Exchange DKIM Signer Build Status Coverity Scan Build Status

DKIM Signing Agent for Microsoft Exchange Server. This agent signs outgoing emails from your Exchange Server according to the DKIM specifications. It uses the DKIM signer implementation from the awesome MimeKit project.

We recommend to set up SPF (http://www.openspf.org) and DMARC (http://dmarc.org/) too. Test your email setup by sending an email to mailtest@unlocktheinbox.com (you will get an automatically generated report).

We are also happy for any donations to keep new versions flowing :) Especially if you think our DKIM signing agent helped you or your company preventing email spam.

Click here to lend your support to: DKIM Exchange Signer and make a donation at pledgie.com !

Supported versions

The DKIM Signer Agent [ExchangeDkimSigner.dll] is compiled for .NET 3.5 (Exchange 2007 and 2010) or .NET 4 (Exchange 2013 & 2016)

  • Exchange 2007 SP3 (8.3.*)
  • Exchange 2010 (14.0.*)
  • Exchange 2010 SP1 (14.1.*)
  • Exchange 2010 SP2 (14.2.*)
  • Exchange 2010 SP3 (14.3.*)
  • Exchange 2013 (15.0.516.32)
  • Exchange 2013 CU1 (15.0.620.29)
  • Exchange 2013 CU2 (15.0.712.24)
  • Exchange 2013 CU3 (15.0.775.38)
  • Exchange 2013 SP1 (15.0.847.32)
  • Exchange 2013 CU5 (15.0.913.22)
  • Exchange 2013 CU6 (15.0.995.29)
  • Exchange 2013 CU7 (15.0.1044.25)
  • Exchange 2013 CU8 (15.0.1076.9)
  • Exchange 2013 CU9 (15.0.1104.5)
  • Exchange 2013 CU10 (15.0.1130.7)
  • Exchange 2013 CU11 (15.0.1156.6)
  • Exchange 2013 CU12 (15.0.1178.4)
  • Exchange 2013 CU13 (15.0.1210.3)
  • Exchange 2013 CU14 (15.0.1236.3)
  • Exchange 2013 CU15 (15.0.1263.5)
  • Exchange 2016 Preview (15.1.225.17)
  • Exchange 2016 RTM (15.1.225.42)
  • Exchange 2016 CU1 (15.1.396.30)
  • Exchange 2016 CU2 (15.1.466.34)
  • Exchange 2016 CU3 (15.1.544.27)
  • Exchange 2016 CU4 (15.1.669.32)

Requirements

  • .NET 3.5 (Exchange 2007 or Exchange 2010) or .NET 4.0 (Exchange 2013, 2016)
  • .NET 4.5 (optional - Configuration tool [Configuration.DkimSigner.exe])

Note : Manual install (see section below) is required if .NET 4.5 isn't installed

Installing the Transport Agent

Online install

  1. Download the latest GUI package: https://github.com/Pro/dkim-exchange/releases/latest (Configuration.DkimSigner.zip)
  2. Extract it somewhere on your Server (e.g. Desktop)
  3. Start Configuration.DkimSigner.exe
  4. Select Install
  5. In the new opened window, select the version you like to install. If you want to install a prerelease version, check the corresponding box
  6. Press install and wait until the installation successfully finished, then close the window.
  7. Now configure the DKIM Signer with the installed GUI (located under "C:\Program Files\Exchange DkimSigner\Configuration.DkimSigner.exe"
  8. Once you save the config, the Signer Agent will automatically reload these changes

Offline Install

  1. Download the latest GUI package: https://github.com/Pro/dkim-exchange/releases/latest (Configuration.DkimSigner.zip)
  2. Download the whole project package: https://github.com/Pro/dkim-exchange/releases/latest (Source Code (zip))
  3. Move those two packages to your server and extract the Configuration.DkimSigner.zip package to your Desktop
  4. Start Configuration.DkimSigner.exe
  5. Select Install
  6. In the new opened window, browse for the downloaded DkimSigner.zip and press Install
  7. wait until the installation successfully finished, then close the window.
  8. Now configure the DKIM Signer with the installed GUI (located under "C:\Program Files\Exchange DkimSigner\Configuration.DkimSigner.exe"
  9. Once you save the config, the Signer Agent will automatically reload these changes

