From 4860c50e1769c631562707d32b9fda520ae95fee Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Fri, 30 Oct 2020 01:04:43 -0400 Subject: [PATCH] mail fixes and add je.b8.nz --- bk-backup | 15 +- brc2 | 7 +- distro-begin | 57 ++--- distro-end | 61 +---- .../renewal-hooks/deploy/certbot-renew-hook | 2 +- mail-cert-cron | 27 +-- mail-setup | 215 +++++++++++------- 7 files changed, 202 insertions(+), 182 deletions(-) rename certbot-renew-hook => filesystem/etc/letsencrypt/renewal-hooks/deploy/certbot-renew-hook (93%) diff --git a/bk-backup b/bk-backup index 0f54f75..1c3cc45 100755 --- a/bk-backup +++ b/bk-backup @@ -5,6 +5,9 @@ shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR +# need root for rsync pull of file ownership/perms +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + host=bk.b8.nz ret=0 source /a/bin/bash_unpublished/source-state @@ -17,11 +20,13 @@ case $1 in esac if $restore; then - for ncdir in /var/www/ncexpertpath /var/www/ncninja; do - ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:mode --on ||: # might not be running - rsync -ra /p/bkbackup/$ncbase/ root@$host:$ncdir || ret=$? - done - rsync -ra /p/bkbackup/ root@$host:/m/rc + set -x + # for ncdir in /var/www/ncexpertpath /var/www/ncninja; do + # ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:mode --on ||: # might not be running + # rsync -ra /p/bkbackup/$ncbase/ root@$host:$ncdir || ret=$? + # done + rsync -ravi /p/bkbackup/rc/ root@$host:/m/rc + exit 0 fi if [[ $HOSTNAME == $MAIL_HOST ]]; then diff --git a/brc2 b/brc2 index 1029c6f..a2810f2 100644 --- a/brc2 +++ b/brc2 @@ -319,11 +319,14 @@ lipush() { # note, i had --delete-excluded, but that deletes all files in --exclude-from on # the remote site, which doesn't make sense, so not sure why i had it. local p a - p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} /a/opt/{emacs-debian10,mu}) + p=(/a/opt/{emacs-debian10{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts}) a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes" ret=0 - for h in je li bk; do + for h in li je bk; do m rsync "$@" $a ${p[@]} /p/c/machine_specific/$h root@$h.b8.nz:/ || ret=$? + # only li is debian10 + p[0]=/a/opt/emacs-ubuntu20.04 + p[1]=/a/opt/emacs-ubuntu20.04-nox done m rsync "$@" -ahviSAXPH root@iankelling.org:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$? return $ret diff --git a/distro-begin b/distro-begin index 8ccb574..1546647 100755 --- a/distro-begin +++ b/distro-begin @@ -101,15 +101,16 @@ for f in kd x2 x3 frodo tp li bk je demohost kw; do eval "$f() { [[ $HOSTNAME == $f ]]; }" done codename=$(debian-codename) +bitfolk() { je || bk; } has_wayland() { has_monitor && [[ $codename == buster ]]; } has_x() { has_monitor && [[ $codename != buster ]]; } has_monitor() { ! vps ; } -vps() { je || bk || li; } +vps() { bitfolk || li; } # linode actually has btrfs now, but we dont do anything with it. has_btrfs() { ! vps; } home_network() { ! vps && ! tp; } has_p() { ! vps && ! tp; } -encrypted() { ! bk && ! je; } +encrypted() { ! bitfolk; } shopt -s extglob export GLOBIGNORE="*/.:*/.." umask 022 @@ -119,8 +120,6 @@ sed="sed --follow-symlinks" ####### end setup environment ####### - - ##### begin setup encryption scripts ###### if encrypted; then # I tried making a service which was