Add driusan/dkim integration example and tests

This patch adds DKIM signing using https://github.com/driusan/dkim tools
to the example hook.

It also adds an optional integration test to exercise signing and
verification, and corresponding documentation.

test/t-15-driusan_dkim/config/chasquid.conf

@@ -0,0 +1,9 @@
+smtp_address: ":1025"
+submission_address: ":1587"
+monitoring_address: ":1099"
+
+mail_delivery_agent_bin: "test-mda"
+mail_delivery_agent_args: "%to%"
+
+data_dir: "../.data"
+mail_log_path: "../.logs/mail_log"

test/t-15-driusan_dkim/config/domains/testserver/dkim_selector

@@ -0,0 +1 @@
+testselector1

test/t-15-driusan_dkim/config/hooks/post-data

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# If authenticated, sign; otherwise, verify.
+#
+# It is not recommended that we fail delivery on dkim verification failures,
+# but leave it to the MUA to handle verifications.
+# https://tools.ietf.org/html/rfc6376#section-2.2
+#
+# We do a verification here so we have a stronger integration test (check
+# encodings/dot-stuffing/etc. works ok), but it's not recommended for general
+# purposes.
+
+if [ "$AUTH_AS" != "" ]; then
+	DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 )
+	exec dkimsign -n -hd -key ../.dkimcerts/private.pem \
+		-s $(cat "domains/$DOMAIN/dkim_selector") -d "$DOMAIN"
+fi
+
+exec dkimverify -txt ../.dkimcerts/dns.txt

test/t-15-driusan_dkim/content

@@ -0,0 +1,9 @@
+Subject: Prueba desde el test
+To: someone@testserver
+
+Crece desde el test el futuro
+Crece desde el test
+
+.
+
+El punto de arriba testea el dot-stuffing, que es importante para DKIM.

test/t-15-driusan_dkim/hosts

@@ -0,0 +1 @@
+testserver localhost

test/t-15-driusan_dkim/msmtprc

@@ -0,0 +1,14 @@
+account default
+
+host testserver
+port 1587
+
+tls on
+tls_trust_file config/certs/testserver/fullchain.pem
+
+from user@testserver
+
+auth on
+user user@testserver
+password secretpassword
+

test/t-15-driusan_dkim/run.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+#
+# Test integration with driusan's DKIM tools.
+# https://github.com/driusan/dkim
+
+set -e
+. $(dirname ${0})/../util/lib.sh
+
+init
+
+for binary in dkimsign dkimverify dkimkeygen; do
+	if ! which $binary > /dev/null; then
+		skip "$binary binary not found"
+		exit 0
+	fi
+done
+
+generate_certs_for testserver
+( mkdir -p .dkimcerts; cd .dkimcerts; dkimkeygen )
+
+add_user user@testserver secretpassword
+add_user someone@testserver secretpassword
+
+mkdir -p .logs
+chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
+wait_until_ready 1025
+
+# Authenticated: user@testserver -> someone@testserver
+# Should be signed.
+run_msmtp someone@testserver < content
+wait_for_file .mail/someone@testserver
+mail_diff content .mail/someone@testserver
+grep -q "DKIM-Signature:" .mail/someone@testserver
+
+# Verify the signature manually, just in case.
+dkimverify -txt .dkimcerts/dns.txt < .mail/someone@testserver
+
+# Save the signed mail so we can verify it later.
+# Drop the first line ("From blah") so it can be used as email contents.
+tail -n +2 .mail/someone@testserver > .signed_content
+
+# Not authenticated: someone@testserver -> someone@testserver
+smtpc.py --server=localhost:1025 < .signed_content
+
+# Check that the signature fails on modified content.
+echo "Added content, invalid and not signed" >> .signed_content
+if smtpc.py --server=localhost:1025 < .signed_content 2> /dev/null; then
+	fail "DKIM verification succeeded on modified content"
+fi
+
+success