DKIM Signing Agent for Exchange Server.
This code is mainly based on the work of http://nicholas.piasecki.name/blog/2010/12/dkim-signing-outbound-messages-in-exchange-server-2007/
If you have a version installed previous to 26.11.2013 read the Section Update from Version 0.5
The .dll is compiled for .NET 3.5 (Exchange 2007 and 2010) or .NET 4 (Exchange 2013)
- Exchange 2007 SP3 (8.3.*)
- Exchange 2010 (14.0.*)
- Exchange 2010 SP1 (14.1.*)
- Exchange 2010 SP2 (14.2.*)
- Exchange 2010 SP3 (14.3.*)
- Exchange 2013 (15.0.516.32)
- Exchange 2013 CU1 (15.0.620.29)
- Exchange 2013 CU2 (15.0.712.24)
- Exchange 2013 CU3 (15.0.775.38)
- Exchange 2013 SP1 (15.0.847.32)
- Download the .zip and extract it e.g. on the Desktop: Latest Release
- Open "Exchange Management Shell" from the Startmenu
- Execute the following command to allow execution of local scripts (will be reset at last step):
Set-ExecutionPolicy Unrestricted
- Cd into the folder where the zip has been extracted.
- Execute the install script
.\install.ps1
- Follow the instructions. For the configuration see next section.
- Reset the execution policy:
Set-ExecutionPolicy Restricted
- Check EventLog for errors or warnings. Hint: you can create a user defined view in EventLog and then select "Per Source" and as the value "Exchange DkimSigner"
Make sure that the priority of the DkimSigner Agent is quite low so that no other agent messes around with the headers. Best set it to lowest priority.
To get a list of all the Export Agents use the Command Get-TransportAgent
To change the priority use Set-TransportAgent -Identity "Exchange DkimSigner" -Priority 3
If you have any problems installing, please check out the troubleshooting guideline.
Exchange 2013 SP1: If you have any problems installing the agent on Exchange 2013 SP1 please first try to apply the fix mentioned in issue #24
Edit the .config file to fit your needs.
<domainSection>
<Domains>
<Domain Domain="example.com" Selector="sel2012" PrivateKeyFile="keys/example.com.private" />
<Domain Domain="example.org" Selector="sel2013" PrivateKeyFile="keys/example.org.private" RecipientRule="yahoo\.[^\.]+"/>
<Domain Domain="example.net" Selector="sel2013" PrivateKeyFile="keys/example.net.private" SenderRule="user@.*" RecipientRule="yahoo\.[^\.]+"/>
</Domains>
</domainSection>
<customSection>
<general LogLevel="3" HeadersToSign="From; Subject; To; Date; Message-ID;" Algorithm="RsaSha1" HeaderCanonicalization="Simple" BodyCanonicalization="Simple" />
</customSection>
You can add as many domain items as you need. For each domain item, the domain, the selector and the path to the private key file is needed.
This path may be relative (based on the location of the .dll) or absolute.
The RecipientRule
attribute is an optional parameter defined as a Regular Expression telling the agent on which To
E-Mail addresses the DKIM should be applied.
The RegEx is checked against the whole E-Mail address of the To
E-Mail header. Default is set to match any address .*
.
The SenderRule
attribute is also optional and defined as a Regular Expression. It defines on which From
E-Mail addresses the DKIM should be applied.
The RegEx is checked against the whole E-Mail address of the From
header. Default is set to match any address .*
.
Keep in mind that you need to escape the dot .
if you want to match it explicitly as \.
otherwise the dot means to match any character which you most probably don't want.
You can use this tool to test your regular expressions: http://derekslager.com/blog/posts/2007/09/a-better-dotnet-regular-expression-tester.ashx (activate IgnoreCase) and use e.g as Source yahoo.com
and Pattern yahoo\.[^\.]+
.
E.g. the pattern yahoo\.[^\.]+
matches all yahoo domains, regardless the TLD (top level domain).
Possible values for HeaderCanonicalization
and BodyCanonicalization
are Simple
(recommended) and Relaxed
.
