amavisd-cn
-Ovaj paket donosi dodatnu CARNetovu konfiguraciju za paket
-iz Debian distribucije.
+Ovaj paket donosi dodatnu CARNetovu konfiguraciju za pakete amavisd-new i
+postfix iz Debian distribucije. Komunikacija izmedju postfix MTA i
+amavisd-new se obavlja preko lmtp protokola, u nacelu na nacin opisan u
-- Od inacice 20030616p10-1, amavisd-cn vise ne donosi cijeli amavisd-new,
- vec ovisi o Debianovim paketima amavisd-new i amavisd-new-milter. U ovom
- paketu se sada nalazi samo konfiguracija podesna za posluzitelje na
- CARNetovim ustanovama. Konfiguracijska datoteka se vise ne nalazi u
- /etc/amavisd.conf, vec u
+/usr/share/doc/amavisd-new/README.postfix.gz
+
+- Debian etch ima konfiguraciju za amavisd-new razdijeljenu u mnostvo
+ datoteka, koje se nalaze u /etc/amavis/conf.d.
+
+ amavisd-cn paket donosi svoje postavke u tom direktoriju, u datoteci
+
+ /etc/amavis/conf.d/40-carnet
+
+ Ukoliko zelite rucno izmijeniti neku od tih postavki, strogo se preporuca
+ iskopirati vrijednost u datoteku koju Debian predvidja za korisnika,
+
+ /etc/amavis/conf.d/50-user
+
+ te u toj datoteci postaviti vlastitu vrijednost koja ce imati prednost nad
+ Debianovom, ili onom iz 40-carnet tj. iz ovog paketa.
+
+ Ukoliko pak zelite programatski, iz vlastite skripte ili paketa dodati
+ neku postavku koja nadopunjuje CARNetovu konfiguraciju, preporuca se pripremiti
+ vlastitu datoteku i nazvati je imenom koje ce leksicki padati izmedju
+ 40-carnet i 50-user, na primjer
+
+ /etc/amavis/conf.d/45-sophos-aai
+
+ U njoj je onda moguce referencirati se na Debianove ili nase postavke.
+
+ Ukoliko zelite zadrzati jednu datoteku za konfiguraciju kao sto je
+ uobicajeno u upstream verziji, i u Debianu prije izdanja 4.0 / etch,
+ nemojte koristiti ovaj paket. Ukoliko je prije instalacije amavisd-cn
+ postojala stara datoteka
/etc/amavis/amavisd.conf
+ ista ce biti premjestena u /var/backups/amavisd.conf.bak i postavke
+ _nece_ biti automatski prenesene. Vlastite postavke morate naknadno
+ prebaciti u gore navedenu datoteku
+
+ /etc/amavis/conf.d/50-user
+
Stara datoteka se kod instalacije premjesta u
/etc/amavis/amavisd.conf.cn-old, tako da po zelji mozete vlastite
postavke prenijeti u novu. Predlozak za novu konfiguraciju se nalazi u
postavljena podrska za Sendmail+milter, za SpamAssassin s podrskom za
white- i blackliste, te za ClamAV i Sophos antiviruse.
-- Za restart svih kompomenti mta sustava ispravnim redoslijedom (clamd +
- amavisd-new + amavis-milter + sendmail ili clamd + amavisd + postfix)
- mozete koristiti dodanu init.d skriptu
+- Stara skripta za restart svih kompomenti mta sustava (clamd + amavisd +
+ postfix) vise nije nuzno potrebna, ali se jos uvijek moze korisititi kao
- /etc/init.d/amavisd-cn restart
+ /etc/init.d/amavisd-cn restart
- Odrzavanje spamassassin bayesian filtera sada dolazi sa Debianovim paketom
i nalazi se u
+ /etc/cron.daily/amavisd-new
/etc/cron.d/amavisd-new
Brisanje starih datoteka iz karantene se obavlja iz
$spam_lovers{lc($spam_admin)} = 1;
- -- Zoran Dzelajlija <jelly+paketi@srce.hr> Fri, 30 Jun 2006 10:58:01 +0200
+ -- Zoran Dzelajlija <zoran.dzelajlija@carnet.hr> Thu, 18 Oct 2007 21:47:49 +0200
+
Before commiting a build candidate, remember to update version.sh!
VERSION must be same as the latest changelog entry, stripped of epoch.
-SENDTMPLVERSION and POSTTMPLVERSION should indicate when a particular
-template was last updated.
-
+POSTTMPLVERSION,
+MASTTMPLVERSION should indicate when a particular template was last updated.
Bugs:
-- SAVI ne radi kod prve instalacije? Nakon sophos-sweep-update i
- dpkg-reconfigure amavisd-cn proradi.
-- CN: Current configuration saved in /var/backups/amavisd.conf.bak
- se pojavljuje precesto a uzrokuje slanje maila.
