[amavisd-cn.git] / debian / postinst

#!/bin/sh
# last update: jelly+paketi@srce.hr  Mon Oct 30 14:37:06 CET 2006

set -e

[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx

case "$1" in
  configure)
    # continue below
  ;;

  abort-upgrade|abort-remove|abort-deconfigure)
    exit 0
  ;;

  *)
    echo "postinst called with unknown argument \`$1'" >&2
    exit 0
  ;;
esac

PATH=/bin:/usr/bin:/sbin:/usr/sbin
export PATH

. /usr/share/amavisd-cn/version.sh
. /usr/share/carnet-tools/functions.sh
. /usr/share/amavisd-cn/variables.sh
. /usr/share/amavisd-cn/functions.sh

# Place configuration tweaks done on upgrades into this function
update_conf() {
  [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
  # comment out spam alerts if we're upgrading from
  # << 20030616p10-4 in woody, or << 2:20030616p10-5 in sarge,
  # or a fresh installation is taking place
  if dpkg --compare-versions "$2" lt 20030616p10-4 || \
    { dpkg --compare-versions "$2" ge 2:0 && \
      dpkg --compare-versions "$2" lt 2:20030616p10-5; }; then
    if cp_check_and_sed '^\$spam_admin = "spamalert\\@\$mydomain";$' \
       's/^\(\$spam_admin\b\)/# \1/' $ACONF; then
      cp_echo "CN: commented \$spam_admin in $ACONF."
      cp_echo "CN: Be sure to whitelist that address if you reenable it!"
      cp_echo "    If spam detection is enabled for that address, loops may occur."
      restart_daemon=1
    fi
  fi
  # saner defaults - silently discard viruses, and do SMTP-time reject for
  # explicitely banned attachments instead of bounces
  if dpkg --compare-versions "$2" lt 2:20030616p10-8; then
    if cp_check_and_sed \
      '^[       ]*\$final_virus_destiny[        ]*=[    ]*D_BOUNCE' \
      's/^\([ \t]*\$final_virus_destiny[ \t]*=[ \t]*\)D_BOUNCE/\1D_DISCARD/' \
      $ACONF; then
      cp_echo "CN: Discarding viruses (option \$final_virus_destiny)."
      restart_daemon=1
    fi
    if cp_check_and_sed \
      '^[       ]*\$final_banned_destiny[       ]*=[    ]*D_BOUNCE' \
      's/^\([ \t]*\$final_banned_destiny[ \t]*=[ \t]*\)D_BOUNCE/\1D_REJECT/' \
      $ACONF; then
      cp_echo "CN: Rejecting banned files at SMTP time (option \$final_banned_destiny)."
      restart_daemon=1
    fi
  fi
  if dpkg --compare-versions "$2" lt 2:20030616p10-11 && \
     [ "$domain" != "$host" ]; then
    if cp_check_and_sed \
      '^[       ]*\$mydomain[   ]*=[    ]* ["'"']$host['"'"]' \
      's/^\([ \t]*\$mydomain[ \t]*=[ \t]*\)["'"']$host['"'"]/\1'"'$domain'"/ \
      $ACONF; then
      cp_echo "CN: MX for $domain detected, updating \$mydomain."
      restart_daemon=1
    fi
  fi
}

# find out which MTA, assume postfix
mta=postfix
ACONFTMPL=$POSTTMPL
TMPLVERSION=$POSTTMPLVERSION
if dpkg -l postfix | grep -q '^.i'; then
  . /usr/share/amavisd-cn/postfix.sh
elif dpkg -l sendmail | grep -q '^.i'; then
  mta=sendmail
  ACONFTMPL=$SENDTMPL
  TMPLVERSION=$SENDTMPLVERSION
  . /usr/share/amavisd-cn/sendmail.sh
else
  # should never happen, we check for this in preinst too!
  echo "CN: Ugh, no supported mail-transported-agent could be found?!" >&2
  echo "CN: If you really have a MTA supported by CARNet installed," >&2
  echo "CN: Please inform the maintainer.  Assuming ${mta}..." >&2
fi 

