- fi # end $HOSTNAME != $MAIL_HOST
-
- # if we already have it installed, need to reconfigure, without being prompted
- if dpkg -s exim4-config &>/dev/null; then
- # gotta remove this, otherwise the set-selections are completely
- # ignored. It woulda been nice if this was documented somewhere!
- rm -f /etc/exim4/update-exim4.conf.conf
- dpkg-reconfigure -u -fnoninteractive exim4-config
- fi
- # light version of exim does not have sasl auth support.
- apt-get -y install --purge --auto-remove exim4-daemon-heavy spamassassin
-
-
-
-
- ##### begin spamassassin config
- systemctl enable spamassassin
- # per readme.debian
- sed -i '/^\s*CRON\s*=/d' /etc/default/spamassassin
- e CRON=1 >>/etc/default/spamassassin
- # just noticed this in the config file, seems like a good idea.
- sed -i '/^\s*NICE\s*=/d' /etc/default/spamassassin
- e 'NICE="--nicelevel 15"' >>/etc/default/spamassassin
- systemctl start spamassassin
- systemctl reload spamassassin
-
- cat >/etc/systemd/system/spamddnsfix.service <<'EOF'
-[Unit]
-Description=spamd dns bug fix cronjob
-
-[Service]
-Type=oneshot
-ExecStart=/a/bin/distro-setup/spamd-dns-fix
-EOF
- cat >/etc/systemd/system/spamddnsfix.timer <<'EOF'
-[Unit]
-Description=run spamd bug fix script every 10 minutes
-
-[Timer]
-OnActiveSec=60
-# the script looks back 9 minutes into the journal,
-# it takes a second to run,
-# so lets run every 9 minutes and 10 seconds.
-OnUnitActiveSec=550
-
-[Install]
-WantedBy=timers.target
-EOF
- systemctl daemon-reload
- systemctl restart spamddnsfix.timer
- systemctl enable spamddnsfix.timer
- #
- ##### end spamassassin config
-
-
- f=/usr/local/bin/mail-cert-cron
- cat >$f <<'EOF'
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
-
-f=/a/bin/bash_unpublished/source-semi-priv
-if [[ -e $f ]]; then
- source $f
-fi
-if [[ $HOSTNAME == $MAIL_HOST ]]; then
- local_mx=mail.iankelling.org
- rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li:/etc/letsencrypt/live/$local_mx/"
- ${rsync_common}fullchain.pem /etc/exim4/exim.crt
- ${rsync_common}privkey.pem /etc/exim4/exim.key
-fi
-EOF
- chmod 755 $f
-
- cat >/etc/systemd/system/mailcert.service <<'EOF'
-[Unit]
-Description=Mail cert rsync
-After=multi-user.target
-
-[Service]
-Type=oneshot
-ExecStart=/a/bin/log-quiet/sysd-mail-once mailcert /usr/local/bin/mail-cert-cron
-EOF
-
- cat >/etc/systemd/system/mailcert.timer <<'EOF'
-[Unit]
-Description=Run mail-cert once a day
-
-[Timer]
-OnCalendar=daily
-
-[Install]
-WantedBy=timers.target
-EOF
- systemctl daemon-reload
- systemctl start mailcert
- systemctl restart mailcert.timer
- systemctl enable mailcert.timer
-