dependent on reboot.target, @@ -233,29 +232,6 @@ sudo sed -i --follow-symlinks -f - /etc/hosts </dev/null; then - sudo apt-get -y remove --purge --auto-remove nscd - sudo systemctl stop nscd ||: # fails if already stopped -fi - - ##### exit first stage if running as root if [[ $EUID == 0 ]]; then echo "$0: running as root. exiting now that users are setup" @@ -310,6 +286,33 @@ Defaults !umask EOF +##### use systemd-resolved for glibc resolutions +if [[ ! -L /etc/nsswitch.conf ]]; then + sudo mkdir -p /etc/nsswitch + sudo mv /etc/nsswitch.conf /etc/nsswitch + sudo ln -sf /etc/nsswitch/nsswitch.conf /etc +fi +pi libnss-resolve +# default is +# files mdns4_minimal [NOTFOUND=return] dns myhostname +# mdns4 is needed for my printer and for bbb webrtc, not sure exactly why. +# https://www.freedesktop.org/software/systemd/man/nss-resolve.html# +# seems more important than some potential use case. +# Interestingly, t9/t10 man page says use files before resolve, debian 10 says the opposite. +# removing files makes hostname -f not actually give the fully qualified domain name. +sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files resolve [!UNAVAIL=return] mdns4_minimal [NOTFOUND=return] myhostname/' /etc/nsswitch.conf +if dpkg -s -- nscd &>/dev/null; then + sudo apt-get -y remove --purge --auto-remove nscd + sudo systemctl stop nscd ||: # fails if already stopped +fi + +if bitfolk; then + # remove line like this: 85.119.82.128 je.iankelling.org je + # it messes with hostname -f. + sudo sed -ri "/^127\./n;/[[:space:]]$HOSTNAME\$/d" /etc/hosts +fi + + #### setup firefox backport ## ian: disabled. backports are not being published atm due to rust packaging issue # if isdeb; then diff --git a/distro-end b/distro-end index ed5ccd4..af816c3 100755 --- a/distro-end +++ b/distro-end @@ -48,7 +48,6 @@ sudo() { } m() { printf "$pre %s\n" "$*"; "$@"; } e() { printf "$pre %s\n" "$*"; } -err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $0: $*" >&2; } distro=$(distro-name) codename=$(debian-codename) codename_compat=$(debian-codename-compat) @@ -109,35 +108,6 @@ esac -### begin certbot install ### -if [[ $distro == debian || $codename_compat == bionic ]]; then - # note, need python-certbot-nginx for nginx, but it depends on nginx, - # and I'm not installing nginx by default right now. - pi certbot python3-certbot-apache -elif [[ $codename_compat == xenial ]]; then - # not packaged in xenial or flidas - pi software-properties-common - l="deb http://ppa.launchpad.net/certbot/certbot/ubuntu xenial main" - if ! grep -xFq "$l" /etc/apt/sources.list{,.d/*.list}; then - sudo add-apt-repository -y ppa:certbot/certbot ||: - m p update - fi - pi python-certbot-apache -else - err "distro unknown for certbot" -fi -# make a version of the certbot timer that emails me. -x=/systemd/system/certbot -$sed -r -f - /lib$x.timer <<'EOF' |sd /etc${x}mail.timer -s,^Description.