#!/bin/sh # last update: jelly+paketi@srce.hr Mon Oct 30 14:37:06 CET 2006 set -e [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx case "$1" in configure) # continue below ;; abort-upgrade|abort-remove|abort-deconfigure) exit 0 ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 0 ;; esac PATH=/bin:/usr/bin:/sbin:/usr/sbin export PATH . /usr/share/amavisd-cn/version.sh . /usr/share/carnet-tools/functions.sh . /usr/share/amavisd-cn/variables.sh . /usr/share/amavisd-cn/functions.sh # Place configuration tweaks done on upgrades into this function update_conf() { [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx # comment out spam alerts if we're upgrading from # << 20030616p10-4 in woody, or << 2:20030616p10-5 in sarge, # or a fresh installation is taking place if dpkg --compare-versions "$2" lt 20030616p10-4 || \ { dpkg --compare-versions "$2" ge 2:0 && \ dpkg --compare-versions "$2" lt 2:20030616p10-5; }; then if cp_check_and_sed '^\$spam_admin = "spamalert\\@\$mydomain";$' \ 's/^\(\$spam_admin\b\)/# \1/' $ACONF; then cp_echo "CN: commented \$spam_admin in $ACONF." cp_echo "CN: Be sure to whitelist that address if you reenable it!" cp_echo " If spam detection is enabled for that address, loops may occur." restart_daemon=1 fi fi # saner defaults - silently discard viruses, and do SMTP-time reject for # explicitely banned attachments instead of bounces if dpkg --compare-versions "$2" lt 2:20030616p10-8; then if cp_check_and_sed \ '^[ ]*\$final_virus_destiny[ ]*=[ ]*D_BOUNCE' \ 's/^\([ \t]*\$final_virus_destiny[ \t]*=[ \t]*\)D_BOUNCE/\1D_DISCARD/' \ $ACONF; then cp_echo "CN: Discarding viruses (option \$final_virus_destiny)." restart_daemon=1 fi if cp_check_and_sed \ '^[ ]*\$final_banned_destiny[ ]*=[ ]*D_BOUNCE' \ 's/^\([ \t]*\$final_banned_destiny[ \t]*=[ \t]*\)D_BOUNCE/\1D_REJECT/' \ $ACONF; then cp_echo "CN: Rejecting banned files at SMTP time (option \$final_banned_destiny)." restart_daemon=1 fi fi if dpkg --compare-versions "$2" lt 2:20030616p10-11 && \ [ "$domain" != "$host" ]; then if cp_check_and_sed \ '^[ ]*\$mydomain[ ]*=[ ]* ["'"']$host['"'"]' \ 's/^\([ \t]*\$mydomain[ \t]*=[ \t]*\)["'"']$host['"'"]/\1'"'$domain'"/ \ $ACONF; then cp_echo "CN: MX for $domain detected, updating \$mydomain." restart_daemon=1 fi fi } # find out which MTA, assume postfix mta=postfix ACONFTMPL=$POSTTMPL TMPLVERSION=$POSTTMPLVERSION if dpkg -l postfix | grep -q '^.i'; then . /usr/share/amavisd-cn/postfix.sh elif dpkg -l sendmail | grep -q '^.i'; then mta=sendmail ACONFTMPL=$SENDTMPL TMPLVERSION=$SENDTMPLVERSION . /usr/share/amavisd-cn/sendmail.sh else # should never happen, we check for this in preinst too! echo "CN: Ugh, no supported mail-transported-agent could be found?!" >&2 echo "CN: If you really have a MTA supported by CARNet installed," >&2 echo "CN: Please inform the maintainer. Assuming ${mta}..." >&2 fi # XXX remove at least some of woody cruft for CARNet Debian 2.1+1 # convert sweep-cn back to "sweep" account, fix uid/gid if getent passwd sweep > /dev/null; then check_and_update_ugid sweep /etc/sweep /var/lib/sav /var/spool/intercheck /var/log/sweep.log || true # chown stuff I forgot in previous versions if dpkg --compare-versions "$2" lt 20030616p10-3; then chown -R sweep:sweep /var/spool/intercheck /var/log/sweep.log 2> /dev/null || true fi if cp_check_and_sed viruser s/viruser/sweep/ /etc/cron.d/sweep-cn /usr/bin/sophos-ide-update; then did_sweep="sweep " fi if cp_check_and_sed viruser "s/sweep viruser/sweep/g; s/viruser/sweep/g" /etc/samba/smb.conf; then /etc/init.d/samba reload || true did_sweep="${did_sweep}smb.conf " fi fi # sweep # get rid of viruser if getent passwd viruser > /dev/null || [ -n "$did_sweep" ]; then # remove viruser account usage echo -n "CN: Removing viruser: " [ "$did_sweep" ] && echo -n "$did_sweep" if cp_check_and_sed '^viruser' s/viruser/clamav/ $ALIASES; then newaliases 2>&1 > /dev/null echo -n "aliases " fi if cp_check_and_sed "User viruser" \ s/viruser/clamav/ /etc/clamav/clamd.conf; then clamav_changed=1 fi if cp_check_and_sed "DatabaseOwner viruser" \ s/viruser/clamav/ /etc/clamav/freshclam.conf; then clamav_changed=1 fi if [ -n "$clamav_changed" ]; then # add clamav to amavis group echo -n "c" id clamav | grep -q amavis || adduser clamav amavis > /dev/null echo -n "l" /etc/init.d/clamav-daemon stop > /dev/null || true pkill -9 /usr/sbin/clamd || true echo -n "a" /etc/init.d/clamav-freshclam stop > /dev/null || true pkill -9 /usr/bin/freshclam || true echo -n "m" chown -R clamav:clamav \ /var/lib/clamav /var/log/clamav /var/run/clamav || true echo -n "a" # Don't abort if clamav services do not restart. /etc/init.d/clamav-daemon start > /dev/null || failed clamav-daemon /etc/init.d/clamav-freshclam start > /dev/null || failed clamav-freshclam echo -n "v " fi # We'll catch other changes later, just fix user now if cp_check_and_sed '$daemon_user.*viruser' s/viruser/amavis/g $ACONF; then stop_amavisd_now=1 fi if getent passwd viruser >/dev/null; then if ls -lnG /var/run/amavis $AHOME |grep -q " $(id -u viruser) " || \ pgrep -u viruser -f /usr/sbin/amavis-milter > /dev/null || \ pgrep -u viruser amavisd > /dev/null; then stop_amavisd_now=1 fi fi if [ -n "$stop_amavisd_now" ]; then echo -n "a" if [ -x /etc/init.d/$mta ]; then /etc/init.d/$mta stop > /dev/null else # shouldn't happen either XXX catch it and send to maintainer? echo -n "iee, no init script for $mta! ignoring... a" fi echo -n "m" if [ -x /etc/init.d/amavisd-new-milter ]; then /etc/init.d/amavisd-new-milter stop > /dev/null fi echo -n "a" pkill -9 -u viruser -f /usr/sbin/amavis-milter || true echo -n "v" /etc/init.d/amavis stop > /dev/null echo -n "i" pkill -9 -u viruser -x amavisd || true chown_ahome=1 # do it later echo -n "s " restart_daemon=1 [ $mta = sendmail ] && restart_milter=1 || true restart_mta=1 fi if getent passwd viruser >/dev/null; then echo -n "userdel" userdel viruser fi echo "." cp_echo -mailonly "CN: Removed user viruser." fi # viruser # added later if cp_check_and_sed viruser s/viruser/clamav/ \ /etc/logrotate.d/clamav-daemon /etc/logrotate.d/clamav-freshclam; then : fi # viruser # $domain will be equal to $host if nothing better can be found get_domain domain=$RET # sendmail config if [ "$mta" = sendmail ]; then update_sendmail conf_sendmailize fi # end sendmail config # postfix config if [ "$mta" = postfix ]; then update_postfix conf_postfixize fi # end postfix config # amavisd.conf if [ -f "$ACONFOLD" ]; then cp_echo "CN: Amavisd configuration is now in $ACONF." cp_echo " Previous location was $ACONFOLD." if [ ! -e "$ACONFMOVED" ]; then mv "$ACONFOLD" "$ACONFMOVED" cp_echo " Old file renamed to $ACONFMOVED." fi cp_echo "" cp_echo "CN: If you made any changes to $ACONFOLD, they will NOT be moved" cp_echo "CN: to the new location automatically. You must update the new file" cp_echo "CN: by yourself, and remove the old file afterwards." elif [ -f "$ACONFMOVED" ]; then cp_echo "CN: Remember to remove the old $ACONFMOVED file." fi if [ -f $ACONF ]; then if grep -q _CN_ $ACONF; then # This is unlikely, actually if cp_check_and_sed "s/_CN_DOMAIN_/$domain/g; s/_CN_HOST_/$domain/g" $ACONF; then restart_daemon=1 fi else if egrep -q "^\\\$mydomain = 'example.com'" $ACONF; then # Debian default or lame sysadmin detected, replace it by template conf_from_template elif egrep -q "#CARNet#\\\$mydomain = 'example.com';" $ACONF && dpkg --compare-versions "$2" eq 2:20030616p5-0; then # CARNet Debian 2.1 (sarge) CDROM installation detected noisy_backup $ACONF conf_from_template else # add other fixups to update_conf() above update_conf $* fi fi fi # nonexistent or empty config if [ ! -f $ACONF -o ! -s $ACONF ]; then # Create fresh config from template conf_from_template fi # check for SAVI: # if not there, comment it out, if there, uncomment and restart if ! dpkg -l libsavi-perl bunch-perl-modules-cn 2> /dev/null | \ egrep -q '^.i' || \ ! [ -f /usr/lib/libsavi.so ]; then if cp_check_and_sed "^\['Sophos SAVI'" \ "s/^\(\['Sophos SAVI', ..sophos_savi \]\)/#\1/" $ACONF; then cp_echo "CN: Disabled SAVI::Perl usage in ${ACONF}." cp_echo " To enable it, run sophos-sweep-update, uncomment and restart amavis." fi else if