X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fpostinst;h=497a2df67808c47ca484f6db31ee73bf20df0f29;hb=HEAD;hp=0fc43203dfe640b1ca8195f61ba9402e28f6ba13;hpb=375cb43dbbaa9f08288683d23989530574a9acd9;p=spamassassin-cn.git diff --git a/debian/postinst b/debian/postinst index 0fc4320..3fe32d3 100755 --- a/debian/postinst +++ b/debian/postinst @@ -1,50 +1,31 @@ #!/bin/sh -# postinst script for spamassassin-cn -# -# see: dh_installdeb(1) set -e -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package -# - -case "$1" in - configure|reconfigure) - # continue below - ;; - - *) - exit 0 - ;; -esac - -# import CN-functions +[ "$1" = "configure" ] || exit 0 +[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx + +# Load CARNET Tools . /usr/share/carnet-tools/functions.sh -# load Debconf +# Load Debconf . /usr/share/debconf/confmodule + db_version 2.0 umask 022 +# clean up old debconf questions that are no longer in this package +if dpkg --compare-versions "$2" lt "2:3.1.7-4"; then + db_unregister spamassassin-cn/usedcc || true +fi + db_get spamassassin-cn/usebayes || true use_bayes="$RET" db_get spamassassin-cn/userazor2 || true use_razor2="$RET" -db_get spamassassin-cn/usedcc || true -use_dcc="$RET" - db_get spamassassin-cn/runservice || true run_service="$RET" @@ -57,12 +38,8 @@ db_stop || true if [ "$run_as_user" = "non-root" ]; then if ! grep -q '^OPTIONS=".*username=spamd"' \ /etc/default/spamassassin; then - if [ -x /usr/sbin/invoke-rc.d ]; then - invoke-rc.d --quiet spamassassin stop - else - /etc/init.d/spamassassin stop - fi - rstart=yes + service spamassassin stop + rstart=yes fi if ! getent group spamd >/dev/null 2>&1; then @@ -89,12 +66,8 @@ if [ "$run_as_user" = "non-root" ]; then elif [ "$run_as_user" = "root" ]; then if grep -q '^OPTIONS=".*username=spamd"' \ /etc/default/spamassassin; then - if [ -x /usr/sbin/invoke-rc.d ]; then - invoke-rc.d --quiet spamassassin stop - else - /etc/init.d/spamassassin stop - fi - restart=yes + service spamassassin stop + restart=yes fi if [ -d "/var/run/spamd" ]; then @@ -115,7 +88,7 @@ if [ -f $examdir/local.cf ]; then # old enough if [ -s $confdir/local.cf ] && - dpkg --compare-versions "$2" lt "2:3.0.3-3"; then + dpkg --compare-versions "$2" lt "2:3.2.5-4"; then echo "CN: Backing up old version of $confdir/local.cf in /var/backups" cp_backup_conffile $confdir/local.cf rm -f $confdir/local.cf @@ -177,8 +150,8 @@ if [ -f $examdir/local.cf ]; then rm -f $confdir/local.cf.$$.$$ fi - # set bayes/razor2/dcc in local.cf.$$ - for i in bayes razor2 dcc; do + # set bayes/razor2 in local.cf.$$ + for i in bayes razor2; do use_name="use_$i" use_value=$(eval echo \$$use_name) if [ "$use_value" = "true" ]; then @@ -191,6 +164,58 @@ if [ -f $examdir/local.cf ]; then $confdir/local.cf.$$ || true done + # remove obsolete options from old SA + egrep -v '^(bayes_use_chi2_combining|ok_languages|use_pyzor|pyzor_|use_dcc|dcc_)' \ + $confdir/local.cf.$$ > $confdir/local.cf.$$.$$ && \ + mv -f $confdir/local.cf.$$.$$ $confdir/local.cf.$$ + rm -f $confdir/local.cf.$$.