Manual Install

If you have problems installing the agent using the options above, you can use the powershell script. Just follow these instructions:

  1. Download the .zip and extract it e.g. on the Desktop: Latest Release
  2. Open "Exchange Management Shell" from the Startmenu
  3. Check your current execution policy and remember it for the last step Get-ExecutionPolicy –List
  4. Execute the following command to allow execution of local scripts (will be reset at last step): Set-ExecutionPolicy Unrestricted
  5. Cd into the folder where the zip has been extracted.
  6. Execute the install script .\install.ps1
  7. Follow the instructions. For the configuration see next section.
  8. Reset the execution policy to the value from step 3. E.g., Set-ExecutionPolicy RemoteSigned or Set-ExecutionPolicy Restricted
  9. Check EventLog for errors or warnings. Hint: you can create a user defined view in EventLog and then select "Per Source" and as the value "Exchange DkimSigner"

Make sure that the priority of the DkimSigner Agent is quite low so that no other agent messes around with the headers. Best set it to lowest priority. To get a list of all the Export Agents use the Command Get-TransportAgent

To change the priority use Set-TransportAgent -Identity "Exchange DkimSigner" -Priority 3

Problems?

If you have any problems installing, please check out the troubleshooting guideline.
Exchange 2013 SP1: If you have any problems installing the agent on Exchange 2013 SP1 please first try to apply the fix mentioned in issue #24

Configuring the agent

After installing the agent, you can use the Configuration.DkimSigner.exe within C:\Program Files\Exchange DkimSigner to configure the agent and all the settings. If the GUI doesn't work, you can also configure it manually (see section below).

Configuration tool

Information

DKIM Settings

Domain Settings

EventLogViewer

About

Manual configuration

Open C:\Program Files\Exchange DkimSigner\settigs.xml and configure the DKIM agent.

Here's an example file:

<?xml version="1.0" encoding="utf-8"?>
<Settings xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <Loglevel>3</Loglevel>
  <SigningAlgorithm>RsaSha1</SigningAlgorithm>
  <HeaderCanonicalization>Relaxed</HeaderCanonicalization>
  <BodyCanonicalization>Relaxed</BodyCanonicalization>
  <HeadersToSign>
    <string>From</string>
    <string>Subject</string>
    <string>To</string>
    <string>Date</string>
    <string>Message-ID</string>
  </HeadersToSign>
  <Domains>
    <DomainElement>
      <Domain>example.com</Domain>
      <Selector>ex201302</Selector>
      <!-- if relative path, then it's relative to C:\Program Files\Exchange DkimSigner\keys -->
      <PrivateKeyFile>example.com\ex201302.private</PrivateKeyFile>
    </DomainElement>
    <DomainElement>
      <Domain>example.org</Domain>
      <Selector>ex201302</Selector>
      <!-- if relative path, then it's relative to C:\Program Files\Exchange DkimSigner\keys -->
      <PrivateKeyFile>example.org\ex201302.private</PrivateKeyFile>
    </DomainElement>
  </Domains>
</Settings>

You can add as many domain items as you need. For each domain item, the domain, the selector and the path to the private key file is needed.

This path may be relative or absolute.

Possible values for HeaderCanonicalization and BodyCanonicalization are Simple (recommended) and Relaxed.

Logging

The dkim signing agent logs by default all errors and warnings into EventLog. You can set the LogLevel in the settings.xml file:

Possible values:

  • 0 = no logging
  • 1 = Error only
  • 2 = Warn+Error
  • 3 = Info+Warn+Error
  • 4 = Debug+Info+Warn+Error

The debug level should only be enabled if you need to debug functionality. Otherwise it will fill up your EventLog unnecessarily. Debug messages are shown with the information icon but will begin with the keyword 'DEBUG:'

Creating the keys

You can create the private and public keys using Configuration.DkimSigner.exe (recommended) or you can create them with any other tool and then select them within the GUI.