-
-Features:
-- funkcije za pametniju izmjenu sendmail <-> postfix
-- update na 2.4 i _mozda_ split config
+- Radi li SAVI kod prve instalacije? U sargeu nije radio a to
+ nije mijenjano.
-amavisd-cn (2:20030616p10-12) sarge; urgency=low
+amavisd-cn (3:2.4.2-1) etch; urgency=low
+
+ * Pocetna verzija za etch.
+ * Izbacene reference na sendmail, kojeg vise ne podrzavamo.
+ * Pojednostavljena konfiguracija, u zasebnoj datoteci.
+ Izbacene su sve postavke za koje Debian daje dobre vrijednosti
+ te jos neke vjerojatno zastarjele postavke. Izmedju ostalog,
+ - $whitelist_sender popis
+ * Zavrsni backup i brisanje amavisd.conf iz /etc/amavis.
+ * Dignut epoch radi pracenja verzije amavisd-new.
+
+ -- Zoran Dzelajlija <zoran.dzelajlija@carnet.hr> Thu, 18 Oct 2007 21:53:46 +0200
+
+amavisd-cn (2:20030616p10-12) sarge; urgency=high
+
+ * Sitniji hotfix za rjesenje problema sporog startanja Clamav daemona
+ (pidfile se pojavljuje sa zakasnjenjem od 30ak sec)
+
+ -- Dinko Korunic <kreator@carnet.hr> Tue, 29 May 2007 14:14:45 +0200
+
+amavisd-cn (2:20030616p10-12~unreleased) UNRELEASED; urgency=low
* U prerm pazi da li postoji newaliases.
Section: mail
Priority: optional
Maintainer: Zoran Dzelajlija <zoran.dzelajlija@carnet.hr>
-Build-Depends: debhelper (>= 4.0.0), sed
+Build-Depends: debhelper, sed
Standards-Version: 3.6.1
Package: amavisd-cn
Architecture: all
Provides: amavisd-new-cn
-Depends: amavisd-new (>= 20030616p10-5), postfix | amavisd-new-milter (>= 20030616p10-5), postfix | sendmail (>= 8.13.1-20), clamav-cn (>= 0.80-7), spamassassin (>= 2.64), debianutils (>= 1.13.1), carnet-tools-cn (>= 2.7), procps, patch
+Depends: amavisd-new (>= 1:2.4.2-6.1), postfix, clamav-cn (>= 2:0.91.2-1), spamassassin (>= 3.1.7-2), debianutils, carnet-tools-cn (>= 2.7), procps
Pre-Depends: amavisd-new
-Recommends: sweep-cn, libsavi-perl
-Conflicts: libsavi-perl (<< 0.15), bunch-perl-modules-cn, sweep-cn (<< 1.8-2)
-Description: Interface between MTA and virus scanner/content filters
- AMaViSd-new is a script that interfaces a mail transport agent (MTA) with
- zero or more virus scanners, and spamassassin (optional).
- .
- CARNet configuration comes with clamav and spamassassin, providing
- virus and spam scanning for postfix, or for sendmail via
- amavisd-new-milter.
+Suggests: sophos-srce, libsavi-perl
+Conflicts: libsavi-perl (<< 0.15), bunch-perl-modules-cn, sweep-cn
+Description: Easy setup for a postfix/amavisd-new/clamav/spamassassin configuration
+ This package provides a simple but reasonable configuration of amavisd-new
+ providing virus and spam scanning for postfix MTA, using clamav and
+ spamassassin to scan for viruses and spam.
