mostly fixes

[distro-setup] / mail-setup

diff --git a/mail-setup b/mail-setup
index 041ab1d58db145e8ea8a2d8af07a1d60eb4db073..98723469b8d144e84855f68875e2545b6e4d1929 100755 (executable)
--- a/mail-setup
+++ b/mail-setup
@@ -14,6 +14,9 @@
 # todo: handle errors like this:
 # Mar 02 12:44:26 kw systemd[1]: exim4.service: Found left-over process 68210 (exim4) in control group while starting unit. Ignoring.
 # Mar 02 12:44:26 kw systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
+#eg: on eggs, on may 1st, ps grep for exim, 2 daemons running. 1 leftover from a month ago
+#Debian-+  1954     1  0 36231 11560   4 Apr02 ?        00:40:25 /usr/sbin/exim4 -bd -q30m
+#Debian-+ 23058  1954  0 36821 10564   0 20:38 ?        00:00:00 /usr/sbin/exim4 -bd -q30m
 
 #  todo: harden dovecot. need to do some research. one way is for it to only listen on a wireguard vpn interface, so only clients that are on the vpn can access it.
 #  todo: consider hardening cups listening on 0.0.0.0
@@ -287,7 +290,8 @@ i() { # install file
   local base="${dest##*/}"
   local dir="${dest%/*}"
   if [[ $dir != "$base" ]]; then
-    mkdir -p ${dest%/*}
+    # dest has a directory component
+    mkdir -p "$dir"
   fi
   ir=false # i result
   tmpdir=$(mktemp -d)
@@ -1162,17 +1166,17 @@ DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to
 
 domainlist local_hostnames = ! je.b8.nz : ! bk.b8.nz : *.b8.nz : b8.nz
 
-hostlist iank_trusted = <; \\
+hostlist iank_trusted = <; \
 # veth0
-10.173.8.1 ; \\
+10.173.8.1 ; \
 # li li_ip6
-72.14.176.105 ; 2600:3c00::f03c:91ff:fe6d:baf8 ; \\
+72.14.176.105 ; 2600:3c00::f03c:91ff:fe6d:baf8 ; \
 # li_vpn_net li_vpn_net_ip6s
-10.8.0.0/24; 2600:3c00:e000:280::/64 ; 2600:3c00:e002:3800::/56 ;  \\
+10.8.0.0/24; 2600:3c00:e000:280::/64 ; 2600:3c00:e002:3800::/56 ;  \
 # bk bk_ip6
-85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; \\
+85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; \
 # je je_ipv6
-85.119.82.128 ; 2001:ba8:1f1:f09d::2 ; \\
+85.119.82.128 ; 2001:ba8:1f1:f09d::2 ; \
 # fsf_mit_net fsf_mit_net_ip6 fsf_net fsf_net_ip6 fsf_office_net
 18.4.89.0/24 ; 2603:3005:71a:2e00::/64 ; 209.51.188.0/24 ; 2001:470:142::/48 ; 74.94.156.208/28
 
@@ -1186,8 +1190,6 @@ delay_warning_condition = ${if or {\
   { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }\
   { match_domain{$domain}{+local_domains} }\
   } {no}{yes}}
-
-
 EOF
 
 rm -fv /etc/exim4/rcpt_local_acl # old path
@@ -1227,8 +1229,7 @@ warn
 
 warn
   !hosts = +iank_trusted
-  # They dont send spam, but needed this because
-  # smarthosts connect with residential ips and thus get flagged as spam.
+  # Smarthosts connect with residential ips and thus get flagged as spam if we do a spam check.
   !authenticated = plain_server:login_server
   condition = ${if < {$message_size}{5000K}}
   spam = Debian-exim:true
@@ -1239,6 +1240,7 @@ warn
   add_header = X-Spam_action: $spam_action
 
 warn
+  !hosts = +iank_trusted
   !authenticated = plain_server:login_server
   condition = ${if def:malware_name}
   remove_header = Subject:
@@ -3302,7 +3304,9 @@ EOFOUTER
     ;;
   *)
     soff mailtest-check.service
-    rm -fv /etc/cron.d/mailtest /var/lib/prometheus/node-exporter/mailtest-check.prom*
+    rm -fv /etc/cron.d/mailtest \
+       /var/lib/prometheus/node-exporter/mailtest-check.prom* \
+       /var/local/cron-errors/check-remote-mailqs*
     ;;
 esac