# Copyright (C) 2019 Ian Kelling
# SPDX-License-Identifier: AGPL-3.0-or-later
+# todo: check new macro DKIM_TIMESTAMPS
+
+# todo: check if REMOTE_SMTP_INTERFACE or REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE can simplify my or fsfs config
+
# todo: max line length macro changed in t11. look into it
# todo: check that all macros we use are still valid in t11
elif [[ -s /a/bin/errhandle/err ]]; then
source /a/bin/errhandle/err
else
- err "no err tracing script found"
+ echo "no err tracing script found"
+ exit 1
fi
source /a/bin/distro-functions/src/identify-distros
source /a/bin/distro-functions/src/package-manager-abstractions
done
} | i /etc/exim4/conf.d/my-dkim-domains
-cat >/etc/exim4/conf.d/transport/11_iank <<'EOF'
+if grep -Fq REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS \
+ /etc/exim4/conf.d/transport/10_exim4-config_transport-macros; then
+ cat >/etc/exim4/conf.d/transport/11_iank <<'EOF'
# This unsets the default macro defined in on t11 in
# /etc/exim4/conf.d/transport/10_exim4-config_transport-macros
# It seems like a very odd choice that this has become
# auth. Oh well.
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS ==
EOF
+else
+ rm -f /etc/exim4/conf.d/transport/11_iank
+fi
cat >/etc/exim4/conf.d/main/000_local <<'EOF'
MAIN_TLS_ENABLE = true
# other says gmail does not reject. figure out and open a new bug.
IGNORE_SMTP_LINE_LENGTH_LIMIT = true
-# more verbose logs
-MAIN_LOG_SELECTOR = +all
+# more verbose logs. used to use +all, but made it less for more efficiency.
+MAIN_LOG_SELECTOR = -tls_cipher -tls_certificate_verified +pid +received_recipients +received_sender +sender_on_delivery +return_path_on_delivery +msg_id_created +subject +address_rewrite +smtp_confirmation
# Based on spec, seems like a good idea to be nice.
smtp_return_error_details = true
DKIM_CANON = relaxed
DKIM_SELECTOR = li
-# From comments in
-# https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
-# and its best for this to align https://tools.ietf.org/html/rfc7489#page-8
-# There could be some circumstance when the
-# from: isnt our domain, but the envelope sender is
-# and so still want to sign, but I cant think of any case.
-#DKIM_DOMAIN = ${lc:${domain:$rh_from:}}
-# In t11, we cant do the above anymore because this is tainted data used in a file lookup.
-# /usr/share/doc/exim4/NEWS.Debian.gz suggests to use lookups to untaint data.
-DKIM_DOMAIN = ${lookup {${domain:$rh_from:}}lsearch,ret=key{/etc/exim4/conf.d/my-dkim-domains}}
# The file is based on the outgoing domain-name in the from-header.
# sign if key exists
LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE = /etc/exim4/conf.d/local_deny_exceptions_acl
EOF
+if dpkg --compare-versions "$(dpkg-query -f='${Version}\n' --show exim4)" ge 4.94; then
+ cat >>/etc/exim4/conf.d/main/000_local <<'EOF'
+# In t11, we cant do the old anymore because this is tainted data used in a file lookup.
+# /usr/share/doc/exim4/NEWS.Debian.gz suggests to use lookups to untaint data.
+DKIM_DOMAIN = ${lookup {${domain:$rh_from:}}lsearch,ret=key{/etc/exim4/conf.d/my-dkim-domains}}
+EOF
+else
+ cat >>/etc/exim4/conf.d/main/000_local <<'EOF'
+# From comments in
+# https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
+# and its best for this to align https://tools.ietf.org/html/rfc7489#page-8
+# There could be some circumstance when the
+# from: isnt our domain, but the envelope sender is
+# and so still want to sign, but I cant think of any case.
