities, I strongly recommend that you use DKIM manager to generate certificate automatically.​​​​​​​

Edited by user Thursday, January 12, 2017 8:41:15 PM(UTC)  | Reason: Not specified

ivan  
#3 Posted : Monday, July 8, 2013 4:36:45 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Create DKIM for Domain

Click "Domainkeys/DKIM" in Manager and click "New" to create a new domain DKIM signature. DKIM signature is based on the domain of sender email address. It is nothing about the Exchange server name. For example, if you want to sign the email from *@emailarchitect.net, please input emailarchitect.net to Sender Domain.

Create DKIM in Exchange Server 2007/2010/2013

You can simply input your sender domain, use default settings for other parameters, finally click "Save" to create your DKIM signature.

Here is the detailed information about DKIM parameters:

DomainKeys/DKIM Parameters:

Sender Domain:
DomainKeys/DKIM signature is based on the domain of sender email address. It is nothing about your server name. For example, if you want to sign the email from *@emailarchitect.net, please input emailarchitect.net to Sender Domain.

Selector:
To support multiple concurrent public keys per sending domain, the DNS namespace is further subdivided with "selectors". Selectors are arbitrary names below the "_domainkey." namespace. To learn more detail, please refer to Selector section. For a new domain, you can simply use the default value "s1024".

Active:
If you have this option unchecked, DomainKeys/DKIM for this domain will be disabled.

Signature:
Default value is: Both DKIM and DomainKeys. You can also choose "DKIM Only" or "DomainKeys Only". We strongly recommend that you select "Both DKIM and DomainKeys".

Canonicalization Algorithm:
nofws/relaxed is recommended and it has better compatibility.

DKIM Signature Algorithm:
On Windows 2000/2003/XP, rsa-sha1 is the only option. On windows vista/7/2008 or later version, you can choose "rsa-sha1" or "rsa-sha256". "rsa-sha1" gives better performance while "rsa-sha256" is more secure. "rsa-sha1" is recommended.

Certificate File Name/Password/Type:
If you don't have a certificate (private/public key pair) for your domain, DKIM manager will create a certificate for your domain automatically; if you have an existed certificate, please import it from your local disk and input your certificate protection password.

If you choose "you don't have a certificate...", DKIM manager will try to create a certificate from your local machine automatically. If the operation fails, DKIM manager will download a certificate from our server remotely.
If you have another server using our DKIM software to sign the same domain and it uses the same selector, you need to copy the certificate from that server and use the same certificate. Please refer to: Deploy DomainKeys/DKIM on multiple servers with same domain.

If you have another server not using our DKIM software to sign the same domain, please select "I don't have a certificate ...", and use a different selector. To learn more detail, please refer to Selector section.

Signed Headers:
Specify what message headers should be signed. "sender" header and "from" header are a MUST. Using default setting is recommended.

Edited by user Monday, July 6, 2015 5:39:56 AM(UTC)  | Reason: Not specified

ivan  
#4 Posted : Monday, July 8, 2013 4:37:27 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Verify DKIM Installation

After you created DKIM for your domain, you can have a test with this online tools:

First of all, open http://www.appmaildev.com/en/dkim

Click "Next Step", you will get a test email address like this:

DKIM Test

Finally you can send an email to this email address from your Exchange server, please make sure your sender address is belong to this domain, otherwise, DKIM signature won't be signed. A DKIM report will be generated in a short time.

You will get a report like this:

DKIM Test Report

Because you didn't deploy DKIM public key to DNS server, so you will get an error about "no key". But if there is a header named "DKIM-Signature" in the report, that means DKIM signature is added to your email.

Now we need to deploy DKIM public key to your domain DNS server.

Edited by user Thursday, January 12, 2017 8:43:31 PM(UTC)  | Reason: Not specified

ivan  
#5 Posted : Monday, July 8, 2013 4:38:00 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
As I introduced "how DKIM works", the recipient mail system need to query public key to verify DKIM signature. So we need to deploy DKIM public key to domain DNS server, then recipient system can query it by DNS server. Now we get back to DKIM manager and select your domain and click "Export Public Key":

Deploy Public Key by DKIM Manager

If your domain is hosted by Windows DNS Server in local LAN. After you added a domain in DKIM Plugin Manager, you can select the domain and click "Deploy Key", input your DNS server address and choose the DNS zone, the public key will be deployed to DNS server automatically.

