Skip to content

Configuration

Jump to bottom
DJBenson edited this page Jan 7, 2020 · 4 revisions

Configuring the agent

After installing the agent, you can use the Configuration.DkimSigner.exe within C:\Program Files\Exchange DkimSigner to configure the agent and all the settings. If the GUI doesn't work, you can also configure it manually (see Manual Configuration).

Please Note:
If you have configured your server to only send in the TNEF message format, your mails will not be signed. To disable it, use the following powershell command (see also #170).

Set-RemoteDomain -Identity * -TNEFEnabled $false

Configuration Tool

Information DKIM Settings Domain Settings EventLogViewer About Debug Helper

Manual Configuration

Open C:\Program Files\Exchange DkimSigner\settigs.xml and configure the DKIM agent.

Here's an example file:

<?xml version="1.0" encoding="utf-8"?>
<Settings xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <Loglevel>3</Loglevel>
  <SigningAlgorithm>RsaSha1</SigningAlgorithm>
  <HeaderCanonicalization>Relaxed</HeaderCanonicalization>
  <BodyCanonicalization>Relaxed</BodyCanonicalization>
  <HeadersToSign>
    <string>From</string>
    <string>Subject</string>
    <string>To</string>
    <string>Date</string>
    <string>Message-ID</string>
  </HeadersToSign>
  <Domains>
    <DomainElement>
      <Domain>example.com</Domain>
      <Selector>ex201302</Selector>
	  <!-- if relative path, then it's relative to C:\Program Files\Exchange DkimSigner\keys -->
      <PrivateKeyFile>example.com\ex201302.private</PrivateKeyFile>
    </DomainElement>
    <DomainElement>
      <Domain>example.org</Domain>
      <Selector>ex201302</Selector>
	  <!-- if relative path, then it's relative to C:\Program Files\Exchange DkimSigner\keys -->
      <PrivateKeyFile>example.org\ex201302.private</PrivateKeyFile>
    </DomainElement>
  </Domains>
</Settings>

You can add as many domain items as you need. For each domain item, the domain, the selector and the path to the private key file is needed.

This path may be relative or absolute.

Possible values for HeaderCanonicalization and BodyCanonicalization are Simple (recommended) and Relaxed.

Logging

The dkim signing agent logs by default all errors and warnings into EventLog. You can set the LogLevel in the settings.xml file:

Possible values:

  • 0 = no logging
  • 1 = Error only
  • 2 = Warn+Error
  • 3 = Info+Warn+Error
  • 4 = Debug+Info+Warn+Error

The debug level should only be enabled if you need to debug functionality. Otherwise it will fill up your EventLog unnecessarily. Debug messages are shown with the information icon but will begin with the keyword 'DEBUG:'

Creating the keys

You can create the private and public keys using Configuration.DkimSigner.exe (recommended) or you can create them with any other tool and then select them within the GUI.

You can use the following service for creating public and private keys: http://www.port25.com/support/domainkeysdkim-wizard/

Or if you have a linux installation, use (from the opendkim package):
opendkim-genkey -D target_directory/ -d example.com -s sel2012
or openssl:
openssl genrsa -out private.pem

The keys have to be in PEM format.

Testing the setup

If you want to test, if everything is working, simply send a mail to [email protected] and you will get an immediate response with the results of the DKIM check.

Home

Table of Contents

Clone this wiki locally