#!/bin/bash
# If authenticated, sign; otherwise, verify.
#
# It is not recommended that we fail delivery on dkim verification failures,
# but leave it to the MUA to handle verifications.
# https://tools.ietf.org/html/rfc6376#section-2.2
#
# We do a verification here so we have a stronger integration test (check
# encodings/dot-stuffing/etc. works ok), but it's not recommended for general
# purposes.
if [ "$AUTH_AS" != "" ]; then
DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 )
exec dkimsign -n -hd -key ../.dkimcerts/private.pem \
-s $(cat "domains/$DOMAIN/dkim_selector") -d "$DOMAIN"
fi
exec dkimverify -txt ../.dkimcerts/dns.txt