You can use the following service for creating public and private keys: http://www.port25.com/support/domainkeysdkim-wizard/

Or if you have a linux installation, use (from the opendkim package):
opendkim-genkey -D target_directory/ -d example.com -s sel2012
or openssl:
openssl genrsa -out private.pem

The keys have to be in PEM format.

Testing the setup

If you want to test, if everything is working, simply send a mail to mailtest@unlocktheinbox.com and you will get an immediate response with the results of the DKIM check.

Updating the Transport Agent

If you want to update the Exchange DKIM Transport Agent simply run Configuration.DkimSigner.exe and on the Information tab press the Upgrade button. (If no new version is available the button shows 'Reinstall').

Updating from version 2.* to 3.*

If you are updating the agent from version 2.* to 3.* you may need to recreate your private key and update the DNS record correspondingly if you used the .xml key format. We now switched to another key library which doesn't support the .xml format anymore.

To recreate your private key just open the Configuration tool and for each domain press the Generate key button. Make sure to update the DNS too.

Additionally, the Message-ID header field changed its name. Open the DKIM Settings Tab in the configurator, remove the Message-ID entry from Headers to sign list, and add MessageId as the corresponding header.

Updating Exchange Server

Before you update the Exchange Server, you have to make sure that the DKIM Signer Version is compatible with the new Exchange Version. Thus the following steps are suggested to avoid any Upgrade problems:

  1. Disable the DKIM Signer (Open the configuration executable, on the Information tab press Configure, then disable the DKIM Signer)
  2. Update the Exchange Server
  3. Update the DKIM Signer (using the configuration executable)
  4. Re-enable the DKIM Signer

Uninstalling the Transport Agent

If you want to uninstall the Exchange DKIM Transport Agent simply open the Control Panel and then Programs and Features. The DKIM Signer should be listed there. You can also start Configuration.DkimSigner.exe with the --uninstall parameter, which does the same. Be aware that uninstalling the agent also removes all the keys and files.

If you want to use the powershell script to uninstall the agent (not recommended) follow the manual install instructions but execute .\uninstall.ps1 instead.

Notes for developers

See contribution guideline



Exchange DKIM Signer Build Status Coverity Scan Build Status

Microsoft Exchange Server的DKIM签名代理。该代理根据DKIM规范从Exchange Server中发出电子邮件。它使用了真棒的 MimeKit 项目中的DKIM签名者实现。

我们建议设置SPF( http://www.openspf.org )和DMARC(http://dmarc.org/ )。通过发送电子邮件至 mailtest@unlocktheinbox.com (您将获得自动生成的报告)来测试您的电子邮件设置。

我们也很高兴为任何捐款保持新版本流动:)特别是如果您认为我们的DKIM签名代理帮助您或您的公司阻止电子邮件垃圾邮件。

点击此处提供您的支持:DKIM

支持的版本

为.NET 3.5(Exchange 2007和2010)或.NET 4(Exchange 2013和2016)

编译了DKIM签署者代理[ExchangeDkimSigner.dll]
  • Exchange 2007 SP3(8.3。*)
  • Exchange 2010(14.0。*)
  • Exchange 2010 SP1(14.1。*)
  • Exchange 2010 SP2(14.2。*)
  • Exchange 2010 SP3(14.3。*)
  • Exchange 2013(15.0.516.32)
  • Exchange 2013 CU1(15.0.620.29)
  • Exchange 2013 CU2(15.0.712.24)
  • Exchange 2013 CU3(15.0.775.38)
  • Exchange 2013 SP1(15.0.847.32)
  • Exchange 2013 CU5(15.0.913.22)
  • Exchange 2013 CU6(15.0.995.29)
  • Exchange 2013 CU7(15.0.1044.25)
  • Exchange 2013 CU8(15.0.1076.9)
  • Exchange 2013 CU9(15.0.1104.5)
  • Exchange 2013 CU10(15.0.1130.7)
  • Exchange 2013 CU11(15.0.1156.6)
  • Exchange 2013 CU12(15.0.1178.4)
  • Exchange 2013 CU13(15.0.1210.3)
  • Exchange 2013 CU14(15.0.1236.3)
  • Exchange 2013 CU15(15.0.1263.5)
  • Exchange 2016预览(15.1.225.17)
  • Exchange 2016 RTM(15.1.225.42)
  • Exchange 2016 CU1(15.1.396.30)
  • Exchange 2016 CU2(15.1.466.34)
  • Exchange 2016 CU3(15.1.544.27)
  • Exchange 2016 CU4(15.1.669.32)

