MS Exchange and DKIM

Signing outbound emails with a DKIM signature is a challenge in MS Exchange as it does not support this feature natively. One solution is to install third-party packages on your Exchange server that accomplishes this task. There are two problems using these solutions:

  1. You have to create the public/private key manually
  2. These plugins run inside MS Exchange's memory space. A minor bug in the plugin can bring the entire Exchange server down.

A better approach

Using the following instructions you can get up and running with DKIM in less than 15 minutes. Once completed, the outbound email flow will look like:

DKIM in Exchange
  • Install Xeams on any machine within your LAN. Although you can install it on the same machine as Exchange, a cleaner solution is to use a different machine.
    Installing Xeams is just a matter of running setup.exe that you can download from here. The Community Edition of Xeams will suffice since you will not be using the filtering features of Xeams.
  • Setup Xeams in Stand-Alone mode and do not create any local users
  • Configure the SMTP server in Xeams to accept emails on port 25
  • Add Exchange Server's IP address among the IP addresses allowed to relay
  • Disable filtering Xeams by un-checking Enable Filtering option under Filter Management/Score Configuration
  • Select DKIM under Filter Management to create a DKIM signature. Refer to this page for details.
  • Configure the Send Connector in your Exchange server to forward outbound emails to the IP/Host name where Xeams is running

Related Links