From 9881eb03821c641460350eee4ed7aa0350e5c6ca Mon Sep 17 00:00:00 2001 From: Zoran Dzelajlija Date: Thu, 18 Oct 2007 23:23:53 +0000 Subject: [PATCH] r11: Preliminary etch package. --- README.CARNet | 57 ++++++++--- README.maintainer | 5 +- TODO | 10 +- changelog.CARNet | 22 ++++- debian/control | 19 ++-- debian/init | 20 ++-- debian/install | 8 +- debian/postinst | 272 ++++++--------------------------------------------- debian/prerm | 34 +------ debian/rules | 2 +- src/postfix.sh | 73 +------------- src/variables.sh | 14 +-- templates/40-carnet | 74 ++++++++++++++ templates/master.cf | 28 ++++++ version.sh | 6 +- 15 files changed, 239 insertions(+), 405 deletions(-) create mode 100644 templates/40-carnet create mode 100644 templates/master.cf diff --git a/README.CARNet b/README.CARNet index 4601dfd..fca6327 100644 --- a/README.CARNet +++ b/README.CARNet @@ -1,16 +1,48 @@ amavisd-cn -Ovaj paket donosi dodatnu CARNetovu konfiguraciju za paket -iz Debian distribucije. +Ovaj paket donosi dodatnu CARNetovu konfiguraciju za pakete amavisd-new i +postfix iz Debian distribucije. Komunikacija izmedju postfix MTA i +amavisd-new se obavlja preko lmtp protokola, u nacelu na nacin opisan u -- Od inacice 20030616p10-1, amavisd-cn vise ne donosi cijeli amavisd-new, - vec ovisi o Debianovim paketima amavisd-new i amavisd-new-milter. U ovom - paketu se sada nalazi samo konfiguracija podesna za posluzitelje na - CARNetovim ustanovama. Konfiguracijska datoteka se vise ne nalazi u - /etc/amavisd.conf, vec u +/usr/share/doc/amavisd-new/README.postfix.gz + +- Debian etch ima konfiguraciju za amavisd-new razdijeljenu u mnostvo + datoteka, koje se nalaze u /etc/amavis/conf.d. + + amavisd-cn paket donosi svoje postavke u tom direktoriju, u datoteci + + /etc/amavis/conf.d/40-carnet + + Ukoliko zelite rucno izmijeniti neku od tih postavki, strogo se preporuca + iskopirati vrijednost u datoteku koju Debian predvidja za korisnika, + + /etc/amavis/conf.d/50-user + + te u toj datoteci postaviti vlastitu vrijednost koja ce imati prednost nad + Debianovom, ili onom iz 40-carnet tj. iz ovog paketa. + + Ukoliko pak zelite programatski, iz vlastite skripte ili paketa dodati + neku postavku koja nadopunjuje CARNetovu konfiguraciju, preporuca se pripremiti + vlastitu datoteku i nazvati je imenom koje ce leksicki padati izmedju + 40-carnet i 50-user, na primjer + + /etc/amavis/conf.d/45-sophos-aai + + U njoj je onda moguce referencirati se na Debianove ili nase postavke. + + Ukoliko zelite zadrzati jednu datoteku za konfiguraciju kao sto je + uobicajeno u upstream verziji, i u Debianu prije izdanja 4.0 / etch, + nemojte koristiti ovaj paket. Ukoliko je prije instalacije amavisd-cn + postojala stara datoteka /etc/amavis/amavisd.conf + ista ce biti premjestena u /var/backups/amavisd.conf.bak i postavke + _nece_ biti automatski prenesene. Vlastite postavke morate naknadno + prebaciti u gore navedenu datoteku + + /etc/amavis/conf.d/50-user + Stara datoteka se kod instalacije premjesta u /etc/amavis/amavisd.conf.cn-old, tako da po zelji mozete vlastite postavke prenijeti u novu. Predlozak za novu konfiguraciju se nalazi u @@ -19,15 +51,15 @@ iz Debian distribucije. postavljena podrska za Sendmail+milter, za SpamAssassin s podrskom za white- i blackliste, te za ClamAV i Sophos antiviruse. -- Za restart svih kompomenti mta sustava ispravnim redoslijedom (clamd + - amavisd-new + amavis-milter + sendmail ili clamd + amavisd + postfix) - mozete koristiti dodanu init.d skriptu +- Stara skripta za restart svih kompomenti mta sustava (clamd + amavisd + + postfix) vise nije nuzno potrebna, ali se jos uvijek moze korisititi kao - /etc/init.d/amavisd-cn restart + /etc/init.d/amavisd-cn restart - Odrzavanje spamassassin bayesian filtera sada dolazi sa Debianovim paketom i nalazi se u + /etc/cron.daily/amavisd-new /etc/cron.d/amavisd-new Brisanje starih datoteka iz karantene se obavlja iz @@ -52,4 +84,5 @@ iz Debian distribucije. $spam_lovers{lc($spam_admin)} = 1; - -- Zoran