- systemctl enable postfix
- systemctl start postfix
- fi
- # i\'m assuming mail just won\'t work on systems without the sasl_passwd.
- postconfin <<'EOF'
-smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = noanonymous
-smtp_tls_security_level = secure
-message_size_limit = 20480000
-smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
-inet_protocols = ipv4
-EOF
- # msg_size_limit: I ran into a log file not sending cuz of size. double from 10 to 20 meg limit
- # inet_protocols: without this, I\'ve had postfix try an ipv6 lookup then gives
- # up and fail forever. snippet from syslog: type=AAAA: Host not found, try again
-
-
- f=/etc/postfix/sasl_passwd
- install -m 600 /dev/null $f
- cat /etc/mailpass| while read -r domain port pass; do
- # format: domain port user:pass
- # mailpass is just a name i made up, since postfix and
- # exim both use a slightly crazy format to translate to
- # each other, it\'s easier to use my own format.
- printf "[%s]:%s %s" "$domain" "$port" "${pass/@/#}" >>$f
- done
- postmap hash:/etc/postfix/sasl_passwd
- # need restart instead of reload when changing
- # inet_protocols
- service postfix restart
-
-else # begin exim. has debian specific stuff for now
-
- pi openvpn
-
- if [[ -e /p/c/filesystem ]]; then
- # allow failure of these commands when our internet is down, they are likely not needed,
- # we check that a valid cert is there already.
- # to put the hostname in the known hosts
- if ! ssh -o StrictHostKeyChecking=no root@li.iankelling.org :; then
- # This just causes failure if our cert is going to expire in the next 30 days.
- # Certs I generate last 10 years.
- openssl x509 -checkend $(( 60 * 60 * 24 * 30 )) -noout -in /etc/openvpn/mail.crt
- else
- # note, man openvpn implies we could just call mail-route on vpn startup/shutdown with
- # systemd, buuut it can remake the tun device unexpectedly, i got this in the log
- # after my internet was down for a bit:
- # NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
- /a/exe/vpn-mk-client-cert -b mail -n mail -s /b/ds/mail-route li.iankelling.org
- fi
+if [[ -e /p/c/filesystem ]]; then
+ # allow failure of these commands when our internet is down, they are likely not needed,
+ # we check that a valid cert is there already.
+ # to put the hostname in the known hosts
+ if ! ssh -o StrictHostKeyChecking=no root@li.iankelling.org :; then
+ # This just causes failure if our cert is going to expire in the next 30 days.
+ # Certs I generate last 10 years.
+ openssl x509 -checkend $(( 60 * 60 * 24 * 30 )) -noout -in /etc/openvpn/mail.crt
+ else
+ # note, man openvpn implies we could just call mail-route on vpn startup/shutdown with
+ # systemd, buuut it can remake the tun device unexpectedly, i got this in the log
+ # after my internet was down for a bit:
+ # NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
+ /a/exe/vpn-mk-client-cert -b mail -n mail -s /b/ds/mail-route li.iankelling.org