From 3c3db4fefa3a08b5a5f81fc4bd2cd983b8612a8e Mon Sep 17 00:00:00 2001
From: William Hirigoyen <whirigoyen+git@evolix.fr>
Date: Tue, 25 Jul 2023 15:24:00 +0200
Subject: [PATCH] postfix: new spam.sh update script that avoids reloading if
 files did not change.

---
 CHANGELOG.md          |   1 +
 postfix/files/spam.sh | 149 +++++++++++++++++++++++-------------------
 2 files changed, 81 insertions(+), 69 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5fe9bdab..b49d6af5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -43,6 +43,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * postfix (packmail or when postfix_slow_transport_include is True): change `minimal_backoff_time` from 2h to 15m (see HowtoPostfix)
 * postfix (packmail) : optimize Amavis integration
 * redis: standardize plugins path from /usr/local/share/munin/ to /usr/local/lib/munin/plugins/
+* postfix: new spam.sh update script that avoids reloading if files did not change.
 
 ### Fixed
 
diff --git a/postfix/files/spam.sh b/postfix/files/spam.sh
index 10d5e62a..8ad7125e 100644
--- a/postfix/files/spam.sh
+++ b/postfix/files/spam.sh
@@ -1,87 +1,98 @@
 #!/bin/bash
 
 #set -x
-
 umask 022
 
-tmp_file=$(mktemp)
+tmp_dir="/tmp/spam_sh"
+mkdir -p "${tmp_dir}"
+data_url="http://antispam00.evolix.org/spam"
+rc=0
 
-tmp=$(mktemp -d)
+function is_installed {
+    dpkg -l "${1}" 2>&1 | grep -v "no packages found matching" | grep -q ^ii
+}
 
-if [ -f $tmp_file ] ;
-  then rm $tmp_file ;
-fi
+function is_new {
+    # Check whether a file name provided as argument has been changed remotely
+    cd "${tmp_dir}"
+    wget -q -t 3 "${data_url}/${1}.md5" -O "${1}.md5.new"
+    if ! [ -e "${1}.md5" ] || ! cmp -s "$1.md5" "${1}.md5.new"; then
+        return 0
+    fi
+    return 1
+}
 
-sleep $[ $RANDOM / 1024 ]
+function download {
+    cd "${tmp_dir}"
+    wget -q -t 3 "${data_url}/${1}" -O "${1}"
+    wget -q -t 3 "${data_url}/${1}.md5" -O "${1}.md5"    
+}
 
-# Postfix
-cd $tmp
+function check_integrity {
+    cd "$tmp_dir"
+    md5sum -c "${1}.md5" > /dev/null && [ -e "${1}" ]
+}
 
-wget -q -t 3 http://antispam00.evolix.org/spam/client.access -O $tmp_file
-cp $tmp_file /etc/postfix/client.access
-rm $tmp_file
-
-wget -q -t 3 http://antispam00.evolix.org/spam/sender.access -O $tmp_file
-cp $tmp_file /etc/postfix/sender.access
-rm $tmp_file
-
-wget -q -t 3 http://antispam00.evolix.org/spam/recipient.access -O $tmp_file
-cp $tmp_file /etc/postfix/recipient.access
-rm $tmp_file
-
-wget -q -t 3 http://antispam00.evolix.org/spam/header_kill -O $tmp_file
-cp $tmp_file /etc/postfix/header_kill
-rm $tmp_file
-
-wget -q -t 3 http://antispam00.evolix.org/spam/sa-blacklist.access  -O sa-blacklist.access
-wget -q -t 3 http://antispam00.evolix.org/spam/sa-blacklist.access.md5  -O $tmp_file
-if md5sum -c $tmp_file > /dev/null && [ -s sa-blacklist.access ] ; then
-        cp sa-blacklist.access /etc/postfix/sa-blacklist.access
-fi
-rm sa-blacklist.access
-rm $tmp_file
-
-/usr/sbin/postmap hash:/etc/postfix/client.access
-/usr/sbin/postmap hash:/etc/postfix/sender.access
-/usr/sbin/postmap hash:/etc/postfix/recipient.access
-/usr/sbin/postmap -r hash:/etc/postfix/sa-blacklist.access
-
-wget -q -t 3 http://antispam00.evolix.org/spam/spamd.cidr  -O spamd.cidr
-wget -q -t 3 http://antispam00.evolix.org/spam/spamd.cidr.md5  -O $tmp_file
-if md5sum -c $tmp_file > /dev/null && [ -s spamd.cidr ] ; then
-        cp spamd.cidr /etc/postfix/spamd.cidr
-fi
-rm spamd.cidr
-rm $tmp_file
+function cleanup {
+    rm -f /etc/postfix/header_kill.db
+    rm -f /etc/postfix/header_kill_local.db
+    rm -f "$tmp_dir"/*.md5.new
+}
 