Dzelajlija Fri, 30 Jun 2006 10:58:01 +0200 + -- Zoran Dzelajlija Thu, 18 Oct 2007 21:47:49 +0200 + diff --git a/README.maintainer b/README.maintainer index b84ea96..e3b40ad 100644 --- a/README.maintainer +++ b/README.maintainer @@ -1,5 +1,4 @@ Before commiting a build candidate, remember to update version.sh! VERSION must be same as the latest changelog entry, stripped of epoch. -SENDTMPLVERSION and POSTTMPLVERSION should indicate when a particular -template was last updated. - +POSTTMPLVERSION, +MASTTMPLVERSION should indicate when a particular template was last updated. diff --git a/TODO b/TODO index f99e222..85d3bd4 100644 --- a/TODO +++ b/TODO @@ -1,9 +1,3 @@ Bugs: -- SAVI ne radi kod prve instalacije? Nakon sophos-sweep-update i - dpkg-reconfigure amavisd-cn proradi. -- CN: Current configuration saved in /var/backups/amavisd.conf.bak - se pojavljuje precesto a uzrokuje slanje maila. - -Features: -- funkcije za pametniju izmjenu sendmail <-> postfix -- update na 2.4 i _mozda_ split config +- Radi li SAVI kod prve instalacije? U sargeu nije radio a to + nije mijenjano. diff --git a/changelog.CARNet b/changelog.CARNet index 8e57449..6365721 100644 --- a/changelog.CARNet +++ b/changelog.CARNet @@ -1,4 +1,24 @@ -amavisd-cn (2:20030616p10-12) sarge; urgency=low +amavisd-cn (3:2.4.2-1) etch; urgency=low + + * Pocetna verzija za etch. + * Izbacene reference na sendmail, kojeg vise ne podrzavamo. + * Pojednostavljena konfiguracija, u zasebnoj datoteci. + Izbacene su sve postavke za koje Debian daje dobre vrijednosti + te jos neke vjerojatno zastarjele postavke. Izmedju ostalog, + - $whitelist_sender popis + * Zavrsni backup i brisanje amavisd.conf iz /etc/amavis. + * Dignut epoch radi pracenja verzije amavisd-new. + + -- Zoran Dzelajlija Thu, 18 Oct 2007 21:53:46 +0200 + +amavisd-cn (2:20030616p10-12) sarge; urgency=high + + * Sitniji hotfix za rjesenje problema sporog startanja Clamav daemona + (pidfile se pojavljuje sa zakasnjenjem od 30ak sec) + + -- Dinko Korunic Tue, 29 May 2007 14:14:45 +0200 + +amavisd-cn (2:20030616p10-12~unreleased) UNRELEASED; urgency=low * U prerm pazi da li postoji newaliases. diff --git a/debian/control b/debian/control index 00b7cef..1fe430d 100644 --- a/debian/control +++ b/debian/control @@ -2,20 +2,17 @@ Source: amavisd-cn Section: mail Priority: optional Maintainer: Zoran Dzelajlija -Build-Depends: debhelper (>= 4.0.0), sed +Build-Depends: debhelper, sed Standards-Version: 3.6.1 Package: amavisd-cn Architecture: all Provides: amavisd-new-cn -Depends: amavisd-new (>= 20030616p10-5), postfix | amavisd-new-milter (>= 20030616p10-5), postfix | sendmail (>= 8.13.1-20), clamav-cn (>= 0.80-7), spamassassin (>= 2.64), debianutils (>= 1.13.1), carnet-tools-cn (>= 2.7), procps, patch +Depends: amavisd-new (>= 1:2.4.2-6.1), postfix, clamav-cn (>= 2:0.91.2-1), spamassassin (>= 3.1.7-2), debianutils, carnet-tools-cn (>= 2.7), procps Pre-Depends: amavisd-new -Recommends: sweep-cn, libsavi-perl -Conflicts: libsavi-perl (<< 0.15), bunch-perl-modules-cn, sweep-cn (<< 1.8-2) -Description: Interface between MTA and virus scanner/content filters - AMaViSd-new is a script that interfaces a mail transport agent (MTA) with - zero or more virus scanners, and spamassassin (optional). - . - CARNet configuration comes with clamav and spamassassin, providing - virus and spam scanning for postfix, or for sendmail via - amavisd-new-milter. +Suggests: sophos-srce, libsavi-perl +Conflicts: libsavi-perl (<< 0.15), bunch-perl-modules-cn, sweep-cn +Description: Easy setup for a postfix/amavisd-new/clamav/spamassassin configuration + This package provides a simple but reasonable configuration of amavisd-new + providing virus and spam scanning for postfix MTA, using clamav and + spamassassin to scan for viruses and spam. diff --git a/debian/init b/debian/init index 8af8212..62f701f 100755 --- a/debian/init +++ b/debian/init @@ -7,7 +7,6 @@ set -e options=' clamd clamav-daemon clamav /usr/sbin/clamd clamav/clamd.pid 5 clamav.log