# The full list of option settings for any particular driver instance,
# including all the defaulted values, can be extracted by making use of
# the -bP command line option.
+# exim -bP config_file to see what config file it used
+# exim -bP config to see
# exim clear out message queue. as root:
# adapted from somewhere on stackoverflow.
# inet_protocols
service postfix restart
-else # exim. has debian specific stuff for now
+else # begin exim. has debian specific stuff for now
+ if [[ -e /p/c/filesystem ]]; then
+ /a/exe/vpn-mk-client-cert -b mail -n mail li
+ fi
+
+ cat >/etc/systemd/system/mailroute.service <<'EOF'
+[Unit]
+# this unit is configured to start and stop whenever openvpn-client@mail.service
+# does
+Description=Routing for email vpn
+After=network.target
+BindsTo=openvpn-client@mail.service
+After=openvpn-client@mail.service
+
+[Service]
+Type=oneshot
+ExecStart=/a/bin/distro-setup/mail-route start
+ExecStop=/a/bin/distro-setup/mail-route stop
+RemainAfterExit=yes
+
+[Install]
+RequiredBy=openvpn-client@mail.service
+EOF
+
+ cat >/etc/systemd/system/offlineimapsync.timer <<'EOF'
+[Unit]
+Description=Run offlineimap-sync once every 5 mins
+
+[Timer]
+OnCalendar=*:0/5
+
+[Install]
+WantedBy=timers.target
+EOF
+
+ cat >/etc/systemd/system/offlineimapsync.service <<'EOF'
+[Unit]
+Description=Offlineimap sync
+After=multi-user.target
+
+[Service]
+User=ian
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once offlineimap-sync /a/bin/distro-setup/offlineimap-sync
+EOF
+ systemctl daemon-reload
+ systemctl enable mailroute
# wording of question from dpkg-reconfigure exim4-config
# 1. internet site; mail is sent and received directly using SMTP
source /a/bin/bash_unpublished/source-semi-priv
exim_main_dir=/etc/exim4/conf.d/main
mkdir -p $exim_main_dir
+
+
if [[ $HOSTNAME == $MAIL_HOST ]]; then
debconf-set-selections <<EOF
LOCAL_DELIVERY = dovecot_lmtp
-# options exim has to avoid altering the default config files
+# options exim has to avoid having to alter the default config files
CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/rcpt_local_acl
CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/data_local_acl
+
+# debian exim config added this in 2016 or so?
+# it's part of the smtp spec, to limit lines to 998 chars
+# but a fair amount of legit mail does not adhere to it. I don't think
+# this should be default, like it says in
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828801
+# todo: the bug for introducing this was about headers, but
+# the fix maybe is for all lines? one says gmail rejects, the
+# other says gmail does not reject. figure out and open a new bug.
+IGNORE_SMTP_LINE_LENGTH_LIMIT = true
EOF
- cat >/etc/systemd/system/offlineimapsync.timer <<'EOF'
-[Unit]
-Description=Run offlineimap-sync once every 5 mins
+ ####### begin dovecot setup ########
+ # based on a little google and package search, just the dovecot
+ # packages we need instead of dovecot-common.
+ #
+ # dovecot-lmtpd is for exim to deliver to dovecot instead of maildir
+ # directly. The reason to do this is to use dovecot\'s sieve, which
+ # has extensions that allow it to be almost equivalent to exim\'s
+ # filter capabilities, some ways probably better, some worse, and
+ # sieve has the benefit of being supported in postfix and
+ # proprietary/weird environments, so there is more examples on the
+ # internet. I was torn about whether to do this or not, meh.
+ apt-get -y install --purge --auto-remove \
+ dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd
-[Timer]
-OnCalendar=*:0/5
+ # if we changed 90-sieve.conf and removed the active part of the
+ # sieve option, we wouldn\'t need this, but I\'d rather not modify a
+ # default config if not needed. This won\'t work as a symlink in /a/c
+ # unfortunately.