+postfix_dbs="client.access sender.access recipient.access header_kill sa-blacklist.access spamd.cidr"
+for db in ${postfix_dbs}; do
+    if is_new "${db}"; then
+        download "${db}"
+        if check_integrity "${db}"; then
+            cp "${tmp_dir}/${db}" /etc/postfix/
+            if [ "${db}" != "header_kill" ]; then
+                /usr/sbin/postmap -r "/etc/postfix/${db}"
+            fi
+        else
+            >&2 echo "Integrity check failed for new ${db}."
+            rc=1
+        fi
+    fi
+done
 
 # SpamAssassin
-cd $tmp
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix_rules.cf -O evolix_rules.cf
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix_rules.cf.md5 -O $tmp_file
-if md5sum -c $tmp_file > /dev/null && [ -s evolix_rules.cf ] ; then
-        dpkg -l spamassassin 2>&1 | grep -v "no packages found matching" | grep -q ^ii && cp evolix_rules.cf /etc/spamassassin
-        dpkg -l spamassassin 2>&1 | grep -v "no packages found matching" | grep -q ^ii && /etc/init.d/spamassassin reload > /dev/null
-        if [ -d /etc/spamassassin/sa-update-hooks.d ]; then
+sa_db="evolix_rules.cf"
+if is_installed spamassassin; then
+    if is_new "${sa_db}"; then
+        download "${sa_db}"
+        if check_integrity "${sa_db}"; then
+            cp ${tmp_dir}/evolix_rules.cf /etc/spamassassin
+            /etc/init.d/spamassassin reload > /dev/null
+            if [ -d /etc/spamassassin/sa-update-hooks.d ]; then
                 run-parts --lsbsysinit /etc/spamassassin/sa-update-hooks.d
+            fi
+        else
+            >&2 echo "Integrity check failed for ${sa_db}."
+            rc=1
         fi
+    fi
 fi
 
-# ClamAV
-cd $tmp
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix.ndb -O evolix.ndb
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix.ndb.md5 -O $tmp_file
-dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && chown clamav: evolix.ndb
-if md5sum -c $tmp_file > /dev/null && [ -s evolix.ndb ] ; then
-        dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && cp -a evolix.ndb /var/lib/clamav/
-fi
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix.hsb -O evolix.hsb
-wget -q -t 3 http://antispam00.evolix.org/spam/evolix.hsb.md5 -O $tmp_file
-dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && chown clamav: evolix.hsb
-if md5sum -c $tmp_file > /dev/null && [ -s evolix.hsb ] ; then
-        dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && cp -a evolix.hsb /var/lib/clamav/
-fi
-dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && /etc/init.d/clamav-daemon reload-database > /dev/null
-rm $tmp_file
+cleanup
 
-rm -rf $tmp
+exit "${rc}"
+
+# Commenté car fichiers plus maintenus (cf. Reg)
+## ClamAV
+#cd $tmp
+#wget -q -t 3 http://antispam00.evolix.org/spam/evolix.ndb -O evolix.ndb
+#wget -q -t 3 http://antispam00.evolix.org/spam/evolix.ndb.md5 -O $tmp_file
+#dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && chown clamav: evolix.ndb
+#if md5sum -c $tmp_file > /dev/null && [ -s evolix.ndb ] ; then
+#        dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && cp -a evolix.ndb /var/lib/clamav/
+#fi
+#wget -q -t 3 http://antispam00.evolix.org/spam/evolix.hsb -O evolix.hsb
+#wget -q -t 3 http://antispam00.evolix.org/spam/evolix.hsb.md5 -O $tmp_file
+#dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && chown clamav: evolix.hsb
+#if md5sum -c $tmp_file > /dev/null && [ -s evolix.hsb ] ; then
+#        dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && cp -a evolix.hsb /var/lib/clamav/
+#fi
+#dpkg -l clamav-daemon 2>&1 | grep -v "no packages found matching" | grep -q ^ii && /etc/init.d/clamav-daemon reload-database > /dev/null
+#rm $tmp_file
+#
+#rm -rf $tmp