Deploy public key by DKIM manager

Deploy DKIM Public Key Manually

If your domain is not hosted by Windows DNS server in local LAN, or it is failed by "Deploy Key" in DKIM manager, you can select the domain and click "Export Public Key". A dialog box will pop up and display a Public Key and a TXT record for deployment in your DNS server.


DKIM public key record

Here is record detailed information:

TXT Record:
The full name of your public key record.

Public Key:
The value in the record.
Test Mode
"t=y;" in public key record means Test mode, you can remove "t=y;" from your public key record after your DKIM/DomainKeys test is finished.

Domain Policy Record (Optional):
Domain Policy Record is always deployed to _domainkey.yourdomain. In policy record value, o = Outbound Signing policy ("-" means that this domain signs all email; "~" is the default value and means that this domain may sign some email with DomainKeys). If you do not set policy record, the o=~; is used by default.

Edited by user Monday, July 6, 2015 5:45:41 AM(UTC)  | Reason: Not specified

ivan  
#6 Posted : Monday, July 8, 2013 4:38:39 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Deploy DKIM Public Key TXT record in Windows DNS Server

Step 1: Select and open a domain (e.g. emailarchitect.net) which you want to add a public key record to. Right-click the record list and select "Other New Records..." from the menu.

Step 2: Select the Text (TXT) record type and click the "Create Record..." button.

Step 3: Copy the value (t=y; k=rsa; p=...) from Public Key field and paste it to the "Text" text box and input "s1024._domainkey" (depends on the information in the dialog box, the syntax is [selector]._domainkey) in Record Name. Click the OK button.

DKIM public key in Windows DNS Server

(Windows 2000 DNS Server*)

If you're using Windows 2000 DNS server, you should create "_domainkey" domain under "your domain" at the beginning, and then create "s1024" TXT record under "_domainkey" sub-domain. The reason is that creating "s1024._domainkey" TXT record directly is not permitted in Windows 2000 DNS server.

DKIM public key record in Windows 2000 DNS server

Add DKIM Policy record in Windows DNS Server (Optional*)

Step 1: Select and open a domain (e.g. emailarchitect.net) which you want to add a public key record to. Right-click the record list and select "Other New Records..." from the menu.

Step 2: Select the Text (TXT) record type and click the "Create Record..." button.

Step 3: Copy the value (t=y; o=~;) from Policy field and paste it to the "Text" text box and input "_domainkey" in Record Name. Click the OK button.

DKIM Policy in Windows DNS Server]DKIM policy record in Windows DNS server

*This record is optional, you don't have to add it. If you do not set policy record, the o=~; is used by default.

Edited by user Monday, July 6, 2015 6:23:46 PM(UTC)  | Reason: Not specified

ivan  
#7 Posted : Monday, July 8, 2013 4:39:10 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Deploy DKIM Public Key TXT in Network Solutions DNS server or Bind DNS server

If your domain is hosted by NetworkSolutions, you can deploy your public key like this:

Step 1: Select your domain

Step 2: Select the "Edit TXT Record.

Step 3: Copy the value (t=y; k=rsa; p=...) from Public Key field and paste it to the "Text" text box and input "s1024._domainkey" (depends on the information in the dialog box, the syntax is [selector]._domainkey) in Host. Click the "Continue" button.

Step 4 (optional*): Copy the value (t=y; o=~;) from Policy field and paste it to the "Text" text box and input "_domainkey" in Host. Click the OK button.

DKIM public key in Networksolutions DNS

Deploy DKIM Public Key TXT in other DNS server

If your domain is hosted by other ISP, as most ISP provide DNS Web administration like "network solutions" do, you can refer to "Deploy Public Key TXT in Network Solutions DNS server" section and deploy your public key in your ISP DNS Web administrative tool.

If you are not DNS server administrator, or your domain is hosted by other DNS server, please send the information in dialog box->DNS Public Deployment to your domain DNS server administrator for assistant.