# XXX remove at least some of woody cruft for CARNet Debian 2.1+1
# convert sweep-cn back to "sweep" account, fix uid/gid
if getent passwd sweep > /dev/null; then
  check_and_update_ugid sweep /etc/sweep /var/lib/sav /var/spool/intercheck /var/log/sweep.log || true
  # chown stuff I forgot in previous versions
  if dpkg --compare-versions "$2" lt 20030616p10-3; then
    chown -R sweep:sweep /var/spool/intercheck /var/log/sweep.log 2> /dev/null || true
  fi
  if cp_check_and_sed viruser s/viruser/sweep/ /etc/cron.d/sweep-cn /usr/bin/sophos-ide-update; then
    did_sweep="sweep "
  fi
  if cp_check_and_sed viruser "s/sweep viruser/sweep/g; s/viruser/sweep/g" /etc/samba/smb.conf; then
    /etc/init.d/samba reload || true
    did_sweep="${did_sweep}smb.conf "
  fi
fi # sweep

# get rid of viruser
if getent passwd viruser > /dev/null || [ -n "$did_sweep" ]; then
  # remove viruser account usage
  echo -n "CN: Removing viruser: "
  [ "$did_sweep" ] && echo -n "$did_sweep"
  if cp_check_and_sed '^viruser' s/viruser/clamav/ $ALIASES; then
    newaliases 2>&1 > /dev/null
    echo -n "aliases "
  fi
  if cp_check_and_sed "User viruser" \
       s/viruser/clamav/ /etc/clamav/clamd.conf; then
    clamav_changed=1
  fi
  if cp_check_and_sed "DatabaseOwner viruser" \
       s/viruser/clamav/ /etc/clamav/freshclam.conf; then
    clamav_changed=1
  fi
  if [ -n "$clamav_changed" ]; then
    # add clamav to amavis group
    echo -n "c"
    id clamav | grep -q amavis || adduser clamav amavis > /dev/null
    echo -n "l"
    /etc/init.d/clamav-daemon stop > /dev/null || true
    pkill -9 /usr/sbin/clamd || true
    echo -n "a"
    /etc/init.d/clamav-freshclam stop > /dev/null || true
    pkill -9 /usr/bin/freshclam || true
    echo -n "m"
    chown -R clamav:clamav \
      /var/lib/clamav /var/log/clamav /var/run/clamav || true
    echo -n "a"
    # Don't abort if clamav services do not restart.
    /etc/init.d/clamav-daemon start > /dev/null || failed clamav-daemon
    /etc/init.d/clamav-freshclam start > /dev/null || failed clamav-freshclam
    echo -n "v "
  fi
  # We'll catch other changes later, just fix user now
  if cp_check_and_sed '$daemon_user.*viruser' s/viruser/amavis/g $ACONF; then
    stop_amavisd_now=1
  fi
  if getent passwd viruser >/dev/null; then
    if ls -lnG /var/run/amavis $AHOME |grep -q " $(id -u viruser) " || \
        pgrep -u viruser -f /usr/sbin/amavis-milter > /dev/null || \
        pgrep -u viruser amavisd > /dev/null; then
      stop_amavisd_now=1
    fi
  fi
  if [ -n "$stop_amavisd_now" ]; then
    echo -n "a"
    if [ -x /etc/init.d/$mta ]; then
      /etc/init.d/$mta stop > /dev/null
    else
      # shouldn't happen either XXX catch it and send to maintainer?
      echo -n "iee, no init script for $mta! ignoring... a"
    fi
    echo -n "m"
    if [ -x /etc/init.d/amavisd-new-milter ]; then
      /etc/init.d/amavisd-new-milter stop > /dev/null
    fi
    echo -n "a"
    pkill -9 -u viruser -f /usr/sbin/amavis-milter || true
    echo -n "v"
    /etc/init.d/amavis stop > /dev/null
    echo -n "i"
    pkill -9 -u viruser -x amavisd || true
    chown_ahome=1 # do it later
    echo -n "s "
    restart_daemon=1
    [ $mta = sendmail ] && restart_milter=1 || true
    restart_mta=1
  fi
  if getent passwd viruser >/dev/null; then
    echo -n "userdel"
    userdel viruser
  fi
  echo "."
  cp_echo -mailonly "CN: Removed user viruser."
fi # viruser
# added later
if cp_check_and_sed viruser s/viruser/clamav/ \
   /etc/logrotate.d/clamav-daemon /etc/logrotate.d/clamav-freshclam; then
  :
fi # viruser

