#!/bin/sh set -e [ "$1" = "configure" ] || exit 0 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx # Load CARNET Tools . /usr/share/carnet-tools/functions.sh # Load Debconf . /usr/share/debconf/confmodule db_version 2.0 umask 022 # clean up old debconf questions that are no longer in this package if dpkg --compare-versions "$2" lt "2:3.1.7-4"; then db_unregister spamassassin-cn/usedcc || true fi db_get spamassassin-cn/usebayes || true use_bayes="$RET" db_get spamassassin-cn/userazor2 || true use_razor2="$RET" db_get spamassassin-cn/runservice || true run_service="$RET" db_get spamassassin-cn/runasuser || true run_as_user="$RET" db_stop || true # run spamd service as non-root if [ "$run_as_user" = "non-root" ]; then if ! grep -q '^OPTIONS=".*username=spamd"' \ /etc/default/spamassassin; then service spamassassin stop rstart=yes fi if ! getent group spamd >/dev/null 2>&1; then echo "CN: Adding group spamd" addgroup --system spamd >/dev/null 2>&1 fi if ! getent passwd spamd >/dev/null 2>&1; then echo "CN: Adding user spamd" adduser --system --no-create-home --home /etc/spamassassin \ --gecos "SpamAssassin User" \ --ingroup spamd --disabled-password spamd >/dev/null 2>&1 fi if [ ! -d "/var/run/spamd" ]; then mkdir /var/run/spamd fi chown -R spamd:spamd /var/run/spamd/ dpkg-statoverride --remove /var/run/spamd >/dev/null 2>&1 || true dpkg-statoverride --update --add spamd spamd 755 /var/run/spamd \ >/dev/null 2>&1 || true # nope, run spamd as root elif [ "$run_as_user" = "root" ]; then if grep -q '^OPTIONS=".*username=spamd"' \ /etc/default/spamassassin; then service spamassassin stop restart=yes fi if [ -d "/var/run/spamd" ]; then rm -rf /var/run/spamd fi dpkg-statoverride --remove /var/run/spamd >/dev/null 2>&1 || true fi examdir="/usr/share/doc/spamassassin-cn/examples" confdir="/etc/spamassassin" # check and replace local.cf if needed if [ -f $examdir/local.cf ]; then # non-existant or zero if [ ! -s $confdir/local.cf ]; then rm -f $confdir/local.cf fi # old enough if [ -s $confdir/local.cf ] && dpkg --compare-versions "$2" lt "2:3.2.5-4"; then echo "CN: Backing up old version of $confdir/local.cf in /var/backups" cp_backup_conffile $confdir/local.cf rm -f $confdir/local.cf fi # copy template cp -f $examdir/local.cf $confdir/local.cf.$$ # merge both configurations if [ -s $confdir/local.cf ]; then #cat $confdir/local.cf > $confdir/local.cf.$$ # merge old and new in one conf, primarily respecting old script=' my %confhash = (); my ($key, $value); # read template open (NEW, "<", $ARGV[0]); while () { chomp(); if (/^(\S+)\s+(.+)$/o) { my ($key, $value) = ($1, $2); $hash{$key} = $value; } } close(NEW); # read old configuration open (OLD, "<", $ARGV[1]); while () { chomp(); if (/^(\S+)\s+(.+)$/o) { my ($key, $value) = ($1, $2); delete($hash{$key}) if exists($hash{$key}); print $_, "\n"; } else { print $_, "\n"; } } # print missing configuration lines for (keys %hash) { print $_, " ", $hash{$_}, "\n"; } close(OLD); ' perl -e "$script" $confdir/local.cf.$$ $confdir/local.cf > \ $confdir/local.cf.$$.$$ && \ mv -f $confdir/local.cf.$$.$$ $confdir/local.cf.$$ rm -f $confdir/local.cf.$$.$$ fi # set bayes/razor2 in local.cf.$$ for i in bayes razor2; do use_name="use_$i" use_value=$(eval echo \$$use_name) if [ "$use_value" = "true" ]; then use_value=1 else use_value=0 fi cp_check_and_sed "^$use_name " \ "s/^$use_name .*/$use_name $use_value/g" \ $confdir/local.cf.$$ || true done # remove obsolete options from old SA egrep -v '^(bayes_use_chi2_combining|ok_languages|use_pyzor|pyzor_|use_dcc|dcc_)' \ $confdir/local.cf.