X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-setup;h=f43b6ba8b136ab697a19b210c5fd10b1109c87e9;hb=1f524e72136f1d10548bdc4f502c6405ba6dbcd0;hp=573078841cf8072127002fa4143d377e0077c061;hpb=0cc08a73110c15c4e7bbb8c8233a6c122c27490e;p=distro-setup diff --git a/mail-setup b/mail-setup index 5730788..f43b6ba 100755 --- a/mail-setup +++ b/mail-setup @@ -205,7 +205,7 @@ pi() { # package install postmaster=$u mxhost=mail.iankelling.org -mxport=25 +mxport=587 forward=$u@$mxhost # old setup. left as comment for example @@ -374,8 +374,92 @@ exim4-config exim4/use_split_config boolean true EOF source /a/bin/bash_unpublished/source-semi-priv - mkdir -p /etc/exim4/conf.d/main + mkdir -p /etc/exim4/conf.d/{main,transport,auth,router} + cat >/etc/exim4/rcpt_local_acl <<'EOF' +# Only hosts we control send to mail.iankelling.org, so make sure +# they are all authed. +# Note, if we wanted authed senders for all domains, +# we could make this condition in acl_check_mail +deny + message = ian trusted domain recepient but no auth + !authenticated = * + domains = mail.iankelling.org +EOF + cat >/etc/exim4/data_local_acl <<'EOF' +# Except for the "condition =", this was +# a comment in the check_data acl. The comment about this not +# being suitable is mostly bs. The only thing related I found was to +# add the condition =, cuz spamassassin has problems with big +# messages and spammers don't bother with big messages, +# but I've increased the size from 10k +# suggested in official docs, and 100k in the wiki example because +# those docs are rather old and I see a 110k spam message +# pretty quickly looking through my spam folder. + warn + condition = ${if < {$message_size}{2000K}} + spam = Debian-exim:true + add_header = X-Spam_score: $spam_score\n\ + X-Spam_score_int: $spam_score_int\n\ + X-Spam_bar: $spam_bar\n\ + X-Spam_report: $spam_report + +EOF + cat >/etc/exim4/conf.d/auth/29_exim4-config_auth <<'EOF' +# from 30_exim4-config_examples + +plain_server: +driver = plaintext +public_name = PLAIN +server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}" +server_set_id = $auth2 +server_prompts = : +.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS +server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} +.endif +EOF + + cat >/etc/exim4/conf.d/router/900_exim4-config_local_user <<'EOF' +### router/900_exim4-config_local_user +################################# + +# This router matches local user mailboxes. If the router fails, the error +# message is "Unknown user". + +local_user: + debug_print = "R: local_user for $local_part@$domain" + driver = accept + domains = +local_domains +# ian: commented this, in conjunction with a dovecot lmtp +# change so I get mail for all users. +# check_local_user + local_parts = ! root + transport = LOCAL_DELIVERY + cannot_route_message = Unknown user +EOF + cat >/etc/exim4/conf.d/transport/30_exim4-config_dovecot_lmtp <<'EOF' +dovecot_lmtp: + driver = lmtp + socket = /var/run/dovecot/lmtp + #maximum number of deliveries per batch, default 1 + batch_max = 200 +EOF + + cat >/etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost <<'EOF' +# smarthost for fsf mail +# ian: copied from /etc/exim4/conf.d/router/200_exim4-config_primary, and added senders = and +# replaced DCsmarthost with mail.fsf.org +fsfsmarthost: + debug_print = "R: smarthost for $local_part@$domain" + driver = manualroute + domains = ! +local_domains + senders = *@fsf.org + transport = remote_smtp_smarthost + route_list = * mail.fsf.org byname + host_find_failed = ignore + same_domain_copy_routing = yes + no_more +EOF #### begin mail cert setup ### @@ -392,7 +476,7 @@ if [[ -e $f ]]; then fi if [[ $HOSTNAME == $MAIL_HOST ]]; then local_mx=mail.iankelling.org - rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li:/etc/letsencrypt/live/$local_mx/" + rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/" ${rsync_common}fullchain.pem /etc/exim4/exim.crt ret=$? ${rsync_common}privkey.pem /etc/exim4/exim.key @@ -558,7 +642,11 @@ EOF # MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the # smarthost config type, not sure. all other settings # would be unused in that config type. - cat >/etc/exim4/conf.d/main/000_localmacros </etc/exim4/conf.d/main/000_local </etc/exim4/rcpt_local_acl <<'EOF' -# Only hosts we control send to mail.iankelling.org, so make sure -# they are all authed. -# Note, if we wanted authed senders for all domains, -# we could make this condition in acl_check_mail -deny - message = ian trusted domain recepient but no auth - !authenticated = * - domains = mail.iankelling.org -EOF - cat >/etc/exim4/data_local_acl <<'EOF' -# Except for the "condition =", this was -# a comment in the check_data acl. The comment about this not -# being suitable is mostly bs. The only thing related I found was to -# add the condition =, cuz spamassassin has problems with big -# messages and spammers don't bother with big messages, -# but I've increased the size from 10k -# suggested in official docs, and 100k in the wiki example because -# those docs are rather old and I see a 110k spam message -# pretty quickly looking through my spam folder. - warn - condition = ${if < {$message_size}{2000K}} - spam = Debian-exim:true - add_header = X-Spam_score: $spam_score\n\ - X-Spam_score_int: $spam_score_int\n\ - X-Spam_bar: $spam_bar\n\ - X-Spam_report: $spam_report - -EOF - cat >/etc/exim4/conf.d/auth/29_exim4-config_auth <<'EOF' -# from 30_exim4-config_examples - -plain_server: -driver = plaintext -public_name = PLAIN -server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}" -server_set_id = $auth2 -server_prompts = : -.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -.endif -EOF - - cat >/etc/exim4/conf.d/router/900_exim4-config_local_user <<'EOF' -### router/900_exim4-config_local_user -################################# - -# This router matches local user mailboxes. If the router fails, the error -# message is "Unknown user". - -local_user: - debug_print = "R: local_user for $local_part@$domain" - driver = accept - domains = +local_domains -# ian: commented this, in conjunction with a dovecot lmtp -# change so I get mail for all users. -# check_local_user - local_parts = ! root - transport = LOCAL_DELIVERY - cannot_route_message = Unknown user -EOF - cat >/etc/exim4/conf.d/transport/30_exim4-config_dovecot_lmtp <<'EOF' -dovecot_lmtp: - driver = lmtp - socket = /var/run/dovecot/lmtp - #maximum number of deliveries per batch, default 1 - batch_max = 200 -EOF - - cat >/etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost <<'EOF' -# smarthost for fsf mail -# ian: copied from /etc/exim4/conf.d/router/200_exim4-config_primary, and added senders = and -# replaced DCsmarthost with mail.fsf.org -fsfsmarthost: - debug_print = "R: smarthost for $local_part@$domain" - driver = manualroute - domains = ! +local_domains - senders = *@fsf.org - transport = remote_smtp_smarthost - route_list = * mail.fsf.org byname - host_find_failed = ignore - same_domain_copy_routing = yes - no_more -EOF - # https://blog.dhampir.no/content/make-exim4-on-debian-respect-forward-and-etcaliases-when-using-a-smarthost # i only need .forwards, so just doing that one. cd /etc/exim4/conf.d/router