X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-setup;h=98723469b8d144e84855f68875e2545b6e4d1929;hb=01ccff895787ca94ad37d11cb93f0440a29edd7c;hp=041ab1d58db145e8ea8a2d8af07a1d60eb4db073;hpb=6cc73025405b7a540eec371d1d8f7d9d13d8e019;p=distro-setup diff --git a/mail-setup b/mail-setup index 041ab1d..9872346 100755 --- a/mail-setup +++ b/mail-setup @@ -14,6 +14,9 @@ # todo: handle errors like this: # Mar 02 12:44:26 kw systemd[1]: exim4.service: Found left-over process 68210 (exim4) in control group while starting unit. Ignoring. # Mar 02 12:44:26 kw systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. +#eg: on eggs, on may 1st, ps grep for exim, 2 daemons running. 1 leftover from a month ago +#Debian-+ 1954 1 0 36231 11560 4 Apr02 ? 00:40:25 /usr/sbin/exim4 -bd -q30m +#Debian-+ 23058 1954 0 36821 10564 0 20:38 ? 00:00:00 /usr/sbin/exim4 -bd -q30m # todo: harden dovecot. need to do some research. one way is for it to only listen on a wireguard vpn interface, so only clients that are on the vpn can access it. # todo: consider hardening cups listening on 0.0.0.0 @@ -287,7 +290,8 @@ i() { # install file local base="${dest##*/}" local dir="${dest%/*}" if [[ $dir != "$base" ]]; then - mkdir -p ${dest%/*} + # dest has a directory component + mkdir -p "$dir" fi ir=false # i result tmpdir=$(mktemp -d) @@ -1162,17 +1166,17 @@ DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to domainlist local_hostnames = ! je.b8.nz : ! bk.b8.nz : *.b8.nz : b8.nz -hostlist iank_trusted = <; \\ +hostlist iank_trusted = <; \ # veth0 -10.173.8.1 ; \\ +10.173.8.1 ; \ # li li_ip6 -72.14.176.105 ; 2600:3c00::f03c:91ff:fe6d:baf8 ; \\ +72.14.176.105 ; 2600:3c00::f03c:91ff:fe6d:baf8 ; \ # li_vpn_net li_vpn_net_ip6s -10.8.0.0/24; 2600:3c00:e000:280::/64 ; 2600:3c00:e002:3800::/56 ; \\ +10.8.0.0/24; 2600:3c00:e000:280::/64 ; 2600:3c00:e002:3800::/56 ; \ # bk bk_ip6 -85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; \\ +85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; \ # je je_ipv6 -85.119.82.128 ; 2001:ba8:1f1:f09d::2 ; \\ +85.119.82.128 ; 2001:ba8:1f1:f09d::2 ; \ # fsf_mit_net fsf_mit_net_ip6 fsf_net fsf_net_ip6 fsf_office_net 18.4.89.0/24 ; 2603:3005:71a:2e00::/64 ; 209.51.188.0/24 ; 2001:470:142::/48 ; 74.94.156.208/28 @@ -1186,8 +1190,6 @@ delay_warning_condition = ${if or {\ { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }\ { match_domain{$domain}{+local_domains} }\ } {no}{yes}} - - EOF rm -fv /etc/exim4/rcpt_local_acl # old path @@ -1227,8 +1229,7 @@ warn warn !hosts = +iank_trusted - # They dont send spam, but needed this because - # smarthosts connect with residential ips and thus get flagged as spam. + # Smarthosts connect with residential ips and thus get flagged as spam if we do a spam check. !authenticated = plain_server:login_server condition = ${if < {$message_size}{5000K}} spam = Debian-exim:true @@ -1239,6 +1240,7 @@ warn add_header = X-Spam_action: $spam_action warn + !hosts = +iank_trusted !authenticated = plain_server:login_server condition = ${if def:malware_name} remove_header = Subject: @@ -3302,7 +3304,9 @@ EOFOUTER ;; *) soff mailtest-check.service - rm -fv /etc/cron.d/mailtest /var/lib/prometheus/node-exporter/mailtest-check.prom* + rm -fv /etc/cron.d/mailtest \ + /var/lib/prometheus/node-exporter/mailtest-check.prom* \ + /var/local/cron-errors/check-remote-mailqs* ;; esac