iankelling.org
/
git
/
distro-setup
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
various fixes
[distro-setup]
/
mail-setup
diff --git
a/mail-setup
b/mail-setup
index babbbd8dc3668c428167f8d3adae9d17bc6aa0a8..0c3f0bd7133452e7ea73927ffbb558d929aa6657 100755
(executable)
--- a/
mail-setup
+++ b/
mail-setup
@@
-131,7
+131,7
@@
fi
# # 2017-02 spf policies:
# # host -t txt lists.fedoraproject.org
# # 2017-02 spf policies:
# # host -t txt lists.fedoraproject.org
-# # google ~all, hotmail
-all, yahoo: ?all, fastmail ?
all
+# # google ~all, hotmail
~all, yahoo: ?all, fastmail ?all, outlook ~
all
# # i include fastmail\'s settings, per their instructions,
# # and follow their policy. In mail in a box, or similar instructions,
# # I\'ve seen recommended to not use a restrictive policy.
# # i include fastmail\'s settings, per their instructions,
# # and follow their policy. In mail in a box, or similar instructions,
# # I\'ve seen recommended to not use a restrictive policy.
@@
-205,7
+205,7
@@
pi() { # package install
postmaster=$u
mxhost=mail.iankelling.org
postmaster=$u
mxhost=mail.iankelling.org
-mxport=
25
+mxport=
587
forward=$u@$mxhost
# old setup. left as comment for example
forward=$u@$mxhost
# old setup. left as comment for example
@@
-644,6
+644,9
@@
EOF
# would be unused in that config type.
rm -f /etc/exim4/conf.d/main/000_localmacros # old filename
cat >/etc/exim4/conf.d/main/000_local <<EOF
# would be unused in that config type.
rm -f /etc/exim4/conf.d/main/000_localmacros # old filename
cat >/etc/exim4/conf.d/main/000_local <<EOF
+# enable 587 in addition to the default 25, so that
+# i can send mail where port 25 is firewalled by isp
+daemon_smtp_ports = 25 : 587
# i don't have ipv6 setup for my vpn tunnel yet.
disable_ipv6 = true
# i don't have ipv6 setup for my vpn tunnel yet.
disable_ipv6 = true
@@
-699,6
+702,13
@@
IGNORE_SMTP_LINE_LENGTH_LIMIT = true
# keep your dkim signature intact but add list- headers.
DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to
# keep your dkim signature intact but add list- headers.
DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to
+# recommended if dns is expected to work
+CHECK_RCPT_VERIFY_SENDER = true
+# seems like a good idea
+CHECK_DATA_VERIFY_HEADER_SENDER = true
+CHECK_RCPT_SPF = true
+CHECK_RCPT_REVERSE_DNS = true
+CHECK_MAIL_HELO_ISSUED = true
EOF
EOF
@@
-863,7
+873,7
@@
EOF
# light version of exim does not have sasl auth support.
# light version of exim does not have sasl auth support.
- pi exim4-daemon-heavy spamassassin
+ pi exim4-daemon-heavy spamassassin
spf-tools-perl