Mirrors/go-chasquid-smtp
1
0
Fork 0
mirror of https://blitiri.com.ar/repos/chasquid synced 2025-12-19 14:57:04 +00:00
Code Releases Activity
Files
270a071c1e80e0c7612af54a51a741edb76fd849
go-chasquid-smtp/test/t-19-dkimpy/config/hooks/post-data
Alberto Bertogli 270a071c1e hooks: Add dkimpy support 
This patch adds support in the default hook for using dkimpy for DKIM
signing.

Unfortunately, dkimpy binaries have the same name as driusan/dkim's, so
we need to use --help to disambiguate. It's not pretty but it should
work, and is quite self contained.

Also, for the integration tests, we still need driusan/dkim because
dkimpy lacks the features needed. Specifically, dkimpy's dkimverify
can't be made to use custom DNS, or override the TXT values in any way,
so we can't verify that the generated signature is reasonable.

Thanks to ne9z@github for suggesting this change and providing an
alternative patch in https://github.com/albertito/chasquid/pull/19.
2021-07-21 02:06:20 +01:00

44 lines
1.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# If authenticated, sign; otherwise, verify.
#
# It is not recommended that we fail delivery on dkim verification failures,
# but leave it to the MUA to handle verifications.
# https://tools.ietf.org/html/rfc6376#section-2.2
#
# We do a verification here so we have a stronger integration test (check
# encodings/dot-stuffing/etc. works ok), but it's not recommended for general
# purposes.
set -e
TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)"
trap 'rm "$TF"' EXIT
# Save the message to the temporary file.
cat > "$TF"
if [ "$AUTH_AS" != "" ]; then
DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 )
# Call /usr/bin/dkimsign directly to prevent a conflict with
# driusan/dkim, which the integration tests install in ~/go/bin.
/usr/bin/dkimsign \
"$(cat "domains/$DOMAIN/dkim_selector")" \
"$DOMAIN" \
"../.dkimcerts/private.key" \
< "$TF" > "$TF.dkimout"
# dkimpy doesn't provide a way to just show the new headers, so we
# have to compute the difference.
# ALSOCHANGE(etc/chasquid/hooks/post-data)
! diff --changed-group-format='%>' \
--unchanged-group-format='' \
"$TF" "$TF.dkimout"
rm "$TF.dkimout"
else
# NOTE: This is using driusan/dkim instead of dkimpy, because dkimpy can't be
# overriden to get the DNS information from anywhere else (text file or custom
# DNS server).
dkimverify -txt ../.dkimcerts/private.dns < "$TF"
fi
View Git Blame Copy Permalink