options='
clamd clamav-daemon clamav /usr/sbin/clamd clamav/clamd.pid 5 clamav.log
amavis amavis.amavisd-new amavis amavisd \\(master\\) amavis/amavisd.pid 5 socket
-milter amavisd-new-milter amavis /usr/sbin/amavis-milter amavis/amavisd-new-milter.pid 5 socket
'
# note: pgrep -f takes a regexp, and this is shell expanded once, hence \\
IFS="$IFSOLD"
num=${num:-4}
sleep=${sleep:-1}
- maxtry=${maxtry:-10}
+ maxtry=${maxtry:-90}
if [ -n "$pidfile" ]; then
pidfile=/var/run/$pidfile
findpid="[ -f $pidfile ] && cat $pidfile || true"
do
sleep $sleep # 1st, give it a chance to run
pid=`eval $findpid` # 2nd: find it
- [ -z "$pid" ] && return 1 # not running at all
- count=`ls -1 /proc/$pid/fd 2>/dev/null| wc -l` # 3rd: count all it's worth
- [ "$count" -ge "$num" ] && ls -l /proc/$pid/fd | grep -q $fdname \
- && return # success -- release
+ if [ ! -z "$pid" ]; then
+ count=`ls -1 /proc/$pid/fd 2>/dev/null| wc -l` # 3rd: count all it's worth
+ [ "$count" -ge "$num" ] && ls -l /proc/$pid/fd | grep -q $fdname \
+ && return # success -- release
+ fi
try=$(($try+1))
[ "0$try" -ge "0$maxtry" ] && return 1 # no luck this time
done
# If there's no diversion, play possum
[ -x /etc/init.d/amavis.amavisd-new ] || exit 0
-if [ -x /etc/init.d/postfix -a -x /usr/lib/postfix/master ]; then
- mta=postfix
-else
- mta=sendmail
-fi
+mta=postfix
case "$arg" in
start|stop|restart|reload|force-reload)
istart)
start clamd
start amavis
- [ $mta = sendmail ] && start milter
/etc/init.d/$mta start
;;
istop)
/etc/init.d/$mta stop
- [ $mta = sendmail ] && stop milter
stop amavis
stop clamd
;;
-version.sh usr/share/amavisd-cn
-src/* usr/share/amavisd-cn
-templates/* usr/share/amavisd-cn
+version.sh usr/share/amavisd-cn
+src/postfix.sh usr/share/amavisd-cn
+src/variables.sh usr/share/amavisd-cn
+src/functions.sh usr/share/amavisd-cn
+templates/* usr/share/amavisd-cn
#!/bin/sh
-# last update: jelly+paketi@srce.hr Mon Oct 30 14:37:06 CET 2006
+# last update: zoran.dzelajlija@carnet.hr Fri, 19 Oct 2007 00:34:32 +0200
set -e
# Place configuration tweaks done on upgrades into this function
update_conf() {
[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
- # comment out spam alerts if we're upgrading from
- # << 20030616p10-4 in woody, or << 2:20030616p10-5 in sarge,
- # or a fresh installation is taking place
- if dpkg --compare-versions "$2" lt 20030616p10-4 || \
- { dpkg --compare-versions "$2" ge 2:0 && \
- dpkg --compare-versions "$2" lt 2:20030616p10-5; }; then
- if cp_check_and_sed '^\$spam_admin = "spamalert\\@\$mydomain";$' \
- 's/^\(\$spam_admin\b\)/# \1/' $ACONF; then
- cp_echo "CN: commented \$spam_admin in $ACONF."
- cp_echo "CN: Be sure to whitelist that address if you reenable it!"
- cp_echo " If spam detection is enabled for that address, loops may occur."
- restart_daemon=1
- fi
- fi
- # saner defaults - silently discard viruses, and do SMTP-time reject for
- # explicitely banned attachments instead of bounces
- if dpkg --compare-versions "$2" lt 2:20030616p10-8; then
- if cp_check_and_sed \
- '^[ ]*\$final_virus_destiny[ ]*=[ ]*D_BOUNCE' \
- 's/^\([ \t]*\$final_virus_destiny[ \t]*=[ \t]*\)D_BOUNCE/\1D_DISCARD/' \
- $ACONF; then
- cp_echo "CN: Discarding viruses (option \$final_virus_destiny)."
- restart_daemon=1
- fi
- if cp_check_and_sed \
- '^[ ]*\$final_banned_destiny[ ]*=[ ]*D_BOUNCE' \
- 's/^\([ \t]*\$final_banned_destiny[ \t]*=[ \t]*\)D_BOUNCE/\1D_REJECT/' \
- $ACONF; then
- cp_echo "CN: Rejecting banned files at SMTP time (option \$final_banned_destiny)."
- restart_daemon=1
- fi
- fi
- if dpkg --compare-versions "$2" lt 2:20030616p10-11 && \
- [ "$domain" != "$host" ]; then
- if cp_check_and_sed \
- '^[ ]*\$mydomain[ ]*=[ ]* ["'"']$host['"'"]' \
- 's/^\([ \t]*\$mydomain[ \t]*=[ \t]*\)["'"']$host['"'"]/\1'"'$domain'"/ \
- $ACONF; then
- cp_echo "CN: MX for $domain detected, updating \$mydomain."
- restart_daemon=1
- fi
- fi
+ # placeholder.
+ # remember to set changed_config=1 and restart_daemon=1 if necessary
+ :
}
-# find out which MTA, assume postfix
mta=postfix
-ACONFTMPL=$POSTTMPL
-TMPLVERSION=$POSTTMPLVERSION
-if dpkg -l postfix | grep -q '^.i'; then
- . /usr/share/amavisd-cn/postfix.sh
-elif dpkg -l sendmail | grep -q '^.i'; then
- mta=sendmail
- ACONFTMPL=$SENDTMPL
- TMPLVERSION=$SENDTMPLVERSION
- . /usr/share/amavisd-cn/sendmail.sh
-else
- # should never happen, we check for this in preinst too!