cp_check_and_sed "^#\['Sophos SAVI'" \ "s/^#\(\['Sophos SAVI', ..sophos_savi \]\)/\1/" $ACONF; then cp_echo "CN: Enabled SAVI::Perl usage in ${ACONF}." restart_daemon=1 fi fi check_and_add_alias virusalert root check_and_add_alias spamalert root # touch some required files XXX check if necessary for 2.4 if [ ! -f $WLIST ]; then touch $WLIST chown_ahome=1 fi if [ ! -f $BLIST ]; then touch $BLIST chown_ahome=1 fi if [ ! -f $AHOME/.spamassassin/user_prefs ] ; then [ -d $AHOME/.spamassassin ] || mkdir -p $AHOME/.spamassassin cat > $AHOME/.spamassassin/user_prefs <<-EEND bayes_path $AHOME/.spamassassin/bayes bayes_auto_expire 0 auto_whitelist_path $AHOME/.spamassassin/auto-whitelist EEND chown_ahome=1 fi if [ ! -f $AHOME/.spamassassin/auto-whitelist ] ; then touch $AHOME/.spamassassin/auto-whitelist chown_ahome=1 fi # Raid over rc2.d if [ -x "/etc/init.d/sendmail" -a -e /etc/rc2.d/S20sendmail ]; then update-rc.d -f sendmail remove >/dev/null 2>/dev/null update-rc.d sendmail defaults 21 19 >/dev/null fi if [ -n "$(find /etc/rc2.d -name S18clam\*)" ]; then update-rc.d -f clamav-daemon remove >/dev/null update-rc.d clamav-daemon defaults 22 18 >/dev/null fi # Cleanup and finalization if dpkg --compare-versions "$2" lt 2:20030616p10-4; then update-rc.d -f amavisd remove > /dev/null restart_daemon=1 chown_ahome=1 # a complicated way to say chmod 750 dpkg-statoverride --remove $AHOME > /dev/null || true dpkg-statoverride --update --add amavis amavis 750 $AHOME fi if [ -n "$chown_ahome" ]; then # might be slow echo -n "CN: Fixing ownership in /var/*/amavis... " chown -R amavis:amavis $AHOME /var/run/amavis || true echo "done." cp_echo -mailonly "CN: Fixed ownerships in /var/*/amavis." fi # kill naughty pyzor descendants if dpkg --compare-versions "$2" lt "2:20030616p10-7" && \ pgrep -u amavis -f '/usr/bin/pyzor check' > /dev/null; then /etc/init.d/amavisd-cn stop pkill -9 -u amavis -f '/usr/bin/pyzor check' > /dev/null || true /etc/init.d/amavisd-cn start restart_daemon= restart_mta= fi # START AMAVISD # about a half of amavisd-cn script is here if [ "$restart_daemon" -a -x /etc/init.d/amavis.amavisd-new ]; then /etc/init.d/amavis.amavisd-new restart fi # always check that the daemons are running if ! wait_for_fds amavis; then /etc/init.d/amavis.amavisd-new start wait_for_fds amavis fi if [ "$mta" = sendmail ]; then if [ "$restart_daemon" -a -x /etc/init.d/amavisd-new-milter ]; then /etc/init.d/amavisd-new-milter restart restart_mta=1 fi # always check that the daemons are running if ! wait_for_fds milter; then /etc/init.d/amavisd-new-milter start wait_for_fds milter restart_mta=1 fi elif [ "$restart_mta" ]; then /etc/init.d/$mta restart fi # this needs to be updated when $CRONTAB file changes if dpkg --compare-versions "$2" lt "2:20030616p10-4"; then cp_echo "" cp_echo "CN: Deleting temp files older than 1 day every day at 01:35 AM" cp_echo "CN: Deleting spam-mail older than 7 days every day at 03:15 AM" cp_echo "CN: Deleting virus-mail older than 7 days every day at 04:25 AM" cp_echo " (can be changed in $CRONTAB)" fi # display this message just once... maybe use debconf instead if dpkg --compare-versions "$2" lt "2:20030616p10-4"; then cp_echo "" cp_echo "CN: To stop, start or restart all of the clamav+amavis+mta components," cp_echo "CN: use the /etc/init.d/amavisd-cn script." fi if [ "$failed" ]; then cp_echo "" cp_echo "CN: Services $failed failed to restart!" cp_echo "CN: Please check and start manually if needed." fi # Upgrade, but no automatically changed config; # warn if new template available if [ -n "$2" -a -z "$changed_config" ] && \ dpkg --compare-versions "$2" lt "$TMPLVERSION"; then cp_echo "" cp_echo "CN: It seems you have upgraded this package from version $2." cp_echo "CN: Configuration template for $mta was modified in version ${TMPLVERSION}." cp_echo " You might want to review the changes, or simply copy the new template and" cp_echo " and replace the _CN_DOMAIN_ string with an adequate value:" cp_echo " cp $ACONFTMPL $ACONF" cp_echo " perl -pi -e 's/_CN_DOMAIN_/$domain/g' $ACONF" fi cp_mail $PKG $VERSION