X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-setup;h=85bd17b78f6313541af26babbdde0a3d6f6eabb4;hb=3a198460eadab9293e774b26e54d14563cb5f407;hp=c40c56c0b6eab97923f57686a5c617eaed7040ca;hpb=5abdcfce00c6ff61bf3856f7b5101915dc096107;p=distro-setup

diff --git a/mail-setup b/mail-setup
index c40c56c..85bd17b 100755
--- a/mail-setup
+++ b/mail-setup
@@ -3,6 +3,10 @@
 # Copyright (C) 2019 Ian Kelling
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
+# todo: check new macro DKIM_TIMESTAMPS
+
+# todo: check if REMOTE_SMTP_INTERFACE or REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE can simplify my or fsfs config
+
 # todo: max line length macro changed in t11. look into it
 # todo: check that all macros we use are still valid in t11
 
@@ -131,7 +135,8 @@ if [[ -s /usr/local/lib/err ]]; then
 elif [[ -s /a/bin/errhandle/err ]]; then
   source /a/bin/errhandle/err
 else
-  err "no err tracing script found"
+  echo "no err tracing script found"
+  exit 1
 fi
 source /a/bin/distro-functions/src/identify-distros
 source /a/bin/distro-functions/src/package-manager-abstractions
@@ -1204,8 +1209,8 @@ REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *
 # other says gmail does not reject. figure out and open a new bug.
 IGNORE_SMTP_LINE_LENGTH_LIMIT = true
 
-# more verbose logs
-MAIN_LOG_SELECTOR = +all
+# more verbose logs. used to use +all, but made it less for more efficiency.
+MAIN_LOG_SELECTOR = -tls_cipher -tls_certificate_verified +pid +received_recipients +received_sender +sender_on_delivery +return_path_on_delivery +msg_id_created +subject +address_rewrite +smtp_confirmation
 
 # Based on spec, seems like a good idea to be nice.
 smtp_return_error_details = true
@@ -1348,18 +1353,21 @@ warn
 
 EOF
 
-# It is important for this to exist universally, instead of
-# just on the mail host because if we change mail host and
-# still have something in the queue which was destined for
-# this router, but hosts were unreachable, the routers will
-# be reevaluated on the next retry.
-i /etc/exim4/conf.d/router/890_backup_copy <<EOF
+
+# old file
+rm -fv /etc/exim4/conf.d/router/8{8,9}0_backup_copy \
+   /etc/exim4/conf.d/router/865_backup_redir \
+   /etc/exim4/conf.d/router/870_backup_local
+
+# It is important for this to exist everywhere except in MAIL_HOST
+# non-nn config. Previously, just had it in the nn-config on MAIL_HOST,
+# but that is a problem if we change mail host and still have something
+# in the queue which was destined for this router, but hosts were
+# unreachable, the routers will be reevaluated on the next retry.
+i /etc/exim4/conf.d/router/170_backup_copy <<EOF
 ### router/900_exim4-config_local_user
 #################################
 
-# todo, it would be nice backup sent email too,
-# but its not so important, they still exist in my head
-
 backup_copy:
 driver = manualroute
 domains = eximbackup.b8.nz
@@ -1372,6 +1380,7 @@ errors_to = alerts@iankelling.org
 no_more
 EOF
 
+
 # exim4-config transports are the same as default except for
 # message_linelength_limit = 2097152
 #
@@ -1725,7 +1734,7 @@ if mailhost; then
   # in the log it just says "Starting Radicale". If you run
   # it in the foreground, it will give more info. Background
   # plus debug does not help.
-  # sudo -u radicale radicale -D -f
+  # sudo -u radicale radicale -D
 
   # created password file with:
   # htpasswd -c /p/c/machine_specific/li/filesystem/etc/caldav-htpasswd
@@ -2806,7 +2815,7 @@ case $HOSTNAME in
   # ** $MAIL_HOST|bk|je)
   $MAIL_HOST|bk|je)
 
