MS Exchange and DKIM

Signing outbound emails with a DKIM signature is a challenge in MS Exchange as it does not support this feature natively. One solution is to install third-party packages on your Exchange server that accomplishes this task. There are two problems using these solutions:

1. You have to create the public/private key manually
2. These plugins run inside MS Exchange's memory space. A minor bug in the plugin can bring the entire Exchange server down.

A better approach

Using the following instructions you can get up and running with DKIM in less than 15 minutes. Once completed, the outbound email flow will look like:

• Install Xeams on any machine within your LAN. Although you can install it on the same machine as Exchange, a cleaner solution is to use a different machine.
  Installing Xeams is just a matter of running setup.exe that you can download from here. The Community Edition of Xeams will suffice since you will not be using the filtering features of Xeams.
• Setup Xeams in Stand-Alone mode and do not create any local users
• Configure the SMTP server in Xeams to accept emails on port 25
• Add Exchange Server's IP address among the IP addresses allowed to relay
• Disable filtering Xeams by un-checking Enable Filtering option under Filter Management/Score Configuration
• Select DKIM under Filter Management to create a DKIM signature. Refer to this page for details.
• Configure the Send Connector in your Exchange server to forward outbound emails to the IP/Host name where Xeams is running