要求

  • .NET 3.5(Exchange 2007或Exchange 2010)或.NET 4.0(Exchange 2013,2016)
  • .NET 4.5(可选 - 配置工具[Configuration.DkimSigner.exe])

注意:如果未安装.NET 4.5,则需要手动安装(参见下面的章节)

Installing the Transport Agent

在线安装

  1. Download the latest GUI package: https://github.com/Pro/dkim-exchange/releases/latest (Configuration.DkimSigner.zip)
  2. Extract it somewhere on your Server (e.g. Desktop)
  3. Start Configuration.DkimSigner.exe
  4. Select Install
  5. In the new opened window, select the version you like to install. If you want to install a prerelease version, check the corresponding box
  6. Press install and wait until the installation successfully finished, then close the window.
  7. Now configure the DKIM Signer with the installed GUI (located under "C:\Program Files\Exchange DkimSigner\Configuration.DkimSigner.exe"
  8. Once you save the config, the Signer Agent will automatically reload these changes

离线安装

  1. Download the latest GUI package: https://github.com/Pro/dkim-exchange/releases/latest (Configuration.DkimSigner.zip)
  2. Download the whole project package: https://github.com/Pro/dkim-exchange/releases/latest (Source Code (zip))
  3. Move those two packages to your server and extract the Configuration.DkimSigner.zip package to your Desktop
  4. Start Configuration.DkimSigner.exe
  5. Select Install
  6. In the new opened window, browse for the downloaded DkimSigner.zip and press Install
  7. wait until the installation successfully finished, then close the window.
  8. Now configure the DKIM Signer with the installed GUI (located under "C:\Program Files\Exchange DkimSigner\Configuration.DkimSigner.exe"
  9. Once you save the config, the Signer Agent will automatically reload these changes

手动安装

如果在使用上述选项安装代理时遇到问题,可以使用powershell脚本。只需按照以下说明:

  1. Download the .zip and extract it e.g. on the Desktop: Latest Release
  2. Open "Exchange Management Shell" from the Startmenu
  3. Check your current execution policy and remember it for the last step Get-ExecutionPolicy –List
  4. Execute the following command to allow execution of local scripts (will be reset at last step): Set-ExecutionPolicy Unrestricted
  5. Cd into the folder where the zip has been extracted.
  6. Execute the install script .\install.ps1
  7. Follow the instructions. For the configuration see next section.
  8. Reset the execution policy to the value from step 3. E.g., Set-ExecutionPolicy RemoteSigned or Set-ExecutionPolicy Restricted
  9. Check EventLog for errors or warnings. Hint: you can create a user defined view in EventLog and then select "Per Source" and as the value "Exchange DkimSigner"

确保DkimSigner代理的优先级相当低,以免任何其他代理程序与头文件混淆。最好将其设置为最低优先级。 要获取所有导出代理的列表,请使用Command Get-TransportAgent

要更改优先级,请使用 Set-TransportAgent -IdentityExchange DkimSigner-Priority 3

问题?

如果您安装任何问题,请查看疑难排解指南。< br /> Exchange 2013 SP1 :如果在Exchange 2013 SP1上安装代理时遇到任何问题,请首先尝试应用问题#24

Configuring the agent

After installing the agent, you can use the Configuration.DkimSigner.exe within C:\Program Files\Exchange DkimSigner to configure the agent and all the settings. If the GUI doesn't work, you can also configure it manually (see section below).

配置工具

信息src

DKIM设定src

域名设置src

EventLogViewersrc

关于src

手动配置

Open C:\Program Files\Exchange DkimSigner\settigs.xml and configure the DKIM agent.