- echo "CN: Ugh, no supported mail-transported-agent could be found?!" >&2
- echo "CN: If you really have a MTA supported by CARNet installed," >&2
- echo "CN: Please inform the maintainer. Assuming ${mta}..." >&2
-fi
-
-# XXX remove at least some of woody cruft for CARNet Debian 2.1+1
-# convert sweep-cn back to "sweep" account, fix uid/gid
-if getent passwd sweep > /dev/null; then
- check_and_update_ugid sweep /etc/sweep /var/lib/sav /var/spool/intercheck /var/log/sweep.log || true
- # chown stuff I forgot in previous versions
- if dpkg --compare-versions "$2" lt 20030616p10-3; then
- chown -R sweep:sweep /var/spool/intercheck /var/log/sweep.log 2> /dev/null || true
- fi
- if cp_check_and_sed viruser s/viruser/sweep/ /etc/cron.d/sweep-cn /usr/bin/sophos-ide-update; then
- did_sweep="sweep "
- fi
- if cp_check_and_sed viruser "s/sweep viruser/sweep/g; s/viruser/sweep/g" /etc/samba/smb.conf; then
- /etc/init.d/samba reload || true
- did_sweep="${did_sweep}smb.conf "
- fi
-fi # sweep
-
-# get rid of viruser
-if getent passwd viruser > /dev/null || [ -n "$did_sweep" ]; then
- # remove viruser account usage
- echo -n "CN: Removing viruser: "
- [ "$did_sweep" ] && echo -n "$did_sweep"
- if cp_check_and_sed '^viruser' s/viruser/clamav/ $ALIASES; then
- newaliases 2>&1 > /dev/null
- echo -n "aliases "
- fi
- if cp_check_and_sed "User viruser" \
- s/viruser/clamav/ /etc/clamav/clamd.conf; then
- clamav_changed=1
- fi
- if cp_check_and_sed "DatabaseOwner viruser" \
- s/viruser/clamav/ /etc/clamav/freshclam.conf; then
- clamav_changed=1
- fi
- if [ -n "$clamav_changed" ]; then
- # add clamav to amavis group
- echo -n "c"
- id clamav | grep -q amavis || adduser clamav amavis > /dev/null
- echo -n "l"
- /etc/init.d/clamav-daemon stop > /dev/null || true
- pkill -9 /usr/sbin/clamd || true
- echo -n "a"
- /etc/init.d/clamav-freshclam stop > /dev/null || true
- pkill -9 /usr/bin/freshclam || true
- echo -n "m"
- chown -R clamav:clamav \
- /var/lib/clamav /var/log/clamav /var/run/clamav || true
- echo -n "a"
- # Don't abort if clamav services do not restart.
- /etc/init.d/clamav-daemon start > /dev/null || failed clamav-daemon
- /etc/init.d/clamav-freshclam start > /dev/null || failed clamav-freshclam
- echo -n "v "
- fi
- # We'll catch other changes later, just fix user now
- if cp_check_and_sed '$daemon_user.*viruser' s/viruser/amavis/g $ACONF; then
- stop_amavisd_now=1
- fi
- if getent passwd viruser >/dev/null; then
- if ls -lnG /var/run/amavis $AHOME |grep -q " $(id -u viruser) " || \
- pgrep -u viruser -f /usr/sbin/amavis-milter > /dev/null || \
- pgrep -u viruser amavisd > /dev/null; then
- stop_amavisd_now=1
- fi
- fi
- if [ -n "$stop_amavisd_now" ]; then
- echo -n "a"
- if [ -x /etc/init.d/$mta ]; then
- /etc/init.d/$mta stop > /dev/null
- else
- # shouldn't happen either XXX catch it and send to maintainer?
- echo -n "iee, no init script for $mta! ignoring... a"
- fi
- echo -n "m"
- if [ -x /etc/init.d/amavisd-new-milter ]; then
- /etc/init.d/amavisd-new-milter stop > /dev/null
- fi
- echo -n "a"
- pkill -9 -u viruser -f /usr/sbin/amavis-milter || true
- echo -n "v"
- /etc/init.d/amavis stop > /dev/null
- echo -n "i"
- pkill -9 -u viruser -x amavisd || true
- chown_ahome=1 # do it later
- echo -n "s "
- restart_daemon=1
- [ $mta = sendmail ] && restart_milter=1 || true
- restart_mta=1
- fi
- if getent passwd viruser >/dev/null; then
- echo -n "userdel"
- userdel viruser
- fi
- echo "."
- cp_echo -mailonly "CN: Removed user viruser."