amavis amavis.amavisd-new amavis amavisd \\(master\\) amavis/amavisd.pid 5 socket -milter amavisd-new-milter amavis /usr/sbin/amavis-milter amavis/amavisd-new-milter.pid 5 socket ' # note: pgrep -f takes a regexp, and this is shell expanded once, hence \\ @@ -61,7 +60,7 @@ wait_for_fds () { IFS="$IFSOLD" num=${num:-4} sleep=${sleep:-1} - maxtry=${maxtry:-10} + maxtry=${maxtry:-90} if [ -n "$pidfile" ]; then pidfile=/var/run/$pidfile findpid="[ -f $pidfile ] && cat $pidfile || true" @@ -75,10 +74,11 @@ wait_for_fds () { do sleep $sleep # 1st, give it a chance to run pid=`eval $findpid` # 2nd: find it - [ -z "$pid" ] && return 1 # not running at all - count=`ls -1 /proc/$pid/fd 2>/dev/null| wc -l` # 3rd: count all it's worth - [ "$count" -ge "$num" ] && ls -l /proc/$pid/fd | grep -q $fdname \ - && return # success -- release + if [ ! -z "$pid" ]; then + count=`ls -1 /proc/$pid/fd 2>/dev/null| wc -l` # 3rd: count all it's worth + [ "$count" -ge "$num" ] && ls -l /proc/$pid/fd | grep -q $fdname \ + && return # success -- release + fi try=$(($try+1)) [ "0$try" -ge "0$maxtry" ] && return 1 # no luck this time done @@ -105,11 +105,7 @@ esac # If there's no diversion, play possum [ -x /etc/init.d/amavis.amavisd-new ] || exit 0 -if [ -x /etc/init.d/postfix -a -x /usr/lib/postfix/master ]; then - mta=postfix -else - mta=sendmail -fi +mta=postfix case "$arg" in start|stop|restart|reload|force-reload) @@ -119,13 +115,11 @@ case "$arg" in istart) start clamd start amavis - [ $mta = sendmail ] && start milter /etc/init.d/$mta start ;; istop) /etc/init.d/$mta stop - [ $mta = sendmail ] && stop milter stop amavis stop clamd ;; diff --git a/debian/install b/debian/install index 2c00cdf..c422bf9 100644 --- a/debian/install +++ b/debian/install @@ -1,3 +1,5 @@ -version.sh usr/share/amavisd-cn -src/* usr/share/amavisd-cn -templates/* usr/share/amavisd-cn +version.sh usr/share/amavisd-cn +src/postfix.sh usr/share/amavisd-cn +src/variables.sh usr/share/amavisd-cn +src/functions.sh usr/share/amavisd-cn +templates/* usr/share/amavisd-cn diff --git a/debian/postinst b/debian/postinst index 811121e..4ce2de2 100755 --- a/debian/postinst +++ b/debian/postinst @@ -1,5 +1,5 @@ #!/bin/sh -# last update: jelly+paketi@srce.hr Mon Oct 30 14:37:06 CET 2006 +# last update: zoran.dzelajlija@carnet.hr Fri, 19 Oct 2007 00:34:32 +0200 set -e @@ -31,220 +31,40 @@ export PATH # Place configuration tweaks done on upgrades into this function update_conf() { [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx - # comment out spam alerts if we're upgrading from - # << 20030616p10-4 in woody, or << 2:20030616p10-5 in sarge, - # or a fresh installation is taking place - if dpkg --compare-versions "$2" lt 20030616p10-4 || \ - { dpkg --compare-versions "$2" ge 2:0 && \ - dpkg --compare-versions "$2" lt 2:20030616p10-5; }; then - if cp_check_and_sed '^\$spam_admin = "spamalert\\@\$mydomain";$' \ - 's/^\(\$spam_admin\b\)/# \1/' $ACONF; then - cp_echo "CN: commented \$spam_admin in $ACONF." - cp_echo "CN: Be sure to whitelist that address if you reenable it!" - cp_echo " If spam detection is enabled for that address, loops may occur." - restart_daemon=1 - fi - fi - # saner defaults - silently discard viruses, and do SMTP-time reject for - # explicitely banned attachments instead of bounces - if dpkg --compare-versions "$2" lt 2:20030616p10-8; then - if cp_check_and_sed \ - '^[ ]*\$final_virus_destiny[ ]*=[ ]*D_BOUNCE' \ - 's/^\([ \t]*\$final_virus_destiny[ \t]*=[ \t]*\)D_BOUNCE/\1D_DISCARD/' \ - $ACONF; then - cp_echo "CN: Discarding viruses (option \$final_virus_destiny)." - restart_daemon=1 - fi - if cp_check_and_sed \ - '^[ ]*\$final_banned_destiny[ ]*=[ ]*D_BOUNCE' \ - 's/^\([ \t]*\$final_banned_destiny[ \t]*=[ \t]*\)D_BOUNCE/\1D_REJECT/' \ - $ACONF; then - cp_echo "CN: Rejecting banned files at SMTP time (option \$final_banned_destiny)." - restart_daemon=1 - fi - fi - if dpkg --compare-versions "$2" lt 2:20030616p10-11 && \ - [ "$domain" != "$host" ]; then - if