From 0ddfdfec569c6141a13b506770bfd9a0b51ed7a4 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Tue, 10 Nov 2020 21:42:21 -0500 Subject: [PATCH] mail filtering --- brc2 | 2 ++ mail-setup | 31 +++++++++++++++++++++++-------- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/brc2 b/brc2 index e2d9bce..5d20970 100644 --- a/brc2 +++ b/brc2 @@ -257,6 +257,8 @@ bigclock() { xclock -digital -update 1 -face 'arial black-80:bold' } +nnn() { /a/opt/nnn -H "$@"; } + jrun() { # journal run. run args, log to journal, tail and grep the journal. # Note, an alternative without systemd would be something like ts. diff --git a/mail-setup b/mail-setup index c446bbb..de8638f 100755 --- a/mail-setup +++ b/mail-setup @@ -3,10 +3,9 @@ # Copyright (C) 2019 Ian Kelling # SPDX-License-Identifier: AGPL-3.0-or-later -# todo: disable greylisting +# todo: disable postgrey -# todo: enable plus addressing and sort out mail filtering. -# consider maildrop, procmail, etc. +# todo: in testforward-check, we should also look # todo: test that bounces dont help create valid mailtest-check @@ -29,7 +28,10 @@ # And send an alert email if no alerts have been sent # in 2 or 3 days or something. todo, test cron mail on li. -# todo: look at mailinabox extra dns records +# todo: look at mailinabox extra dns records, note these changelogs: +# * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. +# * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. +# # todo: mailtest-check failure on remote hosts is not going to alert me. # sort that out. @@ -862,7 +864,6 @@ warn EOF -# see sender validation in /a/opt/mailinabox/setup/mail-users.sh i /etc/exim4/conf.d/router/900_exim4-config_local_user <<'EOF' ### router/900_exim4-config_local_user ################################# @@ -874,12 +875,16 @@ local_user: debug_print = "R: local_user for $local_part@$domain" driver = accept domains = +local_domains -# ian: commented this, in conjunction with a dovecot lmtp -# change so I get mail for all users. -# check_local_user +# ian: default file except where mentioned. +# ian: commented this. I get all local parts. for bk, an rcpt +# check handles checking with dovecot, and the only router +# after this is root. local_parts = ! root transport = LOCAL_DELIVERY cannot_route_message = Unknown user +# ian: added for + addressing. + local_part_suffix = +* + local_part_suffix_optional EOF i /etc/exim4/conf.d/transport/30_exim4-config_dovecot_lmtp <<'EOF' dovecot_lmtp: @@ -1025,6 +1030,7 @@ fi # * dovecot +# ** $MAIL_HOST|bk|je) case $HOSTNAME in $MAIL_HOST|bk|je) # based on a little google and package search, just the dovecot @@ -1085,6 +1091,7 @@ EOF ;;& +# ** $MAIL_HOST) $MAIL_HOST) # If we changed 90-sieve.conf and removed the active part of the # sieve option, we wouldn\'t need this, but I\'d rather not modify a @@ -1136,6 +1143,7 @@ protocol lmtp { } EOF ;;& +# ** bk|je) bk|je) chown -R mail.mail /m/md @@ -1273,6 +1281,13 @@ EOF # this should be at the end since it requires a valid dovecot config m sievec /etc/dovecot/sieve-spam.sieve + ;;& +# ** bk) + bk) + # roundcube uses this + mkdir -p /m/sieve + chown mail.mail /m/sieve + m pi dovecot-managesieved ;; esac -- 2.30.2