Mirrors/go-chasquid-smtp
1
0
Fork 0
mirror of https://blitiri.com.ar/repos/chasquid synced 2025-12-18 14:47:03 +00:00
Code Releases Activity
Files
4ecc5461d3542f041967bd4fc9053d3054b5a181
go-chasquid-smtp/etc/chasquid/hooks/post-data
Alberto Bertogli 4ecc5461d3 Add driusan/dkim integration example and tests 
This patch adds DKIM signing using https://github.com/driusan/dkim tools
to the example hook.

It also adds an optional integration test to exercise signing and
verification, and corresponding documentation.
2018-11-30 10:03:48 +00:00

77 lines
2.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# This file is an example post-data hook that will run standard filtering
# utilities if they are available.
#
# - greylist (from greylistd) to do greylisting.
# - spamc (from Spamassassin) to filter spam.
# - clamdscan (from ClamAV) to filter virus.
# - dkimsign (from driusan/dkim) to do DKIM signing.
#
# If it exits with code 20, it will be considered a permanent error.
# Otherwise, temporary.
set -e
# Note greylistd needs you to add the user to the "greylist" group:
# usermod -a -G greylist mail
if [ "$AUTH_AS" == "" ] && [ "$SPF_PASS" == "0" ] && \
command -v greylist >/dev/null && \
groups | grep -q greylist;
then
REMOTE_IP=$(echo "$REMOTE_ADDR" | rev | cut -d : -f 2- | rev)
if ! greylist update "$REMOTE_IP" "$MAIL_FROM" 1>&2; then
echo "greylisted, please try again"
exit 75 # temporary error
fi
echo "X-Greylist: pass"
fi
TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)"
trap 'rm "$TF"' EXIT
# Save the message to the temporary file, so we can pass it on to the various
# filters.
cat > "$TF"
if command -v spamc >/dev/null; then
if ! SL=$(spamc -c - < "$TF") ; then
echo "spam detected"
exit 20 # permanent
fi
echo "X-Spam-Score: $SL"
fi
if command -v clamdscan >/dev/null; then
if ! clamdscan --no-summary --infected - < "$TF" 1>&2 ; then
echo "virus detected"
exit 20 # permanent
fi
echo "X-Virus-Scanned: pass"
fi
# DKIM sign with https://github.com/driusan/dkim.
#
# Do it only if all the following are true:
# - User has authenticated.
# - dkimsign binary exists.
# - domains/$DOMAIN/dkim_selector file exists.
# - certs/$DOMAIN/dkim_privkey.pem file exists.
#
# Note this has not been thoroughly tested, so might need further adjustments.
if [ "$AUTH_AS" != "" ] && command -v dkimsign; then
DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 )
if [ -f "domains/$DOMAIN/dkim_selector" ] \
&& [ -f "certs/$DOMAIN/dkim_privkey.pem" ]; then
dkimsign -n -hd \
-key "certs/$DOMAIN/dkim_privkey.pem" \
-s $(cat "domains/$DOMAIN/dkim_selector") \
-d "$DOMAIN" \
< "$TF"
fi
fi
View Git Blame Copy Permalink