cp_check_and_sed \ - '^[ ]*\$mydomain[ ]*=[ ]* ["'"']$host['"'"]' \ - 's/^\([ \t]*\$mydomain[ \t]*=[ \t]*\)["'"']$host['"'"]/\1'"'$domain'"/ \ - $ACONF; then - cp_echo "CN: MX for $domain detected, updating \$mydomain." - restart_daemon=1 - fi - fi + # placeholder. + # remember to set changed_config=1 and restart_daemon=1 if necessary + : } -# find out which MTA, assume postfix mta=postfix -ACONFTMPL=$POSTTMPL -TMPLVERSION=$POSTTMPLVERSION -if dpkg -l postfix | grep -q '^.i'; then - . /usr/share/amavisd-cn/postfix.sh -elif dpkg -l sendmail | grep -q '^.i'; then - mta=sendmail - ACONFTMPL=$SENDTMPL - TMPLVERSION=$SENDTMPLVERSION - . /usr/share/amavisd-cn/sendmail.sh -else - # should never happen, we check for this in preinst too! - echo "CN: Ugh, no supported mail-transported-agent could be found?!" >&2 - echo "CN: If you really have a MTA supported by CARNet installed," >&2 - echo "CN: Please inform the maintainer. Assuming ${mta}..." >&2 -fi - -# XXX remove at least some of woody cruft for CARNet Debian 2.1+1 -# convert sweep-cn back to "sweep" account, fix uid/gid -if getent passwd sweep > /dev/null; then - check_and_update_ugid sweep /etc/sweep /var/lib/sav /var/spool/intercheck /var/log/sweep.log || true - # chown stuff I forgot in previous versions - if dpkg --compare-versions "$2" lt 20030616p10-3; then - chown -R sweep:sweep /var/spool/intercheck /var/log/sweep.log 2> /dev/null || true - fi - if cp_check_and_sed viruser s/viruser/sweep/ /etc/cron.d/sweep-cn /usr/bin/sophos-ide-update; then - did_sweep="sweep " - fi - if cp_check_and_sed viruser "s/sweep viruser/sweep/g; s/viruser/sweep/g" /etc/samba/smb.conf; then - /etc/init.d/samba reload || true - did_sweep="${did_sweep}smb.conf " - fi -fi # sweep - -# get rid of viruser -if getent passwd viruser > /dev/null || [ -n "$did_sweep" ]; then - # remove viruser account usage - echo -n "CN: Removing viruser: " - [ "$did_sweep" ] && echo -n "$did_sweep" - if cp_check_and_sed '^viruser' s/viruser/clamav/ $ALIASES; then - newaliases 2>&1 > /dev/null - echo -n "aliases " - fi - if cp_check_and_sed "User viruser" \ - s/viruser/clamav/ /etc/clamav/clamd.conf; then - clamav_changed=1 - fi - if cp_check_and_sed "DatabaseOwner viruser" \ - s/viruser/clamav/ /etc/clamav/freshclam.conf; then - clamav_changed=1 - fi - if [ -n "$clamav_changed" ]; then - # add clamav to amavis group - echo -n "c" - id clamav | grep -q amavis || adduser clamav amavis > /dev/null - echo -n "l" - /etc/init.d/clamav-daemon stop > /dev/null || true - pkill -9 /usr/sbin/clamd || true - echo -n "a" - /etc/init.d/clamav-freshclam stop > /dev/null || true - pkill -9 /usr/bin/freshclam || true - echo -n "m" - chown -R clamav:clamav \ - /var/lib/clamav /var/log/clamav /var/run/clamav || true - echo -n "a" - # Don't abort if clamav services do not restart. - /etc/init.d/clamav-daemon start > /dev/null || failed clamav-daemon - /etc/init.d/clamav-freshclam start > /dev/null || failed clamav-freshclam - echo -n "v " - fi - # We'll catch other changes later, just fix user now - if cp_check_and_sed '$daemon_user.*viruser' s/viruser/amavis/g $ACONF; then - stop_amavisd_now=1 - fi - if getent passwd viruser >/dev/null; then - if ls -lnG /var/run/amavis $AHOME |grep -q " $(id -u viruser) " || \ - pgrep -u viruser -f /usr/sbin/amavis-milter > /dev/null || \ - pgrep -u viruser amavisd > /dev/null; then - stop_amavisd_now=1 - fi - fi - if [ -n "$stop_amavisd_now" ]; then - echo -n "a" - if [ -x /etc/init.d/$mta ]; then - /etc/init.d/$mta stop > /dev/null - else - # shouldn't happen either XXX catch it and send to maintainer? - echo -n "iee, no init script for $mta! ignoring... a" - fi - echo -n "m" - if [ -x /etc/init.d/amavisd-new-milter ]; then - /etc/init.d/amavisd-new-milter stop > /dev/null - fi - echo -n "a" - pkill -9 -u viruser -f /usr/sbin/amavis-milter || true - echo -n "v" - /etc/init.d/amavis stop > /dev/null - echo -n "i" - pkill -9 -u viruser -x amavisd || true - chown_ahome=1 # do it later - echo -n "s " - restart_daemon=1 - [ $mta = sendmail ] && restart_milter=1 || true - restart_mta=1 - fi - if getent passwd viruser >/dev/null; then - echo -n "userdel" - userdel viruser - fi - echo "." - cp_echo -mailonly "CN: Removed user viruser." -fi # viruser -# added later -if cp_check_and_sed viruser s/viruser/clamav/ \ - /etc/logrotate.d/clamav-daemon /etc/logrotate.d/clamav-freshclam; then - : -fi # viruser +. /usr/share/amavisd-cn/postfix.sh # $domain will be equal to $host if nothing better can be found cp_get_mx_domain domain=$RET -# sendmail config -if [ "$mta" = sendmail ]; then - update_sendmail - conf_sendmailize -fi # end sendmail config - -# postfix config -if [ "$mta" = postfix ]; then - update_postfix - conf_postfixize -fi # end postfix config +update_postfix # amavisd.conf if [ -f "$ACONFOLD" ]; then cp_echo "CN: Amavisd configuration is now in $ACONF." cp_echo " Previous location was $ACONFOLD." - if [ ! -e "$ACONFMOVED" ]; then - mv "$ACONFOLD" "$ACONFMOVED" - cp_echo " Old file renamed to $ACONFMOVED." + cp_backup_conffile "$ACONFOLD" + rm -f "$ACONFOLD" + cp_echo " Old file renamed to $ACONFMOVED." fi cp_echo "" - cp_echo "CN: If you made any changes to $ACONFOLD, they will NOT be moved" - cp_echo "CN: to the new location automatically. You must update the new file" - cp_echo "CN: by yourself, and remove the old file afterwards." -elif [ -f "$ACONFMOVED" ]; then - cp_echo "CN: Remember to remove the old $ACONFMOVED file." + cp_echo "CN: Please read /usr/share/doc/amavisd-cn/README.CARNet." +elif [ -f "$ACONFOLD.disabled" ]; then + cp_backup_conffile "$ACONFOLD.disabled" "$(basename $ACONFOLD)" + rm -f "$ACONFOLD.disabled" + cp_echo "CN: Removed $ACONFOLD.disabled." + cp_echo " Please read /usr/share/doc/amavisd-cn/README.CARNet." fi + if [ -f $ACONF ]; then - if grep -q _CN_ $ACONF; then - # This is unlikely, actually - if cp_check_and_sed "s/_CN_DOMAIN_/$domain/g; s/_CN_HOST_/$domain/g" $ACONF; then - restart_daemon=1 - fi - else - if egrep -q "^\\\$mydomain = 'example.com'" $ACONF; then - # Debian default or lame sysadmin detected, replace it by template - conf_from_template - elif egrep -q "#CARNet#\\\$mydomain = 'example.com';" $ACONF && - dpkg --compare-versions "$2" eq 2:20030616p5-0; then - # CARNet Debian 2.1 (sarge) CDROM installation detected - noisy_backup $ACONF - conf_from_template - else - # add other fixups to update_conf() above - update_conf $* - fi - fi + # add other fixups to function update_conf(), way above + update_conf $* fi # nonexistent or empty config if [ ! -f $ACONF -o ! -s $ACONF ]; then @@ -254,9 +74,7 @@ fi # check for SAVI: # if not there, comment it out, if there, uncomment and restart -if ! dpkg -l libsavi-perl bunch-perl-modules-cn 2> /dev/null | \ - egrep -q '^.i' || \ - ! [ -f /usr/lib/libsavi.so ]; then +if ! dpkg -l libsavi-perl 2> /dev/null | egrep -q '^.i' || ! [ -f /usr/lib/libsavi.so ]; then if cp_check_and_sed "^\['Sophos SAVI'" \ "s/^\(\['Sophos SAVI', ..sophos_savi \]\)/#\1/" $ACONF; then cp_echo "CN: Disabled SAVI::Perl usage in ${ACONF}." @@ -273,17 +91,6 @@ fi check_and_add_alias virusalert root check_and_add_alias spamalert root -# touch some required files XXX check if necessary for 2.4 -if [ ! -f $WLIST ]; then - touch $WLIST - chown_ahome=1 -fi - -if [ ! -f $BLIST ]; then - touch $BLIST - chown_ahome=1 -fi - if [ ! -f $AHOME/.spamassassin/user_prefs ] ; then [ -d $AHOME/.spamassassin ] || mkdir -p $AHOME/.spamassassin cat > $AHOME/.spamassassin/user_prefs <<-EEND @@ -299,15 +106,8 @@ if [ ! -f $AHOME/.spamassassin/auto-whitelist ] ; then chown_ahome=1 fi -# Raid over rc2.d -if [ -x "/etc/init.d/sendmail" -a -e /etc/rc2.d/S20sendmail ]; then - update-rc.d -f sendmail remove >/dev/null 2>/dev/null - update-rc.d sendmail defaults 21 19 >/dev/null -fi -if [ -n "$(find /etc/rc2.d -name S18clam\*)" ]; then - update-rc.d -f clamav-daemon remove >/dev/null - update-rc.d clamav-daemon defaults 22 18 >/dev/null -fi +# No sysvinit order fixes +: # Cleanup and finalization