- systemctl enable postfix
- systemctl start postfix
- fi
- # i\'m assuming mail just won\'t work on systems without the sasl_passwd.
- postconfin <<'EOF'
-smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = noanonymous
-smtp_tls_security_level = secure
-message_size_limit = 20480000
-smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
-inet_protocols = ipv4
-EOF
- # msg_size_limit: I ran into a log file not sending cuz of size. double from 10 to 20 meg limit
- # inet_protocols: without this, I've had postfix try an ipv6 lookup then gives
- # up and fail forever. snippet from syslog: type=AAAA: Host not found, try again
-
-
- f=/etc/postfix/sasl_passwd
- install -m 600 /dev/null $f
- cat /etc/mailpass| while read -r domain port pass; do
- # format: domain port user:pass
- # mailpass is just a name i made up, since postfix and
- # exim both use a slightly crazy format to translate to
- # each other, it\'s easier to use my own format.
- printf "[%s]:%s %s" "$domain" "$port" "${pass/@/#}" >>$f
- done
- postmap hash:/etc/postfix/sasl_passwd
- # need restart instead of reload when changing
- # inet_protocols
- service postfix restart
-
-else # exim. has debian specific stuff for now
-
-
- # wording of question from dpkg-reconfigure exim4-config
- # 1. internet site; mail is sent and received directly using SMTP
- # 2. mail sent by smarthost; received via SMTP or fetchmail
- # 3. mail sent by smarthost; no local mail
- # 4. local delivery only; not on a network
- # 5. no configuration at this time
- #
- # Note, I have used option 2 in the past for receiving mail
- # from lan hosts, sending external mail via another smtp server.
- #
- # Note, other than configtype, we could set all the options in
- # both types of configs without harm, they would either be
- # ignored or be disabled by other settings, but the default
- # local_interfaces definitely makes things more secure.
-
- # most of these settings get translated into settings
- # in /etc/exim4/update-exim4.conf.conf
- # mailname setting sets /etc/mailname
-
- debconf-set-selections <<EOF
-exim4-config exim4/use_split_config boolean true
-EOF
-
- source /a/bin/bash_unpublished/source-semi-priv
- exim_main_dir=/etc/exim4/conf.d/main
- mkdir -p $exim_main_dir
- if [[ $HOSTNAME == $MAIL_HOST ]]; then
-
- debconf-set-selections <<EOF
-# Mail Server configuration
-# -------------------------
-
-# Please select the mail server configuration type that best meets your needs.
+pi openvpn
+
+if [[ -e /p/c/filesystem ]]; then
+ # allow failure of these commands when our internet is down, they are likely not needed,
+ # we check that a valid cert is there already.
+ # to put the hostname in the known hosts
+ if ! ssh -o StrictHostKeyChecking=no root@li.iankelling.org :; then
+ # This just causes failure if our cert is going to expire in the next 30 days.
+ # Certs I generate last 10 years.
+ openssl x509 -checkend $(( 60 * 60 * 24 * 30 )) -noout -in /etc/openvpn/mail.crt
+ else
+ # note, man openvpn implies we could just call mail-route on vpn startup/shutdown with
+ # systemd, buuut it can remake the tun device unexpectedly, i got this in the log
+ # after my internet was down for a bit:
+ # NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
+ /a/exe/vpn-mk-client-cert -b mail -n mail -s /b/ds/mail-route li.iankelling.org
+ fi
+fi