*,\0 mail version, -EOF -$sed -r -f - /lib$x.service <<'EOF' |sd /etc${x}mail.service -s,(ExecStart=)(/usr/bin/certbot),\1/a/bin/log-quiet/sysd-mail-once certbotmail \2 --renew-hook /a/bin/distro-setup/certbot-renew-hook, -EOF -ser daemon-reload -soff certbot.timer -sgo certbotmail.timer -### end certbot install ### # dogcam setup. not using atm @@ -483,6 +453,13 @@ EOF ##### end automatic upgrades #### +# commented in case i want to use this sometime later +# sd /etc/apt/preferences.d/buster-backports <&2' ERR [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" +case $1 in + # for first run, accept host key + -1) + opt=(-e 'ssh -oStrictHostKeyChecking=no') + ;; +esac + f=/a/bin/bash_unpublished/source-state if [[ -e $f ]]; then source $f @@ -13,29 +20,13 @@ case $HOSTNAME in $MAIL_HOST|bk) local_mx=mail.iankelling.org # ||: is to allow for temporary connection issues. - rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4 ||: + rsync "${opt[@]}" -ogtL --chown=root:Debian-exim --chmod=640 \ + root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4 ||: if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/fullchain.pem; then echo "$0: error!: cert rsync failed and it will expire in less than 3 days" exit 1 fi ;;& - bk) - # the folder name depended on what the fqdn was when we got the initial - # cert. - ledir=/etc/letsencrypt/live/$(cat /etc/mailname) - if [[ ! -d $ledir ]]; then - ledir=/etc/letsencrypt/live/$(hostname -f) - fi - fullchain=$ledir/fullchain.pem - if ! diff -q $fullchain /etc/exim4/exim.crt &>/dev/null; then - install -m 644 $fullchain /etc/exim4/exim.crt - install -m 640 -g Debian-exim $ledir/privkey.pem /etc/exim4/exim.key - fi - if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt >/dev/null; then - echo "$0: error!: cert rsync failed and it will expire in less than 3 days" >&2 - exit 1 - fi - ;; esac # note: exim spec, 5.3 command line option -bd says that all files except diff --git a/mail-setup b/mail-setup index a34d562..33bfa66 100755 --- a/mail-setup +++ b/mail-setup @@ -3,6 +3,12 @@ # Copyright (C) 2019 Ian Kelling # SPDX-License-Identifier: AGPL-3.0-or-later +# todo: look at mailinabox extra dns records +# +# todo: i think daemon-reload +# is being called when it shouldnt when rereunning we are probably +# updating systemd config file that doesnt need to be or something. + # background: I want to run exim in a network namespace so it can send # and receive through a vpn. This is needed so it can do ipv6, because # outside the namespace if we dont have ipv6, to send ipv6 through the @@ -70,7 +76,7 @@ fi source /a/bin/distro-functions/src/identify-distros # has nextcloud_admin_pass in it -f=/p/c/machine_specific/je/mail +f=/p/c/machine_specific/$HOSTNAME/mail if [[ -e $f ]]; then source $f fi @@ -539,16 +545,12 @@ rm -fv /etc/systemd/system/spamddnsfix.{timer,service} m sed -i '/^\s*CRON\s*=/d' /etc/default/spamassassin e CRON=1 /etc/default/spamassassin -case $HOSTNAME in - $MAIL_HOST|bk) - l='NICE="--nicelevel 15"' - if grep -qFx "$l" /etc/default/spamassassin; then - # Just noticed this in the config file, seems like a good idea. - m sed -i '/^\s*NICE\s*=/d' /etc/default/spamassassin - e "$l" | tee -a /etc/default/spamassassin - fi - ;; -esac +l='NICE="--nicelevel 15"' +if grep -qFx "$l" /etc/default/spamassassin; then + # Just noticed this in the config file, seems like a good idea. + m sed -i '/^\s*NICE\s*=/d' /etc/default/spamassassin + e "$l" | tee -a /etc/default/spamassassin +fi ##### end spamassassin config @@ -561,6 +563,14 @@ if [[ -e /p/c/filesystem ]]; then m /a/exe/vpn-mk-client-cert -b mailclient -n mail -s /b/ds/mail-route li.iankelling.org