if dpkg --compare-versions "$2" lt 2:20030616p10-4; then @@ -327,8 +127,8 @@ if [ -n "$chown_ahome" ]; then cp_echo -mailonly "CN: Fixed ownerships in /var/*/amavis." fi -# kill naughty pyzor descendants -if dpkg --compare-versions "$2" lt "2:20030616p10-7" && \ +# kill naughty pyzor descendants -- XXX needed for 2.4 or not? +if dpkg --compare-versions "$2" lt 2:20030616p10-7 && \ pgrep -u amavis -f '/usr/bin/pyzor check' > /dev/null; then /etc/init.d/amavisd-cn stop pkill -9 -u amavis -f '/usr/bin/pyzor check' > /dev/null || true @@ -347,18 +147,7 @@ if ! wait_for_fds amavis; then /etc/init.d/amavis.amavisd-new start wait_for_fds amavis fi -if [ "$mta" = sendmail ]; then - if [ "$restart_daemon" -a -x /etc/init.d/amavisd-new-milter ]; then - /etc/init.d/amavisd-new-milter restart - restart_mta=1 - fi - # always check that the daemons are running - if ! wait_for_fds milter; then - /etc/init.d/amavisd-new-milter start - wait_for_fds milter - restart_mta=1 - fi -elif [ "$restart_mta" ]; then +if [ "$restart_mta" ]; then /etc/init.d/$mta restart fi @@ -370,12 +159,13 @@ if dpkg --compare-versions "$2" lt "2:20030616p10-4"; then cp_echo "CN: Deleting virus-mail older than 7 days every day at 04:25 AM" cp_echo " (can be changed in $CRONTAB)" fi -# display this message just once... maybe use debconf instead -if dpkg --compare-versions "$2" lt "2:20030616p10-4"; then - cp_echo "" - cp_echo "CN: To stop, start or restart all of the clamav+amavis+mta components," - cp_echo "CN: use the /etc/init.d/amavisd-cn script." -fi +# This script is, hopefully, not needed any more. Hide it. +## display this message just once... maybe use debconf instead +#if dpkg --compare-versions "$2" lt "2:20030616p10-4"; then +# cp_echo "" +# cp_echo "CN: To stop, start or restart all of the clamav+amavis+mta components," +# cp_echo "CN: use the /etc/init.d/amavisd-cn script." +#fi if [ "$failed" ]; then cp_echo "" cp_echo "CN: Services $failed failed to restart!" diff --git a/debian/prerm b/debian/prerm index 3a25577..6c4bcb7 100755 --- a/debian/prerm +++ b/debian/prerm @@ -6,12 +6,7 @@ set -e . /usr/share/carnet-tools/functions.sh PKG=amavisd-cn -MAILDIR=/etc/mail ALIASES=/etc/aliases -sendmail_cf=$MAILDIR/sendmail.cf -sendmail_mc=$MAILDIR/sendmail.mc -submit_mc=$MAILDIR/submit.mc -ct_file=$MAILDIR/trusted-users main_cf=/etc/postfix/main.cf master_cf=/etc/postfix/master.cf @@ -21,36 +16,17 @@ del_postconf() { } if [ "$1" = remove ]; then - # sendmail? - if grep -q $PKG $sendmail_mc $submit_mc 2>&- || \ - grep -q '^amavis$' $ct_file 2>&- ; then - echo "Removing sendmail configuration for ${PKG}... " - cp-update -r -c dnl $PKG $sendmail_mc >&- - cp-update -r -c dnl $PKG $submit_mc >&- - grep -v '^amavis$' $ct_file > ${ct_file}.dpkg-tmp.$$ || true - cp_mv ${ct_file}.dpkg-tmp.$$ $ct_file - make -C /etc/mail 2>&1 | grep -v 'issue .*/etc/init.d/sendmail reload' 1>&2 || true - echo "Removed sendmail configuration for ${PKG}." - if pgrep -u root -f 'sendmail: MTA: accepting connections' >&- ; then - /etc/init.d/sendmail reload - if ! pgrep -u root -f 'sendmail: MTA: accepting connections' >&- ; then - echo 'CN: Something bad happened to sendmail on reload!' 1>&2 - exit 1 - fi - # Everything went well, apparently. Remove old backup files. - rm -f $sendmail_cf.$PKG - rm -f $sendmail_mc.$PKG - rm -f $submit_mc.$PKG - fi - fi - # postfix? if grep -q $PKG $master_cf; then cp-update -r $PKG $master_cf >&- del_postconf content_filter echo "Removed postfix configuration for ${PKG}." if pgrep -u root -f /usr/lib/postfix/master >&- && \ [ -x /etc/init.d/postfix ] >&- ; then - /etc/init.d/postfix restart + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d postfix restart + else + /etc/init.d/postfix restart + fi fi fi cp-update -r $PKG $ALIASES >&- diff --git a/debian/rules b/debian/rules index 5e270dc..a22dcb4 100755 --- a/debian/rules +++ b/debian/rules @@ -44,7 +44,7 @@ install: build dh_clean -k dh_installdirs - # Add here commands to install the package