add clamav, tests, minor fixes

diff --git a/brc b/brc
index d450cc6c7e8eece0da6704174cac5c964613402b..cb3432bfc6c3700b357a0ac03fb85b2244738444 100644 (file)
--- a/brc
+++ b/brc
@@ -334,7 +334,7 @@ for field in {1..20}; do
 done
 # h1 = head -n1
 for num in {1..9}; do
-  eval h$num"() { head -n$num}; }"
+  eval h$num"() { head -n$num; }"
 done
 
 
@@ -1080,6 +1080,11 @@ r() {
   #  exit "$@" 2>/dev/null
 }
 
+# scp is insecure and deprecated.
+scp() {
+  rsync --inplace "$@"
+}
+
 # reapply bashrc
 reb() {
   source ~/.bashrc
@@ -1766,7 +1771,8 @@ if [[ $- == *i* ]]; then
   fi
 
   if [[ $SSH_CLIENT || $SUDO_USER ]]; then
-    PS1="\h $PS1"
+    unset PROMPT_DIRTRIM
+    PS1="\h:$PS1"
   fi
 
   # emacs terminal has problems if this runs slowly,

diff --git a/brc2 b/brc2
index 6f28a8b0a263654c4373c181de7bf05ba4286479..e99798459bf07e1c738e2f00a6e2cea2b294f2d2 100644 (file)
--- a/brc2
+++ b/brc2
@@ -1097,8 +1097,12 @@ r2eadd() { # usage: name url
 }
 r2e() { command r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg "$@"; }
 
-rg() { command rg -i -M 200 "$@"; }
-complete -r rg
+if type -P rg &>/dev/null; then
+  rg() { command rg -i -M 200 "$@"; }
+  complete -r rg
+else
+  alias rg=grr
+fi
 
 rspicy() { # usage: HOST DOMAIN
   # connect to spice vm remote host. use vspicy for local host
@@ -1295,7 +1299,7 @@ mailvpnbash() {
   m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash
 }
 eximbash() {
-  m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|a1) -n -m sudo -u $USER -i bash
+  m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) -n -m sudo -u $USER -i bash
 }
 
 

diff --git a/distro-end b/distro-end
index 87e35a9910324353183de259d0841572a30a07de..00531718d0d588b5c9481d8c12385a9e49893ead 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -522,15 +522,15 @@ EOF
     sudo dd of=/etc/systemd/system/vpnmail.service <<'EOF'
 [Unit]
 Description=Turns on iptables mail nat
+BindsTo=openvpn-server@mail.service
 
 [Service]
 Type=oneshot
-RemainAfterExit=yes
 ExecStart=/a/bin/distro-setup/vpn-mail-forward start
 ExecStop=/a/bin/distro-setup/vpn-mail-forward stop
 
 [Install]
-WantedBy=openvpn-server@mail.service
+RequiredBy=openvpn-server@mail.service
 EOF
     ser daemon-reload
     sgo vpnmail.service

diff --git a/mail-setup b/mail-setup
index cb9f67777d63134ad46cb059cbffee07901fed69..ea9e82d969f9eea4cf100e2a33b7d606cc651d05 100755 (executable)
--- a/mail-setup
+++ b/mail-setup
@@ -3,6 +3,10 @@
 # Copyright (C) 2019 Ian Kelling
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
+# todo: move mail stuff in distro-end into this file
+
+# todo: fix ipv6 addr for li
+
 # todo: create a cronjob to update or warn on expiring dnssec keys
 
 # todo: turn on dnssec validation for dns resolution.
@@ -263,8 +267,11 @@ setini() {
 }
 soff () {
   for service; do
-    m systemctl stop $service;
-    m systemctl disable $service
+    # ignore services that dont exist
+    if systemctl cat $service &>/dev/null; then
+      m systemctl stop $service;
+      m systemctl disable $service
+    fi
   done
 }
 sre () {
@@ -328,7 +335,7 @@ fi
 
 
 # light version of exim does not have sasl auth support.
-pi exim4 exim4-daemon-heavy spamassassin spf-tools-perl openvpn p0f postgrey pyzor razor jq moreutils
+pi exim4 exim4-daemon-heavy spamassassin spf-tools-perl openvpn p0f postgrey pyzor razor jq moreutils clamav-daemon
 # note: pyzor debian readme says you need to run some initialization command
 # but its outdated.
 
