mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-17 14:37:02 +00:00
b6248f3089
When checking if the dkimsign command exists, the default hook doesn't redirect the output to /dev/null, so if the command is present it will emit unwanted output (interpreted as message headers, as expected). This patch adds the missing redirection. Amended-by: Alberto Bertogli <albertito@blitiri.com.ar> Extended commit message.
94 lines
2.5 KiB
Bash
Executable File
94 lines
2.5 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# This file is an example post-data hook that will run standard filtering
|
|
# utilities if they are available.
|
|
#
|
|
# - greylist (from greylistd) to do greylisting.
|
|
# - spamc (from Spamassassin) to filter spam.
|
|
# - rspamc (from rspamd) to filter spam.
|
|
# - clamdscan (from ClamAV) to filter virus.
|
|
# - dkimsign (from driusan/dkim) to do DKIM signing.
|
|
#
|
|
# If it exits with code 20, it will be considered a permanent error.
|
|
# Otherwise, temporary.
|
|
|
|
set -e
|
|
|
|
|
|
# Note greylistd needs you to add the user to the "greylist" group:
|
|
# usermod -a -G greylist mail
|
|
if [ "$AUTH_AS" == "" ] && [ "$SPF_PASS" == "0" ] && \
|
|
command -v greylist >/dev/null && \
|
|
groups | grep -q greylist;
|
|
then
|
|
REMOTE_IP=$(echo "$REMOTE_ADDR" | rev | cut -d : -f 2- | rev)
|
|
if ! greylist update "$REMOTE_IP" "$MAIL_FROM" 1>&2; then
|
|
echo "greylisted, please try again"
|
|
exit 75 # temporary error
|
|
fi
|
|
echo "X-Greylist: pass"
|
|
fi
|
|
|
|
|
|
TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)"
|
|
trap 'rm "$TF"' EXIT
|
|
|
|
# Save the message to the temporary file, so we can pass it on to the various
|
|
# filters.
|
|
cat > "$TF"
|
|
|
|
|
|
if command -v spamc >/dev/null; then
|
|
if ! SL=$(spamc -c - < "$TF") ; then
|
|
echo "spam detected"
|
|
exit 20 # permanent
|
|
fi
|
|
echo "X-Spam-Score: $SL"
|
|
fi
|
|
|
|
|
|
if command -v rspamc >/dev/null; then
|
|
ACTION=$( rspamc < "$TF" 2>/dev/null | grep Action: | cut -d " " -f 2- )
|
|
case "$ACTION" in
|
|
greylist)
|
|
echo "greylisted, please try again"
|
|
exit 75 # temporary error
|
|
;;
|
|
reject)
|
|
echo "spam detected"
|
|
exit 20 # permanent error
|
|
;;
|
|
esac
|
|
echo "X-Spam-Action:" "$ACTION"
|
|
fi
|
|
|
|
|
|
if command -v clamdscan >/dev/null; then
|
|
if ! clamdscan --no-summary --infected - < "$TF" 1>&2 ; then
|
|
echo "virus detected"
|
|
exit 20 # permanent
|
|
fi
|
|
echo "X-Virus-Scanned: pass"
|
|
fi
|
|
|
|
# DKIM sign with https://github.com/driusan/dkim.
|
|
#
|
|
# Do it only if all the following are true:
|
|
# - User has authenticated.
|
|
# - dkimsign binary exists.
|
|
# - domains/$DOMAIN/dkim_selector file exists.
|
|
# - certs/$DOMAIN/dkim_privkey.pem file exists.
|
|
#
|
|
# Note this has not been thoroughly tested, so might need further adjustments.
|
|
if [ "$AUTH_AS" != "" ] && command -v dkimsign >/dev/null; then
|
|
DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 )
|
|
if [ -f "domains/$DOMAIN/dkim_selector" ] \
|
|
&& [ -f "certs/$DOMAIN/dkim_privkey.pem" ]; then
|
|
dkimsign -n -hd \
|
|
-key "certs/$DOMAIN/dkim_privkey.pem" \
|
|
-s "$(cat "domains/$DOMAIN/dkim_selector")" \
|
|
-d "$DOMAIN" \
|
|
< "$TF"
|
|
fi
|
|
fi
|