Setup DKIM with Exchange 2013/2016 Inhouse Server



  • We were requested to Setup DKIM on a Microsoft Exchange 2016 Server and since Microsoft doesn't include DKIM as part of the Exchange Inhouse Server we needed to rely on a DKIM Signer tool. We found an opensource tool and that works with Exchange. In this case we are using the https://github.com/Pro/dkim-exchange project.

    Installation
    1- Download the Latest Package to the Exchange Server- https://github.com/Pro/dkim-exchange/releases/latest (Select the Configuration.DkimSigner.zip file)
    2- Once Downloaded it Extract the Zip File to any folder you want on the Exchange Server.
    3- Run the Configuration.DkimSigner.exe from the Extracted files.
    ee052990-c638-4239-965f-e1abd30f7550-image.png
    4- Once it opens, wait until your see the Install option available and click on it.
    4402c60d-93a3-4b59-a7eb-0324f6b17165-image.png
    5- Let the installer finish and Close it.
    08c641e5-71e5-4e70-af30-0a4f5ba12faf-image.png

    Now to Configure the Application
    1- Go to the C:\Program Files\Exchange DkimSigner folder
    69c924b8-074d-4834-80a8-9dcdca35b10b-image.png
    2- Run the Configuration.DkimSigner.exe application
    3- Click the Configure Button
    2a1414ba-110c-4185-85b5-c057cf882f0a-image.png
    4- Move up the "Exchange DKIMSigner" Transport Agent
    04da6425-fcb8-4aed-9efc-48ad95278203-image.png
    5- Press Close.
    6- Go to the DKIM Settings and set the "Header Canonicalization & Body Canonicalization" Options as Relaxed
    1477d1a9-ec6a-469a-aa38-5aced831343d-image.png
    7- Then press the "Save Configuration" button
    8- Go to the "Domain settings Tab" and press the "Add" button
    9- Enter your domain name and set your Selector (DKIM record selector)
    be6d95df-1c2a-4f15-8de0-ba86f0eef186-image.png
    10- Press the "Generate new key" button
    eb631b2b-f68c-4f63-8e94-b12e4651be9f-image.png
    11- You will be prompted to save your Key on the Server (The default save locations is "C:\Program Files\Exchange DkimSigner\keys")
    12- Press Save.
    13- Created your DKIM DNS records based on the "Suggested DNS Name" and "Suggested DNS record"
    a7162c62-69d4-431c-93d8-191ddf853aa3-image.png
    14- Press the "Save Domain Button"
    64c0e827-a27c-4643-8030-361cb86af7b3-image.png
    15- Go to the Information Tab and Press the Restart Button under the "Transport Service Status"
    b639a457-f182-4e9b-becb-1c132b066334-image.png

    Once the service restarts then your emails will be signed . Use a DKIM validator or other method to confirm your DKIM emails are signed. Also don't forget to setup your DMARC DNS record. (You can use MXtoolbox for that - https://mxtoolbox.com/DMARCRecordGenerator.aspx)