-fi # viruser
-# added later
-if cp_check_and_sed viruser s/viruser/clamav/ \
- /etc/logrotate.d/clamav-daemon /etc/logrotate.d/clamav-freshclam; then
- :
-fi # viruser
+. /usr/share/amavisd-cn/postfix.sh
# $domain will be equal to $host if nothing better can be found
cp_get_mx_domain
domain=$RET
-# sendmail config
-if [ "$mta" = sendmail ]; then
- update_sendmail
- conf_sendmailize
-fi # end sendmail config
-
-# postfix config
-if [ "$mta" = postfix ]; then
- update_postfix
- conf_postfixize
-fi # end postfix config
+update_postfix
# amavisd.conf
if [ -f "$ACONFOLD" ]; then
cp_echo "CN: Amavisd configuration is now in $ACONF."
cp_echo " Previous location was $ACONFOLD."
- if [ ! -e "$ACONFMOVED" ]; then
- mv "$ACONFOLD" "$ACONFMOVED"
- cp_echo " Old file renamed to $ACONFMOVED."
+ cp_backup_conffile "$ACONFOLD"
+ rm -f "$ACONFOLD"
+ cp_echo " Old file renamed to $ACONFMOVED."
fi
cp_echo ""
- cp_echo "CN: If you made any changes to $ACONFOLD, they will NOT be moved"
- cp_echo "CN: to the new location automatically. You must update the new file"
- cp_echo "CN: by yourself, and remove the old file afterwards."
-elif [ -f "$ACONFMOVED" ]; then
- cp_echo "CN: Remember to remove the old $ACONFMOVED file."
+ cp_echo "CN: Please read /usr/share/doc/amavisd-cn/README.CARNet."
+elif [ -f "$ACONFOLD.disabled" ]; then
+ cp_backup_conffile "$ACONFOLD.disabled" "$(basename $ACONFOLD)"
+ rm -f "$ACONFOLD.disabled"
+ cp_echo "CN: Removed $ACONFOLD.disabled."
+ cp_echo " Please read /usr/share/doc/amavisd-cn/README.CARNet."
fi
+
if [ -f $ACONF ]; then
- if grep -q _CN_ $ACONF; then
- # This is unlikely, actually
- if cp_check_and_sed "s/_CN_DOMAIN_/$domain/g; s/_CN_HOST_/$domain/g" $ACONF; then
- restart_daemon=1
- fi
- else
- if egrep -q "^\\\$mydomain = 'example.com'" $ACONF; then
- # Debian default or lame sysadmin detected, replace it by template
- conf_from_template
- elif egrep -q "#CARNet#\\\$mydomain = 'example.com';" $ACONF &&
- dpkg --compare-versions "$2" eq 2:20030616p5-0; then
- # CARNet Debian 2.1 (sarge) CDROM installation detected
- noisy_backup $ACONF
- conf_from_template
- else
- # add other fixups to update_conf() above
- update_conf $*
- fi
- fi
+ # add other fixups to function update_conf(), way above
+ update_conf $*
fi
# nonexistent or empty config
if [ ! -f $ACONF -o ! -s $ACONF ]; then
# check for SAVI:
# if not there, comment it out, if there, uncomment and restart
-if ! dpkg -l libsavi-perl bunch-perl-modules-cn 2> /dev/null | \
- egrep -q '^.i' || \
- ! [ -f /usr/lib/libsavi.so ]; then
+if ! dpkg -l libsavi-perl 2> /dev/null | egrep -q '^.i' || ! [ -f /usr/lib/libsavi.so ]; then
if cp_check_and_sed "^\['Sophos SAVI'" \
"s/^\(\['Sophos SAVI', ..sophos_savi \]\)/#\1/" $ACONF; then
cp_echo "CN: Disabled SAVI::Perl usage in ${ACONF}."
check_and_add_alias virusalert root
check_and_add_alias spamalert root
-# touch some required files XXX check if necessary for 2.4
-if [ ! -f $WLIST ]; then
- touch $WLIST
- chown_ahome=1
-fi
-
-if [ ! -f $BLIST ]; then
- touch $BLIST
- chown_ahome=1
-fi
-
if [ ! -f $AHOME/.spamassassin/user_prefs ] ; then
[ -d $AHOME/.spamassassin ] || mkdir -p $AHOME/.spamassassin
cat > $AHOME/.spamassassin/user_prefs <<-EEND
chown_ahome=1
fi
-# Raid over rc2.d
-if [ -x "/etc/init.d/sendmail" -a -e /etc/rc2.d/S20sendmail ]; then
- update-rc.d -f sendmail remove >/dev/null 2>/dev/null
- update-rc.d sendmail defaults 21 19 >/dev/null
-fi
-if [ -n "$(find /etc/rc2.d -name S18clam\*)" ]; then
- update-rc.d -f clamav-daemon remove >/dev/null
- update-rc.d clamav-daemon defaults 22 18 >/dev/null
-fi
+# No sysvinit order fixes
+:
# Cleanup and finalization
if dpkg --compare-versions "$2" lt 2:20030616p10-4; then
cp_echo -mailonly "CN: Fixed ownerships in /var/*/amavis."
fi
-# kill naughty pyzor descendants
-if dpkg --compare-versions "$2" lt "2:20030616p10-7" && \
+# kill naughty pyzor descendants -- XXX needed for 2.4 or not?