+DKIM_DOMAIN = ${lc:${domain:$rh_from:}}
+EOF
+fi
+
rm -fv /etc/exim4/rcpt_local_acl # old path
i /etc/exim4/conf.d/local_deny_exceptions_acl <<'EOF'
EOF
+
+# old file
+rm -fv /etc/exim4/conf.d/router/8{8,9}0_backup_copy \
+ /etc/exim4/conf.d/router/865_backup_redir \
+ /etc/exim4/conf.d/router/870_backup_local
+
+# It is important for this to exist everywhere except in MAIL_HOST
+# non-nn config. Previously, just had it in the nn-config on MAIL_HOST,
+# but that is a problem if we change mail host and still have something
+# in the queue which was destined for this router, but hosts were
+# unreachable, the routers will be reevaluated on the next retry.
+i /etc/exim4/conf.d/router/170_backup_copy <<EOF
+### router/900_exim4-config_local_user
+#################################
+
+backup_copy:
+driver = manualroute
+domains = eximbackup.b8.nz
+transport = backup_remote
+ignore_target_hosts = ${HOSTNAME}wg.b8.nz
+# note changes here also require change in passwd.client
+route_list = * eximbackup.b8.nz
+same_domain_copy_routing = yes
+errors_to = alerts@iankelling.org
+no_more
+EOF
+
+
+# exim4-config transports are the same as default except for
+# message_linelength_limit = 2097152
+#
+# TODO: copy the defaults into their own file, and setup a cronjob so
+# that if file.dpkg-dist shows up, and it is different, we get an alert.
+
+i /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost <<'EOF'
+### transport/30_exim4-config_remote_smtp_smarthost
+#################################
+
+# This transport is used for delivering messages over SMTP connections
+# to a smarthost. The local host tries to authenticate.
+# This transport is used for smarthost and satellite configurations.
+
+remote_smtp_smarthost:
+ debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
+ driver = smtp
+ message_linelength_limit = 2097152
+ multi_domain
+ hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
+ {\
+ ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
+ }\
+ {} \
+ }
+.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
+ hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+ hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
+ tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
+ tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
+.endif
+.ifdef REMOTE_SMTP_HEADERS_REWRITE
+ headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
+.endif
+.ifdef REMOTE_SMTP_RETURN_PATH
+ return_path = REMOTE_SMTP_RETURN_PATH
+.endif
+.ifdef REMOTE_SMTP_HELO_DATA
+ helo_data=REMOTE_SMTP_HELO_DATA
+.endif
+.ifdef TLS_DH_MIN_BITS
+tls_dh_min_bits = TLS_DH_MIN_BITS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
+tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+.endif
+.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+ headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_PROTOCOL
+ protocol = REMOTE_SMTP_SMARTHOST_PROTOCOL
+.endif
+EOF
+
+i /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp <<'EOF'
+### transport/30_exim4-config_remote_smtp
+#################################
+# This transport is used for delivering messages over SMTP connections.
