X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-setup;h=3ac3476c337be913ba03f3cee8a73bcafd51cef6;hb=c91604aff2ce49bd4ce9b429b9e738286a319923;hp=9c466899979bf2e36f99ddade0681b263488f45b;hpb=1723d09bec8364d16a156b195fd08b9f62cbc98b;p=distro-setup

diff --git a/mail-setup b/mail-setup
index 9c46689..3ac3476 100755
--- a/mail-setup
+++ b/mail-setup
@@ -2105,7 +2105,7 @@ EOF
     # Having backups of indexes is a waste of space. This also means we
     # don't send them around with btrbk, I think it is probably
     # preferable use a bit more cpu to recalculate indexes.
-    install -d -o iank -g iank /var/dovecot-indexes
+    install -d -m 700 -o iank -g iank /var/dovecot-indexes
     cat >>/etc/dovecot/local.conf <<EOF
 
 
@@ -2118,9 +2118,11 @@ mail_cache_max_size = 50M
 !include conf.d/auth-passwdfile.conf.ext
 
 # ian: %u is used for alerts user vs iank
+# https://doc.dovecot.org/configuration_manual/mail_location/Maildir/
 mail_location = maildir:/m/%u:LAYOUT=fs:INBOX=/m/%u/INBOX:INDEX=/var/dovecot-indexes/%u
-mail_uid = $u
-mail_gid = $u
+# note: i don't know if these need to be set, but this seems fine.
+mail_uid = iank
+mail_gid = iank
 
 protocol lmtp {
 # For a normal setup with exim, we need something like this, which
@@ -3342,6 +3344,12 @@ EOF
     # This name won\'t appear on From: lines of outgoing messages if rewriting is enabled.
     echo iankelling.org > /etc/mailname
 
+    # mail default domain.
+    u /etc/mailutils.conf <<'EOF'
+address {
+  email-domain iankelling.org;
+};
+EOF
 
     # mail.iankelling.org so local imap clients can connect with tls and
     # when they happen to not be local.
@@ -3802,9 +3810,10 @@ case $HOSTNAME in
     ;;
 esac
 
-# optimization, this only needs to run once.
-if [[ ! -e /etc/exim4/fullchain.pem ]]; then
-  m /a/bin/ds/mail-cert-cron -1
+# optimization, this only needs to run once.  But, if we move to a
+# computer we haven't used much, we need to fetch a fresh cert.
+if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/fullchain.pem; then
+  m /a/bin/ds/mail-cert-cron -1 -i
   m systemctl --now enable mailcert.timer
 fi