这是一个示例文件:

<?xml version="1.0" encoding="utf-8"?>
<Settings xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <Loglevel>3</Loglevel>
  <SigningAlgorithm>RsaSha1</SigningAlgorithm>
  <HeaderCanonicalization>Relaxed</HeaderCanonicalization>
  <BodyCanonicalization>Relaxed</BodyCanonicalization>
  <HeadersToSign>
    <string>From</string>
    <string>Subject</string>
    <string>To</string>
    <string>Date</string>
    <string>Message-ID</string>
  </HeadersToSign>
  <Domains>
    <DomainElement>
      <Domain>example.com</Domain>
      <Selector>ex201302</Selector>
      <!– if relative path, then it's relative to C:\Program Files\Exchange DkimSigner\keys –>
      <PrivateKeyFile>example.com\ex201302.private</PrivateKeyFile>
    </DomainElement>
    <DomainElement>
      <Domain>example.org</Domain>
      <Selector>ex201302</Selector>
      <!– if relative path, then it's relative to C:\Program Files\Exchange DkimSigner\keys –>
      <PrivateKeyFile>example.org\ex201302.private</PrivateKeyFile>
    </DomainElement>
  </Domains>
</Settings>

您可以根据需要添加任意数量的域项。对于每个域项目,需要域,选择器和私钥文件的路径。

此路径可能是相对的或绝对的。

HeaderCanonicalization BodyCanonicalization 的值可能是 Simple (推荐)和 Relaxed

记录

dkim签名代理将默认将所有错误和警告记录到EventLog中。 您可以在 settings.xml 文件中设置LogLevel:

可能的值:

  • 0 =无记录
  • 1 =仅错误
  • 2 =警告+错误
  • 3 =信息+警告+错误
  • 4 =调试+信息+警告+错误

只有在需要调试功能时,才能启用调试级别。否则将不必要地填满您的EventLog。调试消息将显示信息图标,但将以关键字DEBUG:

开头

创建密钥

您可以使用Configuration.DkimSigner.exe(推荐)创建私钥和公钥,也可以使用任何其他工具创建私钥和公钥,然后在GUI中选择它们。

您可以使用以下服务创建公钥和私钥: http://www.port25.com/support/domainkeysdkim-wizard/

或者如果您有linux安装,请使用(从opendkim软件包):
opendkim-genkey -D target_directory / -d example.com -s sel2012
或openssl:
openssl genrsa -out private.pem

键必须采用PEM格式。

Testing the setup

如果要测试,如果一切正常,只需发送邮件到 mailtest@unlocktheinbox.com ,您将立即得到回复DKIM检查的结果。

Updating the Transport Agent

如果要更新Exchange DKIM传输代理,只需运行Configuration.DkimSigner.exe,并在信息选项卡上按升级按钮。 (如果没有新版本可用,该按钮显示重新安装)。

从版本2. 更新到3。

如果您正在将代理从版本2. *更新为3. *,则可能需要重新创建私钥并相应地更新DNS记录,如果您使用.xml密钥格式。 我们现在切换到不支持.xml格式的另一个密钥库。

要重新创建私钥,只需打开配置工具,并为每个域按生成键按钮。确保更新DNS。

此外, Message-ID 标题字段更改了其名称。打开配置器中的 DKIM设置选项卡,从标题中删除 Message-ID 条目列表,然后添加 MessageId </代码>作为相应的标题。

Updating Exchange Server

在更新Exchange Server之前,必须确保DKIM签名器版本与新的Exchange版本兼容。因此,建议以下步骤以避免任何升级问题:

  1. Disable the DKIM Signer (Open the configuration executable, on the Information tab press Configure, then disable the DKIM Signer)
  2. Update the Exchange Server
  3. Update the DKIM Signer (using the configuration executable)
  4. Re-enable the DKIM Signer

Uninstalling the Transport Agent

如果要卸载Exchange DKIM传输代理,只需打开控制面板,然后打开程序和功能。 DKIM签名者应该在那里列出。您也可以使用 - uninstall 参数启动Configuration.DkimSigner.exe,该参数也是一样的。请注意,卸载代理还会删除所有的密钥和文件。

If you want to use the powershell script to uninstall the agent (not recommended) follow the manual install instructions but execute .\uninstall.ps1 instead.

Notes for developers

请参见贡献准则




相关问题推荐