X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-setup;h=1fd8fe88afb7df413844182b86002a184b4f65a0;hb=4c39892ef8fa3379ce36adbe870723324cb71cea;hp=09c33d773e758917d5b0f5600bc02c9e301a67ac;hpb=e7708e1261357b00d17f4baffb7051e97f7e8623;p=distro-setup diff --git a/mail-setup b/mail-setup index 09c33d7..1fd8fe8 100755 --- a/mail-setup +++ b/mail-setup @@ -144,6 +144,8 @@ fi # The full list of option settings for any particular driver instance, # including all the defaulted values, can be extracted by making use of # the -bP command line option. +# exim -bP config_file to see what config file it used +# exim -bP config to see # exim clear out message queue. as root: # adapted from somewhere on stackoverflow. @@ -260,7 +262,7 @@ EOF else # begin exim. has debian specific stuff for now if [[ -e /p/c/filesystem ]]; then - /a/exe/vpn-mk-client-cert -n mail li + /a/exe/vpn-mk-client-cert -b mail -n mail li fi cat >/etc/systemd/system/mailroute.service <<'EOF' @@ -479,19 +481,121 @@ LOCAL_DELIVERY = dovecot_lmtp # options exim has to avoid having to alter the default config files CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/rcpt_local_acl CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/data_local_acl + +# debian exim config added this in 2016 or so? +# it's part of the smtp spec, to limit lines to 998 chars +# but a fair amount of legit mail does not adhere to it. I don't think +# this should be default, like it says in +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828801 +# todo: the bug for introducing this was about headers, but +# the fix maybe is for all lines? one says gmail rejects, the +# other says gmail does not reject. figure out and open a new bug. +IGNORE_SMTP_LINE_LENGTH_LIMIT = true +EOF + + + ####### begin dovecot setup ######## + # based on a little google and package search, just the dovecot + # packages we need instead of dovecot-common. + # + # dovecot-lmtpd is for exim to deliver to dovecot instead of maildir + # directly. The reason to do this is to use dovecot\'s sieve, which + # has extensions that allow it to be almost equivalent to exim\'s + # filter capabilities, some ways probably better, some worse, and + # sieve has the benefit of being supported in postfix and + # proprietary/weird environments, so there is more examples on the + # internet. I was torn about whether to do this or not, meh. + apt-get -y install --purge --auto-remove \ + dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd + + # if we changed 90-sieve.conf and removed the active part of the + # sieve option, we wouldn\'t need this, but I\'d rather not modify a + # default config if not needed. This won\'t work as a symlink in /a/c + # unfortunately. + sudo -u $postmaster /a/exe/lnf -T sieve/main.sieve $(eval echo ~$postmaster)/.dovecot.sieve + + sed -ri -f - /etc/dovecot/conf.d/10-mail.conf <<'EOF' +1i mail_location = maildir:/m/md:LAYOUT=fs:INBOX=/m/md/INBOX +/^\s*mail_location\s*=/d +EOF + + cat >/etc/dovecot/conf.d/20-lmtp.conf <<'EOF' +protocol lmtp { +#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration + mail_plugins = $mail_plugins sieve +# default was + #mail_plugins = $mail_plugins + +# For a normal setup with exim, we need something like this, which +# removes the domain part +# auth_username_format = %Ln +# +# or else # Exim says something like +# "LMTP error after RCPT ... 550 ... User doesn't exist someuser@somedomain" +# Dovecot verbose log says something like +# "auth-worker(9048): passwd(someuser@somedomain): unknown user" +# reference: http://wiki.dovecot.org/LMTP/Exim +# +# However, I use this to direct all mail to the same inbox. +# A normal way to do this, which I did at first is to have +# a router in exim almost at the end, eg 950, +#local_catchall: +# debug_print = "R: catchall for $local_part@$domain" +# driver = redirect +# domains = +local_domains +# data = ian +# based on +# http://blog.alteholz.eu/2015/04/exim4-and-catchall-email-address/ +# with superflous options removed. +# However, this causes the envelope to be rewritten, +# which makes filtering into mailboxes a little less robust or more