+if dpkg --compare-versions "$2" lt 2:20030616p10-7 && \
pgrep -u amavis -f '/usr/bin/pyzor check' > /dev/null; then
/etc/init.d/amavisd-cn stop
pkill -9 -u amavis -f '/usr/bin/pyzor check' > /dev/null || true
/etc/init.d/amavis.amavisd-new start
wait_for_fds amavis
fi
-if [ "$mta" = sendmail ]; then
- if [ "$restart_daemon" -a -x /etc/init.d/amavisd-new-milter ]; then
- /etc/init.d/amavisd-new-milter restart
- restart_mta=1
- fi
- # always check that the daemons are running
- if ! wait_for_fds milter; then
- /etc/init.d/amavisd-new-milter start
- wait_for_fds milter
- restart_mta=1
- fi
-elif [ "$restart_mta" ]; then
+if [ "$restart_mta" ]; then
/etc/init.d/$mta restart
fi
cp_echo "CN: Deleting virus-mail older than 7 days every day at 04:25 AM"
cp_echo " (can be changed in $CRONTAB)"
fi
-# display this message just once... maybe use debconf instead
-if dpkg --compare-versions "$2" lt "2:20030616p10-4"; then
- cp_echo ""
- cp_echo "CN: To stop, start or restart all of the clamav+amavis+mta components,"
- cp_echo "CN: use the /etc/init.d/amavisd-cn script."
-fi
+# This script is, hopefully, not needed any more. Hide it.
+## display this message just once... maybe use debconf instead
+#if dpkg --compare-versions "$2" lt "2:20030616p10-4"; then
+# cp_echo ""
+# cp_echo "CN: To stop, start or restart all of the clamav+amavis+mta components,"
+# cp_echo "CN: use the /etc/init.d/amavisd-cn script."
+#fi
if [ "$failed" ]; then
cp_echo ""
cp_echo "CN: Services $failed failed to restart!"
. /usr/share/carnet-tools/functions.sh
PKG=amavisd-cn
-MAILDIR=/etc/mail
ALIASES=/etc/aliases
-sendmail_cf=$MAILDIR/sendmail.cf
-sendmail_mc=$MAILDIR/sendmail.mc
-submit_mc=$MAILDIR/submit.mc
-ct_file=$MAILDIR/trusted-users
main_cf=/etc/postfix/main.cf
master_cf=/etc/postfix/master.cf
}
if [ "$1" = remove ]; then
- # sendmail?
- if grep -q $PKG $sendmail_mc $submit_mc 2>&- || \
- grep -q '^amavis$' $ct_file 2>&- ; then
- echo "Removing sendmail configuration for ${PKG}... "
- cp-update -r -c dnl $PKG $sendmail_mc >&-
- cp-update -r -c dnl $PKG $submit_mc >&-
- grep -v '^amavis$' $ct_file > ${ct_file}.dpkg-tmp.$$ || true
- cp_mv ${ct_file}.dpkg-tmp.$$ $ct_file
- make -C /etc/mail 2>&1 | grep -v 'issue .*/etc/init.d/sendmail reload' 1>&2 || true
- echo "Removed sendmail configuration for ${PKG}."
- if pgrep -u root -f 'sendmail: MTA: accepting connections' >&- ; then
- /etc/init.d/sendmail reload
- if ! pgrep -u root -f 'sendmail: MTA: accepting connections' >&- ; then
- echo 'CN: Something bad happened to sendmail on reload!' 1>&2
- exit 1
- fi
- # Everything went well, apparently. Remove old backup files.
- rm -f $sendmail_cf.$PKG
- rm -f $sendmail_mc.$PKG
- rm -f $submit_mc.$PKG
- fi
- fi
- # postfix?
if grep -q $PKG $master_cf; then
cp-update -r $PKG $master_cf >&-
del_postconf content_filter
echo "Removed postfix configuration for ${PKG}."
if pgrep -u root -f /usr/lib/postfix/master >&- && \
[ -x /etc/init.d/postfix ] >&- ; then
- /etc/init.d/postfix restart
+ if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d postfix restart
+ else
+ /etc/init.d/postfix restart
+ fi
fi
fi
cp-update -r $PKG $ALIASES >&-
dh_clean -k
dh_installdirs
- # Add here commands to install the package into debian/carnet-tools-cn.