Edited by user Monday, July 6, 2015 6:23:04 PM(UTC)  | Reason: Not specified

ivan  
#8 Posted : Monday, July 8, 2013 4:39:42 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Test DKIM

Now you can have a test with this online tools again:

First of all, open http://www.appmaildev.com/en/dkim

Click "Next Step", you will get a test email address.

Finally you can send an email to this email address from Exchange Server, please make sure your sender address is belong to this domain, otherwise, DKIM signature won't be signed. A DKIM report will be generated in a short time.

You will get a report like this:

DKIM verify

If you get "DKIM Result: pass" in report email, that means your DKIM signature is verified successfully. If there is any error, please have a look at following section

Edited by user Thursday, January 12, 2017 8:44:28 PM(UTC)  | Reason: Not specified

ivan  
#9 Posted : Monday, July 8, 2013 4:44:50 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
DKIM Troubleshooting

If your email doesn't have DKIM-Signature header after you set the DKIM, you should check the followings:

Check your email sender, please make sure your from address is *@yourdomain, and you have set the domain in DKIM. As DKIM signature is based on the email sender, if the sender domain is not set in DKIM Manager, the email won't be signed.

Check your log file for any error message.

If there is error logged, please contact support@emailarchitect.net for assistance.

If there is no error in the log file, you need to verify the DKIM installation.

Installation Permission

When you install DKIM on Exchange Server 2007/2010/2013, please make sure you are using "Domain Administrator" user to run the installer.

Verify Exchange 2007/2010/2013 Installation

If you installed EA DomainKeys on Exchange 2007/2010/2013, please open Exchange Management Shell.
Code:

Input:
get-transportagent
press enter.


Please check if there is "EA DomainKeys Agent" installed in the output.

Exchange 2007/2010/2013 DKIM Transport Agent

If there is no EA DomainKeys Agent, you can re-run the installer directly (do not uninstall) to fix this problem. You can also contact support@emailarchitect.net for assistance.

Wrong Body Hash

It is likely that the MTA changed email content (disclaimer software or anti-virus software). Please go to DKIM setting, check "Sign a part of message" and set "Maximum length of message body to sign" to zero, then try it again.

Failed to Verify DKIM Signature (bad signature)

If your email has DKIM-Signature header, but it couldn't be verified by this online tool, you should go to DKIM setting and test your public key again to make sure your public key is ok. If your public key is ok, please contact support@emailarchitect.net for assistance.

Now Exchange Server 2007/2010/2013 can add DKIM signature to outgoing emails from your domain. If you want to send email from other domain, you can simply add the domain from DKIM manager.

Edited by user Monday, July 6, 2015 5:48:49 AM(UTC)  | Reason: Not specified

ivan  
#10 Posted : Monday, July 8, 2013 4:48:41 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
DKIM Selector

To support multiple concurrent public keys per sending domain, the DNS namespace is further subdivided with "selectors". Selectors are arbitrary names below the "_domainkey." namespace. For example, selectors may indicate the names of your server locations (e.g., "mta1", "mta2", and "mta2"), the signing date (e.g., "january2005", "february2005", etc.), or even the individual user.

The most important thing is: selector indicates your DKIM public key location. For example: if your domain selector is: "s1024", your public key record will be "s1024._domainkey.yourdomain"; if your domain selector is: "mta1", your public key record will be "mta1._domainkey.yourdomain".

DKIM Selector Usage

If you have only one server and you only set the DKIM/DomainKeys on this server, you can give your selector any name. For example: your domain name is: "emailarchitect.net" and your selector is: "s1024", you should deploy your public key to "s1024._domainkey.emailarchitect.net". After the receiver received your email, the receiver can query the public key from "s1024._domainkey.emailarchitect.net" to verify your DomainKeys/DKIM signature.

If you have only one Exchange server, you can skip the followng sections.
ivan  
#11 Posted : Monday, July 8, 2013 4:49:12 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Using a single DKIM selector with the same domain on multiple Exchange Servers

If all of your servers are running with EA DKIM, you should deploy the certificate as follows: First of all, install EA DKIM on the first server, and create the certificate for the domain. Then install EA DKIM on other servers, and copy the *.pfx certificate you created on the first server to other servers under EA DKIM installation path\certs. Finally, when you create the DomainKeys/DKIM on other server, please have "I have a key pair certificate ..." selected, and import the *.pfx file from your local disk and input the "TMP001" (default password) as the password. All of your servers will have the same certificate (private/public key pair) for your domain. Please also make sure you use the same selector "s1024" (default name).

