#!/bin/bash

#
#  Copyright (C) 2002 Nigel Horne <njh@bandsman.co.uk>
#
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# 28/10/02:
#	Moved from /etc/smrsh/clamav to /usr/local/etc/mboxscan
#	Use procmail to deliver the message
#	Added spamassassin support
# 29/10/02:
#	Fixed problem when spam causes two bounces

# FIXME: this adds an unwanted envelope from mail@localhost, which
# sends rejections to the wrong place

# Use sendmail to filter incoming messages.
# Place this in /usr/local/etc/mboxscan
# then update /etc/aliases thus:
#	njh:	"|/usr/local/etc/mboxscan njh"
#	fred:	"|/usr/local/etc/mboxscan fred"

typeset -r EX_OK=0
typeset -r EX_USAGE=64
typeset -r EX_DATAERR=65
typeset -r EX_UNAVAILABLE=69

if [ $# -ne 1 ]; then
	echo usage: $0 user
	exit $EX_USAGE
fi

set -u

typeset -r NAME=$1

# tk: create the temporary file in a safe manner (if it's possible)
if [ -x /bin/mktemp ]; then
	typeset -r INTMPFILE=`/bin/mktemp ${TMPDIR:=/tmp}/${NAME}.XXXXXX`
elif [ -x /bin/tempfile ]; then
	typeset -r INTMPFILE=`/bin/tempfile -d ${TMPDIR:=/tmp}`
else
	typeset -r RND=$RANDOM$RANDOM$RANDOM
	if [ -x /usr/bin/md5sum ]; then
		typeset -r RND="echo $RND|/usr/bin/md5sum"
	fi
	typeset -r INTMPFILE=${TMPDIR:=/tmp}/${NAME}$$$RND
fi

cat > $INTMPFILE

OUTPUT=`/usr/local/bin/clamscan --disable-summary -i --mbox - 2>&1 <$INTMPFILE`

if [ $? -ne 0 ]; then
	rm $INTMPFILE

	typeset -r MESS="Virus intercepted by `/usr/local/bin/clamscan --version 2>&1`"
	echo $MESS
	echo $OUTPUT
	echo "Your e-mail has NOT been delivered to ${NAME}"

	logger \($NAME\) $MESS $OUTPUT

	exit $EX_DATAERR
fi

if [ -x /usr/bin/spamc ]; then
	/usr/bin/spamc -c < $INTMPFILE > /dev/null

	if [ $? -ne 0 ]; then
		typeset -r MESS="Spam intercepted by `/usr/bin/spamassassin --version 2>&1`"
		/usr/bin/spamassassin -r -w MAILER-DAEMON < $INTMPFILE

		rm $INTMPFILE

		logger \($NAME\) $MESS

		# Pretend that it *has* been delivered, since spamassassin -w
		# will have bounced it anyway
		exit $EX_OK
	fi
fi

# FIXME: Can't use procmail to deliver because that hasn't got the permission
# to setuid to ${NAME} to write /var/mail/${NAME}

# typeset -r HOSTNAME=`hostname`
# OUTPUT=`procmail -t -Y -a $HOSTNAME -d ${NAME} < $INTMPFILE`

# This is what adds the annoying mail@localhost
OUTPUT=`/usr/lib/sendmail -n ${NAME} < $INTMPFILE`

if [ $? -ne 0 ]; then
	echo $OUTPUT

	rm $INTMPFILE

	exit $EX_UNAVAILABLE
fi

rm $INTMPFILE

exit $EX_OK