Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
ivan  
#1 Posted : Thursday, May 14, 2015 6:10:49 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
Install and Deploy DKIM in Exchange Server 2003

In this topic, I will introduce how to add DKIM signature to outbound emails in Exchange Server 2003. I will also introduce the usage of DKIM "selector" and "sender rule".

How DKIM works?

When an email claims to originate from a certain domain, DKIM provides a mechanism by which the recipient system can determine that the email is authorized to be sent by that domain. The work flow is illustrated as follows:

How DKIM works? - Exchange Server 2003

Edited by user Thursday, May 14, 2015 6:26:52 PM(UTC)  | Reason: Not specified

ivan  
#2 Posted : Thursday, May 14, 2015 6:12:24 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
How to install DKIM in Exchange Server 2003

To deploy DKIM signature in Exchange Server 2003, you should download the DKIM Installer and install it on your machine.

https://www.emailarchite...oad/eaexchdomainkeys.exe

Double click installer file and the installation will be executed automatically.

How to install DKIM in Exchange Server 2003?

After the installation is complete, click "DKIM Plugin Manager" from "Windows Start menu"->"All Programs"->"EA DKIM for IIS SMTP and Exchange Server" to begin the configuration.
ivan  
#3 Posted : Thursday, May 14, 2015 6:13:06 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
Create DKIM for Domain

Click "DKIM" in Manager and click "New" to create a new domain DKIM signature. DKIM signature is based on the domain of sender email address, it is unrelated to the name of Exchange server.

Create DKIM for Domain - Exchange Server 2003

You can simply input your sender domain, use default settings for other parameters, finally click "Save" to create your DKIM signature.

Edited by user Thursday, May 14, 2015 6:27:19 PM(UTC)  | Reason: Not specified

ivan  
#4 Posted : Thursday, May 14, 2015 6:13:26 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
DKIM Parameters

Here is the detailed information about DKIM parameters:

DKIM Parameters
ivan  
#5 Posted : Thursday, May 14, 2015 6:13:51 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
Export DKIM Public Key

As I have introduced, because The recipient mail system need to use public key to verify DKIM signature, so we need to deploy DKIM public key to domain DNS server, then recipient server can query DNS server to get public key.

Now open DKIM manager and select your domain and click "Export Public Key":

Export DKIM Public Key - Exchange Server 2003


After the public key is exported, you should deploy it in your domain DNS server.

Edited by user Thursday, May 14, 2015 6:27:32 PM(UTC)  | Reason: Not specified

ivan  
#6 Posted : Thursday, May 14, 2015 6:14:11 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
Deploy DKIM Public Key to Windows DNS Server

If your domain is managed by Windows DNS server, you should deploy DKIM public key like this:

Deploy DKIM public key to Windows DNS server.
ivan  
#7 Posted : Thursday, May 14, 2015 6:14:33 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
Add DKIM policy in Windows DNS Server (Optional*)

This DNS record is optional. If you do not set DKIM policy, and then "o=~;" is used by default.
The work flow is illustrated as follows:

DKIM Policy in Windows DNS Server
ivan  
#8 Posted : Thursday, May 14, 2015 6:14:57 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
Deploy DKIM public key in other DNS server

If your domain is managed by "Network Solutions" DNS server, Bind DNS server or other DNS server, you should deploy public key as follows:

Deploy DKIM public key in other DNS server
ivan  
#9 Posted : Thursday, May 14, 2015 6:15:16 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
DKIM Test

Now you can test DKIM signature by this online tool:
http://www.appmaildev.com/en/dkim

Test DKIM - Exchange Server 2003

If report email shows "DKIM Result: pass", that means your DKIM signature is verified successfully. If there is any error, please have a look at following section.

Edited by user Thursday, May 14, 2015 6:27:48 PM(UTC)  | Reason: Not specified

ivan  
#10 Posted : Thursday, May 14, 2015 6:15:43 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
DKIM Troubleshooting

You can check the problem step by step as follows:
If you have any further problem, please contact support@emailarchitect.net for assistance.

DKIM troubleshooting - Exchange Server 2003

Edited by user Thursday, May 14, 2015 6:28:02 PM(UTC)  | Reason: Not specified

ivan  
#11 Posted : Thursday, May 14, 2015 6:16:21 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
DKIM Sender Rule

Sometimes you need to send an email that sender address not belonged to your server.
In this case, you cannot add DKIM signature to such email, as you don't have permission to deploy DKIM public key to sender domain DNS server. Of course if you don't send email from outside email address, or you don't need to sign DKIM for those emails, you can simply ignore this topic.

You can use "Sender Rule" as follows:

DKIM Sender Rule - Exchange Server 2003

Edited by user Thursday, May 14, 2015 6:28:13 PM(UTC)  | Reason: Not specified

ivan  
#12 Posted : Thursday, May 14, 2015 6:17:10 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
DKIM Selector

To support multiple concurrent public keys of sending domain, the DNS namespace is further subdivided by"selectors". "Selectors" is arbitrary names below the "_domainkey" namespace.

The most important thing is: "selector" indicates your DKIM public key location. For example: if your domain selector is: "s1024", your public key DNS record is "s1024._domainkey.yourdomain"; if your domain selector is: "mta1", your public key DNS record is "mta1._domainkey.yourdomain".

If you have only one Exchange Server, you can ignore the following sections.

DKIM Selector - Exchange Server 2003
ivan  
#13 Posted : Thursday, May 14, 2015 6:18:15 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
Using a single DKIM selector for the same domain on multiple Exchange Servers

If all of your servers are running with EA DKIM, you should deploy the certificate as follows:
DKIM Single Selector - Exchange Server 2003
ivan  
#14 Posted : Thursday, May 14, 2015 6:18:56 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
Using multiple DKIM selectors for the same domain on multiple Exchange servers

If you don't want to copy the certificate to all servers or you have another server signing the DKIM with the key pair certificate not supported by EA DKIM, you can use different selector for different server.

DKIM multiple selector - Exchange Server 2003
ivan  
#15 Posted : Monday, May 18, 2015 6:21:26 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,148

Thanks: 9 times
Was thanked: 54 time(s) in 54 post(s)
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2024, Yet Another Forum.NET
This page was generated in 0.133 seconds.

EXPLORE TUTORIALS

© All Rights Reserved, AIFEI Software Limited & AdminSystem Software Limited.