+ sudo -u $postmaster /a/exe/lnf -T sieve/main.sieve $(eval echo ~$postmaster)/.dovecot.sieve
-[Install]
-WantedBy=timers.target
+ sed -ri -f - /etc/dovecot/conf.d/10-mail.conf <<'EOF'
+1i mail_location = maildir:/m/md:LAYOUT=fs:INBOX=/m/md/INBOX
+/^\s*mail_location\s*=/d
EOF
- cat >/etc/systemd/system/offlineimapsync.service <<'EOF'
-[Unit]
-Description=Offlineimap sync
-After=multi-user.target
+ cat >/etc/dovecot/conf.d/20-lmtp.conf <<'EOF'
+protocol lmtp {
+#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
+ mail_plugins = $mail_plugins sieve
+# default was
+ #mail_plugins = $mail_plugins
+
+# For a normal setup with exim, we need something like this, which
+# removes the domain part
+# auth_username_format = %Ln
+#
+# or else # Exim says something like
+# "LMTP error after RCPT ... 550 ... User doesn't exist someuser@somedomain"
+# Dovecot verbose log says something like
+# "auth-worker(9048): passwd(someuser@somedomain): unknown user"
+# reference: http://wiki.dovecot.org/LMTP/Exim
+#
+# However, I use this to direct all mail to the same inbox.
+# A normal way to do this, which I did at first is to have
+# a router in exim almost at the end, eg 950,
+#local_catchall:
+# debug_print = "R: catchall for $local_part@$domain"
+# driver = redirect
+# domains = +local_domains
+# data = ian
+# based on
+# http://blog.alteholz.eu/2015/04/exim4-and-catchall-email-address/
+# with superflous options removed.
+# However, this causes the envelope to be rewritten,
+# which makes filtering into mailboxes a little less robust or more complicated,
+# so I've done it this way instead. it also requires
+# modifying the local router in exim.
+ auth_username_format = ian
+}
-[Service]
-User=ian
-Type=oneshot
-ExecStart=/a/bin/log-quiet/sysd-mail-once offlineimap-sync /a/bin/distro-setup/offlineimap-sync
EOF
- systemctl daemon-reload
+
+
+ cat >/etc/dovecot/local.conf <<'EOF'
+# so I can use a different login that my shell login for mail. this is
+# worth doing solely for the reason that if this login is compromised,
+# it won't also compromise my shell password.
+!include conf.d/auth-passwdfile.conf.ext
+
+# settings derived from wiki and 10-ssl.conf
+ssl = required
+ssl_cert = </etc/exim4/exim.crt
+ssl_key = </etc/exim4/exim.key
+# https://github.com/certbot/certbot/raw/master/certbot-apache/certbot_apache/options-ssl-apache.conf
+# in my cert cronjob, I check if that has changed upstream.
+ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+
+# ian: added this, more secure, per google etc
+ssl_prefer_server_ciphers = yes
+
+# for debugging info, uncomment these.
+# logs go to syslog and to /var/log/mail.log
+# auth_verbose=yes
+#mail_debug=yes
+EOF
+ ####### end dovecot setup ########
+
+
systemctl enable offlineimapsync.timer
systemctl start offlineimapsync.timer
+ systemctl restart openvpn-client@mail
+ systemctl enable openvpn-client@mail
+ systemctl enable dovecot
+ systemctl restart dovecot
else # $HOSTNAME != $MAIL_HOST
systemctl disable offlineimapsync.timer &>/dev/null ||:
systemctl stop offlineimapsync.timer &>/dev/null ||:
+ systemctl disable openvpn-client@mail
+ systemctl stop openvpn-client@mail
+ systemctl disable dovecot ||:
+ systemctl stop dovecot ||:
#
#
# would only exist because I wrote it i the previous condition,
exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; no local mail
exim4-config exim4/dc_smarthost string $smarthost
EOF
+
fi # end $HOSTNAME != $MAIL_HOST
# if we already have it installed, need to reconfigure, without being prompted
# just noticed this in the config file, seems like a good idea.
sed -i '/^\s*NICE\s*=/d' /etc/default/spamassassin
e 'NICE="--nicelevel 15"' >>/etc/default/spamassassin
+ systemctl start spamassassin
systemctl reload spamassassin
cat >/etc/systemd/system/spamddnsfix.service <<'EOF'
Type=oneshot
ExecStart=/a/bin/distro-setup/spamd-dns-fix
EOF
+ # 2017-09, debian closed the bug on this saying upstream had fixed it.
+ # remove this when i'm using the newer package, ie, debian 10, or maybe
+ # ubuntu 18.04.
cat >/etc/systemd/system/spamddnsfix.timer <<'EOF'
[Unit]
Description=run spamd bug fix script every 10 minutes
systemctl enable mailcert.timer
- ####### begin dovecot setup ########
- if [[ $HOSTNAME == $MAIL_HOST ]]; then
- # based on a little google and package search, just the dovecot
- # packages we need instead of dovecot-common.
