diff --git a/Bundler/dkim.xml b/Bundler/dkim.xml
new file mode 100644
index 0000000..a5800a6
--- /dev/null
+++ b/Bundler/dkim.xml
@@ -0,0 +1,13 @@
+<Bundle name="dkim" version="2.0">
+    <Package name="opendkim"/>
+
+    <Service name="opendkim"/>
+
+    <Path name="/etc/opendkim/opendkim.conf"/>
+    <Path name="/etc/opendkim/KeyTable"/>
+    <Path name="/etc/opendkim/SigningTable"/>
+    <Path name="/etc/opendkim/TrustedHosts"/>
+
+    <Path type="directory" name="/etc/opendkim/"/>
+    <Path type="directory" name="/etc/opendkim/keys"/>
+</Bundle>
diff --git a/Cfg/etc/opendkim.conf/info.xml b/Cfg/etc/opendkim.conf/info.xml
new file mode 100644
index 0000000..fa191e7
--- /dev/null
+++ b/Cfg/etc/opendkim.conf/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='opendkim' group='opendkim' mode='0644'/>
+</FileInfo>
diff --git a/Cfg/etc/opendkim.conf/opendkim.conf b/Cfg/etc/opendkim.conf/opendkim.conf
new file mode 100644
index 0000000..6e89cde
--- /dev/null
+++ b/Cfg/etc/opendkim.conf/opendkim.conf
@@ -0,0 +1,51 @@
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+AutoRestart             Yes
+AutoRestartRate         10/1h
+
+# Log to syslog
+Syslog          yes
+SyslogSuccess           Yes
+LogWhy                  Yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+UMask           002
+
+# Sign for example.com with key in /etc/mail/dkim.key using
+# selector '2007' (e.g. 2007._domainkey.example.com)
+#Domain         example.com
+#KeyFile        /etc/mail/dkim.key
+#Selector       2007
+
+# Commonly-used options; the commented-out versions show the defaults.
+Canonicalization    relaxed/simple
+
+ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
+InternalHosts           refile:/etc/opendkim/TrustedHosts
+KeyTable                refile:/etc/opendkim/KeyTable
+SigningTable            refile:/etc/opendkim/SigningTable
+
+Mode            sv
+#SubDomains     no
+#ADSPDiscard        no
+
+# Always oversign From (sign using actual From and a null From to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier.  From is oversigned by default in the Debian pacakge
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders     From
+
+# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
+# (ATPS) (experimental)
+
+#ATPSDomains        example.com
+
+PidFile                 /var/run/opendkim/opendkim.pid
+SignatureAlgorithm      rsa-sha256
+
+UserID                  opendkim:opendkim
+
+Socket                  inet:12301@localhost
diff --git a/Cfg/etc/opendkim/KeyTable/KeyTable b/Cfg/etc/opendkim/KeyTable/KeyTable
new file mode 100644
index 0000000..86ffcee
--- /dev/null
+++ b/Cfg/etc/opendkim/KeyTable/KeyTable
@@ -0,0 +1 @@
+mail._domainkey.crans.org crans.org:mail:/etc/opendkim/keys/crans.org/mail.private
diff --git a/Cfg/etc/opendkim/KeyTable/info.xml b/Cfg/etc/opendkim/KeyTable/info.xml
new file mode 100644
index 0000000..fa191e7
--- /dev/null
+++ b/Cfg/etc/opendkim/KeyTable/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='opendkim' group='opendkim' mode='0644'/>
+</FileInfo>
diff --git a/Cfg/etc/opendkim/SigningTable/SigningTable b/Cfg/etc/opendkim/SigningTable/SigningTable
new file mode 100644
index 0000000..d845dc6
--- /dev/null
+++ b/Cfg/etc/opendkim/SigningTable/SigningTable
@@ -0,0 +1,2 @@
+*@crans.org mail._domainkey.crans.org
+*@crans.eu  mail._domainkey.crans.org
diff --git a/Cfg/etc/opendkim/SigningTable/info.xml b/Cfg/etc/opendkim/SigningTable/info.xml
new file mode 100644
index 0000000..fa191e7
--- /dev/null
+++ b/Cfg/etc/opendkim/SigningTable/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='opendkim' group='opendkim' mode='0644'/>
+</FileInfo>
diff --git a/Cfg/etc/opendkim/TrustedHosts/TrustedHosts b/Cfg/etc/opendkim/TrustedHosts/TrustedHosts
new file mode 100644
index 0000000..9f04b71
--- /dev/null
+++ b/Cfg/etc/opendkim/TrustedHosts/TrustedHosts
@@ -0,0 +1,11 @@
+127.0.0.1
+localhost
+
+138.231.136.0/21
+138.231.144.0/21
+10.231.136.0/24
+10.2.9.0/24
+
+*.crans.org
+*.crans.fr
+*.crans.eu
diff --git a/Cfg/etc/opendkim/TrustedHosts/info.xml b/Cfg/etc/opendkim/TrustedHosts/info.xml
new file mode 100644
index 0000000..fa191e7
--- /dev/null
+++ b/Cfg/etc/opendkim/TrustedHosts/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='opendkim' group='opendkim' mode='0644'/>
+</FileInfo>
diff --git a/Metadata/groups.xml b/Metadata/groups.xml
index 557723d..0a362b4 100644
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@@ -1131,6 +1131,11 @@
   <Group name="mail-mx-public">
     <!-- serveur MX publique (principal ou secondaire mais pas interne) -->
     <Group name="greylisting"/>
+    <Group name="dkim"/>
+  </Group>
+
+  <Group name="dkim">
+    <Bundle name="dkim"/>
   </Group>
 
   <!-- *** Base de donnee  *** -->
diff --git a/Python/etc/postfix/main.cf b/Python/etc/postfix/main.cf
index c057e7f..3f4ebf5 100644
--- a/Python/etc/postfix/main.cf
+++ b/Python/etc/postfix/main.cf
@@ -275,6 +275,15 @@ if mx:
     @slow_destination_recipient_limit = 20
     @slow_destination_concurrency_limit = 2
 
+    if has("dkim"):
+        @
+        @# Filtrage mail
+        @milter_protocol = 2
+        @milter_default_action = accept
+        @smtpd_milters = inet:localhost:12301
+        @non_smtpd_milters = inet:localhost:12301
+        @
+
     if not secondary:
         @# +----------------------+
         @# | Connexion de secours |
diff --git a/Rules/dkim.xml b/Rules/dkim.xml
new file mode 100644
index 0000000..b0f78f0
--- /dev/null
+++ b/Rules/dkim.xml
@@ -0,0 +1,16 @@
+<!-- Règles concernant postfix //-->
+<Rules priority="1">
+    <Service type="deb" name="opendkim" status="on"/>
+
+    <Path name="/etc/opendkim/opendkim.conf"/>
+    <Path name="/etc/opendkim/KeyTable"/>
+    <Path name="/etc/opendkim/SigningTable"/>
+    <Path name="/etc/opendkim/TrustedHosts"/>
+
+    <Path type="directory" name="/etc/opendkim/" owner="dkim" group="dkim" mode="0775"/>
+    <Path type="directory" name="/etc/opendkim/keys" owner="dkim" group="dkim" mode="0750"/>
+
+    <Action name="dkim-echo" timing="post"
+        when="modified" status="check"
+        command="bash -c 'echo Vous devez mettre en place la clef publique et la clef privée pour opendkim. Pensez à les chmod/chown correctement, et n'oubliez pas de vérifier que tout est bon côté DNS. Appuyez sur entree quand vous avez fini. && read'"/>
+</Rules>