#!/bin/sh #---------------------------------------------------------------------------------------- # /var/install/bin/antispam-update-cron - update spamassassin rule files # # Copyright (c) 2001-2024 The Eisfair Team, team(at)eisfair(dot)org # # Creation: 2009-11-04 jed # Last Update: $Id$ # # Options/Parameters: # # antispam-update-cron [--debug|--quiet] # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------------------- # read eislib etc. . /var/install/include/eislib . /var/install/include/jedlib # debug mode: true/false #debug=true if ${debug:-false} then exec 2>/tmp/$(basename ${0})-trace$$.log set -x ask_debug=true export ask_debug fi #---------------------------------------------------------------------------------------- # check if directories exist #---------------------------------------------------------------------------------------- check_dirs () { local _cd_error _cd_error=0 for DNAME in ${antispam_user_path} ${antispam_config_path} ${antispam_config_spam_path} \ ${antispam_update_path} ${antispam_update_keys_path} do if [ -d ${DNAME} ] then chown ${antispam_user} ${DNAME} chgrp ${antispam_group} ${DNAME} if [ "${DNAME}" = "${antispam_update_keys_path}" ] then chmod 0700 ${DNAME} fi else _cd_error=1 /usr/bin/logger -p "local7.error" -t "antispam" "rule update: Directory '${DNAME}' doesn't exist!" myecho --pack ${module_name} --error "Directory '${DNAME}' doesn't exist!" fi done return ${_cd_error} } #---------------------------------------------------------------------------------------- # check if files exist #---------------------------------------------------------------------------------------- check_files () { local _cf_error _cf_error=0 for FNAME in ${antispam_channel_file} ${antispam_keys_file} ${antispam_trustedkeys_file} do if [ ! -f ${FNAME} ] then _cf_error=1 /usr/bin/logger -p "local7.error" -t "antispam" "rule update: File '${FNAME}' doesn't exist!" myecho --pack ${module_name} --error "File '${FNAME}' doesn't exist!" fi done return ${_cf_error} } #---------------------------------------------------------------------------------------- # update rule files if possible #---------------------------------------------------------------------------------------- update_rule_files () { local _urf_updret local _urf_keyret local _urf_line local _urf_keyname local _urf_orgname local _urf_ret /usr/bin/logger -p "local7.info" -t "antispam" "rule update: started." _urf_updret=0 if check_dirs then if check_files then # updating gpg keys ... rm -f ${antispam_update_log_file} { echo "---gnupg version------------" gpg --version } >> ${antispam_update_log_file} # moving away previously gnupg database files, like pubring.gpg etc. { echo echo "---mv gnupg db files--------" for FNAME in ${antispam_update_keys_path}/pubring.* ${antispam_update_keys_path}/secring.* ${antispam_update_keys_path}/trustdb.gpg do if [ -f ${FNAME} ] then mv -v ${FNAME} ${FNAME}.tmp fi done } >> ${antispam_update_log_file} _urf_keyret=0 while read _urf_line do echo ${_urf_line} | grep -q "^#" if [ $? -ne 0 ] then # no comment, go on ... { echo echo "---downloading gpg key------" } >> ${antispam_update_log_file} _urf_keyname=`basename ${_urf_line}` cd ${tmp_path} /usr/bin/wget.sh -O ${tmp_path}/${_urf_keyname} ${_urf_line} >> ${antispam_update_log_file} 2>> ${antispam_update_log_file} if [ $? -eq 0 -a -f ${tmp_path}/${_urf_keyname} ] then # key download successful, go on ... echo "---importing gpg keys-------" >> ${antispam_update_log_file} /usr/bin/sa-update ${debug} --import ${tmp_path}/${_urf_keyname} >> ${antispam_update_log_file} 2>> ${antispam_update_log_file} if [ $? -ne 0 ] then /usr/bin/logger -p "local7.warning" -t "antispam" "rule update: Couldn't import key '${_urf_line}'!" myecho --pack ${module_name} --warn "Rule update couldn't import key '${_urf_line}'!" _urf_keyret=1 fi # remove temporary key file rm -f ${tmp_path}/${_urf_keyname} else /usr/bin/logger -p "local7.warning" -t "antispam" "rule update: Couldn't download key '${_urf_line}'!" myecho --pack ${module_name} --warn "Rule update couldn't download key '${_urf_line}'!" _urf_keyret=1 fi fi done < ${antispam_keys_file} if [ ${_urf_keyret} -eq 0 ] then # delete previously used gnupg db files { echo echo "---remove gnupg db files----" rm -f -v ${antispam_update_keys_path}/pubring.*.tmp ${antispam_update_keys_path}/secring.