2 # postinst script for spamassassin-cn
4 # see: dh_installdeb(1)
8 # summary of how this script can be called:
9 # * <postinst> `configure' <most-recently-configured-version>
10 # * <old-postinst> `abort-upgrade' <new version>
11 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
13 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
14 # <failed-install-package> <version> `removing'
15 # <conflicting-package> <version>
16 # for details, see http://www.debian.org/doc/debian-policy/ or
17 # the debian-policy package
21 configure|reconfigure)
31 . /usr/share/carnet-tools/functions.sh
34 . /usr/share/debconf/confmodule
39 # clean up old debconf questions that are no longer in this package
40 if dpkg --compare-versions "$2" lt "2:3.1.7-4"; then
41 db_unregister spamassassin-cn/usedcc || true
44 db_get spamassassin-cn/usebayes || true
47 db_get spamassassin-cn/userazor2 || true
50 db_get spamassassin-cn/runservice || true
53 db_get spamassassin-cn/runasuser || true
58 # run spamd service as non-root
59 if [ "$run_as_user" = "non-root" ]; then
60 if ! grep -q '^OPTIONS=".*username=spamd"' \
61 /etc/default/spamassassin; then
62 systemctl stop spamassassin
66 if ! getent group spamd >/dev/null 2>&1; then
67 echo "CN: Adding group spamd"
68 addgroup --system spamd >/dev/null 2>&1
70 if ! getent passwd spamd >/dev/null 2>&1; then
71 echo "CN: Adding user spamd"
72 adduser --system --no-create-home --home /etc/spamassassin \
73 --gecos "SpamAssassin User" \
74 --ingroup spamd --disabled-password spamd >/dev/null 2>&1
77 if [ ! -d "/var/run/spamd" ]; then
81 chown -R spamd:spamd /var/run/spamd/
82 dpkg-statoverride --remove /var/run/spamd >/dev/null 2>&1 || true
83 dpkg-statoverride --update --add spamd spamd 755 /var/run/spamd \
84 >/dev/null 2>&1 || true
86 # nope, run spamd as root
87 elif [ "$run_as_user" = "root" ]; then
88 if grep -q '^OPTIONS=".*username=spamd"' \
89 /etc/default/spamassassin; then
90 systemctl stop spamassassin
94 if [ -d "/var/run/spamd" ]; then
97 dpkg-statoverride --remove /var/run/spamd >/dev/null 2>&1 || true
100 examdir="/usr/share/doc/spamassassin-cn/examples"
101 confdir="/etc/spamassassin"
103 # check and replace local.cf if needed
104 if [ -f $examdir/local.cf ]; then
105 # non-existant or zero
106 if [ ! -s $confdir/local.cf ]; then
107 rm -f $confdir/local.cf
111 if [ -s $confdir/local.cf ] &&
112 dpkg --compare-versions "$2" lt "2:3.2.5-4"; then
113 echo "CN: Backing up old version of $confdir/local.cf in /var/backups"
114 cp_backup_conffile $confdir/local.cf
115 rm -f $confdir/local.cf
119 cp -f $examdir/local.cf $confdir/local.cf.$$
121 # merge both configurations
122 if [ -s $confdir/local.cf ]; then
123 #cat $confdir/local.cf > $confdir/local.cf.$$
125 # merge old and new in one conf, primarily respecting old
131 open (NEW, "<", $ARGV[0]);
135 if (/^(\S+)\s+(.+)$/o)
137 my ($key, $value) = ($1, $2);
138 $hash{$key} = $value;
143 # read old configuration
144 open (OLD, "<", $ARGV[1]);
148 if (/^(\S+)\s+(.+)$/o)
150 my ($key, $value) = ($1, $2);
151 delete($hash{$key}) if exists($hash{$key});
160 # print missing configuration lines
163 print $_, " ", $hash{$_}, "\n";
167 perl -e "$script" $confdir/local.cf.$$ $confdir/local.cf > \
168 $confdir/local.cf.$$.$$ && \
169 mv -f $confdir/local.cf.$$.$$ $confdir/local.cf.$$
171 rm -f $confdir/local.cf.$$.$$
174 # set bayes/razor2 in local.cf.$$
175 for i in bayes razor2; do
177 use_value=$(eval echo \$$use_name)
178 if [ "$use_value" = "true" ]; then
183 cp_check_and_sed "^$use_name " \
184 "s/^$use_name .*/$use_name $use_value/g" \
185 $confdir/local.cf.$$ || true