@@ -530,6 +537,10 @@ i /etc/spamassassin/mylocal.cf <<'EOF'
 #   entirely of whitespace".) This is a safe, terse alternative:
 clear_report_template
 report (_SCORE_ / _REQD_ requ) _TESTSSCORES(,)_ autolearn=_AUTOLEARN
+uridnsbl_skip_domain iankelling.org
+uridnsbl_skip_domain amnimal.ninja
+uridnsbl_skip_domain expertpathologyreview.com
+uridnsbl_skip_domain zroe.org
 EOF
 
 
@@ -733,6 +744,7 @@ DKIM_PRIVATE_KEY = \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/ex
 # keep your dkim signature intact but add list- headers.
 DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to
 
+av_scanner = clamd:/var/run/clamav/clamd.ctl
 
 hostlist iank_trusted = <; \\
 # veth0
@@ -800,6 +812,15 @@ warn
   add_header = X-Spam_report: $spam_report
   add_header = X-Spam_action: $spam_action
 
+
+deny
+# defer_ok = accept messages even if there is a problem with clamav.
+# clamav regularly has fails, we havent had a reported problem with mail
+# not getting through, but this seems better.
+  malware = */defer_ok
+  message = This message was detected as possible malware ($malware_name).
+
+
 #accept
 #  spf = pass:fail:softfail:none:neutral:permerror:temperror
 #  dmarc_status = reject:quarantine
@@ -2082,7 +2103,11 @@ case $HOSTNAME in
     ;;&
   $MAIL_HOST)
     sstart radicale
-    ;;
+    ;;&
+esac
+
+case $HOSTNAME in
+  $MAIL_HOST|bk|je) : ;;
   *)
     soff radicale mailclean.timer dovecot spamassassin mailvpn mailnn
     ;;
@@ -2110,7 +2135,7 @@ EOF
       /b/ds/mailtest-check /b/ds/check-remote-mailqs /usr/local/bin/
     ;;&
   $MAIL_HOST)
-    test_from=ian@iankelling.org
+    test_froms=(ian@iankelling.org z@zroe.org)
     test_to="testignore@expertpathologyreview.com, testignore@je.b8.nz"
 
     cat >>/etc/cron.d/mailtest <<EOF
@@ -2118,15 +2143,17 @@ EOF
 EOF
     ;;&
   bk)
-    test_from=testignore@expertpathologyreview.com
+    test_froms=(testignore@expertpathologyreview.com ziva@amnimal.ninja)
     test_to="testignore@iankelling.org, testignore@je.b8.nz"
     ;;&
   je)
-    test_from=testignore@je.b8.nz
+    test_froms=(testignore@je.b8.nz)
     test_to="testignore@iankelling.org, testignore@expertpathologyreview.com"
     ;;&
   $MAIL_HOST|bk|je)
-    cat >/usr/local/bin/send-test-forward <<EOFOUTER
+    echo '#!/bin/bash' >/usr/local/bin/send-test-forward
+    for test_from in ${test_froms[@]}; do
+      cat >>/usr/local/bin/send-test-forward <<EOFOUTER
 #!/bin/bash
 /usr/sbin/exim -f $test_from -t <<EOF
 From: $test_from
@@ -2136,6 +2163,7 @@ Subject: test \$(date +%Y-%m-%dT%H:%M:%S%z) \$(date +%s)
 /usr/local/bin/send-test-forward
 EOF
 EOFOUTER
+    done
     m chmod +x /usr/local/bin/send-test-forward
     ;;
   *)