how to configuration dkim on exchange email server

Mails sent from our internal email server to public servers such as Gmail, Yahoo and all other external organizations are delivering to spam. We currently use exchange server, in order to tackle above mentioned problem we would like to configure DKIM on exchange server 2016. Please kindly clarify the description of configuration of DKIM. If possible is there any method to solving this matter.

Thank you for your time,

Best regards.


Solution 1:

At first: Exchange on premises does not support DKIM signing and verifying out of the box. Microsoft hasn´t added that yet and might also not do that. So you need a plugin.

But if you wish to go forward here, then Microsoft has a great tutorial here which explains how to setup DKIM on an on-premises Exchange environment.

In general the following steps are needed:

  1. Create your signing key. You can use the dkimcore.org site to generate a key pair. This should be used for testing purposes only, since the key pair is generated and stored on this website (maybe only temporary but who knows). A better way would be to generate a own set of keys with OPENSSL or PUTTYGEN.
  2. Publish your DKIM DNS record for your domain (example for contoso.com here):

1490088847.contoso._domainkey.contoso.com. IN TXT ( "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMDMeAS5PFV4nNol78D6emKE8C" "eC/l/xsfJSsRvmfrP2P1wFuhgzI31A2VKz8Hzy+TNdQ2iD70Mwkf0WR53UF5j842" "NI7iTHE46B9F25qpsHpNIDpbksWuGowaXDAHmWrM2NXUngybyyJjk9MURP1UckjN" "mVi1fXKcups6ceGP1wIDAQAB")

  1. Enable the DKIM signing and encrypting option for all outbound emails. This is basically done via a transport rule. So you need to download a 3rd party software (e.g. dkim-exchange, DkimX, ...) and install that on the Exchange 2016 Edge Transport Server) and then configure the DKIM signing module (which is basically a transport rule as mentioned).

Testing:

Onced added to DNS you can use the dkimcore.org site to test the public DKIM Core key. You can enter the selector and domain name, or you can enter the record that was found in the previous step. Or you can use mxtoolbox.com.

P.S. You might also wish to check SPF but thats offtopic here as its not related to DKIM. Its mostly easier to implement.

Solution 2:

I was looking to do the same thing and I found what I needed at this address: https://www.emailarchitect.net/domainkeys/kb/dkim_exchange_2007_2010_2013.aspx#install-dkim-in-exchange-server-2007-2010-2013-2016-2019