minor tuning to previous commit

[citadel.git] / citadel / server / modules / smtp / serv_smtpclient.c

diff --git a/citadel/server/modules/smtp/serv_smtpclient.c b/citadel/server/modules/smtp/serv_smtpclient.c
index e169f9e7cdd507ce42a4b77becf0ef4c2bdfbda5..6eedc56d02bb37d3523a6cd1b282c71e077650d0 100644 (file)
--- a/citadel/server/modules/smtp/serv_smtpclient.c
+++ b/citadel/server/modules/smtp/serv_smtpclient.c
@@ -224,19 +224,37 @@ int smtp_attempt_delivery(long msgid, char *recp, char *envelope_from, char *sou
                char unsubscribe_url[SIZ];
                snprintf(base_url, sizeof base_url, "https://%s/listsub", CtdlGetConfigStr("c_fqdn"));
                generate_one_click_url(unsubscribe_url, base_url, "unsubscribe", source_room, recp);
-               cprintf("List-Unsubscribe: %s\r\n", unsubscribe_url);
+               cprintf("List-Unsubscribe: <%s>\r\n", unsubscribe_url);                 // RFC 2369
                cprintf("List-Unsubscribe-Post: List-Unsubscribe=One-Click\r\n");       // RFC 8058
-
        }
 
        CtdlOutputMsg(msgid, MT_RFC822, HEADERS_ALL, 0, 1, NULL, 0, NULL, &fromaddr, NULL);
        s.TheMessage = CC->redirect_buffer;
        CC->redirect_buffer = NULL;
+
+       // If we have a DKIM key, try to sign the message.
+       char *dkim_private_key = CtdlGetConfigStr("dkim_private_key");
+       char *dkim_selector = CtdlGetConfigStr("dkim_selector");
+       char *dkim_from_domain = (strchr(fromaddr, '@') ? strchr(fromaddr, '@')+1 : NULL);
+       if (
+               !IsEmptyStr(dkim_from_domain)                   // Is the sending domain non-empty?
+               && IsDirectory(fromaddr, 0)                     // and is it one of "our" domains?
+               && !IsEmptyStr(dkim_private_key)                // Do we have a private signing key?
+               && !IsEmptyStr(dkim_selector)                   // and a selector to go with it?
+       ) {
+               // If you answered "yes" to all of the above questions, congratulations!  We get to sign the message!
+               syslog(LOG_DEBUG, "smtpclient: dkim-signing for selector <%s> in domain <%s>", dkim_selector, dkim_from_domain);
+
+               // Remember, the dkim_sign() function is capable of handling a PEM-encoded PKCS#7 private key that
+               // has had all of its newlines replaced by underscores -- which is exactly how we store it.
+               dkim_sign(s.TheMessage,dkim_private_key, dkim_from_domain, dkim_selector);
+       }
+
+       // Prepare the buffer for transmittal
        s.bytes_total = StrLength(s.TheMessage);
        s.bytes_sent = 0;
        response_code = 421;
 
-       // Future enhancement: if we implement DKIM signing, this is where it must happen.
 
        // Keep trying MXes until one works or we run out.
        for (i = 0; ((i < num_mx) && ((response_code / 100) == 4)); ++i) {
@@ -580,6 +598,7 @@ char *ctdl_module_init_smtpclient(void) {
                CtdlRegisterSessionHook(smtp_do_queue_quick, EVT_HOUSE, PRIO_AGGR + 51);
                CtdlRegisterSessionHook(smtp_do_queue_full, EVT_TIMER, PRIO_AGGR + 51);
                smtp_init_spoolout();
+               dkim_init();
        }
 
        // return our module id for the log