search

colinwilson / comments

0 stars 0 forks source link

Setting up DKIM for Exchange Server | Colin Wilson #6

Open utterances-bot opened 3 years ago

utterances-bot commented 3 years ago

Setting up DKIM for Exchange Server

Setup DKIM for Exchange Server

https://colinwilson.uk/2017/07/19/setting-up-dkim-for-exchange-server/

inferKNOX commented 3 years ago

Superb guide & relevant as ever, used on Server Core 2019 with Exchange 2019! On Server Core, it bugs out when you try and generate or select key, however, and you need to install the Server Core App Compatibility Feature on Demand (FOD) first, then you're in business. I successfully setup SPF, DKIM & DMARC in a day, thanks in part to this.

It'd be worth adding a follow-up DMARC article, to tie it all together.

tgarner-westu commented 3 years ago

Thank you so very much! This was the most helpful step-by-step instructions I found.

pat-kaz commented 3 years ago

Excellent article. Successfully installed it on Exchange 2016 Edge server with multiple domain names.

colinwilson commented 3 years ago

@inferKNOX Thanks for the tip regarding Server Core App Compatibility Feature on Demand (FOD). đź‘Ť

Yes. A DMARC/SPF follow up is a good idea. Will have that up soon.

tullahomafiber commented 3 years ago

Great walkthrough! Works fantastic on Exchange 2013. Thank you!

copenhaus commented 3 years ago

hi, how do I copy the configuration to the second(ary) Exchange Servers?? Or I don't, instead, create key2_2017??

also, how do I find out the expiration of the keys? I suppose if the keys failed, email messages would just became "DKIM failed"...it would be nice to be on top of this as well...

ArlethKarinaAcosta commented 3 years ago

Hi good day. For example, in my environment I have two mail servers, should I install the program on both servers and create two txt records in my dns? or with a registry that is married to my domain enough?

tgarner-westu commented 3 years ago

We use DNS with a mail DNS entry with the IP addresses of both exchange servers.

Internal DNS example: mail.mydomain.com resolves to: 192.168.1.1 (exchange #1) & 192.168.1.2 (exchange #2) External DNS: mail.mydomain.com resolves to my pubic IP address

I installed the program on both servers with the same key.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Tracy Garner Network Administrator

City of West University Place 3826 Amherst, West University Place, TX 77005 Tel 713.662.5399

[City of West U]http://www.westutx.gov/[Facebook]http://www.facebook.com/CityofWestUniversityPlaceTX[Twitter]http://twitter.com/CityofWestU

ATTENTION PUBLIC OFFICIALS: This email, plus any attachments, may constitute a public record of the City of West University Place and may be subject to public disclosure under the Texas Public Information Acthttp://www.statutes.legis.state.tx.us/Docs/GV/htm/GV.552.htm. A "reply to all" of this e-mail could lead to violations of the Texas Open Meetings Acthttp://www.statutes.legis.state.tx.us/SOTWDocs/GV/htm/GV.551.htm. Please reply only to the sender.

From: ArlethKarinaAcosta notifications@github.com Sent: Thursday, March 4, 2021 10:14 AM To: colinwilson/comments comments@noreply.github.com Cc: Tracy Garner tgarner@westutx.gov; Comment comment@noreply.github.com Subject: Re: [colinwilson/comments] Setting up DKIM for Exchange Server (#6)

CAUTION: This email originated from outside your organization. Exercise caution when opening attachments or clicking links, especially from unknown senders.

Hi good day. For example, in my environment I have two mail servers, should I install the program on both servers and create two txt records in my dns? or with a registry that is married to my domain enough?

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/colinwilson/comments/issues/6#issuecomment-790735181, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ASLHMLR2CN55KYCYFKBDQ7TTB6WVZANCNFSM4VTASQCA.

AndrewBienhaus commented 3 years ago

Many thanks for the article... it's one thing to sit and fiddle-fart to figure things out in a lab, but when you need to add to production right away, it's nice to have someone who has walked through it like this! So - thanks!

Quick question, before I add any more domains.

The changing of the order of processing - the app install/configure "hint", says that DKIM signing should have the LOWEST priority, where you have suggested it should be in the top 3, or preferred at #1. I have taken your advice, and put it at #1, but wanted to ask...

  1. Is it ok that I put it ahead of even the MSE transports? (the Symantec Mail Security, dealing with virus/spam)
  2. Can you think of any reason why your experience might contradict the app's suggestion like that?

