La vérification de dkim continue d'avoir une mauvaise signature

Ma vérification DKIM continue de faiblir, et je ne peux pas comprendre pourquoi. Il est toutefois signé, mais mal.

Lorsque je vérifie le domaine et le sélecteur, il s'avère valide, donc le problème concerne la signature.

Voici un vider d'un e-mail de test:

============================================================================ This is SPF/DKIM/DMARC/RBL report generated by a test tool provided by AdminSystem Software Limited. Any problem, please contact support@emailarchitect.net ============================================================================ Report-Id: a511e572 Sender: dule@example.com Source-IP: 11.22.33.44 ============================================================================ Original email header: x-sender: dule@example.com x-receiver: test-a511e572@appmaildev.com Received: from host1.example.biz ([11.22.33.44]) by appmaildev.com with Microsoft SMTPSVC(8.5.9600.16384); Wed, 25 Jan 2017 07:25:09 +0000 Received: from host1.example.biz (localhost [127.0.0.1]) by host1.example.biz (Postfix) with SMTP id DB0A3164364 for <test-a511e572@appmaildev.com>; Wed, 25 Jan 2017 08:25:08 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=2016; t=1485329108; bh=GNttbsw+WDQCAJvuUenSuOnhZUFMDY0bOkhR87y32XA=; h=From:Subject:To:Date:From; b=dhJTUjBelfWvNPO4/gCWExHc87vC3uucapPxhKosJ/Ka/rgv42bSqARNIAmmROPID z7o2txBEt6aSRz+C/v+MnaXIzbFzlkOCUavahehOaGo7jkoIle1N11Yxyn6qe4+uh8 wykUbHN9/sD4IORxP1sguFAdo9ONlbB6naW7tQoVDDfIhOS6UY5rFw7WmmGJIzitgv LJ4a/QrEDDDQX/H+kDessPbULFfLVUlhZQyscbHkb+S/B7s2D93S9vY9CSzrzG/uVj jvAYY+4LLhnPpaJBwjtQK2Itygj+gNQ3tvEmP1RwyNjSum0XDSQcQjEWtXs/ZC7Ker 6rQnOaNhmvSaQ== From: "dule" <dule@example.com> Subject: d To: test-a511e572@appmaildev.com Message-Id: <1485329108.10136@example.com> X-Mailer: Usermin 1.690 Date: Wed, 25 Jan 2017 08:25:08 +0100 (CET) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="bound1485329108" Return-Path: dule@example.com X-OriginalArrivalTime: 25 Jan 2017 07:25:09.0615 (UTC) FILETIME=[28C68FF0:01D276DC] ============================================================================ SPF: Pass ============================================================================ SPF-Record: v=spf1 mx a ip4:11.22.33.44 a:host1.example.biz ?all Sender-IP:11.22.33.44 Sender-Domain:example.com Query TEXT record from DNS server for: example.com [TXT]: v=spf1 mx a ip4:11.22.33.44 a:host1.example.biz ?all Parsing SPF record: v=spf1 mx a ip4:11.22.33.44 a:host1.example.biz ?all Mechanisms: v=spf1 Mechanisms: mx Testing mechanism mx Query MX record from DNS server for: example.com [MX]: mail.example.com Testing mechanism A:mail.example.com/128 Query A record from DNS server for: mail.example.com [A]: 11.22.33.44 Testing CIDR: source=11.22.33.44; 11.22.33.44/128 mx hit, Qualifier: + ============================================================================ DKIM: fail ============================================================================ DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=2016; t=1485329108; bh=GNttbsw+WDQCAJvuUenSuOnhZUFMDY0bOkhR87y32XA=; h=From:Subject:To:Date:From; b=dhJTUjBelfWvNPO4/gCWExHc87vC3uucapPxhKosJ/Ka/rgv42bSqARNIAmmROPID z7o2txBEt6aSRz+C/v+MnaXIzbFzlkOCUavahehOaGo7jkoIle1N11Yxyn6qe4+uh8 wykUbHN9/sD4IORxP1sguFAdo9ONlbB6naW7tQoVDDfIhOS6UY5rFw7WmmGJIzitgv LJ4a/QrEDDDQX/H+kDessPbULFfLVUlhZQyscbHkb+S/B7s2D93S9vY9CSzrzG/uVj jvAYY+4LLhnPpaJBwjtQK2Itygj+gNQ3tvEmP1RwyNjSum0XDSQcQjEWtXs/ZC7Ker 6rQnOaNhmvSaQ== Signed-by: dule@example.com Expected-Body-Hash: GNttbsw+WDQCAJvuUenSuOnhZUFMDY0bOkhR87y32XA= Public-Key: v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9jrAe+o1L/g0pQefC4AdVPmN2gS2ODghLhfzir0xKTBLl3U+2X33DCStxvHdaLJZYVlKu9PDwr5yXvX4izX5ZnM/gEIm2p3ij0ykQu7Phz6GUvBoozLGPM2876dEVuMZ/aZgqoC4BU8dXGIlif4mqyo6pM76gPwbcj9e98nY+NKJAdKpJV5fMO94wXZ/DjNjI4Sr6bWxrBOZZyh5Am9T/lbOgjjU26ejiroSw//MdXDNGBBp44llHSWEWuUfxamDHaR83UGqhV2gWLpJyrbJtp3Ic8nwuWc0Ko1fR7wbg+HW5OdF9WMf0Id2qTbKQlOSAzbz82Qh5Nj2RCBdBJ1hwIDAQAB; DKIM-Result: fail (bad signature) 

Voici une décharge d'opendkim.conf

 # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # C'est une configuration de base qui peut facilement être adaptée à une norme # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # installation. # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable Pour des options plus avancées, voir opendkim.conf (5) et / ou # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # Connectez-vous à syslog # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # Inscrivez-vous pour example.com avec la key /etc/mail/dkim.key en utilisant # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # sélecteur '2007' (ex. 2007._domainkey.example.com) # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable Domaine /etc/dkim-domains.txt # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable KeyFile /etc/dkim.key # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable Sélecteur 2016 # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # Options couramment utilisées; # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable les versions commentées montrent les valeurs par défaut. # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable #Canonisation simple # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable #Mode sv # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable #SubDomains non # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable #ADSPAction continue # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # Toujours surévaluer à partir de (signer en utilisant A partir de et A nul pour empêcher # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # champs d'en-tête des signatures malveillantes (de et / ou autres) entre le signataire # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # et le vérificateur. # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable From est dépassé par défaut dans Debak pacakge # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # car c'est souvent la key d'identité utilisée par les systèmes de réputation et donc # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # un peu sensible à la security. # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable OversignHeaders From # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # Liste les domaines à utiliser pour RFC 6541 DKIM Signatures tierces autorisées # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable # (ATPS) (expérimental) # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable #ATPSDomains example.com # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable #SigningTable refile: / etc / dkim-signable # This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (eg 2007._domainkey.example.com) Domain /etc/dkim-domains.txt KeyFile /etc/dkim.key Selector 2016 # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com #SigningTable refile:/etc/dkim-signingtable #KeyTable /etc/dkim-keytable 

En réalité, il semble que la configuration ci-dessus et les keys soient correctes, un problème aurait pu être avec différents outils pour la validation de DKIM et Google, qu'ils choisissent des modifications DNS avec un retard.

Je suggère de faire des tests DKIM 48 heures après avoir configuré le server.