*.tmp ${antispam_update_keys_path}/trustdb.gpg.tmp } >> ${antispam_update_log_file} else # restore previously used gnupg db files { echo echo "---restore gnupg db files---" for FNAME in ${antispam_update_keys_path}/pubring.*.tmp ${antispam_update_keys_path}/secring.*.tmp ${antispam_update_keys_path}/trustdb.gpg.tmp do if [ -f ${FNAME} ] then _urf_orgname=`echo "${FNAME}" | sed 's/\.tmp$//'` mv -v ${FNAME} ${_urf_orgname} fi done } >> ${antispam_update_log_file} fi else /usr/bin/logger -p "local7.error" -t "antispam" "rule update: Update aborted because a required file couldn't be found!" echo "ERROR: Rule update aborted because a required file couldn't be found!" >> ${tmpfile} _urf_updret=1 fi { echo echo "---updating channel(s)------" } >> ${antispam_update_log_file} /usr/bin/sa-update ${debug} --channelfile ${antispam_channel_file} --gpgkeyfile ${antispam_trustedkeys_file} >> ${antispam_update_log_file} 2>> ${antispam_update_log_file} _urf_ret=$? case ${_urf_ret} in 0 ) # update was available, downloaded and installed /usr/bin/logger -p "local7.info" -t "antispam" "rule update: SA rules have successfully been updated." myecho --pack ${module_name} --info "Rule update has successfully updated SA rules." touch ${antispam_restart_request_file} ;; 1 ) # no new updates available /usr/bin/logger -p "local7.info" -t "antispam" "rule update: Nothing to do." myecho --pack ${module_name} --info "Rule update hasn't found new SA rules to update." ;; 2 ) # update available but integrity check failed - rules not updated! /usr/bin/logger -p "local7.error" -t "antispam" "rule update: SA rules have been downloaded but an integrity check failed!" echo "ERROR: Rule update has downloaded new SA rules but an integrity check failed!" >> ${tmpfile} _urf_updret=${_urf_ret} ;; * ) /usr/bin/logger -p "local7.error" -t "antispam" "rule update: Update failed with error '${_urf_ret}'!" echo "ERROR: Rule update failed with error '${_urf_ret}'!" >> ${tmpfile} _urf_updret=${_urf_ret} ;; esac echo "---return code: ${_urf_ret}-----------" >> ${antispam_update_log_file} else /usr/bin/logger -p "local7.error" -t "antispam" "rule update: Update aborted because a required directory couldn't be found!" echo "ERROR: Rule update aborted because a required directory couldn't be found!" >> ${tmpfile} _urf_updret=1 fi if [ ${_urf_updret} -gt 0 ] then { echo "ERROR: An error occured while updating the antispam rules. Check" echo " the antispam and sa-update log files for further details!" } >> ${tmpfile} fi return ${_urf_updret} } #======================================================================================== # main #======================================================================================== pgmname=`basename $0` full_pgmname="`which ${0}`" module_name=`echo "${module_name}" | cut -d- -f1` antispam_user='spam' antispam_group='nogroup' ### set path names ### tmp_path=/tmp antispam_run_path=/run/antispam antispam_config_path=/var/antispam antispam_config_spam_path=${antispam_config_path}/spamassassin antispam_update_path=${antispam_config_spam_path}/sa-update-files antispam_update_keys_path=${antispam_config_spam_path}/sa-update-keys antispam_home_path=/home/${antispam_user} antispam_user_path=${antispam_home_path}/.spamassassin ### set files ### antispam_channel_file=${antispam_config_spam_path}/sa-update-channels.txt antispam_keys_file=${antispam_config_spam_path}/sa-update-keys.txt antispam_trustedkeys_file=${antispam_update_keys_path}/sa-update-trusted-keys.txt antispam_restart_request_file=${antispam_run_path}/antispam-restart-request antispam_update_log_file=${antispam_config_spam_path}/sa-update.log tmpfile=`/bin/mktemp -t ${pgmname}.XXXXXXXXX` debug='-D 1' qflag='' # command line parameter if [ $# -gt 0 ] then # read parameter(s) while [ $# -gt 0 ] do case $1 in *-debug ) debug='--debug all' shift ;; *-quiet ) qflag='-quiet' shift ;; * ) shift ;; esac done fi if [ "${antispam_user}" != "`whoami`" ] then # make sure that the script is run as 'spam' user su - ${antispam_user} -s /bin/sh -c ${full_pgmname} > /dev/null else # run as 'spam' user, go on ... update_rule_files if [ $? -ne 0 -a -s ${tmpfile} ] then # output error messages cat ${tmpfile} fi fi rm -f ${tmpfile} #======================================================================================== # exit #======================================================================================== exit 0