The dkim signing agent logs by default all errors and warnings into EventLog. You can set the LogLevel in the .config file:
Possible values:
- 0 = no logging
- 1 = Error only
- 2 = Warn+Error
- 3 = Info+Warn+Error
You can use the following service for creating public and private keys: http://www.port25.com/support/domainkeysdkim-wizard/
Or if you have a linux installation, use (from the opendkim package): opendkim-genkey -D target_directory/ -d example.com -s sel2012
The keys can be in DER or PEM format (the format will be automatically detected).
If you want to test, if everything is working, simply send a mail to check-auth@verifier.port25.com and you will get an immediate response with the results of the DKIM check.
If you want to update the Exchange DKIM Transport Agent simply re-download the .zip file and follow the steps in the installation section.
If you have a version installed previous to 26.11.2013 (i.e. 0.5) read the following instructions to update to version 1.5 or above:
- Backup your folder
C:\Program Files\Exchange DKIM
- Then execute the following commands in Exchange Management Shell:
Net Stop MSExchangeTransport Disable-TransportAgent -Identity "Exchange DKIM" Uninstall-TransportAgent -Identity "Exchange DKIM"
- Now delete the folder
C:\Program Files\Exchange DKIM
(keep the backup!!) - You will need some parts of your old config file in the new one. You also have to copy the keys back after installation (if in this folder).
- Follow the instructions in the Install Section.
- When you copy the
<domain ...
parts from the old config, please change the tag to upper case:<Domain ...
- That's it!
Follow the install instructions but execute .\uninstall.ps1
instead.
It isn't allowed to distribute the .dll required for development of this transport agent. http://blogs.msdn.com/b/webdav_101/archive/2009/04/02/don-t-redistribute-product-dlls-unless-you-know-its-safe-and-legal-to-do-so.aspx
Therefore you have to copy all files from
C:\Program Files\Microsoft\Exchange Server\V14\Public Microsoft.Exchange.Data.Common.dll Microsoft.Exchange.Data.Common.xml Microsoft.Exchange.Data.Transport.dll Microsoft.Exchange.Data.Transport.xml
into the corresponding subdirectory from the Lib directory of this project.
You need to compile the .dll for Exchange 2010 for .Net Framework 3.5 (double click Properties in Visual Studio). Exchange 2012 needs .Net Framework 4 as target framework.
If you want to debug the .dll on your Exchange Server, you need to install Visual Studio Remote Debugging on the Server.
- After the Remote Debugging Tools are installed on the Server, open Visual Studio
- Compile the .dll with Debug information
- Copy the recompiled .dll to the server
- In Visual Studio select Debug->Attach to Process
- Under 'Qualifier' input the server IP or Host Name
- Select "Show processes from all users"
- Select the process
EdgeTransport.exe
and then press 'Attach' - When reached, the process should stop at the breakpoint
- Current Master :
New: Private key support (PEM, DER, XML) - 21.03.2014 [1.8.3]:
Fix: RecipientRule now matching whole address
Fix: Invalid E-Mail address doesn't cause a crash anymore. Rule will be ignored if error.
Fix: E-Mail address parsing in .NET 3.5 (Exchange 2007 & 2010) - 19.03.2014 [1.8.2]:
Fix: recipient rule not evaluated correctly (#26) - 12.03.2014 [1.8.1]:
Fix: simple/simple signing fail introduced in version 1.7.0 - 12.03.2014 [1.8.0]:
New: 'Sender' config parameter - 07.03.2014 [1.7.0]:
New: relaxed canonicalization (Thanks to @AlexLaroche) - 04.02.2014 [1.6.0]:
New:Rule
config parameter - 18.01.2014 [1.5.2]:
Fix: message subject and body unicode encoding bug
New: support for Exchange 2013 CU1, CU2, CU3 - 27.11.2013 [1.5.1]:
New: support for Exchange 2013 - 26.11.2013 [1.5]:
Changed configuration file for better reading
New: compiled files for Exchange 2010 SP1&SP2
New: install and uninstall script - 08.11.2013 [0.5]:
Changed build structure to do a batch build for different Exchange versions.
New: Build for Exchange 2010 and Exchange 2007. - 24.02.2013:
New: multi domain support