- # mail.iankelling.org so local imap clients can connect with tls and
- # when they happen to not be local.
- sed -ri -f - /etc/hosts <<'EOF'
-/^127\.0\.1\.1.* mail\.iankelling\.org\b/{p;d}
-/^127\.0\.1\.1 /s/ *$/ mail.iankelling.org/
-EOF
- /a/exe/cedit mail /etc/dnsmasq-servers.conf <<'EOF' || [[ $? == 1 ]]
-server=/mail.iankelling.org/127.0.1.1
-EOF
- systemctl reload dnsmasq
-
- # I used to use debconf-set-selections + dpkg-reconfigure,
- # which then updates this file
- # but the process is slower than updating it directly and then I want to set other things in
- # update-exim4.conf.conf, so there's no point.
- # The file is documented in man update-exim4.conf,
- # except the man page is not perfect, read the bash script to be sure about things.
-
- # The debconf questions output is additional documentation that is not
- # easily accessible, but super long, along with the initial default comment in this
- # file, so I've saved that into ./mail-notes.conf.
-
- cat >>/etc/exim4/update-exim4.conf.conf <<EOF
-# note: some things we don't set that are here by default because they are unused.
-
-dc_eximconfig_configtype='internet'
-
-# man page: is used to build the local_domains list, together with “localhost”
-# iank.bid is for testing
-# mail.iankelling.org is for machines i own
-dc_other_hostnames='*.iankelling.org;iankelling.org;*iank.bid;iank.bid;*zroe.org;zroe.org;*.b8.nz;b8.nz'
-
-# from man page:
-# Is a list of domains for which we accept mail from anywhere on the Internet but which are not delivered locally, e.g.
-# because this machine serves as secondary MX for these domains. Sets MAIN_RELAY_TO_DOMAINS.
-# todo: we should not accept from anywhere, only the mx for fsf.
-dc_relay_domains='*.fsf.org;fsf.org'
-EOF
-
-
- # the debconf output about mailname is as follows:
- # The 'mail name' is the domain name used to 'qualify' mail addresses without a domain
- # name.
- # This name will also be used by other programs. It should be the single, fully
- # qualified domain name (FQDN).
- # Thus, if a mail address on the local host is foo@example.org, the correct value for
- # this option would be example.org.
- # This name won\'t appear on From: lines of outgoing messages if rewriting is enabled.
-
- echo mail.iankelling.org > /etc/mailname
-
- # MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the
- # smarthost config type, not sure. all other settings
- # would be unused in that config type.
- rm -f /etc/exim4/conf.d/main/000_localmacros # old filename
- cat >/etc/exim4/conf.d/main/000_local <<EOF
-# enable 587 in addition to the default 25, so that
-# i can send mail where port 25 is firewalled by isp
-daemon_smtp_ports = 25 : 587
-# i don't have ipv6 setup for my vpn tunnel yet.
-disable_ipv6 = true
-
-MAIN_TLS_ENABLE = true
-
-DKIM_CANON = relaxed
-DKIM_SELECTOR = li
-
-# from comments in
-# https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
-
-# The file is based on the outgoing domain-name in the from-header.
-DKIM_DOMAIN = \${lc:\${domain:\$h_from:}}
-# sign if key exists
-DKIM_PRIVATE_KEY= \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}}
-
-
-# failing message on mail-tester.com:
-# We check if there is a server (A Record) behind your hostname kd.
-# You may want to publish a DNS record (A type) for the hostname kd or use a different hostname in your mail software
-# https://serverfault.com/questions/46545/how-do-i-change-exim4s-primary-hostname-on-a-debian-box
-# and this one seemed appropriate from grepping config.
-# I originally set this to li.iankelling.org, but then ended up with errors when li tried to send
-# mail to kd, so this should basically be a name that no host has as their
-# canonical hostname since the actual host sits behind a nat and changes.
-# Seems logical for this to be the same as mailname.
-MAIN_HARDCODE_PRIMARY_HOSTNAME = mail.iankelling.org
-
-# normally empty, I set this so I can set the envelope address
-# when doing mail redelivery to invoke filters
-MAIN_TRUSTED_GROUPS = $u
-
-LOCAL_DELIVERY = dovecot_lmtp
-
-# options exim has to avoid having to alter the default config files
-CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/rcpt_local_acl
-CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/data_local_acl
-
-# debian exim config added this in 2016 or so?
-# it's part of the smtp spec, to limit lines to 998 chars
-# but a fair amount of legit mail does not adhere to it. I don't think
-# this should be default, like it says in
-# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828801
-# todo: the bug for introducing this was about headers, but
-# the fix maybe is for all lines? one says gmail rejects, the
-# other says gmail does not reject. figure out and open a new bug.
-IGNORE_SMTP_LINE_LENGTH_LIMIT = true
-
-# most of the ones that gmail seems to use.
-# Exim has horrible default of signing unincluded
-# list- headers since they got mentioned in an
-# rfc, but this messes up mailing lists, like gnu/debian which want to
-# keep your dkim signature intact but add list- headers.
-DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to
-
-# recommended if dns is expected to work
-CHECK_RCPT_VERIFY_SENDER = true
-# seems like a good idea
-CHECK_DATA_VERIFY_HEADER_SENDER = true
-CHECK_RCPT_SPF = true
-CHECK_RCPT_REVERSE_DNS = true
-CHECK_MAIL_HELO_ISSUED = true
-
-MAIN_LOG_SELECTOR = +all
-
-# testing dmarc
-#dmarc_tld_file = /etc/public_suffix_list.dat
-EOF
-
- f=/etc/cron.daily/refresh-dmarc-tld-file
- cat >$f <<'EOF'
-#!/bin/bash
-cd /etc
-wget -nv -N https://publicsuffix.org/list/public_suffix_list.dat
-EOF
- chmod 755 $f
-
-
- ####### begin dovecot setup ########
- # based on a little google and package search, just the dovecot
- # packages we need instead of dovecot-common.
- #
- # dovecot-lmtpd is for exim to deliver to dovecot instead of maildir
- # directly. The reason to do this is to use dovecot\'s sieve, which
- # has extensions that allow it to be almost equivalent to exim\'s
- # filter capabilities, some ways probably better, some worse, and
- # sieve has the benefit of being supported in postfix and
- # proprietary/weird environments, so there is more examples on the
- # internet. I was torn about whether to do this or not, meh.
- pi dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd
-
- # if we changed 90-sieve.conf and removed the active part of the
- # sieve option, we wouldn\'t need this, but I\'d rather not modify a
- # default config if not needed. This won\'t work as a symlink in /a/c
- # unfortunately.
- sudo -u $u /a/exe/lnf -T sieve/main.sieve $(eval echo ~$u)/.dovecot.sieve
-
- # we set this later in local.conf
- sed -ri -f - /etc/dovecot/conf.d/10-mail.conf <<'EOF'
-/^\s*mail_location\s*=/d