+ # I used to use debconf-set-selections + dpkg-reconfigure,
+ # which then updates this file
+ # but the process is slower than updating it directly and then I want to set other things in
+ # update-exim4.conf.conf, so there's no point.
+ # The file is documented in man update-exim4.conf,
+ # except the man page is not perfect, read the bash script to be sure about things.
+
+ # The debconf questions output is additional documentation that is not
+ # easily accessible, but super long, along with the initial default comment in this
+ # file, so I've saved that into ./mail-notes.conf.
+
+ cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+# note: some things we don't set that are here by default because they are unused.
+
+dc_eximconfig_configtype='internet'
+
+# man page: is used to build the local_domains list, together with "localhost"
+# iank.bid is for testing
+# mail.iankelling.org is for machines i own
+dc_other_hostnames='*.iankelling.org;iankelling.org;*iank.bid;iank.bid;*zroe.org;zroe.org;*.b8.nz;b8.nz'
+
+# from man page:
+# Is a list of domains for which we accept mail from anywhere on the Internet but which are not delivered locally, e.g.
+# because this machine serves as secondary MX for these domains. Sets MAIN_RELAY_TO_DOMAINS.
+# todo: we should not accept from anywhere, only the mx for fsf.
+dc_relay_domains='*.fsf.org;fsf.org'
+dc_localdelivery='dovecot_lmtp'
+EOF
+
+
+ # the debconf output about mailname is as follows:
+ # The 'mail name' is the domain name used to 'qualify' mail addresses without a domain
+ # name.
+ # This name will also be used by other programs. It should be the single, fully
+ # qualified domain name (FQDN).
+ # Thus, if a mail address on the local host is foo@example.org, the correct value for
+ # this option would be example.org.
+ # This name won\'t appear on From: lines of outgoing messages if rewriting is enabled.
+
+ echo mail.iankelling.org > /etc/mailname
+
+ # MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the
+ # smarthost config type, not sure. all other settings
+ # would be unused in that config type.
+ cat >>/etc/exim4/conf.d/main/000_local <<EOF
+# enable 587 in addition to the default 25, so that
+# i can send mail where port 25 is firewalled by isp
+daemon_smtp_ports = 25 : 587
+
+
+
+# failing message on mail-tester.com:
+# We check if there is a server (A Record) behind your hostname kd.
+# You may want to publish a DNS record (A type) for the hostname kd or use a different hostname in your mail software
+# https://serverfault.com/questions/46545/how-do-i-change-exim4s-primary-hostname-on-a-debian-box
+# and this one seemed appropriate from grepping config.
+# I originally set this to li.iankelling.org, but then ended up with errors when li tried to send
+# mail to kd, so this should basically be a name that no host has as their
+# canonical hostname since the actual host sits behind a nat and changes.
+# Seems logical for this to be the same as mailname.
