How to set-up Exchange Server Part 3of3

  • Last Updated - March 8, 2022

Additional configuration of Exchange Server 2016

Table of Content

DMARC Set-up:

So what is DMARC?

In the previous article, we have set up SPF and we are yet to set up DKIM, these two are authentication methods that tell the recipient domain that indeed tech-servepro is sending the email and there is no spoofing.   In case both the authentication fails what will the recipient server do? It will follow the rules defined in DMARC. So DMARC policy is the rule that tells the recipient server what to do when both SPF and DKIM authentication fails.

The record can be generated from MXtoolbox – https://mxtoolbox.com/DMARCRecordGenerator.aspx . It will look something like this which we will add to DNS as a TXT record. For all the tag in a DMARC record, you can check out this link – https://dmarc.org//draft-dmarc-base-00-01.html#iana_dmarc_tags

				
					Type: TXT
Host/Name: _DMARC.tech-servepro.com
Value: v=DMARC1; p=none; rua=mailto:administrator@tech-servepro.com; ruf=mailto:administrator@tech-servepro.com; fo=1

DKIM Set-up:

DKIM (Domain Keys Identified Mail) is another authentication method that tells the recipient server that the email is indeed sent and authorized by the domain owner. In the process, a digital signature is added in the header of the message which confirms the sender.

However, in the on-premise Exchange Server, DKIM is not supported and we have to use third-party applications. In this case, we will use Pro/ dkim-exchange for GitHubhttps://github.com/ . For more installation information, you can follow this wiki page. – https://github.com/Pro/dkim-exchange/wiki

Following the wiki page, we will download the latest version of Configuration.DkimSigner.zip, extract it and install it. We are installing version 3.3.2. Once done we will go to C:\Program Files\Exchange DkimSigner and open the  Configuration.DkimSigner.exe file to configure it. Here I have kept all default settings and updated only the DKIM and domain settings. In the DKIM setting, we have chosen header/body canonicalization as relaxed.  In the domain setting updated the domain name, selector and then generated the key pair and saved it in the program folder of the application. Then followed by saving the domain. Once this is done we will update DKIM in the DNS as a TXT record. That’s all for enabling DKIM.

Troubleshooting tips: If you see that outgoing email is not getting signed by DKIM you can check the issue with the TNEF header here – https://github.com/Pro/dkim-exchange/issues/170

All Images:

Part 1 – https://sutaantra.com/how-to-set-up-exchange-server-part-1of3/

Part 2 – https://sutaantra.com/how-to-set-up-exchange-server-part-2of3/

  • KB170090
Check Our

Related Posts