DKIM on multiple Exchange Servers

Since the private/public key pair is stored in the certificate, if you use the same selector/certificate for the same domain on multiple servers, all servers will use the same key pair for this domain. You just need to deploy the public key to "selector._domainkey.emailarchitect.net", every email from multiple servers can be verified by this public key.

Edited by user Monday, July 6, 2015 6:22:37 PM(UTC)  | Reason: Not specified

ivan  
#12 Posted : Monday, July 8, 2013 4:49:36 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Using multiple DKIM selectors with the same domain on multiple Exchange servers

If you don't want to copy the certificate to all servers or you have another server signing the DKIM with the key pair certificate not supported by EA DomainKeys, you can use different selector for different server.

DKIM selector on multiple Exchange servers

For example, there have two server named “server1” and “server2”, On the first server (server1), "svr1" is used as the selector. On the second serve (server2), "svr2" is used as the selector. The two servers use different key pairs (certificate).

Two public key records should be deployed: deploy the first server public key to svr1._domainkey.yourdomain; deploy the second server public key to svr2._domainkey.yourdomain

When an email is sent from the first server, the email will be signed by the key pair (certificate) on this server and the receiver will query the public key from svr1._domainkey.yourdomain to validate the DKIM signature.

When an email is sent from the second server, the email will be signed by the key pair (certificate) on this server and the receiver will query the public key from svr2._domainkey.yourdomain to validate the DKIM signature.

This is how “selector” provide a solution for using different key-pair/certificates with the same domain on multiple servers.

This solution doesn't require you to copy the certificate to all servers, nor it require all of your servers to run EA DKIM. You just need to create different selector for different servers, and deploy multiple DKIM public key based on selector.

Finally, I will introduce how to sign DKIM onbehalf customer domain.

Edited by user Monday, July 6, 2015 6:22:20 PM(UTC)  | Reason: Not specified

ivan  
#13 Posted : Monday, July 8, 2013 4:50:31 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Using DKIM Sender Rule

Sometimes you need to send an email with sender address not hosted by your server. In this case, you cannot set DKIM signature for such email, as you don't have permission to deploy the DKIM public key to the domain not hosted by your DNS server.

The typical usage is email forwarding. For example, one remote email is delivered to your local user mailbox, but your local user set email forwarding to another remote address. With sender rule, you can re-sign DKIM by your domain and also change MAIL FROM to comply with SPF record.

If you don't send email from outside email address, or you don't need to sign the DKIM for those emails, you can simply ignore this topic.

How to use Sender Rule

Here is the scenario. You own a domain "emailarchitect.net" and you have DKIM/DomainKeys for "emailarchitect.net" set on your server. There is no problem when you send emails with sender "*@emailarchitect.net", the email will be signed correctly. At the same time, your customer requested you to send emails with sender "*@adminsystem.com" and sign the DKIM/DomainKeys signature for outgoing emails. As "adminsystem.com" is your customer domain and you don't have permission to deploy the public key to "adminsystem.com" DNS server, you have to use sender rule.

DKIM sender rule

To solve the problem, you can add a sender rule like the above screenshot. This rule means "If from addess is *@adminsystem.com, then add a sender header (Sender: testuser@emailarchitect.net) to the message". And the email will be signed by "emailarchitect.net" based on the sender header.

With the above sender rule, the email will be signed by DomainKeys/DKIM signature with domain "emailarchitect.net". And the recipient email client will display "From: testuser@emailarchitect.net on behalf of *@adminsystem.com".

Use Reply-To header instead of Sender header

If you also check "Use Reply-To header instead of Sender header", And the recipient email client will display:

From: testuser@emailarchitect.net, Reply-To: *@adminsystem.com (original sender address)
We strongly suggest that you use this option for anti-spam policy.

DKIM Priority

DKIM setting has higher priority than sender rule, that means if DKIM setting is found for the email, this email will not be changed by sender rule.