# $domain will be equal to $host if nothing better can be found
get_domain
domain=$RET

# sendmail config
if [ "$mta" = sendmail ]; then
  update_sendmail
  conf_sendmailize
fi # end sendmail config

# postfix config
if [ "$mta" = postfix ]; then
  update_postfix
  conf_postfixize
fi # end postfix config

# amavisd.conf
if [ -f "$ACONFOLD" ]; then
  cp_echo "CN: Amavisd configuration is now in $ACONF."
  cp_echo "    Previous location was $ACONFOLD."
  if [ ! -e "$ACONFMOVED" ]; then
    mv "$ACONFOLD" "$ACONFMOVED" 
    cp_echo "    Old file renamed to $ACONFMOVED."
  fi
  cp_echo ""
  cp_echo "CN: If you made any changes to $ACONFOLD, they will NOT be moved"
  cp_echo "CN: to the new location automatically.  You must update the new file"
  cp_echo "CN: by yourself, and remove the old file afterwards."
elif [ -f "$ACONFMOVED" ]; then
  cp_echo "CN: Remember to remove the old $ACONFMOVED file."
fi
if [ -f $ACONF ]; then
  if grep -q _CN_ $ACONF; then
    # This is unlikely, actually
    if cp_check_and_sed "s/_CN_DOMAIN_/$domain/g; s/_CN_HOST_/$domain/g" $ACONF; then
      restart_daemon=1
    fi
  else
    if egrep -q "^\\\$mydomain = 'example.com'" $ACONF; then
      # Debian default or lame sysadmin detected, replace it by template
      conf_from_template
    elif egrep -q "#CARNet#\\\$mydomain = 'example.com';" $ACONF &&
       dpkg --compare-versions "$2" eq 2:20030616p5-0; then
      # CARNet Debian 2.1 (sarge) CDROM installation detected
      noisy_backup $ACONF
      conf_from_template
    else
      # add other fixups to update_conf() above
      update_conf $*
    fi
  fi
fi
# nonexistent or empty config
if [ ! -f $ACONF -o ! -s $ACONF ]; then
  # Create fresh config from template
  conf_from_template
fi

# check for SAVI:
# if not there, comment it out, if there, uncomment and restart
if ! dpkg -l libsavi-perl bunch-perl-modules-cn 2> /dev/null | \
       egrep -q '^.i' || \
   ! [ -f /usr/lib/libsavi.so ]; then
  if cp_check_and_sed "^\['Sophos SAVI'" \
     "s/^\(\['Sophos SAVI', ..sophos_savi \]\)/#\1/" $ACONF; then
    cp_echo "CN: Disabled SAVI::Perl usage in ${ACONF}."
    cp_echo "    To enable it, run sophos-sweep-update, uncomment and restart amavis."
  fi
else
  if cp_check_and_sed "^#\['Sophos SAVI'" \
     "s/^#\(\['Sophos SAVI', ..sophos_savi \]\)/\1/" $ACONF; then
    cp_echo "CN: Enabled SAVI::Perl usage in ${ACONF}."
    restart_daemon=1
  fi
fi

check_and_add_alias virusalert root
check_and_add_alias spamalert root

# touch some required files XXX check if necessary for 2.4
if [ ! -f $WLIST ]; then
  touch $WLIST
  chown_ahome=1
fi

if [ ! -f $BLIST ]; then
  touch $BLIST
  chown_ahome=1
fi

if [ ! -f $AHOME/.spamassassin/user_prefs ] ; then
  [ -d $AHOME/.spamassassin ] || mkdir -p $AHOME/.spamassassin
  cat > $AHOME/.spamassassin/user_prefs <<-EEND
        bayes_path              $AHOME/.spamassassin/bayes
        bayes_auto_expire       0
        auto_whitelist_path     $AHOME/.spamassassin/auto-whitelist
        EEND
  chown_ahome=1
fi

if [ ! -f $AHOME/.spamassassin/auto-whitelist ] ; then
  touch $AHOME/.spamassassin/auto-whitelist
  chown_ahome=1
fi