+ # Add here commands to install the package into debian/package-name.
# $(MAKE) install DESTDIR=$(CURDIR)/debian/carnet-tools-cn
update_postfix() {
# set up master.cf
if [ -f /etc/postfix/master.cf ] && \
- ! grep -q smtp-amavis /etc/postfix/master.cf; then
- cp-update $PKG /etc/postfix/master.cf <<-EOF
- smtp-amavis unix - - n - 2 smtp
- -o smtp_data_done_timeout=1200
- -o disable_dns_lookups=yes
- -o smtp_line_length_limit=0
- -o notify_classes=protocol,resource,software
- -o max_use=10
-
- 127.0.0.1:10025 inet n - n - - smtpd
- -o content_filter=
- -o local_recipient_maps=
- -o smtpd_helo_restrictions=
- -o smtpd_client_restrictions=
- -o smtpd_sender_restrictions=
- -o smtpd_recipient_restrictions=permit_mynetworks,reject
- -o mynetworks=127.0.0.0/8
- -o strict_rfc821_envelopes=yes
- EOF
+ \( ! grep -q smtp-amavis /etc/postfix/master.cf || \
+ dpkg --compare-versions "$2" lt $MASTTMPLVERSION \); then
+ noisy_backup /etc/postfix/master.cf
+ cp-update $PKG /etc/postfix/master.cf < $MASTTMPL
fi
# main.cf
postconf -e content_filter="smtp-amavis:[127.0.0.1]:10024"
-}
-
-conf_postfixize() {
- local tmp
- tmp=`basename $ACONF.dpkg-tmp.$$`
- noisy_backup $ACONF
- # detect non-postfix config
- # XXX add $inet_socket_port & $inet_socket_bind
- if egrep -q '^[[:blank:]]*\$notify_method = .*argv=/usr/sbin/sendmail -Ac.*-odd' $ACONF || \
- ! ( egrep -q '^\$forward_method = '\''smtp:127.0.0.1:10025'\'';[[:blank:]]*(#|$)' $ACONF && \
- egrep -q '^\$notify_method = \$forward_method;[[:blank:]]*(#|$)' $ACONF && \
- egrep -q '^\$inet_socket_port.*10024' $ACONF && \
- egrep -q '^\$inet_socket_bind' $ACONF ); then
- if catpatch $ACONF | patch -sfp0 --dry-run >&- 2>&-; then
- oldpwd=`pwd`
- cd `dirname $ACONF`
- cp -p $ACONF $tmp
- catpatch $tmp | patch -fp0
- cp_mv $tmp $ACONF
- cd $oldpwd
- cp_echo -mailonly "CN: $ACONF patched for postfix."
- # then try to update exact options without disturbing anything else
- elif commented_in_paragraph '^[[:blank:]]*#.*POSTFIX' \
- '^$forward_method = '\''smtp:127.0.0.1:10025'\'';[[:blank:]]*(#|$)' \
- '^\$notify_method = \$forward_method;[[:blank:]]*(#|$)' \
- -f $ACONF &&
- uncommented_in_paragraph '^[[:blank:]]*#.*MILTER' \
- '$forward_method = undef;[[:blank:]]*(#|$)' \
- '$notify_method = .*argv=/usr/sbin/sendmail -Ac.*-odd' \
- -f $ACONF; then
- cp $ACONF $tmp
- uncomment_in_paragraph '^[[:blank:]]*#.*POSTFIX' \
- '^$forward_method = '\''smtp:127.0.0.1:10025'\'';[[:blank:]]*(#|$)' \
- '^\$notify_method = \$forward_method;[[:blank:]]*(#|$)' \
- -f $tmp
- comment_in_paragraph '^[[:blank:]]*#.*MILTER' \
- '$forward_method = undef;[[:blank:]]*(#|$)' \
- '$notify_method = .*argv=/usr/sbin/sendmail -Ac.*-odd' \
- -f $tmp
- cp_mv $tmp $ACONF
- cp_echo "CN: $ACONF updated for ${mta}."
- # or just use the template
- else
- conf_from_template
- cp_echo "CN: Config generated from ${ACONFTMPL}."