For example, if you set "emailarchitect.net" in DKIM setting, and add a rule like this: "if From contains *@emailarchitect.net", then ...". Sender rule won't change the email sender from *@emailarchitect.net, the email will be simply signed by DKIM with "emailarchitect.net".

Edited by user Monday, July 6, 2015 5:52:51 AM(UTC)  | Reason: Not specified

ivan  
#14 Posted : Monday, July 8, 2013 4:50:58 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
The end.

Any questions, comments and discuss for DKIM in Exchange 2007/2010/2013 is welcome.
ivan  
#15 Posted : Tuesday, July 16, 2013 4:58:45 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Exchange Server on multiple servers.

Exchange Server Role

If you installed Exchange Server 2007/2010/2013 on multiple servers, you don't have to install DKIM plugin on every server.
If there is Exchange Edge Transport Server Role installed, you just need to install DKIM plugin on this server.
If there is no Exchange Edge Transport Server Role installed, you just need to install DKIM plugin on every Exchange Hub Transport Server Role.
ivan  
#16 Posted : Sunday, August 18, 2013 12:42:16 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Valid DKIM and DomainKeys signature can get positive points in Anti-Spam system, but it doesn't mean your email can go to recipient inbox at 100% with DKIM signature.

I strongly recommend that you have a look at this topic as well:

Bulk Email Sender Guidelines
ivan  
#17 Posted : Tuesday, September 3, 2013 3:55:13 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Related tutorials:


Set up DKIM in Exchange Server 2003 - Tutorial
This tutorial introduces how to add DKIM signature to outgoing emails in Exchange Server 2003/2000. It also demonstrates DKIM selector and Sender rule usage.

Set up DKIM in IIS SMTP Service - Tutorial
This tutorial introduces how to add DKIM signature to outgoing emails in IIS SMTP Service. It also demonstrates DKIM selector and Sender rule usage.
Weibel73  
#18 Posted : Thursday, September 26, 2013 12:29:11 PM(UTC)
Weibel73

Rank: Newbie

Groups: Registered
Joined: 9/26/2013(UTC)
Posts: 3
Hungary
Location: Budapest

Thanks: 1 times
Hi!

Im beginner in DKIM. I understand a deployment in single domain enviroment.
We are email service provider (mail.webkings.hu exchange 2010)and accept many domains email example: simbud.co.hu, fressnapf.hu ....
Users send emails via this server with self domain email address like user@simbud.co.hu, otheruser@fressnapf.hu i hope it's clear for you what im talking about.
DNS servers and records not in my scope but clients can modify own records.

My question: how can I make dkim to my clients and where publish public keys. If possible please send me a short step by step guide.

Best regards:

György Weibel

Edited by user Thursday, September 26, 2013 12:42:22 PM(UTC)  | Reason: Not specified

ivan  
#19 Posted : Thursday, September 26, 2013 4:28:42 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Originally Posted by: Weibel73 Go to Quoted Post
Hi!

Im beginner in DKIM. I understand a deployment in single domain enviroment.
We are email service provider (mail.webkings.hu exchange 2010)and accept many domains email example: simbud.co.hu, fressnapf.hu ....
Users send emails via this server with self domain email address like user@simbud.co.hu, otheruser@fressnapf.hu i hope it's clear for you what im talking about.
DNS servers and records not in my scope but clients can modify own records.

My question: how can I make dkim to my clients and where publish public keys. If possible please send me a short step by step guide.

Best regards:

György Weibel


First of all, you just need to install DKIM software on your exchange 2010 server.
Secondly, create domain "simbud.co.hu", "fressnapf.hu" ... in DKIM manager->DomainKeys/DKIM one by one(there is no limit for domain count), but don't have "active" checked.

Finally, in the DKIM manager->[domain]->click "Export Public Key" and send the public key information to your client.

After you client modified the DNS server, have "active" checked, then it is ok, you can also use Test Public Key and Test DomainKeys/DKIM to test it.
thanks 1 user thanked ivan for this useful post.
Weibel73 on 10/3/2013(UTC)
Weibel73  
#20 Posted : Thursday, October 3, 2013 2:04:59 PM(UTC)
Weibel73

Rank: Newbie

Groups: Registered
Joined: 9/26/2013(UTC)
Posts: 3
Hungary
Location: Budapest

Thanks: 1 times
License Question.