into debian/carnet-tools-cn. + # Add here commands to install the package into debian/package-name. # $(MAKE) install DESTDIR=$(CURDIR)/debian/carnet-tools-cn diff --git a/src/postfix.sh b/src/postfix.sh index e851632..c89c30e 100644 --- a/src/postfix.sh +++ b/src/postfix.sh @@ -1,77 +1,14 @@ update_postfix() { # set up master.cf if [ -f /etc/postfix/master.cf ] && \ - ! grep -q smtp-amavis /etc/postfix/master.cf; then - cp-update $PKG /etc/postfix/master.cf <<-EOF - smtp-amavis unix - - n - 2 smtp - -o smtp_data_done_timeout=1200 - -o disable_dns_lookups=yes - -o smtp_line_length_limit=0 - -o notify_classes=protocol,resource,software - -o max_use=10 - - 127.0.0.1:10025 inet n - n - - smtpd - -o content_filter= - -o local_recipient_maps= - -o smtpd_helo_restrictions= - -o smtpd_client_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o mynetworks=127.0.0.0/8 - -o strict_rfc821_envelopes=yes - EOF + \( ! grep -q smtp-amavis /etc/postfix/master.cf || \ + dpkg --compare-versions "$2" lt $MASTTMPLVERSION \); then + noisy_backup /etc/postfix/master.cf + cp-update $PKG /etc/postfix/master.cf < $MASTTMPL fi # main.cf postconf -e content_filter="smtp-amavis:[127.0.0.1]:10024" -} - -conf_postfixize() { - local tmp - tmp=`basename $ACONF.dpkg-tmp.$$` - noisy_backup $ACONF - # detect non-postfix config - # XXX add $inet_socket_port & $inet_socket_bind - if egrep -q '^[[:blank:]]*\$notify_method = .*argv=/usr/sbin/sendmail -Ac.*-odd' $ACONF || \ - ! ( egrep -q '^\$forward_method = '\''smtp:127.0.0.1:10025'\'';[[:blank:]]*(#|$)' $ACONF && \ - egrep -q '^\$notify_method = \$forward_method;[[:blank:]]*(#|$)' $ACONF && \ - egrep -q '^\$inet_socket_port.*10024' $ACONF && \ - egrep -q '^\$inet_socket_bind' $ACONF ); then - if catpatch $ACONF | patch -sfp0 --dry-run >&- 2>&-; then - oldpwd=`pwd` - cd `dirname $ACONF` - cp -p $ACONF $tmp - catpatch $tmp | patch -fp0 - cp_mv $tmp $ACONF - cd $oldpwd - cp_echo -mailonly "CN: $ACONF patched for postfix." - # then try to update exact options without disturbing anything else - elif commented_in_paragraph '^[[:blank:]]*#.*POSTFIX' \ - '^$forward_method = '\''smtp:127.0.0.1:10025'\'';[[:blank:]]*(#|$)' \ - '^\$notify_method = \$forward_method;[[:blank:]]*(#|$)' \ - -f $ACONF && - uncommented_in_paragraph '^[[:blank:]]*#.*MILTER' \ - '$forward_method = undef;[[:blank:]]*(#|$)' \ - '$notify_method = .*argv=/usr/sbin/sendmail -Ac.*-odd' \ - -f $ACONF; then - cp $ACONF $tmp - uncomment_in_paragraph '^[[:blank:]]*#.*POSTFIX' \ - '^$forward_method = '\''smtp:127.0.0.1:10025'\'';[[:blank:]]*(#|$)' \ - '^\$notify_method = \$forward_method;[[:blank:]]*(#|$)' \ - -f $tmp - comment_in_paragraph '^[[:blank:]]*#.*MILTER' \ - '$forward_method = undef;[[:blank:]]*(#|$)' \ - '$notify_method = .*argv=/usr/sbin/sendmail -Ac.*-odd' \ - -f $tmp - cp_mv $tmp $ACONF - cp_echo "CN: $ACONF updated for ${mta}." - # or just use the template - else - conf_from_template - cp_echo "CN: Config generated from ${ACONFTMPL}." - fi - restart_daemon=1 - changed_config=1 - fi + restart_mta=1 } diff --git a/src/variables.sh b/src/variables.sh index 6652536..f90ac03 100644 --- a/src/variables.sh +++ b/src/variables.sh @@ -1,18 +1,9 @@ PKG=amavisd-cn AHOME=/var/lib/amavis -MAILDIR=/etc/mail ALIASES=/etc/aliases -sendmail_cf=$MAILDIR/sendmail.cf -sendmail_mc=$MAILDIR/sendmail.mc -submit_mc=$MAILDIR/submit.mc -ct_file=$MAILDIR/trusted-users CRONTAB=/etc/cron.d/$PKG -ACONFOLD=/etc/amavisd.conf -ACONFMOVED=/etc/amavisd.conf.cn-old -ACONF=/etc/amavis/amavisd.conf -POSTTMPL=/usr/share/$PKG/amavisd.conf.postfix-template -SENDTMPL=/usr/share/$PKG/amavisd.conf.sendmail-template -postdiff=/usr/share/$PKG/sendmail-to-postfix.diff +ACONF=/etc/amavis/conf.d/40-carnet +ACONFTMPL=/usr/share/$PKG/templates/40-carnet BLIST=$AHOME/blacklist_sender WLIST=$AHOME/whitelist_sender # domain is set in postinst @@ -23,6 +14,5 @@ host=$(/bin/hostname -f) options=' clamd clamav-daemon clamav /usr/sbin/clamd clamav/clamd.pid 5 clamav.log amavis amavis.amavisd-new