# See the License for the specific language governing permissions and
# limitations under the License.
-# todo: make quick backups of maildir, or deliver to multiple hosts.
+# TODO: copy dkim keys from within this file. its now done in conflink.
+# TODO: fix dkim key to b chmod 640, group Debian-exim
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
if [[ ! $SUDO_USER ]]; then
echo "$0: error: requires running as nonroot or sudo"
exit 1
if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*12 )); then
apt-get update
fi
- apt-get -y install --purge --auto-remove "$@"
+ DEBIAN_FRONTEND=noninteractive apt-get -y install --purge --auto-remove "$@"
}
postmaster=alerts
smarthost="$mxhost::$mxport" # exim
+# light version of exim does not have sasl auth support.
+pi exim4-daemon-heavy spamassassin spf-tools-perl
+
# trisquel 8 = openvpn, debian stretch = openvpn-client
vpn_ser=openvpn-client
if [[ ! -e /lib/systemd/system/openvpn-client@.service ]]; then
fi
-pi openvpn
+# light version of exim does not have sasl auth support.
+pi exim4-daemon-heavy spamassassin spf-tools-perl openvpn dnsmasq
if [[ -e /p/c/filesystem ]]; then
# allow failure of these commands when our internet is down, they are likely not needed,
#### begin mail cert setup ###
f=/usr/local/bin/mail-cert-cron
cat >$f <<'EOF'
+#!/bin/bash
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
f=/a/bin/bash_unpublished/source-state
if [[ -e $f ]]; then
cat >$f <<'EOF'
#!/bin/bash
cd /etc
-wget -nv -N https://publicsuffix.org/list/public_suffix_list.dat
+wget -q -N https://publicsuffix.org/list/public_suffix_list.dat
EOF
chmod 755 $f
# it\'s not part of exim
rm -f /etc/exim4/conf.d/main/000_localmacros
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
-dc_eximconfig_configtype='satellite'
+dc_eximconfig_configtype='smarthost'
dc_smarthost='$smarthost'
# The manpage incorrectly states this will do header rewriting, but
# that only happens if we have dc_hide_mailname is set.
fi
-# light version of exim does not have sasl auth support.
-pi exim4-daemon-heavy spamassassin spf-tools-perl
-
-
##### begin spamassassin config
systemctl enable spamassassin
if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
f=/usr/local/bin/send-test-forward
- cat >$f <<'EOF'
+ cat >$f <<'EOFOUTER'
#!/bin/bash
-echo body_test | mail -s "primary_test $(date +%s) $(date +%Y-%m-%dT%H:%M:%S%z)" iank@posteo.de
+/usr/sbin/exim -t <<EOF
+From: ian@iankelling.org
+To: iank@posteo.de
+Subject: primary_test $(date +%s) $(date +%Y-%m-%dT%H:%M:%S%z)
+
+eom
EOF
+EOFOUTER
chmod +x $f
cat >/etc/cron.d/mailtest <<EOF
SHELL=/bin/bash
# running as user just because no need to run as root
-*/10 * * * * $u $f 2>&1 | log-once send-test-forward
-*/10 * * * * $u /usr/local/bin/mailtest-check 2>&1 | log-once -1 send-test-forward
-*/10 * * * * root chmod -R g+rw /m/md/bounces 2>&1 | log-once -1 bounces-chmod
+*/10 * * * * $u $f 2>&1 | /usr/local/bin/log-once send-test-forward
+*/10 * * * * $u /usr/local/bin/mailtest-check 2>&1 | /usr/local/bin/log-once -1 mailtest-check
+*/10 * * * * root chmod -R g+rw /m/md/bounces 2>&1 | /usr/local/bin/log-once -1 bounces-chmod
EOF
cp /a/bin/distro-setup/filesystem/usr/local/bin/mailtest-check /usr/local/bin
else