188 # remove obsolete options from old SA
189 egrep -v '^(bayes_use_chi2_combining|ok_languages|use_pyzor|pyzor_|use_dcc|dcc_)' \
190 $confdir/local.cf.$$ > $confdir/local.cf.$$.$$ && \
191 mv -f $confdir/local.cf.$$.$$ $confdir/local.cf.$$
192 rm -f $confdir/local.cf.$$.$$
194 # calculate trusted networks
195 cp_get_netaddr || true
197 # ... get already configured trusted networks
198 trusted_networks=$(awk '/^trusted_networks/ { print $2 }' \
199 $confdir/local.cf.$$ | sed -e 's/,/ /g')
200 # ... merge with local networks configured on eth interfaces
201 for i in $netaddr; do
202 if ! echo "$trusted_networks" | grep -q "$i"; then
203 trusted_networks="$trusted_networks $i"
206 # ... merge with Postfix ranges
207 if [ -x /usr/sbin/postconf ]; then
208 for i in $(postconf -h mynetworks | sed -e 's/,/ /g'); do
209 if ! echo "$trusted_networks" | grep -q "$i"; then
210 trusted_networks="$trusted_networks $i"
214 # ... strip 127/8 range
215 for i in $trusted_networks; do
216 if ! echo "$i" | egrep -q \
217 "127.0.0.0/8|\[::1\]/128|\[::ffff:127.0.0.0\]/104"; then
218 trusted_networks_clean="$trusted_networks_clean $i"
221 # ... strip left and right blanks from final string
222 trusted_networks_clean=$(echo "$trusted_networks_clean" \
223 | sed 's/^[ \t]*//;s/[ \t]*$//')
224 # ... and replace if non-zero
225 if [ ! -z "$trusted_networks_clean" ]; then
226 trusted_networks=$trusted_networks_clean
228 cp_check_and_sed "^trusted_networks " \
229 "s#^trusted_networks .*#trusted_networks $trusted_networks#g" \
230 $confdir/local.cf.$$ || true
231 echo "CN: Activated $trusted_networks as trusted networks"
233 if dpkg --compare-versions "$2" lt "2:3.3.5"; then
234 cp_check_and_sed "^bayes_auto_expire 1" \
235 "s#^bayes_auto_expire .*#bayes_auto_expire 0#g" \
236 $confdir/local.cf.$$ || true
237 echo "CN: Set bayes_auto_expire to 0"
240 # different than template
241 if ! cmp -s $confdir/local.cf.$$ $confdir/local.cf; then
242 # backup if not zero size
243 if [ -s $confdir/local.cf ]; then
244 echo "CN: Backing up old version of $confdir/local.cf in /var/backups"
245 cp_backup_conffile $confdir/local.cf
248 echo "CN: Installing new version of $confdir/local.cf"
249 mv -f $confdir/local.cf.$$ $confdir/local.cf
254 rm -f $confdir/local.cf.$$
257 # enable/disable plugins in SA
258 list=$(find /etc/spamassassin -type f -name 'v*.pre')
262 plugin="loadplugin Mail::SpamAssassin::Plugin::DKIM"
263 cp_check_and_sed "^.*#.*$plugin.*$" \
264 "s/^.*#.*$plugin.*$/$plugin/g" $i.$$ || true
265 if ! cmp -s $i.$$ $i; then
272 plugin="loadplugin Mail::SpamAssassin::Plugin::Pyzor"
273 cp_check_and_sed "^$plugin.*$" \
274 "s/^$plugin.*$/#$plugin/g" $i.$$ || true
275 if ! cmp -s $i.$$ $i; then
282 plugin="loadplugin Mail::SpamAssassin::Plugin::DCC"
283 cp_check_and_sed "^$plugin.*$" \
284 "s/^$plugin.*$/#$plugin/g" $i.$$ || true
285 if ! cmp -s $i.$$ $i; then
292 plugin="loadplugin Mail::SpamAssassin::Plugin::AWL"
293 cp_check_and_sed "^#$plugin.*$" \
294 "s/^#$plugin.*$/$plugin/g" $i.$$ || true
295 if ! cmp -s $i.$$ $i; then
301 # check and replace /etc/default/spamasassin if needed
302 if [ "$run_service" = "true" -a \
303 -f $examdir/etc-default-spamassassin-$run_as_user ]; then
304 if ! cmp -s $examdir/etc-default-spamassassin-$run_as_user \
305 /etc/default/spamassassin; then
306 echo "CN: Backing up old version of /etc/default/spamassassin in /var/backups"
307 cp_backup_conffile /etc/default/spamassassin
309 echo "CN: Installing new version of /etc/default/spamassassin"
310 cp -pf $examdir/etc-default-spamassassin-$run_as_user \
311 /etc/default/spamassassin
317 # do we run spamd at all?