amavis amavisd \\(master\\) amavis/amavisd.pid 5 socket -milter amavisd-new-milter amavis /usr/sbin/amavis-milter amavis/amavisd-new-milter.pid 5 socket ' # note: pgrep -f takes a regexp, and this is shell expanded once, hence \\ diff --git a/templates/40-carnet b/templates/40-carnet new file mode 100644 index 0000000..1d3369b --- /dev/null +++ b/templates/40-carnet @@ -0,0 +1,74 @@ +use strict; + +## +## amavisd-new CARNet configuration file +## +## This file contains the config entries that we modify programatically, +## or that we think are better defaults than what Debian provides. +## +## Do not edit this file, put your changes in 50-user instead! +## + +# override $mydomain from 05-domain_id and 20-debian_defaults +# +$mydomain = '_CN_DOMAIN_'; +@local_domains_acl = ( "$mydomain", ".$mydomain" ); + +# prettify the return path for notifications a bit in case there's a +# separate person handling these, ie. if the user customizes +# virusalert or spamalert aliases. +# +$mailfrom_notify_admin = "virusalert\@$mydomain"; +$mailfrom_notify_recip = "virusalert\@$mydomain"; +$mailfrom_notify_spamadmin = "spamalert\@$mydomain"; +# Keep the default for now +#$virus_admin = "postmaster\@$mydomain"; + +# Keep the default for now +# $X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef) +# $X_HEADER_LINE = "by $myversion (Debian) at $mydomain"; + +# postfix configuration, postfix' listener socket +# +$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail +$notify_method = $forward_method; # where to submit notifications + +# postfix setup for notifications, for rationale read the comments about +# LMTP in /usr/share/doc/amavisd-new/README.postfix.gz +# +$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE) +$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE) +$final_spam_destiny = D_BOUNCE; # (defaults to D_REJECT) +$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested + +# read our legacy sender white/blacklists +# +if (-f "$MYHOME/whitelist_sender") { + read_hash(\%whitelist_sender, "$MYHOME/whitelist_sender"); +} +if (-f "$MYHOME/blacklist_sender") { + read_hash(\%blacklist_sender, "$MYHOME/blacklist_sender"); +} + +# A small optimization +$first_infected_stops_scan = 1; # default is false, all scanners are called + +# placeholder for AVs we might enable +# +push @av_scanners, ( + +# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ +# ['Sophos SAVI', \&sophos_savi ], + +) + +# Always have an AV fallback +# +push @av_scanners_backup = ( + +# always succeeds (uncomment to consider mail clean if all other scanners fail) +['always-clean', sub {0}], + +) + +1; # insure a defined return diff --git a/templates/master.cf b/templates/master.cf new file mode 100644 index 0000000..4e2199d --- /dev/null +++ b/templates/master.cf @@ -0,0 +1,28 @@ +smtp-amavis unix - - n - 2 smtp + -o smtp_data_done_timeout=1200 + -o smtp_send_xforward_command=yes + -o disable_dns_lookups=yes + -o smtp_line_length_limit=0 + -o notify_classes=protocol,resource,software + -o max_use=10 + +127.0.0.1:10025 inet n - n - - smtpd + -o content_filter= + -o local_recipient_maps= + -o relay_recipient_maps= + -o smtpd_restriction_classes= + -o smtpd_delay_reject=no + -o smtpd_client_restrictions=permit_mynetworks,reject + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o smtpd_data_restrictions=reject_unauth_pipelining + -o smtpd_end_of_data_restrictions= + -o mynetworks=127.0.0.0/8 + -o smtpd_error_sleep_time=0 + -o smtpd_soft_error_limit=1001 + -o smtpd_hard_error_limit=1000 + -o smtpd_client_connection_count_limit=0 + -o smtpd_client_connection_rate_limit=0 + -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks + -o strict_rfc821_envelopes=yes diff --git a/version.sh b/version.sh index f14ca7f..6045577 100644 --- a/version.sh +++ b/version.sh @@ -1,3 +1,3 @@ -VERSION=20030616p10-11 -SENDTMPLVERSION=2:20030616p10-8 -POSTTMPLVERSION=2:20030616p10-10 +VERSION=2.4.2-1 +POSTTMPLVERSION=3:2.4.2-1 +MASTTMPLVERSION=3:2.4.2-1 -- 1.7.10.4