Thanks! Andrew

AKPTN commented 3 years ago

Is this version (3.3.2) OK for Exchange 2010? COVID put a hamper on our revenue/spending at the moment and I'm trying to get rid of "you are SPAM" on some of our emails going out. Need to add DKIM... I have SPF. Thanks ....

colinwilson commented 3 years ago

@AKPTN There were issues in previous versions with the transport service not starting/crashing when installed on Ex2010. AFAIK this issue still persists in later versions (≥3.0.12). So no, I don't think 3.3.2 is compatible unfortunately.

AKPTN commented 3 years ago

Thanks Colin.. Hmmm - anyone know where there is a stable one for EX 2010? I believe AdminSystems isn't even updating for 2010 anymore ..

AndrewBienhaus commented 3 years ago

And sorry, I can’t be much help…. Only using it (successfully) on 2016.

Setup a quick lab machine, and try? :-)

Andrew

From: Colin Wilson @.> Sent: July 27, 2021 5:18 PM To: colinwilson/comments @.> Cc: Andrew Bienhaus @.>; Comment @.> Subject: Re: [colinwilson/comments] Setting up DKIM for Exchange Server (#6)

@AKPTNhttps://github.com/AKPTN There were issues in previous versions with the transport service not starting/crashing when installed on Ex2010. AFAIK this issue still persists in later versions (≥3.0.12). So no, I don't think 3.3.2 is compatible unfortunately.

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/colinwilson/comments/issues/6#issuecomment-887841605, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AL4JCWXSQQSX4K76BE2ERJTTZ4PA7ANCNFSM4VTASQCA.

colinwilson commented 3 years ago

@AndrewBienhaus Sorry, I've only now seen your comment:

The changing of the order of processing - the app install/configure "hint", says that DKIM signing should have the LOWEST priority, where you have suggested it should be in the top 3, or preferred at #1. I have taken your advice, and put it at #1

I think I'm wrong and the app advice is correct! Will check and update the article accordingly. Thanks for bringing attention to this đź‘Ť.

AndrewBienhaus commented 3 years ago

Do me a favor? Reply again once you’ve figured it out for sure, and I’ll dive back in and make sure I’ve got mine set correctly after you’ve checked it out. :-)

From: Colin Wilson @.> Sent: Tuesday, July 27, 2021 6:06:55 PM To: colinwilson/comments @.> Cc: AndrewBienhaus @.>; Mention @.> Subject: Re: [colinwilson/comments] Setting up DKIM for Exchange Server (#6)

@AndrewBienhaushttps://github.com/AndrewBienhaus Sorry, I've only now seen your comment:

The changing of the order of processing - the app install/configure "hint", says that DKIM signing should have the LOWEST priority, where you have suggested it should be in the top 3, or preferred at #1. I have taken your advice, and put it at #1

I think I'm wrong and the app advice is correct! Will check and update the article accordingly. Thanks for bringing attention to this đź‘Ť.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/colinwilson/comments/issues/6#issuecomment-887865970, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AL4JCWQGK2MLP4ZFDKAYQITTZ4UX7ANCNFSM4VTASQCA.

AKPTN commented 3 years ago

Anyone that can lead me to find DKIM for ex2010?

colinwilson commented 3 years ago

@AndrewBienhaus

Do me a favor? Reply again once you’ve figured it out

Will do đź‘Ť.

pthomson commented 3 years ago

thank you so much for the walkthrough for config. extremely helpful! not sure why they chose not to include these details in their wiki

akhilmajeed commented 2 years ago

Anyone can help me what if I have two exchange servers? Do I need to generate two keys separately for each servers ?

amarhw commented 2 years ago

Is there a free tool to check inbound emails ?

Kurt-IRC commented 1 year ago

What if one Exchange 2016 server host more than 1 mail domain? Just adding them one after one and the domain which is added also add the DNS TXT-record. The other domains which are not added will keep working without DKIM? Thanks for your feedback.

shumaid commented 5 months ago

I did the same configuration and no go on Exchange 2016 CU23 Win 2012 R2 DKIM Signer 3.4.0

"Click Configure and move the priority of the DkimSigner Agent up to at least 3, if not 1 (This is to prevent other agents from potentially interfering with the headers), and then click Close" Other articles are recommending it to be at the end

When I test using mxtoolbox or DKIMvalidator sites I get that the check is passed! any idea why this is happening?

Thanks in advance