# Begin: Custom commands for outgoing e-mails BEFORE encryption
log(1,'Begin: Custom commands for outgoing e-mails BEFORE encryption');

# Begin: check if user is allowed to to send cryptographic e-mails 
log(1,'Begin: check if user is allowed to to send cryptographic e-mails');

setvar('ldap_bind','ldaps://myldap1.local,ldaps://myldap2.local;CN=ldapquery,OU=ServiceAccounts,OU=Benutzer,DC=customer1,DC=local;Kennwort;OU=Benutzer,DC=customer1,DC=local;(mail=$header_from)');
if (ldap_compare('$ldap_bind','memberOF','Secure E-Mail')) {
	if(authenticated()) {
		setuserattr('accountOptions','0');
	} else {
		log(1,'$from is member of SecureMail, creating user, generating keys');
		ldap_read('$ldap_bind','displayName','displayName');
		ldap_read('$ldap_bind','sAMAccountName','sAMAccountName');
		createaccount('0','$sAMAccountName','$displayName');
		createkeys('@CREATEGPGKEYS@');
	}
} else {
	if(authenticated()) {
		log(1,'$from is not longer member of SecureMail, revoking permission to encrypt and/or sign e-mails');
		setuserattr('accountOptions','5');
	} else {
		log(1,'$from is not member of SecureMail, user does not exist, nothing to do');
	}
	
	## force domain encryption - if available - for unlicensed users
	## only needed if "Always use S/MIME or OpenPGP if user keys areavailable" is selected
	## and "User creation" is not set to "Manual user creation: Only process outgoing mails from users with an account"
	if (domain_smime_keys_avail()) {
		log(1,'found S/MIME domain certificate for recipient(s) $header_to; $header_cc - trying to encrypt mail');
		if (encrypt_domain_smime()) {
			log(1,'S/MIME Domain Encryption successful for recipient(s) $header_to; $header_cc');
			deliver();
		} else {
			log(1,'S/MIME Domain Encryption FAILED for recipient(s) $header_to; header_cc - trying OpenPGP Domain Encryption');
		}
	} else {
		log(1,'no S/MIME domain certificate found for recipient(s) $header_to; $header_cc - trying OpenPGP Domain Encryption');
	}
	
	if (domain_pgp_keys_avail()) {
		log(1,'found OpenPGP public domain key for recipient(s) $header_to; $header_cc - trying to encrypt mail');
		if (encrypt_domain_pgp_mime()) {
			log(1,'OpenPGP Domain Encryption successful for recipient(s) $header_to; $header_cc');
			deliver();
		} else {
			log(1,'pgp domain encryption FAILED - going on without any action');
		}
	} else {
		log(1,'Recipient(s) $header_to; $header_cc have no valid public OpenPGP key');
	}
	log(1,'No domain encryption possible for $header_to; $header_cc, sending plain');
	deliver();
	
	## end forcing domain encryption
}

log(1,'End: check if user is allowed to to send cryptographic e-mails');
# End: check if user is allowed to to send cryptographic e-mails

log(1,'End: Custom commands for outgoing e-mails BEFORE encryption');
# End: Custom commands for outgoing e-mails BEFORE encryption