[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
+# note, this is hardcoded in /etc/exim4/conf.d/main/000_local
u=$(id -nu 1000)
i() { # install file
local tmp tmpdir dest="$1"
local base="${dest##*/}"
- mkdir -p ${dest%/*}
+ local dir="${dest%/*}"
+ if [[ $dir != "$base" ]]; then
+ mkdir -p ${dest%/*}
+ fi
ir=false # i result
tmpdir=$(mktemp -d)
cat >$tmpdir/"$base"
${files[@]} /etc/exim4
fi
-# by default, only 10 days of logs are kept. increase that.
-m sed -ri 's/^(\s*rotate\s).*/\11000/' /etc/logrotate.d/exim4-base
-
+# By default, only 10 days of logs are kept. increase that.
+# And dont compress, I look back at logs too often and
+# dont need the annoyance of decompressing them all the time.
+m sed -ri '/^\s*compress\s*$/d;s/^(\s*rotate\s).*/\11000/' /etc/logrotate.d/exim4-base
+files=(/var/log/exim4/*.gz)
+if (( ${#files[@]} )); then
+ gunzip ${files[@]}
+fi
## disabled. not using .forward files, but this is still interesting
## for reference.
# b=userforward_higher_priority
# # replace the router name so it is unique
# sed -r s/^\\S+:/$b:/ 600_exim4-config_userforward >175_$b
+rm -fv /etc/exim4/conf.d/router/175_userforward_higher_priority
# todo, consider 'separate' in etc/exim4.conf, could it help on busy systems?
rm -vf /etc/exim4/conf.d/main/000_localmacros # old filename
-cat >/etc/exim4/conf.d/main/000_local <<EOF
+
+# separate file so without quoted EOF for convenience
+cat >/etc/exim4/conf.d/main/000_local2 <<EOF
+# normally empty, I set this so I can set the envelope address
+# when doing mail redelivery to invoke filters. Also allows
+# me exiqgrep and stuff.
+MAIN_TRUSTED_GROUPS = $u
+EOF
+
+cat >/etc/exim4/conf.d/main/000_local <<'EOF'
MAIN_TLS_ENABLE = true
# require tls connections for all smarthosts
# Based on spec, seems like a good idea to be nice.
smtp_return_error_details = true
-# normally empty, I set this so I can set the envelope address
-# when doing mail redelivery to invoke filters. Also allows
-# me exiqgrep and stuff.
-MAIN_TRUSTED_GROUPS = $u
-
# default is 10. when exim has been down for a bit, fsf mailserver
# will do a big send in one connection, then exim decides to put
# the messages in the queue instead of delivering them, to avoid
# There could be some circumstance when the
# from: isnt our domain, but the envelope sender is
# and so still want to sign, but I cant think of any case.
-DKIM_DOMAIN = \${lc:\${domain:\$rh_from:}}
+DKIM_DOMAIN = ${lc:${domain:$rh_from:}}
# The file is based on the outgoing domain-name in the from-header.
# sign if key exists
-DKIM_PRIVATE_KEY = \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}}
+DKIM_PRIVATE_KEY = ${if exists{/etc/exim4/${dkim_domain}-private.pem} {/etc/exim4/${dkim_domain}-private.pem}}
# most of the ones that gmail seems to use.
# Exim has horrible default of signing unincluded
85.119.82.128 ; 2001:ba8:1f1:f09d::2 ; \\
# fsf_mit_net fsf_mit_net_ip6 fsf_net fsf_net_ip6 fsf_office_net
18.4.89.0/24 ; 2603:3005:71a:2e00::/64 ; 209.51.188.0/24 ; 2001:470:142::/48 ; 74.94.156.208/28
+
+
+# this is the default delay_warning_condition, plus matching on local_domains.
+# If I have some problem with my local system that causes delayed delivery,
+# I dont want to send warnings out to non-local domains.
+delay_warning_condition = ${if or {\
+ { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }\
+ { match{$h_precedence:}{(?i)bulk|list|junk} }\
+ { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }\
+ { match_domain{$domain}{+local_domains} }\
+ } {no}{yes}}
+
+
EOF
rm -fv /etc/exim4/rcpt_local_acl # old path
EOF
-i /etc/exim4/conf.d/router/900_exim4-config_local_user <<EOF
+i /etc/exim4/conf.d/router/900_exim4-config_local_user <<'EOF'
### router/900_exim4-config_local_user
#################################
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
local_user:
- debug_print = "R: local_user for \$local_part@\$domain"
+ debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = +local_domains
# ian: default file except where mentioned.
ssl_key = </etc/exim4/exim.key
EOF
fi
- cat <<EOF
+ cat <<'EOF'
# https://ssl-config.mozilla.org
ssl = required
# this is the same as the certbot list, in my cert cronjob, I check if that has changed upstream.
protocol lmtp {
#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
-# default is just \$mail_plugins
- mail_plugins = \$mail_plugins sieve
+# default is just $mail_plugins
+ mail_plugins = $mail_plugins sieve
}
EOF
if dpkg --compare-versions $(dpkg-query -f='${Version}\n' --show dovecot-core) ge 1:2.3; then
# see 56.2 Root privilege in exim spec
deliver_drop_privilege = true
EOF
- # Note: there are other routers that would also fail due to not running as root,
- # but afaik, the main router will catch all mail. If not, we will see
- # something in the queue.
- rm -fv /etc/exim4/conf.d/router/600_exim4-config_userforward
+ files=(
+ 300_exim4-config_real_local
+ 600_exim4-config_userforward
+ 700_exim4-config_procmail
+ 800_exim4-config_maildrop
+ mmm_mail4root
+ )
+ for f in ${files[@]}; do
+ echo "# iank: removed due to running nonroot"|i /etc/exim4/conf.d/router/$f
+ done
;;
esac
user = $u
EOF
- i /etc/exim4/conf.d/router/870_backup_local <<EOF
+ i /etc/exim4/conf.d/router/870_backup_local <<'EOF'
### router/900_exim4-config_local_user
#################################
backup_local:
- debug_print = "R: local_user for \$local_part@\$domain"
+ debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = eximbackup.b8.nz
transport = backup_maildir
#5-59/5 * * * * root mailtest-check |& log-once -1 mailtest-check
#0 * * * * root mailtest-check slow |& log-once -1 mailtest-slow
*/5 * * * * root timeout 290 mailtest-check slow |& log-once -12 mailtest-check
+# if a bounce happened yesterday, dont let it slip through the cracks
+8 1 * * * root awk '$5 == "**"' /var/log/exim4/mainlog.1
EOF
m sudo rsync -ahhi --chown=root:root --chmod=0755 \
/b/ds/mailtest-check /b/ds/check-remote-mailqs /usr/local/bin/
iankelling.org / git / distro-setup / commitdiff