IRuleRet & CDKIMRule::evaluate( CEmail & email ) { #ifdef __DEBUG std::cout << "CDKIMRule::evaluate( const CEmail & email )" << std::endl; #endif DKIM_LIB *dkim = dkim_init(NULL,NULL); DKIM_STAT stat; DKIM *verify = dkim_verify( dkim, NULL, NULL, &stat ); const char * email_body = email.body_raw(); #ifdef __DEBUG std::cout << "Calling dkim_chunk" << std::endl; #endif stat = dkim_chunk( verify, (unsigned char *)email_body, strlen(email_body) ); if (stat != DKIM_STAT_OK){ #ifdef __DEBUG std::cout << "DKIM Result [" << stat << "]" << std::endl; #endif } dkim_close( dkim ); if (DKIM_STAT_OK == stat){ unsigned char *d = dkim_getdomain(verify); std::string d_str = std::string( (char *)d ); email.insertVariable("dkim-d", d_str); if (_d){ // Test if the supplied d=DOMAIN matches the verified d= if (strcmp(_d, (char *)d) == 0){ return ( __ir( true != _not ) ); } else { return ( __ir( false != _not ) ); } } return ( __ir(true != _not) ); } else { const char *error_message = dkim_getresultstr(stat); email.insertVariable("dkim:err", std::string(error_message)); } return __ir( false != _not ); }
yastr env_dkim_sign( struct envelope *env ) { char df[ MAXPATHLEN + 1 ]; DKIM_LIB *libhandle; unsigned int flags; DKIM *dkim; DKIM_STAT result; yastr signature = NULL; yastr key = NULL; yastr tmp = NULL; yastr *split = NULL; size_t tok_count = 0; char buf[ 1024 * 1024 ]; unsigned char *dkim_header; SNET *snet; ssize_t chunk; sprintf( df, "%s/D%s", env->e_dir, env->e_id ); if (( snet = snet_open( simta_dkim_key, O_RDONLY, 0, 1024 * 1024 )) == NULL ) { syslog( LOG_ERR, "Liberror: env_dkim_sign snet_open %s: %m", simta_dkim_key ); return( NULL ); } key = yaslempty(); while (( chunk = snet_read( snet, buf, 1024 * 1024, NULL )) > 0 ) { key = yaslcatlen( key, buf, chunk ); } snet_close( snet ); if (( libhandle = dkim_init( NULL, NULL )) == NULL ) { syslog( LOG_ERR, "Liberror: env_dkim_sign dkim_init" ); return( NULL ); } /* Data is stored in UNIX format, so tell libopendkim to fix * CRLF issues. */ flags = DKIM_LIBFLAGS_FIXCRLF; dkim_options( libhandle, DKIM_OP_SETOPT, DKIM_OPTS_FLAGS, &flags, sizeof( flags )); /* Only sign the headers recommended by RFC 6376 */ dkim_options( libhandle, DKIM_OP_SETOPT, DKIM_OPTS_SIGNHDRS, dkim_should_signhdrs, sizeof( unsigned char ** )); if (( dkim = dkim_sign( libhandle, (unsigned char *)(env->e_id), NULL, (unsigned char *)key, (unsigned char *)simta_dkim_selector, (unsigned char *)simta_dkim_domain, DKIM_CANON_RELAXED, DKIM_CANON_RELAXED, DKIM_SIGN_RSASHA256, -1, &result )) == NULL ) { syslog( LOG_NOTICE, "Liberror: env_dkim_sign dkim_sign: %s", dkim_getresultstr( result )); goto error; } if (( snet = snet_open( df, O_RDONLY, 0, 1024 * 1024 )) == NULL ) { syslog( LOG_ERR, "Liberror: env_dkim_sign snet_open %s: %m", buf ); goto error; } while (( chunk = snet_read( snet, buf, 1024 * 1024, NULL )) > 0 ) { if (( result = dkim_chunk( dkim, (unsigned char *)buf, chunk )) != 0 ) { syslog( LOG_NOTICE, "Liberror: env_dkim_sign dkim_chunk: %s: %s", dkim_getresultstr( result ), dkim_geterror( dkim )); snet_close( snet ); goto error; } } snet_close( snet ); if (( result = dkim_chunk( dkim, NULL, 0 )) != 0 ) { syslog( LOG_NOTICE, "Liberror: env_dkim_sign dkim_chunk: %s: %s", dkim_getresultstr( result ), dkim_geterror( dkim )); goto error; } if (( result = dkim_eom( dkim, NULL )) != 0 ) { syslog( LOG_NOTICE, "Liberror: env_dkim_sign dkim_eom: %s: %s", dkim_getresultstr( result ), dkim_geterror( dkim )); goto error; } if (( result = dkim_getsighdr_d( dkim, 16, &dkim_header, (size_t *)&chunk )) != 0 ) { syslog( LOG_NOTICE, "Liberror: env_dkim_sign dkim_getsighdr_d: %s: %s", dkim_getresultstr( result ), dkim_geterror( dkim )); goto error; } /* Get rid of carriage returns in libopendkim output */ split = yaslsplitlen( (const char *)dkim_header, strlen( (const char *)dkim_header ), "\r", 1, &tok_count ); tmp = yasljoinyasl( split, tok_count, "", 0 ); signature = yaslcatyasl( yaslauto( "DKIM-Signature: " ), tmp ); error: yaslfree( tmp ); yaslfreesplitres( split, tok_count ); yaslfree( key ); dkim_free( dkim ); dkim_close( libhandle ); return( signature ); }