postfix: new spam.sh update script that avoids reloading if files did not change.

2023-07-25 15:24:00 +02:00 · 2023-07-25 15:24:00 +02:00 · 3c3db4fefa
parent 4b4b34e849
commit 3c3db4fefa
2 changed files with 81 additions and 69 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -43,6 +43,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * postfix (packmail or when postfix_slow_transport_include is True): change `minimal_backoff_time` from 2h to 15m (see HowtoPostfix)
 * postfix (packmail) : optimize Amavis integration
 * redis: standardize plugins path from /usr/local/share/munin/ to /usr/local/lib/munin/plugins/
+* postfix: new spam.sh update script that avoids reloading if files did not change.

 ### Fixed

--- a/postfix/files/spam.sh
+++ b/postfix/files/spam.sh
@ -1,87 +1,98 @@
 #!/bin/bash

 #set -x
-
 umask 022

-tmp_file=$(mktemp)
+tmp_dir="/tmp/spam_sh"
+mkdir -p "${tmp_dir}"
+data_url="http://antispam00.evolix.org/spam"
+rc=0

-tmp=$(mktemp -d)
+function is_installed {
+    dpkg -l "${1}" 2>&1 | grep -v "no packages found matching" | grep -q ^ii
+}

-if [ -f $tmp_file ] ;
-  then rm $tmp_file ;
-fi
+function is_new {
+    # Check whether a file name provided as argument has been changed remotely
+    cd "${tmp_dir}"
+    wget -q -t 3 "${data_url}/${1}.md5" -O "${1}.md5.new"
+    if ! [ -e "${1}.md5" ] || ! cmp -s "$1.md5" "${1}.md5.new"; then
+        return 0
+    fi
+    return 1
+}

-sleep $[ $RANDOM / 1024 ]
+function download {
+    cd "${tmp_dir}"
+    wget -q -t 3 "${data_url}/${1}" -O "${1}"
+    wget -q -t 3 "${data_url}/${1}.md5" -O "${1}.md5"    
+}

-# Postfix
-cd $tmp
+function check_integrity {
+    cd "$tmp_dir"
+    md5sum -c "${1}.md5" > /dev/null && [ -e "${1}" ]
+}

-wget -q -t 3 http://antispam00.evolix.org/spam/client.access -O $tmp_file
-cp $tmp_file /etc/postfix/client.access
-rm $tmp_file
-
-wget -q -t 3 http://antispam00.evolix.org/spam/sender.access -O $tmp_file
-cp $tmp_file /etc/postfix/sender.access
-rm $tmp_file
-
-wget -q -t 3 http://antispam00.evolix.org/spam/recipient.access -O $tmp_file
-cp $tmp_file /etc/postfix/recipient.access
-rm $tmp_file
-
-wget -q -t 3 http://antispam00.evolix.org/spam/header_kill -O $tmp_file
-cp $tmp_file /etc/postfix/header_kill
-rm $tmp_file
-
-wget -q -t 3 http://antispam00.evolix.org/spam/sa-blacklist.access  -O sa-blacklist.access
-wget -q -t 3 http://antispam00.evolix.org/spam/sa-blacklist.access.md5  -O $tmp_file
-if md5sum -c $tmp_file > /dev/null && [ -s sa-blacklist.access ] ; then
-        cp sa-blacklist.access /etc/postfix/sa-blacklist.access
-fi
-rm sa-blacklist.access
-rm $tmp_file
-
-/usr/sbin/postmap hash:/etc/postfix/client.access
-/usr/sbin/postmap hash:/etc/postfix/sender.access
-/usr/sbin/postmap hash:/etc/postfix/recipient.access
-/usr/sbin/postmap -r hash:/etc/postfix/sa-blacklist.access
-
-wget -q -t 3 http://antispam00.evolix.org/spam/spamd.cidr  -O spamd.cidr
-wget -q -t 3 http://antispam00.evolix.org/spam/spamd.cidr.md5  -O $tmp_file
-if md5sum -c $tmp_file > /dev/null && [ -s spamd.cidr ] ; then
-        cp spamd.cidr /etc/postfix/spamd.cidr
-fi
-rm spamd.cidr
-rm $tmp_file
+function cleanup {
+    rm -f /etc/postfix/header_kill.db
+    rm -f /etc/postfix/header_kill_local.db
+    rm -f "$tmp_dir"/*.md5.new
+}