I plan to buy standard license.

I not sure in 2 common things:

1, its a "lifetime" license or ... ?(evaulate 12 months, etc...)
2, we plan to change our server hardware 6 month later, I can "transfer" license to new server (old server no longer active)


Best regards: György Weibel
ivan  
#21 Posted : Thursday, October 3, 2013 4:12:57 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Originally Posted by: Weibel73 Go to Quoted Post
License Question.

I plan to buy standard license.

I not sure in 2 common things:

1, its a "lifetime" license or ... ?(evaulate 12 months, etc...)
2, we plan to change our server hardware 6 month later, I can "transfer" license to new server (old server no longer active)


Best regards: György Weibel


Yes, it is life-time, but only 12 months free upgrade/support period, after the upgrade period is expired, you just cannot upgrade to the further release, but you current version will work for life-time. You can also choose to purchase upgrade license (30% price) once there is a major upgrade (optional).

Yes, you can transfer license to new server very easily.
Weibel73  
#22 Posted : Friday, October 4, 2013 5:01:49 AM(UTC)
Weibel73

Rank: Newbie

Groups: Registered
Joined: 9/26/2013(UTC)
Posts: 3
Hungary
Location: Budapest

Thanks: 1 times
Hi Ivan!

Thank You youar answers. I purchase a standard license via paypal (gyorgy.weibel@.......-).
When receive activation code, and where i think registred paypal email address?


Regards: George
ivan  
#23 Posted : Friday, October 4, 2013 5:49:51 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Originally Posted by: Weibel73 Go to Quoted Post
Hi Ivan!

Thank You youar answers. I purchase a standard license via paypal (gyorgy.weibel@.......-).
When receive activation code, and where i think registred paypal email address?


Regards: George

thanks for purchasing our product. I just sent the license code to your paypal email address, if you didn't receive it, please kindly contact me.
drake4  
#24 Posted : Monday, October 28, 2013 8:09:43 PM(UTC)
drake4

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 19

Was thanked: 1 time(s) in 1 post(s)
eddy522  
#25 Posted : Friday, December 20, 2013 6:56:12 PM(UTC)
eddy522

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 18

Was thanked: 2 time(s) in 2 post(s)
norman623  
#26 Posted : Monday, March 3, 2014 1:41:12 AM(UTC)
norman623

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 27

Was thanked: 3 time(s) in 3 post(s)

For Exchange Server 2013 SP1, please download DKIM 3.1 from:

http://www.emailarchitect.net/domainkeys/
norman623  
#27 Posted : Monday, July 6, 2015 4:08:12 AM(UTC)
norman623

Rank: Newbie

Groups: Registered
Joined: 1/21/2015(UTC)
Posts: 27

Was thanked: 3 time(s) in 3 post(s)
ivan  
#28 Posted : Sunday, August 16, 2015 6:26:54 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
ivan  
#29 Posted : Monday, April 11, 2016 3:39:35 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Originally Posted by: ivan Go to Quoted Post


We also fully tested it with Exchange 2016, it supports Exchange 2016 very well.
ivan  
#30 Posted : Wednesday, September 20, 2017 5:02:54 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 988

Thanks: 9 times
Was thanked: 33 time(s) in 33 post(s)
Sep 2017 - EA DomainKeys/DKIM for IIS SMTP Service and Exchange Server 3.5 released

Inbound DKIM/SPF/DMARC authentication;
Fix bad headers in embedded message automatically;
New kernel with performance improvement.

An inbound transport agent for DKIM/SPF/DMARC authentication is provided as an optional component. You can use the authentication/verification result to filter the spoofing emails to spam folder, or even you can use it to reject the email in SMTP service directly.

To learn more detail, please refer to this tutorial:
DKIM/SPF/DMARC Inbound Authentication

https://www.emailarchite...im_exchange_inbound.aspx
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2018, Yet Another Forum.NET
This page was generated in 0.351 seconds.

EXPLORE TUTORIALS

© All Rights Reserved, AdminSystem Software Limited.