We help IT Professionals succeed at work.

USE DKIM keys on EDGE Servers

Gaston Mbey
Gaston Mbey used Ask the Experts™
on
Hello Experts

I am configuring Exchange for a lcient who nees DKIM
I never configure this before
The customer told me that he can generate DKIM keys for the domain

how do i use this on EDGE server?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
install DKIM installer and deploy

ps check the following link
https://www.emailarchitect.net/domainkeys/kb/dkim_exchange_2007_2010_2013.aspx

all the best
Fractional CTO
Distinguished Expert 2018
Commented:
1) I am configuring Exchange for a client who needs DKIM.

I think what you mean is you require adding DKIM message signing to your outgoing mail.

2) I never configure this before.

Wow... This process can be lengthy. Best bill this task by the hour.

3) The customer told me that he can generate DKIM keys for the domain.

Hum... Sounds like your customer misunderstands how DKIM works.

I suppose it's possible to have a client generate DKIM config files, then transport them all (there can be many depending on exact DKIM approach taken).

Normally, you will generate all keys + handle all signing locally.

You will then provide the related public DKIM selector record to your client.

So normally you provide DKIM related DNS records, rather than client providing these to you.

Suggestion: Since you're new to how DKIM signing works, this search - site:youtube.com how dkim works - may be useful.

Watch several of these short videos, as being able to visualize the entire DKIM message signing + verification process is helpful.
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Commented:
Where did he install DKIM signing software?
if its already instaleed just generate the keys and add that in your external DNS using the article posted above
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Aside: I recently inherited a project with many MTAs doing their own DKIM signing.

What a mess.

Checking DMARC reports many DKIM signing infrastructures were broken, causing massive lost revenue due to email being undeliverable.

Changing over to a simple Postfix + OpenDKIM system took roughly an hour for the entire work to be done. Next day DMARC reports showed 100% DKIM checks passing at all Mailbox Providers.

If your target is highest deliverability + least maintenance, you'll love running a central MTA for all delivery.

I should write a book... "The Lazy Man's Guide To High Deliverability Email Systems"... :)