complicated, +# so I've done it this way instead. it also requires +# modifying the local router in exim. + auth_username_format = ian +} + +EOF + + + cat >/etc/dovecot/local.conf <<'EOF' +# so I can use a different login that my shell login for mail. this is +# worth doing solely for the reason that if this login is compromised, +# it won't also compromise my shell password. +!include conf.d/auth-passwdfile.conf.ext + +# settings derived from wiki and 10-ssl.conf +ssl = required +ssl_cert = /dev/null ||: systemctl stop offlineimapsync.timer &>/dev/null ||: systemctl disable openvpn-client@mail systemctl stop openvpn-client@mail + systemctl disable dovecot ||: + systemctl stop dovecot ||: # # # would only exist because I wrote it i the previous condition, @@ -536,6 +640,9 @@ Description=spamd dns bug fix cronjob Type=oneshot ExecStart=/a/bin/distro-setup/spamd-dns-fix EOF + # 2017-09, debian closed the bug on this saying upstream had fixed it. + # remove this when i'm using the newer package, ie, debian 10, or maybe + # ubuntu 18.04. cat >/etc/systemd/system/spamddnsfix.timer <<'EOF' [Unit] Description=run spamd bug fix script every 10 minutes @@ -603,94 +710,7 @@ EOF systemctl enable mailcert.timer - ####### begin dovecot setup ######## - if [[ $HOSTNAME == $MAIL_HOST ]]; then - # based on a little google and package search, just the dovecot - # packages we need instead of dovecot-common. - # - # dovecot-lmtpd is for exim to deliver to dovecot instead of maildir - # directly. The reason to do this is to use dovecot\'s sieve, which - # has extensions that allow it to be almost equivalent to exim\'s - # filter capabilities, some ways probably better, some worse, and - # sieve has the benefit of being supported in postfix and - # proprietary/weird environments, so there is more examples on the - # internet. I was torn about whether to do this or not, meh. - apt-get -y install --purge --auto-remove \ - dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd - - # if we changed 90-sieve.conf and removed the active part of the - # sieve option, we wouldn\'t need this, but I\'d rather not modify a - # default config if not needed. This won\'t work as a symlink in /a/c - # unfortunately. - sudo -u $postmaster /a/exe/lnf -T sieve/main.sieve $(eval echo ~$postmaster)/.dovecot.sieve - - sed -ri -f - /etc/dovecot/conf.d/10-mail.conf <<'EOF' -1i mail_location = maildir:/m/md:LAYOUT=fs:INBOX=/m/md/INBOX -/^\s*mail_location\s*=/d -EOF - - cat >/etc/dovecot/conf.d/20-lmtp.conf <<'EOF' -protocol lmtp { -#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration - mail_plugins = $mail_plugins sieve -# default was - #mail_plugins = $mail_plugins - -# For a normal setup with exim, we need something like this, which -# removes the domain part -# auth_username_format = %Ln -# -# or else # Exim says something like -# "LMTP error after RCPT ... 550 ... User doesn't exist someuser@somedomain" -# Dovecot verbose log says something like -# "auth-worker(9048): passwd(someuser@somedomain): unknown user" -# reference: http://wiki.dovecot.org/LMTP/Exim -# -# However, I use this to direct all mail to the same inbox. -# A normal way to do this, which I did at first is to have -# a router in exim almost at the end, eg 950, -#local_catchall: -# debug_print = "R: catchall for $local_part@$domain" -# driver = redirect -# domains = +local_domains -# data = ian -# based on -# http://blog.alteholz.eu/2015/04/exim4-and-catchall-email-address/ -# with superflous options removed. -# However, this causes the envelope to be rewritten, -# which makes filtering into mailboxes a little less robust or more complicated, -# so I've done it this way instead. it also requires -# modifying the local router in exim. - auth_username_format = ian -} - -EOF - - - cat >/etc/dovecot/local.conf <<'EOF' -# so I can use a different login that my shell login for mail. this is -# worth doing solely for the reason that if this login is compromised, -# it won't also compromise my shell password. -!include conf.d/auth-passwdfile.conf.ext - -# settings derived from wiki and 10-ssl.conf -ssl = required -ssl_cert =