$$ > $confdir/local.cf.$$.$$ && \ mv -f $confdir/local.cf.$$.$$ $confdir/local.cf.$$ rm -f $confdir/local.cf.$$.$$ # calculate trusted networks cp_get_netaddr || true netaddr="$RET" # ... get already configured trusted networks trusted_networks=$(awk '/^trusted_networks/ { print $2 }' \ $confdir/local.cf.$$ | sed -e 's/,/ /g') # ... merge with local networks configured on eth interfaces for i in $netaddr; do if ! echo "$trusted_networks" | grep -q "$i"; then trusted_networks="$trusted_networks $i" fi done # ... merge with Postfix ranges if [ -x /usr/sbin/postconf ]; then for i in $(postconf -h mynetworks | sed -e 's/,/ /g'); do if ! echo "$trusted_networks" | grep -q "$i"; then trusted_networks="$trusted_networks $i" fi done fi # ... strip 127/8 range for i in $trusted_networks; do if ! echo "$i" | egrep -q \ "127.0.0.0/8|\[::1\]/128|\[::ffff:127.0.0.0\]/104"; then trusted_networks_clean="$trusted_networks_clean $i" fi done # ... strip left and right blanks from final string trusted_networks_clean=$(echo "$trusted_networks_clean" \ | sed 's/^[ \t]*//;s/[ \t]*$//') # ... and replace if non-zero if [ ! -z "$trusted_networks_clean" ]; then trusted_networks=$trusted_networks_clean fi cp_check_and_sed "^trusted_networks " \ "s#^trusted_networks .*#trusted_networks $trusted_networks#g" \ $confdir/local.cf.$$ || true echo "CN: Activated $trusted_networks as trusted networks" if dpkg --compare-versions "$2" lt "2:3.3.5"; then cp_check_and_sed "^bayes_auto_expire 1" \ "s#^bayes_auto_expire .*#bayes_auto_expire 0#g" \ $confdir/local.cf.$$ || true echo "CN: Set bayes_auto_expire to 0" fi # different than template if ! cmp -s $confdir/local.cf.$$ $confdir/local.cf; then # backup if not zero size if [ -s $confdir/local.cf ]; then echo "CN: Backing up old version of $confdir/local.cf in /var/backups" cp_backup_conffile $confdir/local.cf fi echo "CN: Installing new version of $confdir/local.cf" mv -f $confdir/local.cf.$$ $confdir/local.cf restart=yes fi rm -f $confdir/local.cf.$$ fi # enable/disable plugins in SA list=$(find /etc/spamassassin -type f -name 'v*.pre') for i in $list; do # enable DKIM cp -f $i $i.$$ plugin="loadplugin Mail::SpamAssassin::Plugin::DKIM" cp_check_and_sed "^.*#.*$plugin.*$" \ "s/^.*#.*$plugin.*$/$plugin/g" $i.$$ || true if ! cmp -s $i.$$ $i; then mv -f $i.$$ $i fi rm -f $i.$$ # disable Pyzor cp -f $i $i.$$ plugin="loadplugin Mail::SpamAssassin::Plugin::Pyzor" cp_check_and_sed "^$plugin.*$" \ "s/^$plugin.*$/#$plugin/g" $i.$$ || true if ! cmp -s $i.$$ $i; then mv -f $i.$$ $i fi rm -f $i.$$ # disable DCC cp -f $i $i.$$ plugin="loadplugin Mail::SpamAssassin::Plugin::DCC" cp_check_and_sed "^$plugin.*$" \ "s/^$plugin.*$/#$plugin/g" $i.$$ || true if ! cmp -s $i.$$ $i; then mv -f $i.$$ $i fi rm -f $i.$$ # enable AWL cp -f $i $i.$$ plugin="loadplugin Mail::SpamAssassin::Plugin::AWL" cp_check_and_sed "^#$plugin.*$" \ "s/^#$plugin.*$/$plugin/g" $i.$$ || true if ! cmp -s $i.$$ $i; then mv -f $i.$$ $i fi rm -f $i.$$ done # check and replace /etc/default/spamasassin if needed if [ "$run_service" = "true" -a \ -f $examdir/etc-default-spamassassin-$run_as_user ]; then if ! cmp -s $examdir/etc-default-spamassassin-$run_as_user \ /etc/default/spamassassin; then echo "CN: Backing up old version of /etc/default/spamassassin in /var/backups" cp_backup_conffile /etc/default/spamassassin echo "CN: Installing new version of /etc/default/spamassassin" cp -pf $examdir/etc-default-spamassassin-$run_as_user \ /etc/default/spamassassin restart=yes fi fi # do we run spamd at all? if [ "$run_service" = "true" ]; then i_run_service=1 else i_run_service=0 fi # enable or disable spamd in /etc/default/spamassassin if [ -f "/etc/default/spamassassin" ]; then cp_check_and_sed '^ENABLED=' \ "s/^ENABLED=.