#!/bin/sh
PATH=/bin:/usr/bin:/usr/local/bin
host="$1"
sender="$2"

# First, figure out who the sending domain is:
# defaultdomain defaults to hostname
: ${DEFAULTDOMAIN="$(hostname -f)"}
# sender defaults to @host.name
: ${sender="@${DEFAULTDOMAIN}"}

# Convert domain to lower-case
DOMAIN=$(printf "%s" "${sender##*@}" | tr [A-Z] [a-z] )
USER=${sender%%@*}

# Sanity-check the sender
case "${DOMAIN}" in *[^a-z0-9.-]* )
  echo "DSender address contains illegal characters."
  exit 0
esac

# Now, fill in the basic variables (if they don't exist already)
#: ${QMAIL_REMOTE=/usr/local/bin/Qremote}
: ${QMAIL_REMOTE=/var/qmail/bin/qmail-remote}
: ${DOMAINKEYS=/usr/local/etc/domainkeys/%s/%s}

for SELECTOR in default "${USER}"; do
  CANDIDATE=$(printf "${DOMAINKEYS}" "${DOMAIN}" "${SELECTOR}")
  [ -r "${CANDIDATE}" ] && DKSIGN="${CANDIDATE}"
done

# Now that we have the correct DKSIGN value (i.e. the filename of the key to
# use to sign email), check to see if this file exists. If it doesnt, invoke
# default qmail remote
[ -r "${DKSIGN}" ] || exec "${QMAIL_REMOTE}" "$@"

# The key does exist, so now use it to generate signatures
tmp=`mktemp -t dk.sign.XXXXXXXXXXXXXXXXXXX`
tmp2=`mktemp -t dk2.sign.XXXXXXXXXXXXXXXXXXX`

# compute the DKIM signature
error=`(tee "${tmp}" | dkimsign.pl --type=dkim --selector="${SELECTOR}" --domain="${DOMAIN}" --key="${DKSIGN}" --method=relaxed | tr -d '\r' > "$tmp2") 2>&1`
if [ -n "$error" ]; then
  # Communicate the problem to qmail (that's why the 'Z')
  printf "ZDKIM error: %s\n" "${error}"
  retval=-2
else
  # feed the signatures and the original message to the real qmail-remote
  cat "${tmp2}" "${tmp}" | "${QMAIL_REMOTE}" "$@"
  retval=$?
fi

rm "${tmp}" "${tmp2}"
exit ${retval}