X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-setup;h=6e21394cd84f58e99f4acd23a02bbf8b7bd23e55;hb=6459d4698ef983f7b1540589b87013c76913393d;hp=9bc36dc3d2344ded9374fc29b0d7bf766a828999;hpb=460cc07230c2040305068f17a687e06c7bc13dfe;p=distro-setup

diff --git a/mail-setup b/mail-setup
index 9bc36dc..6e21394 100755
--- a/mail-setup
+++ b/mail-setup
@@ -15,12 +15,13 @@ set -x
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# todo: make quick backups of maildir, or deliver to multiple hosts.
+# TODO: copy dkim keys from within this file. its now done in conflink.
+# TODO: fix dkim key to b chmod 640, group Debian-exim
 
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 if [[ ! $SUDO_USER ]]; then
   echo "$0: error: requires running as nonroot or sudo"
   exit 1
@@ -161,7 +162,7 @@ pi() { # package install
   if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*12 )); then
     apt-get update
   fi
-  apt-get -y install --purge --auto-remove "$@"
+  DEBIAN_FRONTEND=noninteractive apt-get -y install --purge --auto-remove "$@"
 }
 
 postmaster=alerts
@@ -176,6 +177,9 @@ forward=$u@$mxhost
 
 smarthost="$mxhost::$mxport" # exim
 
+# light version of exim does not have sasl auth support.
+pi exim4-daemon-heavy spamassassin spf-tools-perl
+
 # trisquel 8 = openvpn, debian stretch = openvpn-client
 vpn_ser=openvpn-client
 if [[ ! -e /lib/systemd/system/openvpn-client@.service ]]; then
@@ -193,7 +197,8 @@ else
 fi
 
 
-pi openvpn
+# light version of exim does not have sasl auth support.
+pi exim4-daemon-heavy spamassassin spf-tools-perl openvpn dnsmasq
 
 if [[ -e /p/c/filesystem ]]; then
   # allow failure of these commands when our internet is down, they are likely not needed,
@@ -340,10 +345,11 @@ EOF
 #### begin mail cert setup ###
 f=/usr/local/bin/mail-cert-cron
 cat >$f <<'EOF'
+#!/bin/bash
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
 f=/a/bin/bash_unpublished/source-state
 if [[ -e $f ]]; then
@@ -544,7 +550,7 @@ EOF
   cat >$f <<'EOF'
 #!/bin/bash
 cd /etc
-wget -nv -N https://publicsuffix.org/list/public_suffix_list.dat
+wget -q -N https://publicsuffix.org/list/public_suffix_list.dat
 EOF
   chmod 755 $f
 
@@ -692,7 +698,7 @@ EOF
   # it\'s not part of exim
   rm -f /etc/exim4/conf.d/main/000_localmacros
   cat >>/etc/exim4/update-exim4.conf.conf <<EOF
-dc_eximconfig_configtype='satellite'
+dc_eximconfig_configtype='smarthost'
 dc_smarthost='$smarthost'
 # The manpage incorrectly states this will do header rewriting, but
 # that only happens if we have dc_hide_mailname is set.
@@ -733,10 +739,6 @@ elif [[ $uid != 608 ]]; then
 fi
 
 
-# light version of exim does not have sasl auth support.
-pi exim4-daemon-heavy spamassassin spf-tools-perl
-
-
 
 ##### begin spamassassin config
 systemctl enable spamassassin
@@ -840,6 +842,8 @@ for d in /Maildir /root/Maildir; do
   ln -sf -T /m/md/bounces $d
 done
 
+sudo -u $u ln -sf -T /m/.mu /home/$u/.mu
+
 # put spool dir in directory that spans multiple distros.
 # based on http://www.postfix.org/qmgr.8.html and my notes in gnus
 #
@@ -881,18 +885,24 @@ systemctl enable exim4
 
 if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
   f=/usr/local/bin/send-test-forward
-  cat >$f <<'EOF'
+  cat >$f <<'EOFOUTER'
 #!/bin/bash
-echo body_test | mail -s "primary_test $(date +%s) $(date +%Y-%m-%dT%H:%M:%S%z)" iank@posteo.de
+/usr/sbin/exim -t <<EOF
+From: ian@iankelling.org
+To: iank@posteo.de
+Subject: primary_test $(date +%s) $(date +%Y-%m-%dT%H:%M:%S%z)
+
+eom
 EOF
+EOFOUTER
   chmod +x $f
 
   cat >/etc/cron.d/mailtest <<EOF
 SHELL=/bin/bash
 # running as user just because no need to run as root
-*/10 * * * *   $u $f
-*/10 * * * *   $u /usr/local/bin/mailtest-check
-*/10 * * * *   root chmod -R g+rw /m/md/bounces
+*/10 * * * *   $u $f 2>&1 | /usr/local/bin/log-once send-test-forward
+*/10 * * * *   $u /usr/local/bin/mailtest-check 2>&1 | /usr/local/bin/log-once -1 mailtest-check
+*/10 * * * *   root chmod -R g+rw /m/md/bounces 2>&1 | /usr/local/bin/log-once -1 bounces-chmod
 EOF
   cp /a/bin/distro-setup/filesystem/usr/local/bin/mailtest-check /usr/local/bin
 else