;;&
bk)
- sgo wg-quick-mail
- # i just dont feel like setting up a special purpose ssh key to do this automatically.
- end_msg <<'EOF'
-# run this once for bk on local machine:
-# only used for old openvpn setup
-/a/exe/vpn-mk-client-cert -c bk.b8.nz -b expertpath -n mail li.iankelling.org
-EOF
end
;;
je)
# needed for li's local mail delivery.
tu /etc/hosts <<<"10.8.0.4 mx.iankelling.org"
- sgo wg-quick-mail
+ sgo wg-quick@mail
# setup let's encrypt cert
m web-conf apache2 mail.iankelling.org
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
# This prevents exim from connecting out to an ip not through the vpn.
-# Before this, I had set exim to be BindsTo=wg-quick@wgmail, which
+# Before this, I had set exim to be BindsTo=wg-quick@mail, which
# generally made sure it wouldn't run unless the vpn ran, and plus I set
-# a specific interface in the main remote smtp transport. However,
+# a specific interface in the main remote smtp transport.
# However, that wasn't bulletproof, exim spec says about "interface: The
# first interface of the correct type (IPv4 or IPv6) is used for the
# outgoing connection. If none of them are the correct type, the option
driver = manualroute
self = send
EOF
-u /etc/exim4/conf.d/transport/30_exim4-config_dovecot_lmtp <<'EOF'
+{
+ cat <<'EOF'
dovecot_lmtp:
driver = smtp
protocol = lmtp
port = 24
envelope_to_add
hosts_avoid_tls = *
+EOF
+ if [[ $HOSTNAME != li ]]; then
+ cat <<'EOF'
message_linelength_limit = 2097152
+EOF
+ fi
+} | u /etc/exim4/conf.d/transport/30_exim4-config_dovecot_lmtp
## unix socket version of lmtp. see notes elsewhere.
# dovecot_lmtp:
# #maximum number of deliveries per batch, default 1
# batch_max = 200
# envelope_to_add
-EOF
# iank: incomplete switch to exim mail filters
u /etc/exim4/conf.d/transport/30_iank_maildir <<'EOF'
chars+=("MTEST_SPAM")
fi
mtest_found=false
+
# shellcheck disable=SC2013 # these are words
+ mtest_count=0
for t in $(grep -E ^mailtest_check_last_usec $mprom | awk '{print $NF}' || [[ $? == 1 ]]); do
+ mtest_count=$(( mtest_count + 1 ))
if (( t + 60 * 20 < EPOCHSECONDS )); then
mtest_found=true
fi
done
+ if (( mtest_count < 4 )); then
+ mtest_found=true
+ fi
if $mtest_found; then
chars+=("MTEST_AGE")
fi
m /sbin/iptables $cmd FORWARD -i $ifname -o $gw -j ACCEPT
m /sbin/iptables $cmd FORWARD -i $gw -o $ifname -j ACCEPT
- case $ifname in
- wg*)
- /sbin/iptables -t nat $cmd POSTROUTING -s 10.8.0.0/24 -o $gw -j MASQUERADE
- /sbin/ip6tables -t nat $cmd POSTROUTING -s 2600:3c00:e002:3800::/64 -o $gw -j MASQUERADE
- ;;
- esac
+ # these were not used for openvpn, but I stopped maintaining that config.
+ /sbin/iptables -t nat $cmd POSTROUTING -s 10.8.0.0/24 -o $gw -j MASQUERADE
+ /sbin/ip6tables -t nat $cmd POSTROUTING -s 2600:3c00:e002:3800::/64 -o $gw -j MASQUERADE
}
iankelling.org / git / distro-setup / commitdiff