#!/bin/sh

# Sudoers
#--------

/usr/sbin/addsudo /usr/sbin/postconf app-smtp-core
/usr/sbin/addsudo /usr/sbin/postmap app-smtp-core

# Add filter user for doing mail filtering
#-----------------------------------------

getent group filter >/dev/null || groupadd -r filter
getent passwd filter >/dev/null || useradd -r -g filter -d /var/spool/filter -s /sbin/nologin -c "Mail Filter" filter

# PAM check
#----------

CHECK=`grep clearos/smtp.d /etc/pam.d/smtp.postfix`
if [ -z "$CHECK" ]; then
    logger -p local6.notice -t installer "app-smtp-core - applying PAM configuration"
    [ -e /etc/pam.d/smtp.postfix ] && cp /etc/pam.d/smtp.postfix /var/clearos/smtp/backup/smtp.postfix.pam.$TIMESTAMP
    cp /usr/clearos/apps/smtp/deploy/smtp.pam /etc/pam.d/smtp.postfix
fi

# Grab bootstrap certificates from Certificate Manager
#-----------------------------------------------------

KEY_SOURCE=/etc/pki/CA/bootstrap.key
KEY=/etc/postfix/key.pem

if [ ! -s "$KEY" ]; then
    logger -p local6.notice -t installer "app-smtp-core - prepping server key"
    cp $KEY_SOURCE $KEY
    chown root.root $KEY
    chmod 600 $KEY
fi

CRT_SOURCE=/etc/pki/CA/bootstrap.crt
CRT=/etc/postfix/cert.pem

if [ ! -s "$CRT" ]; then
    logger -p local6.notice -t installer "app-smtp-core - prepping server certificate"
    cp $CRT_SOURCE $CRT
    chown root.root $CRT
    chmod 600 $CRT
fi

# Updates via API
#----------------

/usr/clearos/apps/smtp/deploy/upgrade-api

# Set protocol to IPv4 only for now (remove after 7.1 Final)
#----------------------------------

CHECK=`grep ^inet_protocols[[:space:]]*=[[:space:]]*all /etc/postfix/main.cf`
if [ -n "$CHECK" ]; then
    logger -p local6.notice -t installer "app-smtp-core - changing policy to IPv4 only"
    sed -i -e 's/^inet_protocols[[:space:]]*.*/inet_protocols = ipv4/' /etc/postfix/main.cf
fi

# Reload fail2ban if installed
#------------------------------

if [ -x /usr/bin/fail2ban-server ]; then
    logger -p local6.notice -t installer "app-smtp-core - enabling Attack Detector configlet"
    service fail2ban condrestart >/dev/null 2>&1
fi