-    echo|i /etc/exim4/conf.d/router/870_backup_local
+    echo|i /etc/exim4/conf.d/router/165_backup_local
 
     cat >>/etc/exim4/update-exim4.conf.conf <<EOF
 # note: some things we don't set that are here by default because they are unused.
@@ -2926,12 +2935,12 @@ EOF
     # which required using a dedicated user, but realized smtp will be
     # more reliable and less fuss. If I ever need that again, see the
     # history of this file, and bum in brc2.
-    i /etc/exim4/conf.d/router/890_backup_copy <<EOF
-backup_redir:
+    i /etc/exim4/conf.d/router/161_backup_redir_nn <<'EOF'
+backup_redir_nn:
 driver = redirect
-domains = +local_domains
 # b is just an arbirary short string
 data = b@eximbackup.b8.nz
+condition = ${if !bool{${lookup{$local_part@$domain}lsearch{/etc/exim4/ignore-sent}{true}}}}
 # note, to test this, i could temporarily allow testignore.
 # alerts avoids potential mail loop. root is already
 # redirected earlier, so that is just being overly cautious.
@@ -2959,6 +2968,11 @@ deny
   !authenticated = *
   domains = +local_hostnames
   message = no relay
+
+# for testing bounce behavior
+#deny
+#  senders = testlist-bounces+test=zroe.org@fsf.org
+#  message = iank-bounce
 EOF
     echo|i /etc/exim4/conf.d/router/880_universal_forward
 
@@ -2967,23 +2981,27 @@ EOF
 MAILDIR_HOME_MAILDIR_LOCATION = /m/md/Sent
 EOF
 
-    # for iank@fsf.org, i have mail.fsf.org forward it to fsf@iankelling.org.
-    # and also have mail.iankelling.org whitelisted as a relay domain.
-    # I could avoid that if I changed this to submit to 587 with a
-    # password like a standard mua.
-    i /etc/exim4/conf.d/router/188_exim4-config_smarthost <<'EOF'
+
+    i /etc/exim4/conf.d/router/186_sentarchive_nn <<'EOF'
 # ian: save a copy of sent mail. i thought of other ways to
 # do this, for example, to only save sent mail that is not sent
 # from my mail client which saves a copy by default, but in the
 # end, it seems simplest to turn that off. We want to save
 # external mail sent by smarthosts.
-sentarchive:
+sentarchive_nn:
   driver = redirect
   domains = ! +local_domains
   condition = ${if !bool{${lookup{$local_part@$domain}lsearch{/etc/exim4/ignore-sent}{true}}}}
   data    = vojdedIdNejyebni@b8.nz
   unseen
+EOF
+
 
+    # for iank@fsf.org, i have mail.fsf.org forward it to fsf@iankelling.org.
+    # and also have mail.iankelling.org whitelisted as a relay domain.
+    # I could avoid that if I changed this to submit to 587 with a
+    # password like a standard mua.
+    i /etc/exim4/conf.d/router/188_exim4-config_smarthost <<'EOF'
 # ian: copied from /etc/exim4/conf.d/router/200_exim4-config_primary, and added senders = and
 # replaced DCsmarthost with hostname
 fsfsmarthost:
@@ -3069,8 +3087,6 @@ EOF
   ## we use this host to monitor MAIL_HOST and host a mail server for someone
   bk)
 
-    echo|i /etc/exim4/conf.d/rcpt_local_acl
-    echo|i /etc/exim4/conf.d/router/880_universal_forward
 
     /a/exe/cedit nn /etc/hosts <<'EOF' || [[ $? == 1 ]]
 10.173.8.2 nn.b8.nz
@@ -3114,21 +3130,19 @@ EOF
     cat >>/etc/exim4/update-exim4.conf.conf <<EOF
 dc_other_hostnames='je.b8.nz'
 EOF
-    echo|i /etc/exim4/conf.d/router/188_exim4-config_smarthost
-    echo|i /etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost
-    echo|i /etc/exim4/conf.d/rcpt_local_acl
-    echo|i /etc/exim4/conf.d/router/880_universal_forward
     ;;
   # ** not MAIL_HOST|bk|je
   *)
     # this one should be removed for all non mail hosts, but
     # bk and je never become mail_host
     echo|i /etc/exim4/conf.d/router/195_dnslookup_vpn
-
+    echo|i /etc/exim4/conf.d/router/160_backup_redir
+    echo|i /etc/exim4/conf.d/router/161_backup_redir_nn
+    echo|i /etc/exim4/conf.d/router/185_sentarchive
+    echo|i /etc/exim4/conf.d/router/186_sentarchive_nn
     echo|i /etc/exim4/conf.d/router/188_exim4-config_smarthost
     echo|i /etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost
     echo|i /etc/exim4/conf.d/rcpt_local_acl
-    echo|i /etc/exim4/conf.d/router/890_backup_copy
     echo|i /etc/exim4/conf.d/main/000_local-nn
     echo|i /etc/exim4/conf.d/clamav_data_acl
 