- #
- # dovecot-lmtpd is for exim to deliver to dovecot instead of maildir
- # directly. The reason to do this is to use dovecot\'s sieve, which
- # has extensions that allow it to be almost equivalent to exim\'s
- # filter capabilities, some ways probably better, some worse, and
- # sieve has the benefit of being supported in postfix and
- # proprietary/weird environments, so there is more examples on the
- # internet. I was torn about whether to do this or not, meh.
- apt-get -y install --purge --auto-remove \
- dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd
- # if we changed 90-sieve.conf and removed the active part of the
- # sieve option, we wouldn\'t need this, but I\'d rather not modify a
- # default config if not needed. This won\'t work as a symlink in /a/c
- # unfortunately.
- sudo -u $postmaster /a/exe/lnf -T sieve/main.sieve ~$postmaster/.dovecot.sieve
-
- sed -ri -f - /etc/dovecot/conf.d/10-mail.conf <<'EOF'
-1i mail_location = maildir:/m/md:LAYOUT=fs:INBOX=/m/md/INBOX
-/^\s*mail_location\s*=/d
-EOF
-
- cat >/etc/dovecot/conf.d/20-lmtp.conf <<'EOF'
-protocol lmtp {
-#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
- mail_plugins = $mail_plugins sieve
-# default was
- #mail_plugins = $mail_plugins
-
-# For a normal setup with exim, we need something like this, which
-# removes the domain part
-# auth_username_format = %Ln
-#
-# or else # Exim says something like
-# "LMTP error after RCPT ... 550 ... User doesn't exist someuser@somedomain"
-# Dovecot verbose log says something like
-# "auth-worker(9048): passwd(someuser@somedomain): unknown user"
-# reference: http://wiki.dovecot.org/LMTP/Exim
-#
-# However, I use this to direct all mail to the same inbox.
-# A normal way to do this, which I did at first is to have
-# a router in exim almost at the end, eg 950,
-#local_catchall:
-# debug_print = "R: catchall for $local_part@$domain"
-# driver = redirect
-# domains = +local_domains
-# data = ian
-# based on
-# http://blog.alteholz.eu/2015/04/exim4-and-catchall-email-address/
-# with superflous options removed.
-# However, this causes the envelope to be rewritten,
-# which makes filtering into mailboxes a little less robust or more complicated,
-# so I've done it this way instead. it also requires
-# modifying the local router in exim.
- auth_username_format = ian
-}
-
-EOF
-
-
- cat >/etc/dovecot/local.conf <<'EOF'
-# so I can use a different login that my shell login for mail. this is
-# worth doing solely for the reason that if this login is compromised,
-# it won't also compromise my shell password.
-!include conf.d/auth-passwdfile.conf.ext
-
-# settings derived from wiki and 10-ssl.conf
-ssl = required
-ssl_cert = </etc/exim4/exim.crt
-ssl_key = </etc/exim4/exim.key
-# https://github.com/certbot/certbot/raw/master/certbot-apache/certbot_apache/options-ssl-apache.conf
-# in my cert cronjob, I check if that has changed upstream.
-ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
-
-# ian: added this, more secure, per google etc
-ssl_prefer_server_ciphers = yes
-
-# for debugging info, uncomment these.
-# logs go to syslog and to /var/log/mail.log
-# auth_verbose=yes
-#mail_debug=yes
-EOF
-
- fi ####### end dovecot setup ########
# begin setup passwd.client
f=/etc/exim4/passwd.client
+ rm -f /etc/exim4/passwd.client
install -m 640 -g Debian-exim /dev/null $f
cat /etc/mailpass| while read -r domain port pass; do
# reference: exim4_passwd_client(5)
# put spool dir in directory that spans multiple distros.
# based on http://www.postfix.org/qmgr.8.html and my notes in gnus
+#
+# todo: I'm suspicious of uids for Debian-exim being the same across
+# distros. It would be good to test this.
dir=/nocow/$type
sdir=/var/spool/$type
# we only do this if our system has $dir
systemctl restart $type
systemctl enable $type
+# MAIL_HOST also does radicale, and easier to start and stop it here
+# for when MAIL_HOST changes, so radicale gets the synced files and
+# does not stop us from remounting /o.
+if dpkg -s radicale &>/dev/null; then
+ if [[ $HOSTNAME == $MAIL_HOST ]]; then
+ systemctl restart radicale
+ systemctl enable radicale
+ else
+ systemctl stop radicale
+ systemctl disable radicale
+ fi
+fi
# if I wanted the from address to be renamed and sent to a different address,
# echo "sdx@localhost development@localhost" | sudo dd of=/etc/postfix/recipient_canonical