318 if [ "$run_service" = "true" ]; then
324 # enable or disable spamd in /etc/default/spamassassin
325 if [ -f "/etc/default/spamassassin" ]; then
326 cp_check_and_sed '^ENABLED=' \
327 "s/^ENABLED=.*/ENABLED=$i_run_service/g" \
328 /etc/default/spamassassin || true
329 if [ "$run_service" = "true" ]; then
330 echo "CN: Will start spamd by default"
332 echo "CN: Will not start spamd by default"
337 # fix old /razor-agent.log bug
338 if [ -f "/razor-agent.log" ]; then
339 mv -f /razor-agent.log /tmp
340 echo "CN: Moving razor logs (razor-agent.log) to /tmp"
343 # fix razor agent position
344 if [ -f "/etc/razor/razor-agent.conf" ]; then
345 cp_check_and_sed '^.*logfile.*=' \
346 "s,^.*logfile.*=.*,logfile=sys-syslog,g" \
347 /etc/razor/razor-agent.conf || true
352 if getent passwd amavis >/dev/null 2>&1; then
353 AWL=~amavis/.spamassassin/auto-whitelist
355 echo "CN: Cleaning the Amavis auto-whitelist"
356 su -c '/usr/bin/check_whitelist --clean' - amavis >/dev/null 2>&1 \
359 # see if size is still unacceptable
360 SIZE=$(du -ks $AWL | awk '{print $1}')
361 if [ $SIZE -ge 51200 ]; then
362 echo "CN: Size of AWL database > 50MB, doing full cleanup"
369 echo "CN: Importing SpamAssassin channels' public PGP keys"
370 echo "$(date +'%d-%m-%Y %T'): Importing new SA keys..." >> \
371 /var/log/sa-update.log
372 if [ ! -d /etc/spamassassin/sa-update-keys ]; then
373 mkdir -p /etc/spamassassin/sa-update-keys
374 touch /etc/spamassassin/sa-update-keys/pubring.gpg \
375 /etc/spamassassin/sa-update-keys/secring.gpg
376 chmod -R go-rwx /etc/spamassassin/sa-update-keys
378 sa-update --import /etc/spamassassin/sa-keys.pgp \
379 >>/var/log/sa-update.log 2>&1 || true
381 # clean old RulesDuJour rules
382 echo "CN: Cleaning old RulesDuJour and SARE rules..."
383 rm -rf /etc/spamassassin/*_sare_*.cf /etc/spamassassin/RulesDuJour
384 find /var/lib/spamassassin -iname \*_sare_\* -print0| xargs -0r rm -rf
385 sed -i -e '/dostech.net/d' /etc/spamassassin/sa-update.channels
386 echo "CN: Please use /etc/spamassassin/sa-update.channels in future!"
388 # get/update the rules
389 echo "CN: Downloading new SpamAssassin rules and updating in background"
390 echo "$(date +'%d-%m-%Y %T'): Fetching new SA rules..." >> \
391 /var/log/sa-update.log
393 --channelfile /etc/spamassassin/sa-update.channels \
397 --gpgkey BDE9DC10 >>/var/log/sa-update.log 2>&1 &
398 echo "CN: SpamAssassin updates are now logged at /var/log/sa-update.log"
400 # restart the spamasassin
401 if [ "x$restart" = "xyes" ]; then
402 pkill -f /usr/sbin/spamd || true
403 systemctl restart spamassassin
407 if [ "x$restart" = "xyes" -a -x /etc/init.d/amavis ]; then
408 systemctl restart amavis
411 # dh_installdeb will replace this with shell code automatically
412 # generated by other debhelper scripts.