# Raid over rc2.d
if [ -x "/etc/init.d/sendmail" -a -e /etc/rc2.d/S20sendmail ]; then
  update-rc.d -f sendmail remove >/dev/null 2>/dev/null
  update-rc.d sendmail defaults 21 19 >/dev/null
fi
if [ -n "$(find /etc/rc2.d -name S18clam\*)" ]; then
  update-rc.d -f clamav-daemon remove >/dev/null
  update-rc.d clamav-daemon defaults 22 18 >/dev/null
fi

# Cleanup and finalization
if dpkg --compare-versions "$2" lt 2:20030616p10-4; then
  update-rc.d -f amavisd remove > /dev/null
  restart_daemon=1
  chown_ahome=1
  # a complicated way to say chmod 750
  dpkg-statoverride --remove $AHOME > /dev/null || true
  dpkg-statoverride --update --add amavis amavis 750 $AHOME
fi

if [ -n "$chown_ahome" ]; then
  # might be slow
  echo -n "CN: Fixing ownership in /var/*/amavis... "
  chown -R amavis:amavis $AHOME /var/run/amavis || true
  echo "done."
  cp_echo -mailonly "CN: Fixed ownerships in /var/*/amavis."
fi

# kill naughty pyzor descendants
if dpkg --compare-versions "$2" lt "2:20030616p10-7" && \
    pgrep -u amavis -f '/usr/bin/pyzor check' > /dev/null; then
  /etc/init.d/amavisd-cn stop
  pkill -9 -u amavis -f '/usr/bin/pyzor check' > /dev/null || true
  /etc/init.d/amavisd-cn start
  restart_daemon=
  restart_mta=
fi

# START AMAVISD
# about a half of amavisd-cn script is here
if [ "$restart_daemon" -a -x /etc/init.d/amavis.amavisd-new ]; then
  /etc/init.d/amavis.amavisd-new restart
fi
# always check that the daemons are running
if ! wait_for_fds amavis; then
  /etc/init.d/amavis.amavisd-new start
  wait_for_fds amavis
fi
if [ "$mta" = sendmail ]; then
  if [ "$restart_daemon" -a -x /etc/init.d/amavisd-new-milter ]; then
    /etc/init.d/amavisd-new-milter restart
    restart_mta=1
  fi
  # always check that the daemons are running
  if ! wait_for_fds milter; then
    /etc/init.d/amavisd-new-milter start
    wait_for_fds milter
    restart_mta=1
  fi
elif [ "$restart_mta" ]; then
  /etc/init.d/$mta restart
fi

# this needs to be updated when $CRONTAB file changes
if dpkg --compare-versions "$2" lt "2:20030616p10-4"; then
  cp_echo ""
  cp_echo "CN: Deleting temp files older than 1 day every day at 01:35 AM"
  cp_echo "CN: Deleting spam-mail  older than 7 days every day at 03:15 AM"
  cp_echo "CN: Deleting virus-mail older than 7 days every day at 04:25 AM"
  cp_echo "    (can be changed in $CRONTAB)"
fi
# display this message just once... maybe use debconf instead
if dpkg --compare-versions "$2" lt "2:20030616p10-4"; then
  cp_echo ""
  cp_echo "CN: To stop, start or restart all of the clamav+amavis+mta components,"
  cp_echo "CN: use the /etc/init.d/amavisd-cn script."
fi
if [ "$failed" ]; then
  cp_echo ""
  cp_echo "CN: Services $failed failed to restart!"
  cp_echo "CN: Please check and start manually if needed."
fi

# Upgrade, but no automatically changed config;
# warn if new template available
if [ -n "$2" -a -z "$changed_config" ] && \
   dpkg --compare-versions "$2" lt "$TMPLVERSION"; then
  cp_echo ""
  cp_echo "CN: It seems you have upgraded this package from version $2."
  cp_echo "CN: Configuration template for $mta was modified in version ${TMPLVERSION}."
  cp_echo "    You might want to review the changes, or simply copy the new template and"
  cp_echo "    and replace the _CN_DOMAIN_ string with an adequate value:"
  cp_echo "    cp $ACONFTMPL $ACONF"
  cp_echo "    perl -pi -e 's/_CN_DOMAIN_/$domain/g' $ACONF"
fi

cp_mail $PKG $VERSION