$$ + + # calculate trusted networks + cp_get_netaddr || true + netaddr="$RET" + # ... get already configured trusted networks + trusted_networks=$(awk '/^trusted_networks/ { print $2 }' \ + $confdir/local.cf.$$ | sed -e 's/,/ /g') + # ... merge with local networks configured on eth interfaces + for i in $netaddr; do + if ! echo "$trusted_networks" | grep -q "$i"; then + trusted_networks="$trusted_networks $i" + fi + done + # ... merge with Postfix ranges + if [ -x /usr/sbin/postconf ]; then + for i in $(postconf -h mynetworks | sed -e 's/,/ /g'); do + if ! echo "$trusted_networks" | grep -q "$i"; then + trusted_networks="$trusted_networks $i" + fi + done + fi + # ... strip 127/8 range + for i in $trusted_networks; do + if ! echo "$i" | egrep -q \ + "127.0.0.0/8|\[::1\]/128|\[::ffff:127.0.0.0\]/104"; then + trusted_networks_clean="$trusted_networks_clean $i" + fi + done + # ... strip left and right blanks from final string + trusted_networks_clean=$(echo "$trusted_networks_clean" \ + | sed 's/^[ \t]*//;s/[ \t]*$//') + # ... and replace if non-zero + if [ ! -z "$trusted_networks_clean" ]; then + trusted_networks=$trusted_networks_clean + fi + cp_check_and_sed "^trusted_networks " \ + "s#^trusted_networks .*#trusted_networks $trusted_networks#g" \ + $confdir/local.cf.$$ || true + echo "CN: Activated $trusted_networks as trusted networks" + + if dpkg --compare-versions "$2" lt "2:3.3.5"; then + cp_check_and_sed "^bayes_auto_expire 1" \ + "s#^bayes_auto_expire .*#bayes_auto_expire 0#g" \ + $confdir/local.cf.$$ || true + echo "CN: Set bayes_auto_expire to 0" + fi + # different than template if ! cmp -s $confdir/local.cf.$$ $confdir/local.cf; then # backup if not zero size @@ -208,6 +233,50 @@ if [ -f $examdir/local.cf ]; then rm -f $confdir/local.cf.$$ fi +# enable/disable plugins in SA +list=$(find /etc/spamassassin -type f -name 'v*.pre') +for i in $list; do + # enable DKIM + cp -f $i $i.$$ + plugin="loadplugin Mail::SpamAssassin::Plugin::DKIM" + cp_check_and_sed "^.*#.*$plugin.*$" \ + "s/^.*#.*$plugin.*$/$plugin/g" $i.$$ || true + if ! cmp -s $i.$$ $i; then + mv -f $i.$$ $i + fi + rm -f $i.$$ + + # disable Pyzor + cp -f $i $i.$$ + plugin="loadplugin Mail::SpamAssassin::Plugin::Pyzor" + cp_check_and_sed "^$plugin.*$" \ + "s/^$plugin.*$/#$plugin/g" $i.$$ || true + if ! cmp -s $i.$$ $i; then + mv -f $i.$$ $i + fi + rm -f $i.$$ + + # disable DCC + cp -f $i $i.$$ + plugin="loadplugin Mail::SpamAssassin::Plugin::DCC" + cp_check_and_sed "^$plugin.*$" \ + "s/^$plugin.*$/#$plugin/g" $i.$$ || true + if ! cmp -s $i.$$ $i; then + mv -f $i.$$ $i + fi + rm -f $i.$$ + + # enable AWL + cp -f $i $i.$$ + plugin="loadplugin Mail::SpamAssassin::Plugin::AWL" + cp_check_and_sed "^#$plugin.*$" \ + "s/^#$plugin.*$/$plugin/g" $i.$$ || true + if ! cmp -s $i.$$ $i; then + mv -f $i.$$ $i + fi + rm -f $i.