X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-setup;h=aca7d8d04890256fcba6c845d3853ad89185bae1;hb=7c94d9bd37b13d57098a297e1e58ad27b54e6eff;hp=46933160539e29a67fbc258a3c5ae0c208268d82;hpb=17b4b5f6afb18accc328282d8ce7dcc5513e621d;p=distro-setup

diff --git a/mail-setup b/mail-setup
index 4693316..aca7d8d 100755
--- a/mail-setup
+++ b/mail-setup
@@ -3,6 +3,10 @@
 # Copyright (C) 2019 Ian Kelling
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
+# todo: handle errors like this:
+# Mar 02 12:44:26 kw systemd[1]: exim4.service: Found left-over process 68210 (exim4) in control group while starting unit. Ignoring.
+# Mar 02 12:44:26 kw systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
+
 #  todo: harden dovecot. need to do some research. one way is for it to only listen on a wireguard vpn interface, so only clients that are on the vpn can access it.
 #  todo: consider hardening cups listening on 0.0.0.0
 #  todo: stop/disable local apache, and rpc.mountd, and kdeconnect when not in use.
@@ -2374,7 +2378,13 @@ case $HOSTNAME in
     rm -fv /etc/systemd/system/exim4.service.d/nonroot.conf
     ;;
   *)
-    i /etc/systemd/system/exim4.service.d/nonroot.conf <<'EOF'
+    dirs=()
+    for d in /d /m /media /mnt /nocow /o /p /q; do
+      if [[ -d $d ]]; then
+        dirs+=($d)
+      fi
+    done
+    i /etc/systemd/system/exim4.service.d/nonroot.conf <<EOF
 [Service]
 # see 56.2 Root privilege in exim spec
 AmbientCapabilities=CAP_NET_BIND_SERVICE
@@ -2385,7 +2395,7 @@ ProtectHome=yes
 # note, in t10 systemd, if one of these is an sshfs mountpoint,
 # this whole setting doesnt work. tried it with a newer systemd 250 though
 # an nspawn, and it worked there.
-InaccessiblePaths=d m media mnt nocow o p q
+InaccessiblePaths=${dirs[@]}
 NoNewPrivileges=yes
 ProtectSystem=yes
 
@@ -2721,8 +2731,6 @@ EOF
     echo|i /etc/exim4/conf.d/rcpt_local_acl
     echo|i /etc/exim4/conf.d/router/880_universal_forward
 
-    echo amnimal.ninja > /etc/mailname
-
     /a/exe/cedit nn /etc/hosts <<'EOF' || [[ $? == 1 ]]
 10.173.8.2 nn.b8.nz
 EOF
@@ -2752,9 +2760,10 @@ COMMONOPTIONS='-oP /run/exim4/eximin.pid'
 UPEX4OPTS='-d /etc/myexim4'
 EOF
 
+    echo bk.b8.nz > /etc/mailname
     cat >>/etc/exim4/update-exim4.conf.conf <<EOF
 # man page: is used to build the local_domains list, together with "localhost"
-dc_other_hostnames='amnimal.ninja;expertpathologyreview.com'
+dc_other_hostnames='amnimal.ninja;expertpathologyreview.com;bk.b8.nz'
 EOF
 
     ;;
@@ -2817,7 +2826,10 @@ EOF
 
     if $bhost_t; then
       install -d /bu
-      install -d -g $u -o $u -m 771 /bu/md
+      install -d -g Debian-exim -o Debian-exim -m 771 /bu/md
+      if [[ -e /bu/md/cur && $(stat -c %u /bu/md/cur) == 1000 ]]; then
+        chown -R Debian-exim:Debian-exim /bu/md
+      fi
       i /etc/exim4/conf.d/transport/30_backup_maildir <<EOF
 # modified debian maildir transport
 backup_maildir:
@@ -2829,7 +2841,6 @@ backup_maildir:
   directory_mode = 0700
   mode = 0644
   mode_fail_narrower = false
-  user = $u
 EOF
 
       i /etc/exim4/conf.d/router/870_backup_local <<'EOF'
@@ -3102,7 +3113,7 @@ MAILTO=alerts@iankelling.org
 #0 * * * *   root mailtest-check slow |& log-once -1 mailtest-slow
 */5 * * * *   root timeout 290 mailtest-check slow |& log-once -12 mailtest-check
 # if a bounce happened yesterday, dont let it slip through the cracks
-8   1 * * *   root awk '$5 == "**"' /var/log/exim4/mainlog.1
+8   1 * * *   root awk '\$5 == "**"' /var/log/exim4/mainlog.1
 EOF
     m sudo rsync -ahhi --chown=root:root --chmod=0755 \
       /b/ds/mailtest-check /b/ds/check-remote-mailqs /usr/local/bin/