+
+remote_smtp:
+ debug_print = "T: remote_smtp for $local_part@$domain"
+ driver = smtp
+ message_linelength_limit = 2097152
+.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
+ hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
+.endif
+.ifdef REMOTE_SMTP_HEADERS_REWRITE
+ headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
+.endif
+.ifdef REMOTE_SMTP_RETURN_PATH
+ return_path = REMOTE_SMTP_RETURN_PATH
+.endif
+.ifdef REMOTE_SMTP_HELO_DATA
+ helo_data=REMOTE_SMTP_HELO_DATA
+.endif
+.ifdef REMOTE_SMTP_INTERFACE
+ interface = REMOTE_SMTP_INTERFACE
+.endif
+.ifdef DKIM_DOMAIN
+dkim_domain = DKIM_DOMAIN
+.endif
+.ifdef DKIM_IDENTITY
+dkim_identity = DKIM_IDENTITY
+.endif
+.ifdef DKIM_SELECTOR
+dkim_selector = DKIM_SELECTOR
+.endif
+.ifdef DKIM_PRIVATE_KEY
+dkim_private_key = DKIM_PRIVATE_KEY
+.endif
+.ifdef DKIM_CANON
+dkim_canon = DKIM_CANON
+.endif
+.ifdef DKIM_STRICT
+dkim_strict = DKIM_STRICT
+.endif
+.ifdef DKIM_SIGN_HEADERS
+dkim_sign_headers = DKIM_SIGN_HEADERS
+.endif
+.ifdef DKIM_TIMESTAMPS
+dkim_timestamps = DKIM_TIMESTAMPS
+.endif
+.ifdef TLS_DH_MIN_BITS
+tls_dh_min_bits = TLS_DH_MIN_BITS
+.endif
+.ifdef REMOTE_SMTP_TLS_CERTIFICATE
+tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
+.endif
+.ifdef REMOTE_SMTP_PRIVATEKEY
+tls_privatekey = REMOTE_SMTP_PRIVATEKEY
+.endif
+.ifdef REMOTE_SMTP_HOSTS_REQUIRE_TLS
+ hosts_require_tls = REMOTE_SMTP_HOSTS_REQUIRE_TLS
+.endif
+.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+ headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+.endif
+
+EOF
+
+i /etc/exim4/conf.d/transport/30_backup_remote <<'EOF'
+backup_remote:
+ driver = smtp
+ multi_domain
+ message_linelength_limit = 2097152
+ hosts_require_auth = *
+ hosts_try_auth = *
+ envelope_to_add
+ # manual return path because we want it to be the envelope sender
+ # we got not the one we are using in this smtp transport
+ headers_add = "Return-path: $sender_address"
+.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
+ hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+ hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
+ tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
+ tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOST
+.endif
+.ifdef REMOTE_SMTP_HEADERS_REWRITE
+ headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
+.endif
+.ifdef REMOTE_SMTP_HELO_DATA
+ helo_data=REMOTE_SMTP_HELO_DATA
+.endif
+.ifdef TLS_DH_MIN_BITS
+tls_dh_min_bits = TLS_DH_MIN_BITS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
+tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+.endif
+.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+ headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+.endif
+EOF
+
i /etc/exim4/conf.d/router/900_exim4-config_local_user <<'EOF'
### router/900_exim4-config_local_user
#################################
remote_smtp_vpn:
debug_print = "T: remote_smtp_vpn for $local_part@$domain"
driver = smtp
+ message_linelength_limit = 2097152
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
smarthost_dkim:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
+ message_linelength_limit = 2097152
multi_domain
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
# in the log it just says "Starting Radicale". If you run
# it in the foreground, it will give more info. Background
# plus debug does not help.
- # sudo -u radicale radicale -D -f
+ # sudo -u radicale radicale -D
# created password file with:
# htpasswd -c /p/c/machine_specific/li/filesystem/etc/caldav-htpasswd
rcdir=${rcdirs[i]}
rcbase=${rcdir##*/}
ncdir=${ncdirs[i]}
+ myncdir=/root/${ncdir##*/}
+ mkdir -p $myncdir
# copied from debians cronjob
i /etc/cron.d/$rcbase <<EOF
### begin php setup for rc ###
# Enable PHP modules.
m phpenmod -v php mcrypt imap
- # dpkg says this is required
+ # dpkg says this is required.
+ # nextcloud needs these too
m a2enmod proxy_fcgi setenvif
fpm=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* (php[^ ]*-fpm)( .*|$)/\1/p') # eg: php7.4-fpm
phpver=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* php([^ ]*)-fpm( .*|$)/\1/p')
m rm -f $file
m chown -R www-data.www-data nextcloud
m mv nextcloud $ncdir
+ fi
+
+ if [[ ! -e $myncdir/done-install ]]; then
m cd $ncdir
m sudo -u www-data php occ maintenance:install --database sqlite --admin-user iank --admin-pass $nextcloud_admin_pass
