<https://schmonz.com/qmail/pymsgauthfilter>

diff --git pymsgauth-filter pymsgauth-filter
new file mode 100755
index 0000000..4e5c767
--- /dev/null
+++ pymsgauth-filter
@@ -0,0 +1,9 @@
+#!/usr/bin/python
+
+from pymsgauth import *
+
+import cStringIO
+import sys
+
+msg = tokenize_message_if_needed (cStringIO.StringIO (sys.stdin.read ()))
+sys.stdout.write (msg)
diff --git pymsgauth.py pymsgauth.py
index 941bc09..4863911 100755
--- pymsgauth.py
+++ pymsgauth.py
@@ -190,8 +190,9 @@ def read_config ():
             else:
                 log (TRACE, 'option %s == %s...' % (option, config[option]))
     except (ConfigurationError, ConfParser.ConfParserException), txt:
-        log (FATAL, 'Fatal:  exception reading %s (%s)' % (config_file, txt))
-        raise
+        if not os.environ.get ('PYMSGAUTH_TOLERATE_UNCONFIGURED'):
+            log (FATAL, 'Fatal:  exception reading %s (%s)' % (config_file, txt))
+            raise
     if type (config['token_recipient']) != types.ListType:
         config['token_recipient'] = [config['token_recipient']]
     log (TRACE)
@@ -362,9 +363,24 @@ def sendmail_wrapper (args):
         mailcmd += args
         log (TRACE, 'mailcmd == %s' % mailcmd)
         buf = cStringIO.StringIO (sys.stdin.read())
-        msg = rfc822.Message (buf, seekable=1)
+        new_buf = tokenize_message_if_needed (buf, args)
+
+        send_mail (new_buf, mailcmd)
+        if (new_buf != buf.getvalue ()):
+            log (TRACE, 'Sent tokenized mail.')
+        else:
+            log (TRACE, 'Passed mail through unchanged.')
 
+    except StandardError, txt:
+        log (FATAL, 'Fatal:  caught exception (%s)' % txt)
+        log_exception ()
+        sys.exit (1)
+
+#############################
+def should_tokenize_message (msg, *args):
+    try:
         sign_message = 0
+
         for arg in args:
             if arg in config['token_recipient']:
                 sign_message = 1
@@ -378,15 +394,27 @@ def sendmail_wrapper (args):
                 if recip in config['token_recipient']:
                     sign_message = 1
                     break
-        if sign_message:
+
+        return sign_message
+
+    except StandardError, txt:
+        log (FATAL, 'Fatal:  caught exception (%s)' % txt)
+        log_exception ()
+        sys.exit (1)
+
+#############################
+def tokenize_message_if_needed (buf, *args):
+    try:
+        read_config ()
+        log (TRACE)
+        msg = rfc822.Message (buf, seekable=1)
+
+        if should_tokenize_message (msg, args):
             token = gen_token (msg)
             log (INFO, 'Generated token %s.' % token)
-            new_buf = '%s: %s\n' % (config['auth_field'], token) + buf.getvalue ()
-            send_mail (new_buf, mailcmd)
-            log (TRACE, 'Sent tokenized mail.')
+            return '%s: %s\n' % (config['auth_field'], token) + buf.getvalue ()
         else:
-            send_mail (buf.getvalue (), mailcmd)
-            log (TRACE, 'Passed mail through unchanged.')
+            return buf.getvalue ()
 
     except StandardError, txt:
         log (FATAL, 'Fatal:  caught exception (%s)' % txt)