# Having backups of indexes is a waste of space. This also means we
# don't send them around with btrbk, I think it is probably
# preferable use a bit more cpu to recalculate indexes.
- install -d -o iank -g iank /var/dovecot-indexes
+ install -d -m 700 -o iank -g iank /var/dovecot-indexes
cat >>/etc/dovecot/local.conf <<EOF
!include conf.d/auth-passwdfile.conf.ext
# ian: %u is used for alerts user vs iank
+# https://doc.dovecot.org/configuration_manual/mail_location/Maildir/
mail_location = maildir:/m/%u:LAYOUT=fs:INBOX=/m/%u/INBOX:INDEX=/var/dovecot-indexes/%u
-mail_uid = $u
-mail_gid = $u
+# note: i don't know if these need to be set, but this seems fine.
+mail_uid = iank
+mail_gid = iank
protocol lmtp {
# For a normal setup with exim, we need something like this, which
# This name won\'t appear on From: lines of outgoing messages if rewriting is enabled.
echo iankelling.org > /etc/mailname
+ # mail default domain.
+ u /etc/mailutils.conf <<'EOF'
+address {
+ email-domain iankelling.org;
+};
+EOF
# mail.iankelling.org so local imap clients can connect with tls and
# when they happen to not be local.
;;
esac
-# optimization, this only needs to run once.
-if [[ ! -e /etc/exim4/fullchain.pem ]]; then
- m /a/bin/ds/mail-cert-cron -1
+# optimization, this only needs to run once. But, if we move to a
+# computer we haven't used much, we need to fetch a fresh cert.
+if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/fullchain.pem; then
+ m /a/bin/ds/mail-cert-cron -1 -i
m systemctl --now enable mailcert.timer
fi