- fi
- restart_daemon=1
- changed_config=1
- fi
+
restart_mta=1
}
PKG=amavisd-cn
AHOME=/var/lib/amavis
-MAILDIR=/etc/mail
ALIASES=/etc/aliases
-sendmail_cf=$MAILDIR/sendmail.cf
-sendmail_mc=$MAILDIR/sendmail.mc
-submit_mc=$MAILDIR/submit.mc
-ct_file=$MAILDIR/trusted-users
CRONTAB=/etc/cron.d/$PKG
-ACONFOLD=/etc/amavisd.conf
-ACONFMOVED=/etc/amavisd.conf.cn-old
-ACONF=/etc/amavis/amavisd.conf
-POSTTMPL=/usr/share/$PKG/amavisd.conf.postfix-template
-SENDTMPL=/usr/share/$PKG/amavisd.conf.sendmail-template
-postdiff=/usr/share/$PKG/sendmail-to-postfix.diff
+ACONF=/etc/amavis/conf.d/40-carnet
+ACONFTMPL=/usr/share/$PKG/templates/40-carnet
BLIST=$AHOME/blacklist_sender
WLIST=$AHOME/whitelist_sender
# domain is set in postinst
options='
clamd clamav-daemon clamav /usr/sbin/clamd clamav/clamd.pid 5 clamav.log
amavis amavis.amavisd-new amavis amavisd \\(master\\) amavis/amavisd.pid 5 socket
-milter amavisd-new-milter amavis /usr/sbin/amavis-milter amavis/amavisd-new-milter.pid 5 socket
'
# note: pgrep -f takes a regexp, and this is shell expanded once, hence \\
--- /dev/null
+use strict;
+
+##
+## amavisd-new CARNet configuration file
+##
+## This file contains the config entries that we modify programatically,
+## or that we think are better defaults than what Debian provides.
+##
+## Do not edit this file, put your changes in 50-user instead!
+##
+
+# override $mydomain from 05-domain_id and 20-debian_defaults
+#
+$mydomain = '_CN_DOMAIN_';
+@local_domains_acl = ( "$mydomain", ".$mydomain" );
+
+# prettify the return path for notifications a bit in case there's a
+# separate person handling these, ie. if the user customizes
+# virusalert or spamalert aliases.
+#
+$mailfrom_notify_admin = "virusalert\@$mydomain";
+$mailfrom_notify_recip = "virusalert\@$mydomain";
+$mailfrom_notify_spamadmin = "spamalert\@$mydomain";
+# Keep the default for now
+#$virus_admin = "postmaster\@$mydomain";
+
+# Keep the default for now
+# $X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
+# $X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
+
+# postfix configuration, postfix' listener socket
+#
+$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
+$notify_method = $forward_method; # where to submit notifications
+
+# postfix setup for notifications, for rationale read the comments about
+# LMTP in /usr/share/doc/amavisd-new/README.postfix.gz
+#
+$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
+$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
+$final_spam_destiny = D_BOUNCE; # (defaults to D_REJECT)
+$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
+
+# read our legacy sender white/blacklists
+#
+if (-f "$MYHOME/whitelist_sender") {
+ read_hash(\%whitelist_sender, "$MYHOME/whitelist_sender");
+}
+if (-f "$MYHOME/blacklist_sender") {
+ read_hash(\%blacklist_sender, "$MYHOME/blacklist_sender");
+}
+
+# A small optimization
+$first_infected_stops_scan = 1; # default is false, all scanners are called
+
+# placeholder for AVs we might enable
+#
+push @av_scanners, (
+
+# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
+# ['Sophos SAVI', \&sophos_savi ],
+
+)
+
+# Always have an AV fallback
+#
+push @av_scanners_backup = (
+
+# always succeeds (uncomment to consider mail clean if all other scanners fail)
+['always-clean', sub {0}],
+
+)
+
+1; # insure a defined return
--- /dev/null
+smtp-amavis unix - - n - 2 smtp
+ -o smtp_data_done_timeout=1200
+ -o smtp_send_xforward_command=yes
+ -o disable_dns_lookups=yes
+ -o smtp_line_length_limit=0
+ -o notify_classes=protocol,resource,software
+ -o max_use=10
+
+127.0.0.1:10025 inet n - n - - smtpd
+ -o content_filter=
+ -o local_recipient_maps=
+ -o relay_recipient_maps=
+ -o smtpd_restriction_classes=
+ -o smtpd_delay_reject=no
+ -o smtpd_client_restrictions=permit_mynetworks,reject
+ -o smtpd_helo_restrictions=
+ -o smtpd_sender_restrictions=
+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o smtpd_data_restrictions=reject_unauth_pipelining
+ -o smtpd_end_of_data_restrictions=
+ -o mynetworks=127.0.0.0/8
+ -o smtpd_error_sleep_time=0
+ -o smtpd_soft_error_limit=1001
+ -o smtpd_hard_error_limit=1000
+ -o smtpd_client_connection_count_limit=0
+ -o smtpd_client_connection_rate_limit=0
+ -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
+ -o strict_rfc821_envelopes=yes
-VERSION=20030616p10-11
-SENDTMPLVERSION=2:20030616p10-8
-POSTTMPLVERSION=2:20030616p10-10
+VERSION=2.4.2-1
+POSTTMPLVERSION=3:2.4.2-1
+MASTTMPLVERSION=3:2.4.2-1
projects / amavisd-cn.git / commitdiff