vahid.moghaddasi at gmail
Nov 24, 2011, 10:04 AM
Post #6 of 18
(1987 views)
Permalink
|
On Thu, Nov 24, 2011 at 11:35 AM, Kevin Chadwick <ma1l1ists [at] yahoo>wrote:
> On Thu, 24 Nov 2011 11:15:50 -0500
> Vahid Moghaddasi wrote:
>
> > I would appreciate if you post the corrected script here, I am not sure
> if
> > the change I made
>
> I'll dig it out and diff it. Does it not throw any errors when run
> manually? Trying bash might work too. I wanted to keep the default
> shell without installing any extra.
>
> If you send me yours to diff it will save me getting/finding the
> original, or send me the link.
>
> Kc
>
Sure, I have also added some debugging echo but did not help me much. The
script does not
seem to give any error but I might be running it wrongly.
#!/bin/bash
# version 6
PATH=/bin:/usr/bin:/usr/local/bin:/var/qmail/bin
shopt -q -s extglob
host="$1"
sender="$2"
# First, figure out who the sending domain is:
[[ -z "$sender" && "$DEFAULTDOMAIN" ]] && sender="@$DEFAULTDOMAIN"
[ -z "$sender" ] && sender=@`hostname`.example.com
DOMAIN="${sender##*@}"
# Sanity-check the sender
if [[ $DOMAIN == !(+([a-zA-Z0-9\!\#$%*/?|^{}\`~&\'+=_.-])) ]] ; then
echo "DSender address contains illegal characters."
exit 0
fi
# debug
echo $DOMAIN > /tmp/DOMAIN.out
# Now, fill in the basic variables (if they don't exist already)
[ "$DKREMOTE" ] || DKREMOTE="/var/qmail/bin/qmail-remote.orig"
[ "$DKSIGN" ] || DKSIGN="/etc/domainkeys/example.com/default"
# Now try and find the right subdomain, per RFC 4871
# (you can eliminate this loop if you don't want parent domains signing
child
# domain's email)
# i commented this out but saw no change.
###if [ "$DOMAIN" ] ; then
### while [ ! -r "${DKSIGN//\%/$DOMAIN}" ] ; do
### # try parent domains, per RFC 4871, section 3.8
### DOMAIN=${DOMAIN#*.}
### DPARTS=( ${DOMAIN//./ } )
### [ ${#DPARTS[*]} -eq 1 ] && DOMAIN="${sender##*@}" && break
### done
###fi
DKSIGN="${DKSIGN//\%/$DOMAIN}" # i notices the % sign does not expand to my
domain name.
#debug
echo $DKSIGN > /tmp/DKSIGN.out
# Now that we have the correct DKSIGN value (i.e. the filename of the key to
# use to sign email), check to see if this file exists
if [ -r "$DKSIGN" ] ; then
# The key does exist, so now use it to generate signatures!
tmp=`mktemp -t dk.sign.XXXXXXXXXXXXXXXXXXX`
tmp2=`mktemp -t dk2.sign.XXXXXXXXXXXXXXXXXXX`
cat - >"$tmp"
# compute the DomainKey signature
error=`(dktest -s "$DKSIGN" -c nofws -h <"$tmp" | \
sed 's/; d=.*;/; d='"$DOMAIN"';/' > "$tmp2") 2>&1`
if [ "$error" ] ; then
# Communicate the problem to qmail (that's why the 'Z')
echo "ZDomainKey error: $error"
rm "$tmp" "$tmp2"
exit -1
fi
# compute the DKIM signature
error=`(dkimsign.pl --type=dkim --selector=default
--domain="$DOMAIN" \
--key="$DKSIGN" --method=relaxed <"$tmp" | \
tr -d '\r' >> "$tmp2") 2>&1`
if [ "$error" ] ; then
# Communicate the problem to qmail (that's why the 'Z')
echo "ZDKIM error: $error"
rm "$tmp" "$tmp2"
exit -2
fi
# feed the signatures and the original message to the real
qmail-remote
cat "$tmp2" "$tmp" | "$DKREMOTE" "$@"
retval=$?
rm "$tmp" "$tmp2"
#debug
echo "$DKREMOTE $@" > /tmp/DKREMOTE.err # this file never gets created
echo $error > /tmp/error.err
exit $retval
else
# No signature added
exec "$DKREMOTE" "$@"
#debug
echo "$DKREMOTE $@" > /tmp/DKREMOTE.out
fi
|