+ m touch $myncdir/done-install
fi
+
# note, strange this happend where updater did not increment the version var,
# mine was stuck on 20. I manually updated it.
m cd $ncdir/config
- if [[ ! -e config.php-orig ]]; then
- m cp -a config.php config.php-orig
+ if [[ ! -e $myncdir/config.php-orig ]]; then
+ m cp -a config.php $myncdir/config.php-orig
fi
- cat config.php-orig - >tmp.php <<EOF
+ cat $myncdir/config.php-orig - >$myncdir/tmp.php <<EOF
# https://docs.nextcloud.com/server/19/admin_manual/configuration_server/email_configuration.html
\$CONFIG["mail_smtpmode"] = "sendmail";
\$CONFIG["mail_smtphost"] = "127.0.0.1";
var_export(\$CONFIG);
fwrite(STDOUT, ";\n");
EOF
- e running php tmp.php
- php tmp.php >config.php
- # leave in place for debugging
- #m rm -f tmp.php
- m sudo -u www-data php $ncdir/occ maintenance:update:htaccess
+ e running php $myncdir/tmp.php
+ # note: we leave it around place for debugging
+ php $myncdir/tmp.php >config.php
+ cd $ncdir
+ m sudo -u www-data php occ maintenance:update:htaccess
list=$(sudo -u www-data php $ncdir/occ --output=json_pretty app:list)
# user_external not compaible with nc 23
for app in contacts calendar; do
if [[ $(printf "%s\n" "$list"| jq ".enabled.$app") == null ]]; then
- m sudo -u www-data php $ncdir/occ app:install $app
+ cd $ncdir
+ m sudo -u www-data php occ app:install $app
fi
done
i /etc/systemd/system/$ncbase.service <<EOF
ncbase=$1
cd /var/www/$ncbase
+# https://docs.nextcloud.com/server/22/admin_manual/maintenance/update.html?highlight=updater+phar
m php /var/www/$ncbase/updater/updater.phar -n
-# just being overly cautious
-sleep 3
-m php occ -n upgrade
EOFOUTER
chmod +x /usr/local/bin/ncup
# ** $MAIL_HOST|bk|je)
$MAIL_HOST|bk|je)
- echo|i /etc/exim4/conf.d/router/870_backup_local
+ echo|i /etc/exim4/conf.d/router/165_backup_local
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
# note: some things we don't set that are here by default because they are unused.
# which required using a dedicated user, but realized smtp will be
# more reliable and less fuss. If I ever need that again, see the
# history of this file, and bum in brc2.
-
- i /etc/exim4/conf.d/router/890_backup_copy <<EOF
-### router/900_exim4-config_local_user
-#################################
-
-# todo, it would be nice to save sent email too,
-# but its not so important, they still exist in my head
-
-backup_redir:
+ i /etc/exim4/conf.d/router/161_backup_redir_nn <<'EOF'
+backup_redir_nn:
driver = redirect
-domains = +local_domains
# b is just an arbirary short string
data = b@eximbackup.b8.nz
+condition = ${if !bool{${lookup{$local_part@$domain}lsearch{/etc/exim4/ignore-sent}{true}}}}