$$ +done + # check and replace /etc/default/spamasassin if needed if [ "$run_service" = "true" -a \ -f $examdir/etc-default-spamassassin-$run_as_user ]; then @@ -260,15 +329,23 @@ fi # cleanup the AWL if getent passwd amavis >/dev/null 2>&1; then - if [ -s ~amavis/.spamassassin/auto-whitelist ]; then + AWL=~amavis/.spamassassin/auto-whitelist + if [ -s $AWL ]; then echo "CN: Cleaning the Amavis auto-whitelist" su -c '/usr/bin/check_whitelist --clean' - amavis >/dev/null 2>&1 \ || true + + # see if size is still unacceptable + SIZE=$(du -ks $AWL | awk '{print $1}') + if [ $SIZE -ge 51200 ]; then + echo "CN: Size of AWL database > 50MB, doing full cleanup" + cp /dev/null $AWL + fi fi fi # import SA keys -echo "CN: Importing SpamAssassin and SARE public PGP keys" +echo "CN: Importing SpamAssassin channels' public PGP keys" echo "$(date +'%d-%m-%Y %T'): Importing new SA keys..." >> \ /var/log/sa-update.log if [ ! -d /etc/spamassassin/sa-update-keys ]; then @@ -277,42 +354,51 @@ if [ ! -d /etc/spamassassin/sa-update-keys ]; then /etc/spamassassin/sa-update-keys/secring.gpg chmod -R go-rwx /etc/spamassassin/sa-update-keys fi -sa-update --import /etc/spamassassin/sa-keys.pgp \ +sa-update --gpghomedir /etc/spamassassin/sa-update-keys --import /etc/spamassassin/sa-keys.pgp \ >>/var/log/sa-update.log 2>&1 || true +# import http://spamassassin.apache.org/updates/GPG.KEY +echo "CN: Importing new http://spamassassin.apache.org/updates/GPG.KEY..." +sa-update --gpghomedir /etc/spamassassin/sa-update-keys --import /usr/share/spamassassin-cn/GPG.KEY + # clean old RulesDuJour rules echo "CN: Cleaning old RulesDuJour and SARE rules..." rm -rf /etc/spamassassin/*_sare_*.cf /etc/spamassassin/RulesDuJour +find /var/lib/spamassassin -iname \*_sare_\* -print0 | xargs -0r rm -rf +sed -i -e '/dostech.net/d' /etc/spamassassin/sa-update.channels echo "CN: Please use /etc/spamassassin/sa-update.channels in future!" - + +# clean old sought.rules.yerp.org +echo "CN: Cleaning old YERP rules..." +find /var/lib/spamassassin -iname \*_yerp_\* -print0 | xargs -0r rm -rf +sed -i -e '/sought.rules.yerp.org/d' /etc/spamassassin/sa-update.channels + +# add spamassassin.heinlein-support.de +#echo "CN: Adding spamassassin.heinlein-support.de to /etc/spamassassin/sa-update.channels..." +#if ! grep -q spamassassin.heinlein-support.de /etc/spamassassin/sa-update.channels; then +# echo spamassassin.heinlein-support.de >> /etc/spamassassin/sa-update.channels +#fi + # get/update the rules echo "CN: Downloading new SpamAssassin rules and updating in background" echo "$(date +'%d-%m-%Y %T'): Fetching new SA rules..." >> \ /var/log/sa-update.log sa-update \ --channelfile /etc/spamassassin/sa-update.channels \ - --gpgkey 856AA88A \ - --gpgkey 24F434CE \ - --gpgkey BDE9DC10 >>/var/log/sa-update.log 2>&1 || true + --gpghomedir /etc/spamassassin/sa-update-keys \ + --allowplugins >>/var/log/sa-update.log 2>&1 & + echo "CN: SpamAssassin updates are now logged at /var/log/sa-update.log" # restart the spamasassin if [ "x$restart" = "xyes" ]; then - if [ -x /usr/sbin/invoke-rc.d ]; then - pkill -f /usr/sbin/spamd || true - invoke-rc.d --quiet spamassassin restart - else - /etc/init.d/spamassassin restart - fi + pkill -f /usr/sbin/spamd || true + service spamassassin restart fi # restart the amavis if [ "x$restart" = "xyes" -a -x /etc/init.d/amavis ]; then - if [ -x /usr/sbin/invoke-rc.d ]; then - invoke-rc.d --quiet amavis restart - else - /etc/init.d/amavis restart - fi + service amavis restart fi # dh_installdeb will replace this with shell code automatically