+MAIN_HARDCODE_PRIMARY_HOSTNAME = mail.iankelling.org
+
+# options exim has to avoid having to alter the default config files
+CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/conf.d/rcpt_local_acl
+CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/conf.d/data_local_acl
+
+
+# recommended if dns is expected to work
+CHECK_RCPT_VERIFY_SENDER = true
+# seems like a good idea
+CHECK_DATA_VERIFY_HEADER_SENDER = true
+CHECK_RCPT_SPF = true
+CHECK_RCPT_REVERSE_DNS = true
+CHECK_MAIL_HELO_ISSUED = true
+
+# testing dmarc
+#dmarc_tld_file = /etc/public_suffix_list.dat
+EOF
+
+ f=/etc/cron.daily/refresh-dmarc-tld-file
+ cat >$f <<'EOF'
+#!/bin/bash
+cd /etc
+wget -q -N https://publicsuffix.org/list/public_suffix_list.dat
+EOF
+ m chmod 755 $f
+
+ sed -i --follow-symlinks -f - /etc/aliases <<EOF
+\$a root: $postmaster
+/^root:/d
+EOF
+
+
+ # https://selivan.github.io/2017/12/30/systemd-serice-always-restart.html
+ d=/etc/systemd/system/openvpn@mail.service.d
+ m mkdir -p $d
+ cat >$d/override.conf <<'EOF'
+[Service]
+Restart=always
+# time to sleep before restarting a service
+RestartSec=1
+
+[Unit]
+# StartLimitIntervalSec in recent systemd versions
+StartLimitInterval=0
+EOF
+ if ! systemctl cat openvpn@mail.service|grep -xF StartLimitInterval=0 &>/dev/null; then
+ # needed for the above config to go into effect
+ m systemctl daemon-reexec
+ fi
+
+
+ m systemctl enable mailclean.timer
+ m systemctl start mailclean.timer
+ m systemctl restart $vpn_ser@mail
+ m systemctl enable $vpn_ser@mail
+ m systemctl enable dovecot
+ m systemctl restart dovecot
+ ;;
+ # * not MAIL_HOST
+ *) # $HOSTNAME != $MAIL_HOST
+ # remove mail. 2 lines to properly remove whitespace
+ sed -ri -f - /etc/hosts <<'EOF'
+s#^(127\.0\.1\.1 .*) +mail\.iankelling\.org$#\1#
+s#^(127\.0\.1\.1 .*)mail\.iankelling\.org +(.*)#\1\2#
+EOF
+
+ echo | /a/exe/cedit mail /etc/dnsmasq-servers.conf || [[ $? == 1 ]]
+ if systemctl is-active dnsmasq >/dev/null; then
+ m nscd -i hosts
+ m systemctl restart dnsmasq # reload does not ensure new config is used
+ fi
+
+ m systemctl disable mailclean.timer &>/dev/null ||:
+ m systemctl stop mailclean.timer &>/dev/null ||:
+ m systemctl disable $vpn_ser@mail
+ m systemctl stop $vpn_ser@mail
+ #
+ #
+ # would only exist because I wrote it i the previous condition,
+ # it\'s not part of exim
+ rm -fv /etc/exim4/conf.d/main/000_localmacros
+ cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+dc_eximconfig_configtype='smarthost'
+dc_smarthost='$smarthost'
+# The manpage incorrectly states this will do header rewriting, but
+# that only happens if we have dc_hide_mailname is set.
+dc_readhost='iankelling.org'
+EOF
+
+ hostname -f >/etc/mailname
+
+ ;;&
+ ## we use this host to monitor MAIL_HOST
+ l2)
+ dovecot-setup
+ m systemctl enable dovecot
+ m systemctl restart dovecot
+ cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+# man page: is used to build the local_domains list, together with "localhost"
+# mail.iankelling.org is for machines i own
+dc_other_hostnames='l2.b8.nz'
+dc_localdelivery='dovecot_lmtp'
+EOF
+ # This ends up at alerts mailbox on MAIL_HOST, but using a user that doesn't exist elsewhere
+ # is no good.
+ sed -i --follow-symlinks -f - /etc/aliases <<EOF
+\$a root: iank
+/^root:/d
+EOF
+ ;;
+ *)
+
+ f=/p/c/filesystem/etc/exim4/passwd.client
+ if [[ ! -e $f ]]; then
+ f=/p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/passwd.client
+ fi
+ sudo rsync -ahhi --chown=root:Debian-exim --chmod=0640 $f /etc/exim4/
+
+ # This ends up at alerts mailbox on MAIL_HOST, but using a user that doesn't exist elsewhere
+ # is no good.
+ sed -i --follow-symlinks -f - /etc/aliases <<EOF
+\$a root: root@mail.iankelling.org
+/^root:/d
+EOF
+ cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+# Only used in case of bounces.
+dc_localdelivery='maildir_home'
+EOF
+ m systemctl disable dovecot ||:
+ m systemctl stop dovecot ||:
+ ;;
+esac # end $HOSTNAME != $MAIL_HOST
+
+# * spool dir setup
+
+# ** bind mount setup
+# put spool dir in directory that spans multiple distros.