*/ENABLED=$i_run_service/g" \ /etc/default/spamassassin || true if [ "$run_service" = "true" ]; then echo "CN: Will start spamd by default" else echo "CN: Will not start spamd by default" fi restart=yes fi # fix old /razor-agent.log bug if [ -f "/razor-agent.log" ]; then mv -f /razor-agent.log /tmp echo "CN: Moving razor logs (razor-agent.log) to /tmp" fi # fix razor agent position if [ -f "/etc/razor/razor-agent.conf" ]; then cp_check_and_sed '^.*logfile.*=' \ "s,^.*logfile.*=.*,logfile=sys-syslog,g" \ /etc/razor/razor-agent.conf || true restart=yes fi # cleanup the AWL if getent passwd amavis >/dev/null 2>&1; then AWL=~amavis/.spamassassin/auto-whitelist if [ -s $AWL ]; then echo "CN: Cleaning the Amavis auto-whitelist" su -c '/usr/bin/check_whitelist --clean' - amavis >/dev/null 2>&1 \ || true # see if size is still unacceptable SIZE=$(du -ks $AWL | awk '{print $1}') if [ $SIZE -ge 51200 ]; then echo "CN: Size of AWL database > 50MB, doing full cleanup" cp /dev/null $AWL fi fi fi # import SA keys echo "CN: Importing SpamAssassin channels' public PGP keys" echo "$(date +'%d-%m-%Y %T'): Importing new SA keys..." >> \ /var/log/sa-update.log if [ ! -d /etc/spamassassin/sa-update-keys ]; then mkdir -p /etc/spamassassin/sa-update-keys touch /etc/spamassassin/sa-update-keys/pubring.gpg \ /etc/spamassassin/sa-update-keys/secring.gpg chmod -R go-rwx /etc/spamassassin/sa-update-keys fi sa-update --gpghomedir /etc/spamassassin/sa-update-keys --import /etc/spamassassin/sa-keys.pgp \ >>/var/log/sa-update.log 2>&1 || true # import http://spamassassin.apache.org/updates/GPG.KEY echo "CN: Importing new http://spamassassin.apache.org/updates/GPG.KEY..." sa-update --gpghomedir /etc/spamassassin/sa-update-keys --import /usr/share/spamassassin-cn/GPG.KEY # clean old RulesDuJour rules echo "CN: Cleaning old RulesDuJour and SARE rules..." rm -rf /etc/spamassassin/*_sare_*.cf /etc/spamassassin/RulesDuJour find /var/lib/spamassassin -iname \*_sare_\* -print0 | xargs -0r rm -rf sed -i -e '/dostech.net/d' /etc/spamassassin/sa-update.channels echo "CN: Please use /etc/spamassassin/sa-update.channels in future!" # clean old sought.rules.yerp.org echo "CN: Cleaning old YERP rules..." find /var/lib/spamassassin -iname \*_yerp_\* -print0 | xargs -0r rm -rf sed -i -e '/sought.rules.yerp.org/d' /etc/spamassassin/sa-update.channels # add spamassassin.heinlein-support.de #echo "CN: Adding spamassassin.heinlein-support.de to /etc/spamassassin/sa-update.channels..." #if ! grep -q spamassassin.heinlein-support.de /etc/spamassassin/sa-update.channels; then # echo spamassassin.heinlein-support.de >> /etc/spamassassin/sa-update.channels #fi # get/update the rules echo "CN: Downloading new SpamAssassin rules and updating in background" echo "$(date +'%d-%m-%Y %T'): Fetching new SA rules..." >> \ /var/log/sa-update.log sa-update \ --channelfile /etc/spamassassin/sa-update.channels \ --gpghomedir /etc/spamassassin/sa-update-keys \ --allowplugins >>/var/log/sa-update.log 2>&1 & echo "CN: SpamAssassin updates are now logged at /var/log/sa-update.log" # restart the spamasassin if [ "x$restart" = "xyes" ]; then pkill -f /usr/sbin/spamd || true service spamassassin restart fi # restart the amavis if [ "x$restart" = "xyes" -a -x /etc/init.d/amavis ]; then service amavis restart fi # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0