#!/bin/sh

if [ -n "$EX4DEBUG" ]; then
  echo "now debugging $0 $@"
  set -x
fi


# set this to some other value if you don't want the panic log to be
# watched by this script, for example when you're using your own log
# checking mechanisms or don't care.

E4BCD_DAILY_REPORT_TO=""
E4BCD_WATCH_PANICLOG="yes"
E4BCD_PANICLOG_NOISE=""
E4BCD_GNUTLS_PARAMS_MAXAGE="14"

# Only do anything if exim4 is actually installed
if [ ! -x /usr/lib/exim4/exim4 ]; then
  exit 0
fi

[ -f /etc/default/exim4 ] && . /etc/default/exim4

SPOOLDIR="$(exim4 -bP spool_directory | sed 's/.*=[[:space:]]\(.*\)/\1/')"

# The log processing code used in this cron script is not very
# sophisticated. It relies on this cron job being executed earlier than
# the log rotation job, and will have false results if the log is not
# rotated exactly once daily in the daily cron processing. Even in the
# default configuration, it will ignore log entries made between this
# cron job and the log rotation job.

# Patches for more sophisticated processing are appreciated via the
# Debian BTS.

if [ -n "$E4BCD_DAILY_REPORT_TO" ]; then
  if [ -x "$(command -v eximstats)" ]; then
    eximstats </var/log/exim4/mainlog \
                | mail $E4BCD_DAILY_REPORT_TO -s"$(hostname --fqdn) Daily email activity report"
  fi
fi

log_this() {
  TEXT="$@"
  if ! logger -t exim4 -p mail.alert $TEXT; then
    RET="$?"
    echo >&2 "ALERT: could not syslog $TEXT, logger return value $RET"
  fi
}

if [ "$E4BCD_WATCH_PANICLOG" = "yes" ]; then
  if [ -s "/var/log/exim4/paniclog" ]; then
    if [ -x "/usr/local/lib/exim4/nonzero_paniclog_hook" ]; then
      /usr/local/lib/exim4/nonzero_paniclog_hook
    fi
    if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then
      log_this "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken"
      if ! printf "Subject: exim paniclog on %s has non-zero size\nTo: root\n\nexim paniclog /var/log/exim4/paniclog on %s has non-zero size, mail system might be broken" "$(hostname --fqdn)" "$(hostname --fqdn)" | exim4 root; then
        log_this "PANIC: sending out e-mail warning has failed, exim has non-zero return code"
      fi
    fi
  fi
fi

# run tidydb as Debian-exim:Debian-exim.
if [ -x /usr/sbin/exim_tidydb ]; then
  cd $SPOOLDIR/db || exit 1
  if ! find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -type f \
    -printf '%f\0' | \
      xargs -0r -n 1 \
      start-stop-daemon --start --exec /usr/sbin/exim_tidydb \
      --chuid Debian-exim:Debian-exim -- $SPOOLDIR > /dev/null; then
    # if we reach this, invoking exim_tidydb from start-stop-daemon has
    # failed, most probably because of libpam-tmpdir being in use
    # (see #373786 and #376165)
    find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -type f \
    -printf '%f\0' | \
    su - --shell /bin/bash \
         --command "xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > /dev/null" \
         Debian-exim
  fi
fi

if ! [ -z "$(exim -bP tls_advertise_hosts | sed 's/.*=[[:space:]]\(.*\)/\1/')" ]; then 
  # TLS enabled

  # refresh GnuTLS parameters via external script
  /usr/share/exim4/exim4_refresh_gnutls-params

  # warn if GnuTLS parameters have not been refreshed for 
  # $E4BCD_GNUTLS_PARAMS_MAXAGE days
  GNUTLS_PARAMS_FILE="gnutls-params"
  if [ -n "$(find $SPOOLDIR -maxdepth 1 -name $GNUTLS_PARAMS_FILE -mtime +$E4BCD_GNUTLS_PARAMS_MAXAGE)" ] ; then
    log_this "ALERT: $SPOOLDIR/$GNUTLS_PARAMS_FILE is older than $E4BCD_GNUTLS_PARAMS_MAXAGE days, please check your entropy generator"
      if ! printf "Subject: outdated %s on %s\nTo: root\n\n%s on %s is older than %s days, please check your entropy generator" "$GNUTLS_PARAMS_FILE" "$(hostname --fqdn)" "$SPOOLDIR/$GNUTLS_PARAMS_FILE" "$(hostname --fqdn)" "$E4BCD_GNUTLS_PARAMS_MAXAGE" | exim4 root; then
        log_this "PANIC: sending out e-mail warning has failed, exim has non-zero return code"
      fi
  fi
fi
