# todo: handle errors like this:
# Mar 02 12:44:26 kw systemd[1]: exim4.service: Found left-over process 68210 (exim4) in control group while starting unit. Ignoring.
# Mar 02 12:44:26 kw systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
+#eg: on eggs, on may 1st, ps grep for exim, 2 daemons running. 1 leftover from a month ago
+#Debian-+ 1954 1 0 36231 11560 4 Apr02 ? 00:40:25 /usr/sbin/exim4 -bd -q30m
+#Debian-+ 23058 1954 0 36821 10564 0 20:38 ? 00:00:00 /usr/sbin/exim4 -bd -q30m
# todo: harden dovecot. need to do some research. one way is for it to only listen on a wireguard vpn interface, so only clients that are on the vpn can access it.
# todo: consider hardening cups listening on 0.0.0.0
local base="${dest##*/}"
local dir="${dest%/*}"
if [[ $dir != "$base" ]]; then
- mkdir -p ${dest%/*}
+ # dest has a directory component
+ mkdir -p "$dir"
fi
ir=false # i result
tmpdir=$(mktemp -d)
esac
done
-if ! grep -q "^ncsoft:" /etc/aliases; then
- echo "ncsoft: graceq2323@gmail.com" |m tee -a /etc/aliases
-fi
+. /a/bin/bash_unpublished/priv-mail-setup
m gpasswd -a iank adm #needed for reading logs
{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }\
{ match_domain{$domain}{+local_domains} }\
} {no}{yes}}
+
+
+# enable 587 in addition to the default 25, so that
+# i can send mail where port 25 is firewalled by isp
+daemon_smtp_ports = 25 : 587
+# default of 25, can get stuck when catching up on mail
+smtp_accept_max = 400
+smtp_accept_reserve = 100
+smtp_reserve_hosts = +iank_trusted
+
+# Rules that make receiving more liberal should be on backup hosts
+# so that we dont reject mail accepted by MAIL_HOST
+LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE = /etc/exim4/conf.d/local_deny_exceptions_acl
EOF
rm -fv /etc/exim4/rcpt_local_acl # old path
warn
!hosts = +iank_trusted
- # They dont send spam, but needed this because
- # smarthosts connect with residential ips and thus get flagged as spam.
+ # Smarthosts connect with residential ips and thus get flagged as spam if we do a spam check.
!authenticated = plain_server:login_server
condition = ${if < {$message_size}{5000K}}
spam = Debian-exim:true
add_header = X-Spam_action: $spam_action
warn
+ !hosts = +iank_trusted
!authenticated = plain_server:login_server
condition = ${if def:malware_name}
remove_header = Subject:
CHECK_RCPT_REVERSE_DNS = true
CHECK_MAIL_HELO_ISSUED = true
-# enable 587 in addition to the default 25, so that
-# i can send mail where port 25 is firewalled by isp
-daemon_smtp_ports = 25 : 587
-# default of 25, can get stuck when catching up on mail
-smtp_accept_max = 400
-smtp_accept_reserve = 100
-smtp_reserve_hosts = +iank_trusted
-# options exim has to avoid having to alter the default config files
-CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/conf.d/rcpt_local_acl
CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/conf.d/data_local_acl
-LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE = /etc/exim4/conf.d/local_deny_exceptions_acl
+CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/conf.d/rcpt_local_acl
+
# testing dmarc
#dmarc_tld_file = /etc/public_suffix_list.dat
+
EOF
;;&
;;
*)
soff mailtest-check.service
- rm -fv /etc/cron.d/mailtest /var/lib/prometheus/node-exporter/mailtest-check.prom*
+ rm -fv /etc/cron.d/mailtest \
+ /var/lib/prometheus/node-exporter/mailtest-check.prom* \
+ /var/local/cron-errors/check-remote-mailqs*
;;
esac
iankelling.org / git / distro-setup / blobdiff