IRuleRet & CDKIMRule::evaluate( CEmail & email )
{
#ifdef __DEBUG
std::cout << "CDKIMRule::evaluate( const CEmail & email )" << std::endl;
#endif
DKIM_LIB *dkim = dkim_init(NULL,NULL);
DKIM_STAT stat;
DKIM *verify = dkim_verify( dkim, NULL, NULL, &stat );
const char * email_body = email.body_raw();
#ifdef __DEBUG
std::cout << "Calling dkim_chunk" << std::endl;
#endif
stat = dkim_chunk( verify, (unsigned char *)email_body, strlen(email_body) );
if (stat != DKIM_STAT_OK){
#ifdef __DEBUG
std::cout << "DKIM Result [" << stat << "]" << std::endl;
#endif
}
dkim_close( dkim );
if (DKIM_STAT_OK == stat){
unsigned char *d = dkim_getdomain(verify);
std::string d_str = std::string( (char *)d );
email.insertVariable("dkim-d", d_str);
if (_d){
// Test if the supplied d=DOMAIN matches the verified d=
if (strcmp(_d, (char *)d) == 0){
return ( __ir( true != _not ) );
}
else {
return ( __ir( false != _not ) );
}
}
return ( __ir(true != _not) );
}
else {
const char *error_message = dkim_getresultstr(stat);
email.insertVariable("dkim:err", std::string(error_message));
}
return __ir( false != _not );
}
yastr
env_dkim_sign( struct envelope *env )
{
char df[ MAXPATHLEN + 1 ];
DKIM_LIB *libhandle;
unsigned int flags;
DKIM *dkim;
DKIM_STAT result;
yastr signature = NULL;
yastr key = NULL;
yastr tmp = NULL;
yastr *split = NULL;
size_t tok_count = 0;
char buf[ 1024 * 1024 ];
unsigned char *dkim_header;
SNET *snet;
ssize_t chunk;
sprintf( df, "%s/D%s", env->e_dir, env->e_id );
if (( snet = snet_open( simta_dkim_key, O_RDONLY, 0,
1024 * 1024 )) == NULL ) {
syslog( LOG_ERR, "Liberror: env_dkim_sign snet_open %s: %m",
simta_dkim_key );
return( NULL );
}
key = yaslempty();
while (( chunk = snet_read( snet, buf, 1024 * 1024, NULL )) > 0 ) {
key = yaslcatlen( key, buf, chunk );
}
snet_close( snet );
if (( libhandle = dkim_init( NULL, NULL )) == NULL ) {
syslog( LOG_ERR, "Liberror: env_dkim_sign dkim_init" );
return( NULL );
}
/* Data is stored in UNIX format, so tell libopendkim to fix
* CRLF issues.
*/
flags = DKIM_LIBFLAGS_FIXCRLF;
dkim_options( libhandle, DKIM_OP_SETOPT, DKIM_OPTS_FLAGS, &flags,
sizeof( flags ));
/* Only sign the headers recommended by RFC 6376 */
dkim_options( libhandle, DKIM_OP_SETOPT, DKIM_OPTS_SIGNHDRS,
dkim_should_signhdrs, sizeof( unsigned char ** ));
if (( dkim = dkim_sign( libhandle, (unsigned char *)(env->e_id), NULL,
(unsigned char *)key, (unsigned char *)simta_dkim_selector,
(unsigned char *)simta_dkim_domain,
DKIM_CANON_RELAXED, DKIM_CANON_RELAXED, DKIM_SIGN_RSASHA256,
-1, &result )) == NULL ) {
syslog( LOG_NOTICE, "Liberror: env_dkim_sign dkim_sign: %s",
dkim_getresultstr( result ));
goto error;
}
if (( snet = snet_open( df, O_RDONLY, 0, 1024 * 1024 )) == NULL ) {
syslog( LOG_ERR, "Liberror: env_dkim_sign snet_open %s: %m",
buf );
goto error;
}
while (( chunk = snet_read( snet, buf, 1024 * 1024, NULL )) > 0 ) {
if (( result = dkim_chunk( dkim, (unsigned char *)buf,
chunk )) != 0 ) {
syslog( LOG_NOTICE, "Liberror: env_dkim_sign dkim_chunk: %s: %s",
dkim_getresultstr( result ),
dkim_geterror( dkim ));
snet_close( snet );
goto error;
}
}
snet_close( snet );
if (( result = dkim_chunk( dkim, NULL, 0 )) != 0 ) {
syslog( LOG_NOTICE, "Liberror: env_dkim_sign dkim_chunk: %s: %s",
dkim_getresultstr( result ),
dkim_geterror( dkim ));
goto error;
}
if (( result = dkim_eom( dkim, NULL )) != 0 ) {
syslog( LOG_NOTICE, "Liberror: env_dkim_sign dkim_eom: %s: %s",
dkim_getresultstr( result ),
dkim_geterror( dkim ));
goto error;
}
if (( result = dkim_getsighdr_d( dkim, 16, &dkim_header,
(size_t *)&chunk )) != 0 ) {
syslog( LOG_NOTICE,
"Liberror: env_dkim_sign dkim_getsighdr_d: %s: %s",
dkim_getresultstr( result ),
dkim_geterror( dkim ));
goto error;
}
/* Get rid of carriage returns in libopendkim output */
split = yaslsplitlen( (const char *)dkim_header,
strlen( (const char *)dkim_header ), "\r", 1, &tok_count );
tmp = yasljoinyasl( split, tok_count, "", 0 );
signature = yaslcatyasl( yaslauto( "DKIM-Signature: " ), tmp );
error:
yaslfree( tmp );
yaslfreesplitres( split, tok_count );
yaslfree( key );
dkim_free( dkim );
dkim_close( libhandle );
return( signature );
}