+postfix_dbs="client.access sender.access recipient.access header_kill sa-blacklist.access spamd.cidr"
+for db in ${postfix_dbs}; do
+    if is_new "${db}"; then
+        download "${db}"
+        if check_integrity "${db}"; then
+            cp "${tmp_dir}/${db}" /etc/postfix/
+            if [ "${db}" != "header_kill" ]; then
+                /usr/sbin/postmap -r "/etc/postfix/${db}"
+            fi
+        else
+            >&2 echo "Integrity check failed for new ${db}."
+            rc=1
+        fi
+    fi
+done

 # SpamAssassin
-cd $tmp
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix_rules.cf -O evolix_rules.cf
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix_rules.cf.md5 -O $tmp_file
-if md5sum -c $tmp_file > /dev/null && [ -s evolix_rules.cf ] ; then
-        dpkg -l spamassassin 2>&1 | grep -v "no packages found matching" | grep -q ^ii && cp evolix_rules.cf /etc/spamassassin
-        dpkg -l spamassassin 2>&1 | grep -v "no packages found matching" | grep -q ^ii && /etc/init.d/spamassassin reload > /dev/null
-        if [ -d /etc/spamassassin/sa-update-hooks.d ]; then
+sa_db="evolix_rules.cf"
+if is_installed spamassassin; then
+    if is_new "${sa_db}"; then
+        download "${sa_db}"
+        if check_integrity "${sa_db}"; then
+            cp ${tmp_dir}/evolix_rules.cf /etc/spamassassin
+            /etc/init.d/spamassassin reload > /dev/null
+            if [ -d /etc/spamassassin/sa-update-hooks.d ]; then
                run-parts --lsbsysinit /etc/spamassassin/sa-update-hooks.d
+            fi
+        else
+            >&2 echo "Integrity check failed for ${sa_db}."
+            rc=1
        fi
+    fi
 fi

-# ClamAV
-cd $tmp
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix.ndb -O evolix.ndb
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix.ndb.md5 -O $tmp_file
-dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && chown clamav: evolix.ndb
-if md5sum -c $tmp_file > /dev/null && [ -s evolix.ndb ] ; then
-        dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && cp -a evolix.ndb /var/lib/clamav/
-fi
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix.hsb -O evolix.hsb
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix.hsb.md5 -O $tmp_file
-dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && chown clamav: evolix.hsb
-if md5sum -c $tmp_file > /dev/null && [ -s evolix.hsb ] ; then
-        dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && cp -a evolix.hsb /var/lib/clamav/
-fi
-dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && /etc/init.d/clamav-daemon reload-database > /dev/null
-rm $tmp_file
+cleanup

-rm -rf $tmp
+exit "${rc}"
+
+# Commenté car fichiers plus maintenus (cf. Reg)
+## ClamAV
+#cd $tmp
+#wget -q -t 3 http://antispam00.evolix.org/spam/evolix.ndb -O evolix.ndb
+#wget -q -t 3 http://antispam00.evolix.org/spam/evolix.ndb.md5 -O $tmp_file
+#dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && chown clamav: evolix.ndb
+#if md5sum -c $tmp_file > /dev/null && [ -s evolix.ndb ] ; then
+#        dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && cp -a evolix.ndb /var/lib/clamav/
+#fi
+#wget -q -t 3 http://antispam00.evolix.org/spam/evolix.hsb -O evolix.hsb
+#wget -q -t 3 http://antispam00.evolix.org/spam/evolix.hsb.md5 -O $tmp_file
+#dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && chown clamav: evolix.hsb
+#if md5sum -c $tmp_file > /dev/null && [ -s evolix.hsb ] ; then
+#        dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && cp -a evolix.hsb /var/lib/clamav/
+#fi
+#dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && /etc/init.d/clamav-daemon reload-database > /dev/null
+#rm $tmp_file
+#
+#rm -rf $tmp