@@ -3185,7 +3199,7 @@ backup_maildir:
   mode_fail_narrower = false
 EOF
 
-      i /etc/exim4/conf.d/router/870_backup_local <<'EOF'
+      i /etc/exim4/conf.d/router/165_backup_local <<'EOF'
 ### router/900_exim4-config_local_user
 #################################
 
@@ -3244,8 +3258,12 @@ esac
 # ** $MAILHOST|bk, things that belong at the end
 case $HOSTNAME in
   $MAIL_HOST|bk)
-    # config for the non-nn exim
-    m rsync -ra --delete --delete-excluded --exclude=/conf.d/main/000_local-nn /etc/exim4/ /etc/myexim4
+    # config for the non-nn exim. note, it uses not default dir, but we
+    # generate that into the default config file
+    m rsync -ra --delete --delete-excluded \
+      --exclude=/conf.d/router/161_backup_redir_nn \
+      --exclude=/conf.d/router/186_sentarchive_nn \
+      --exclude=/conf.d/main/000_local-nn /etc/exim4/ /etc/myexim4
     cat >>/etc/myexim4/conf.d/main/000_local <<'EOF'
 # this makes it easier to see which exim is doing what
 log_file_path = /var/log/exim4/my%s
@@ -3286,11 +3304,42 @@ EOF
   bk)
 
     # config for the non-nn exim
-    cat >/etc/myexim4/conf.d/main/000_local-nn <<'EOF'
+    cat >>/etc/myexim4/conf.d/main/000_local <<'EOF'
 MAIN_HARDCODE_PRIMARY_HOSTNAME = mail2.iankelling.org
 EOF
     ;;
   $MAIL_HOST)
+
+
+    i /etc/myexim4/conf.d/router/185_sentarchive <<'EOF'
+sentarchive:
+  driver = redirect
+  domains = ! +local_domains
+  senders = <; *@fsf.org ; *@posteo.net
+  condition = ${if !bool{${lookup{$local_part@$domain}lsearch{/etc/exim4/ignore-sent}{true}}}}
+  data    = vojdedIdNejyebni@b8.nz
+  unseen
+EOF
+
+
+    i /etc/myexim4/conf.d/router/160_backup_redir <<'EOF'
+backup_redir:
+driver = redirect
+# i dont email myself from my own machine much, so lets ignore that.
+domains = ! +local_domains
+senders = <; *@fsf.org ; *@posteo.net
+condition = ${if !bool{${lookup{$local_part@$domain}lsearch{/etc/exim4/ignore-sent}{true}}}}
+# b is just an arbirary short string
+data = b@eximbackup.b8.nz
+# note, to test this, i could temporarily allow testignore.
+# alerts avoids potential mail loop.
+local_parts = ! root : ! testignore : ! alerts : ! daylert
+unseen = true
+errors_to = alerts@iankelling.org
+EOF
+
+
+
     # for bk, we have a exim4in.service that will do this for us.
     m update-exim4.conf -d /etc/myexim4
     ;;
@@ -3546,10 +3595,12 @@ EOF
 
     # Dont put these test messages into the sent folder or else it will
     # overwhelm it, plus i dont want to save a copy at all.
-    rm -f /etc/exim4/ignore-sent
-    for t in ${test_tos[@]}; do
-      echo $t >> /etc/exim4/ignore-sent
-    done
+    # Plus addresses we generally want to ignore.
+    i /etc/exim4/ignore-sent <<EOF
+$(printf "%s\n" ${test_tos[@]})
+vojdedIdNejyebni@b8.nz
+b@eximbackup.b8.nz
+EOF
 
     cat >/usr/local/bin/send-test-forward <<'EOF'
 #!/bin/bash