# note, to test this, i could temporarily allow testignore.
# alerts avoids potential mail loop. root is already
# redirected earlier, so that is just being overly cautious.
local_parts = ! root : ! testignore : ! alerts
unseen = true
-
-backup_copy:
-driver = manualroute
-domains = eximbackup.b8.nz
-transport = backup_remote
-ignore_target_hosts = ${HOSTNAME}wg.b8.nz
-# note changes here also require change in passwd.client
-route_list = * eximbackup.b8.nz
-same_domain_copy_routing = yes
errors_to = alerts@iankelling.org
-no_more
EOF
- i /etc/exim4/conf.d/transport/30_backup_remote <<'EOF'
-backup_remote:
- driver = smtp
- multi_domain
-.ifdef IGNORE_SMTP_LINE_LENGTH_LIMIT
- message_linelength_limit = 1000000
-.endif
- hosts_require_auth = *
- hosts_try_auth = *
- envelope_to_add
- # manual return path because we want it to be the envelope sender
- # we got not the one we are using in this smtp transport
- headers_add = "Return-path: $sender_address"
-.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
- hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
-.endif
-.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
- hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
-.endif
-.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
- tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
-.endif
-.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
- tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOST
-.endif
-.ifdef REMOTE_SMTP_HEADERS_REWRITE
- headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
-.endif
-.ifdef REMOTE_SMTP_HELO_DATA
- helo_data=REMOTE_SMTP_HELO_DATA
-.endif
-.ifdef TLS_DH_MIN_BITS
-tls_dh_min_bits = TLS_DH_MIN_BITS
-.endif
-.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
-tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
-.endif
-.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
-tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
-.endif
-.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
- headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
-.endif
-EOF
-
- # This allows for forward mail to not get most rcpt checks, especially SPF,
+ # This allows for forwarded mail to not get most rcpt checks, especially SPF,
# which would incorrectly get denied.
i /etc/exim4/host_local_deny_exceptions <<'EOF'
mail.fsf.org
!authenticated = *
domains = +local_hostnames
message = no relay
+
+# for testing bounce behavior
+#deny
+# senders = testlist-bounces+test=zroe.org@fsf.org
+# message = iank-bounce
EOF
echo|i /etc/exim4/conf.d/router/880_universal_forward
MAILDIR_HOME_MAILDIR_LOCATION = /m/md/Sent
EOF
- # for iank@fsf.org, i have mail.fsf.org forward it to fsf@iankelling.org.
- # and also have mail.iankelling.org whitelisted as a relay domain.
- # I could avoid that if I changed this to submit to 587 with a
- # password like a standard mua.
- i /etc/exim4/conf.d/router/188_exim4-config_smarthost <<'EOF'
+
+ i /etc/exim4/conf.d/router/186_sentarchive_nn <<'EOF'
# ian: save a copy of sent mail. i thought of other ways to
# do this, for example, to only save sent mail that is not sent
# from my mail client which saves a copy by default, but in the
# end, it seems simplest to turn that off. We want to save
# external mail sent by smarthosts.
-sentarchive:
+sentarchive_nn:
driver = redirect
domains = ! +local_domains
condition = ${if !bool{${lookup{$local_part@$domain}lsearch{/etc/exim4/ignore-sent}{true}}}}
data = vojdedIdNejyebni@b8.nz
unseen
+EOF
+
+ # for iank@fsf.org, i have mail.fsf.org forward it to fsf@iankelling.org.
+ # and also have mail.iankelling.org whitelisted as a relay domain.
+ # I could avoid that if I changed this to submit to 587 with a
+ # password like a standard mua.
+ i /etc/exim4/conf.d/router/188_exim4-config_smarthost <<'EOF'
# ian: copied from /etc/exim4/conf.d/router/200_exim4-config_primary, and added senders = and
# replaced DCsmarthost with hostname
fsfsmarthost:
## we use this host to monitor MAIL_HOST and host a mail server for someone
bk)
- echo|i /etc/exim4/conf.d/rcpt_local_acl
- echo|i /etc/exim4/conf.d/router/880_universal_forward
/a/exe/cedit nn /etc/hosts <<'EOF' || [[ $? == 1 ]]
10.173.8.2 nn.b8.nz
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
dc_other_hostnames='je.b8.nz'
EOF
- echo|i /etc/exim4/conf.d/router/188_exim4-config_smarthost
- echo|i /etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost
- echo|i /etc/exim4/conf.d/rcpt_local_acl
- echo|i /etc/exim4/conf.d/router/880_universal_forward
;;
# ** not MAIL_HOST|bk|je
*)
# this one should be removed for all non mail hosts, but
# bk and je never become mail_host
echo|i /etc/exim4/conf.d/router/195_dnslookup_vpn
-
+ echo|i /etc/exim4/conf.d/router/160_backup_redir
+ echo|i /etc/exim4/conf.d/router/161_backup_redir_nn
+ echo|i /etc/exim4/conf.d/router/185_sentarchive
+ echo|i /etc/exim4/conf.d/router/186_sentarchive_nn
echo|i /etc/exim4/conf.d/router/188_exim4-config_smarthost
echo|i /etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost
echo|i /etc/exim4/conf.d/rcpt_local_acl
- echo|i /etc/exim4/conf.d/router/890_backup_copy
echo|i /etc/exim4/conf.d/main/000_local-nn
echo|i /etc/exim4/conf.d/clamav_data_acl
mode_fail_narrower = false
EOF
- i /etc/exim4/conf.d/router/870_backup_local <<'EOF'
+ i /etc/exim4/conf.d/router/165_backup_local <<'EOF'
### router/900_exim4-config_local_user
#################################
# ** $MAILHOST|bk, things that belong at the end
case $HOSTNAME in
$MAIL_HOST|bk)
- # config for the non-nn exim
- m rsync -ra --delete --delete-excluded --exclude=/conf.d/main/000_local-nn /etc/exim4/ /etc/myexim4
+ # config for the non-nn exim. note, it uses not default dir, but we
+ # generate that into the default config file
+ m rsync -ra --delete --delete-excluded \
+ --exclude=/conf.d/router/161_backup_redir_nn \
+ --exclude=/conf.d/router/186_sentarchive_nn \
+ --exclude=/conf.d/main/000_local-nn /etc/exim4/ /etc/myexim4
cat >>/etc/myexim4/conf.d/main/000_local <<'EOF'
# this makes it easier to see which exim is doing what
log_file_path = /var/log/exim4/my%s
bk)
# config for the non-nn exim
- cat >/etc/myexim4/conf.d/main/000_local-nn <<'EOF'
+ cat >>/etc/myexim4/conf.d/main/000_local <<'EOF'
MAIN_HARDCODE_PRIMARY_HOSTNAME = mail2.iankelling.org
EOF
;;
$MAIL_HOST)
+
+
+ i /etc/myexim4/conf.d/router/185_sentarchive <<'EOF'
+sentarchive:
+ driver = redirect
+ domains = ! +local_domains
+ senders = <; *@fsf.org ; *@posteo.net
+ condition = ${if !bool{${lookup{$local_part@$domain}lsearch{/etc/exim4/ignore-sent}{true}}}}
+ data = vojdedIdNejyebni@b8.nz
+ unseen
+EOF
+
+
+ i /etc/myexim4/conf.d/router/160_backup_redir <<'EOF'
+backup_redir:
+driver = redirect
+# i dont email myself from my own machine much, so lets ignore that.
+domains = ! +local_domains
+senders = <; *@fsf.org ; *@posteo.net
+condition = ${if !bool{${lookup{$local_part@$domain}lsearch{/etc/exim4/ignore-sent}{true}}}}
+# b is just an arbirary short string
+data = b@eximbackup.b8.nz
+# note, to test this, i could temporarily allow testignore.
+# alerts avoids potential mail loop.
+local_parts = ! root : ! testignore : ! alerts : ! daylert
+unseen = true
+errors_to = alerts@iankelling.org
+EOF
+
+
+
# for bk, we have a exim4in.service that will do this for us.
m update-exim4.conf -d /etc/myexim4
;;
# Dont put these test messages into the sent folder or else it will
# overwhelm it, plus i dont want to save a copy at all.
- rm -f /etc/exim4/ignore-sent
- for t in ${test_tos[@]}; do
- echo $t >> /etc/exim4/ignore-sent
- done
+ # Plus addresses we generally want to ignore.
+ i /etc/exim4/ignore-sent <<EOF
+$(printf "%s\n" ${test_tos[@]})
+vojdedIdNejyebni@b8.nz
+b@eximbackup.b8.nz
+EOF
cat >/usr/local/bin/send-test-forward <<'EOF'
#!/bin/bash
iankelling.org / git / distro-setup / blobdiff