|
  
|
|
|
Erzeugt bei intern gerouteten E-Mails in etwa das Verhalten der Option „Sign all outgoing mails if S/MIME certificate available“ (Outgoing).
Mit dieser Variante werden E-Mails tatsächlich signiert und nicht nur markiert.
Zeile |
Code |
|---|---|
01 |
# Begin: Custom commands for incoming e-mails BEFORE decryption |
02 |
log(1,'Begin: Custom commands for incoming e-mails BEFORE decryption'); |
|
|
03 |
# Begin: Sign all internally routed e-mails, if keys are available |
04 |
log(1,'Begin: Sign all internally routed e-mails, if keys are available'); |
|
|
05 |
if (from_managed_domain()) { |
06 |
log(1,'E-mail is from managed domain...'); |
07 |
if (!compareattr('connect_from', 'equal', '127.0.0.1')) { |
08 |
log(1,'...not form localhost...'); |
09 |
if (check_sender(false, false, true)) { |
10 |
log(1,'...but is not allowed to relay, dropping'); |
11 |
drop('554','5.7.1 Relay access denied'); |
12 |
} else { |
13 |
log(1,'...and is allowed to relay, signing e-mail, if keys are available'); |
14 |
$custom_sign; |
15 |
} |
16 |
} else { |
17 |
log(1,'...but generated on localhost, going on in standard ruleset'); |
18 |
} |
19 |
} |
|
|
20 |
log(1,'End: Sign all internally routed e-mails, if keys are available'); |
21 |
# End: Sign all internally routed e-mails, if keys are available |
|
|
22 |
log(1,'End: Custom commands for incoming e-mails BEFORE decryption'); |
23 |
# End: Custom commands for incoming e-mails BEFORE decryption |
Das in oben genannten Code verwendete Macro $custom_sign für das Signieren, muss bei dieser Variante zusätzlich unter Custom macros and commands for all e-mails BEFORE processing wie folgt definiert werden:
Zeile |
Code |
|---|---|
01 |
# Begin: Custom macros and commands for all e-mails BEFOREprocessing |
02 |
log(1,'Begin: Custom macros and commands for all e-mails BEFORE processing'); |
|
|
03 |
custom_sign = { |
04 |
if (authenticated()) { |
05 |
if (has_smime_key()) { |
06 |
if (sign_smime()) { |
07 |
tagsubject('[signed OK]'); |
08 |
log(1,'signing successful'); |
09 |
} else { |
10 |
log(1,'signing failed, bouncing e-mail'); |
11 |
bounce('noseckey'); |
12 |
} |
13 |
} |
14 |
} |
15 |
}; |
|
|
16 |
log(1,'End: Custom macros and commands for all e-mails BEFORE processing'); |
17 |
# End: Custom macros and commands for all e-mails BEFORE processing |
Variation:
Um Kalendereinträge und RTF formatierte E-Mails vom automatischen signieren auszunehmen (siehe gegebenenfalls auch Kalenderanfragen kommen zerstört beim Empfänger an), kann das Makro $custom_sign wie folgt erweitert werden:
Zeile |
Code |
|---|---|
01 |
# Begin: Custom macros and commands for all e-mails BEFORE processing |
02 |
log(1,'Begin: Custom macros and commands for all e-mails BEFORE processing'); |
|
|
03 |
custom_sign = { |
04 |
if (iscalendar()) { |
05 |
log(1, 'suppress automatic signing, because of calendar or incompatible mail format (RTF)'); |
06 |
} else if (compare('subject', 'substitute', '\[nosign\]')) { |
07 |
log(1, 'signing suppressed by trigger'); |
08 |
} else { |
09 |
if (authenticated()) { |
10 |
if (has_smime_key()) { |
11 |
if (sign_smime()) { |
12 |
tagsubject('[signed OK]'); |
13 |
log(1,'signing successful'); |
14 |
} else { |
15 |
log(1,'signing failed, bouncing e-mail'); |
16 |
bounce('noseckey'); |
17 |
} |
18 |
} |
19 |
} |
20 |
} |
21 |
}; |
|
|
22 |
log(1,'End: Custom macros and commands for all e-mails BEFORE processing'); |
23 |
# End: Custom macros and commands for all e-mails BEFORE processing |