m /a/exe/vpn-mk-client-cert -c bk.b8.nz -b expertpath -n mail -s /b/ds/mail-route li.iankelling.org fi +case $HOSTNAME in + bk) + if [[ ! -e /etc/openvpn/client/mail.conf ]]; then + echo "$0: error: first, on a system with /p/c/filesystem, run mail-setup, or the vpn-mk-client-cert line above this err" 2>&2 + exit 1 + fi + ;; +esac m rsync -aiSAX --chown=root:root --chmod=g-s /a/bin/ds/mail-cert-cron /usr/local/bin @@ -619,13 +629,16 @@ for d in /Maildir /root/Maildir; do m ln -sf -T /m/md/bounces $d done -# Note, even the server needs permissions of this file right -# if it exists, so do this up here. +# dkim, client passwd file +files=(/p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/*) f=/p/c/filesystem/etc/exim4/passwd.client -if [[ ! -e $f ]]; then - f=/p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/passwd.client +if [[ -e $f ]]; then + files+=($f) +fi +if (( ${#files[@]} )); then + m rsync -ahhi --chown=root:Debian-exim --chmod=0640 \ + ${files[@]} /etc/exim4 fi -m rsync -ahhi --chown=root:Debian-exim --chmod=0640 $f /etc/exim4/ # by default, only 10 days of logs are kept. increase that. m sed -ri 's/^(\s*rotate\s).*/\11000/' /etc/logrotate.d/exim4-base @@ -641,19 +654,29 @@ sed -r s/^\\S+:/$b:/ 600_exim4-config_userforward >175_$b # todo, consider 'separate' in etc/exim4.conf, could it help on busy systems? #### begin setup alternate config for main daemon - -#in debian, config file used is first found of: -#CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated -# but we can use this alternate for the daemon -m update-exim4defaults -f --commonoptions '-C /etc/exim4/my.conf' -l="UPEX4OPTS='-o /etc/exim4/my.conf'" -if ! grep -Fxq "$l" /etc/default/exim4; then - sed -i '/^ *UPEX4OPTS=/d' /etc/default/exim4 - echo "$l" |m tee -a /etc/default/exim4 -fi -i /etc/exim4/trusted_configs <<'EOF' +case $HOSTNAME in + bk|$MAIL_HOST) + # to see the default comments in /etc/default/exim4: + # s update-exim4defaults --force --init + # which will overwrite any existing file + i /etc/default/exim4 <<'EOF' +QUEUERUNNER='combined' +QUEUEINTERVAL='30m' +COMMONOPTIONS='-C /etc/exim4/my.conf' +UPEX4OPTS='-o /etc/exim4/my.conf' +EOF + i /etc/exim4/trusted_configs <<'EOF' /etc/exim4/my.conf EOF + ;; + *) + # default file + i /etc/default/exim4 <<'EOF' +QUEUERUNNER='combined' +QUEUEINTERVAL='30m' +EOF + ;; +esac #### end setup alternate config for main daemon # alerts is basically the postmaster address @@ -713,6 +736,19 @@ DKIM_PRIVATE_KEY = \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/ex # rfc, but this messes up mailing lists, like gnu/debian which want to # keep your dkim signature intact but add list- headers. DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to + + +hostlist iank_trusted = <; \\ +# veth0 +10.173.8.1 ; \\ +# li li_ip6 +72.14.176.105 ; 2600:3c00::f03c:91ff:fe6d:baf8; \\ +# li_vpn_net li_vpn_net_ip6 +10.8.0.0/24; 2600:3c00:e000:280::/64 ; \\ +# bk bk_ip6 +85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; \\ +# fsf_mit_net fsf_mit_net_ip6 fsf_net fsf_net_ip6 fsf_office_net +18.4.89.0/24 ; 2603:3005:71a:2e00::/64 ; 209.51.188.0/24 ; 2001:470:142::/48 ; 74.94.156.208/28 EOF # This file only exists in the nn config. for bk to accept mail @@ -753,13 +789,11 @@ i /etc/exim4/conf.d/data_local_acl <<'EOF' # pretty quickly looking through my spam folder. warn - # all internal ips. - # veth0 li li_ip6 li_vpn_net li_vpn_net_ip6 bk bk_ip6 fsf_mit_net fsf_mit_net_ip6 fsf_net fsf_net_ip6 fsf_office_net - !hosts = <; 10.173.8.1 ; 72.14.176.105 ; 2600:3c00::f03c:91ff:fe6d:baf8; 10.8.0.0/24; 2600:3c00:e000:280::/64 ; 85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; 18.4.89.0/24 ; 2603:3005:71a:2e00::/64 ; 209.51.188.0/24 ; 2001:470:142::/48 ; 74.94.156.208/28 + !hosts = +iank_trusted remove_header = X-Spam_score: X-Spam_score_int : X-Spam_bar : X-Spam_report warn - !hosts = <; 10.173.8.1 ; 72.14.176.105 ; 2600:3c00::f03c:91ff:fe6d:baf8; 10.8.0.0/24; 2600:3c00:e000:280::/64 ; 85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; 18.4.89.0/24 ; 2603:3005:71a:2e00::/64 ; 209.51.188.0/24 ; 2001:470:142::/48 ; 74.94.156.208/28 + !hosts = +iank_trusted condition = ${if < {$message_size}{5000K}} spam = Debian-exim:true add_header = X-Spam_score_int: $spam_score_int @@ -817,7 +851,7 @@ EOF # * dovecot case $HOSTNAME in - $MAIL_HOST|bk) + $MAIL_HOST|bk|je) # based on a little google and package search, just the dovecot # packages we need instead of dovecot-common. # @@ -827,7 +861,7 @@ case $HOSTNAME in # sieve has the benefit of being supported in postfix and # proprietary/weird environments, so there is more examples on the # internet. - pi dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd dovecot-sqlite + pi dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd dovecot-sqlite sqlite3 for f in /p/c{/machine_specific/$HOSTNAME,}/filesystem/etc/dovecot/users; do if [[ -e $f ]]; then @@ -927,7 +961,7 @@ protocol lmtp { } EOF ;;& - bk) + bk|je) chown -R mail.mail /m/md f=/etc/dovecot/conf.d/10-auth.conf @@ -1018,8 +1052,6 @@ if allof (header :regex "X-Spam-Status" "^Yes") { stop; } EOF - m sievec /etc/dovecot/sieve-spam.sieve - i /etc/dovecot/local.conf.ext <<'EOF' passdb { @@ -1063,6 +1095,9 @@ EOF #insert into users (email, password) values ('testignore@bk.b8.nz', 'hash'); #EOF # update users set password = 'hash' where email = 'testignore@bk.b8.nz'; + + # this should be at the end since it requires a valid dovecot config + m sievec /etc/dovecot/sieve-spam.sieve ;; esac @@ -1126,27 +1161,34 @@ fi if [[ $HOSTNAME == bk ]]; then - ### begin composer install - # https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md - cd $(mktemp -d) - sum="$(wget -q -O - https://composer.github.io/installer.sig)" - m php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" - if [[ $sum != $(php -r "echo hash_file('sha384', 'composer-setup.php');") ]]; then - echo 'ERROR: Invalid composer installer checksum' >&2 - rm -fv composer-setup.php - exit 1 - fi - m php composer-setup.php --quiet - rm -fv composer-setup.php - m mv composer.phar /usr/local/bin - ### end composer install - # avoid prompt export DEBIAN_FRONTEND=noninteractive # zip according to /installer # which requires adding a line to /usr/local/lib/roundcubemail/config/config.inc.php # $config['enable_installer'] = true; - pi roundcube roundcube-sqlite3 php-zip + pi roundcube roundcube-sqlite3 php-zip apache2 php-fpm + + ### begin composer install + # https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md + # cd $(mktemp -d) + # sum="$(wget -q -O - https://composer.github.io/installer.sig)" + # m php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + # if [[ $sum != $(php -r "echo hash_file('sha384', 'composer-setup.php');") ]]; then + # echo 'ERROR: Invalid composer installer checksum' >&2 + # rm -fv composer-setup.php + # exit 1 + # fi + # m php composer-setup.php --quiet + # rm -fv composer-setup.php + # m mv composer.phar /usr/local/bin + + # the above method gets composer2, carddav plugin at least doesnt work with that + # yet, it was just released 10-24-2020. + m cd /usr/local/bin + m wget -nv -N https://getcomposer.org/composer-1.phar + chmod +x composer-1.phar + ### end composer install + rcdirs=(/usr/local/lib/rcexpertpath /usr/local/lib/rcninja) ncdirs=(/var/www/ncexpertpath /var/www/ncninja) # point debian cronjob to our local install, preventing daily cron error @@ -1319,11 +1361,11 @@ EOF tar xzf $tmpd/t.tgz rm -rf $tmpd m chown -R www-data:www-data $rcdir/plugins/carddav - cd $rcdir/plugins/carddav + m cd $rcdir/plugins/carddav if $upgrade; then - m sudo -u www-data composer.phar update --no-dev + m sudo -u www-data composer-1.phar update --no-dev else - m sudo -u www-data composer.phar install --no-dev + m sudo -u www-data composer-1.phar install --no-dev fi m chown -R root:root $rcdir/plugins/carddav echo $v >$verf @@ -1519,7 +1561,7 @@ server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} .endif EOF ;; - bk) + bk|je) # avoid accepting mail for invalid users # https://wiki.dovecot.org/LMTP/Exim cat >>/etc/exim4/conf.d/rcpt_local_acl <<'EOF' @@ -1540,8 +1582,8 @@ esac case $HOSTNAME in - # ** $MAIL_HOST|bk) - $MAIL_HOST|bk) + # ** $MAIL_HOST|bk|je) + $MAIL_HOST|bk|je) cat >>/etc/exim4/update-exim4.conf.conf <>/etc/exim4/conf.d/main/000_local-nn < /etc/mailname + echo amnimal.ninja > /etc/mailname i /etc/myexim4/conf.d/router/180_vpnmanual <<'EOF' # copied from dnslookup, altered domains, added route_list, @@ -1753,17 +1798,21 @@ COMMONOPTIONS='-oP /run/exim4/eximin.pid' UPEX4OPTS='-d /etc/myexim4' EOF - # dkim, client passwd file - m rsync -ahhi --chown=root:Debian-exim --chmod=0640 \ - /p/c/machine_specific/bk/filesystem/etc/exim4/* /etc/exim4 - cat >>/etc/exim4/update-exim4.conf.conf < /etc/mailname + cat >>/etc/exim4/update-exim4.conf.conf <>/etc/myexim4/update-exim4.conf.conf <<'EOF' dc_eximconfig_configtype='smarthost' -dc_smarthost='10.173.8.2' +dc_smarthost='nn.b8.nz' EOF ;;& bk) @@ -1891,7 +1940,16 @@ if $reload; then m systemctl daemon-reload fi -m systemctl start mailcert +case $HOSTNAME in + je) + /a/exe/web-conf apache2 je.b8.nz + ;; + bk) + /a/exe/web-conf apache2 mail2.iankelling.org + ;; +esac + +m /a/bin/ds/mail-cert-cron -1 sre mailcert.timer case $HOSTNAME in @@ -1899,12 +1957,13 @@ case $HOSTNAME in # If mailvpn has changes, id rather manually restart it, id rather # not restart and lose connectivity. sstart mailnn mailvpn + ;; + $MAIL_HOST|bk|je) # start spamassassin/dovecot before exim. sre dovecot spamassassin sstart mailclean.timer ;; *) - soff mailclean.timer soff mailclean.timer dovecot spamassassin mailvpn mailnn ;; esac @@ -1917,7 +1976,7 @@ esac # * mail monitoring / testing case $HOSTNAME in - $MAIL_HOST|bk) + $MAIL_HOST|bk|je) # note: cronjob "ian" also does some important monitoring # todo: setup test mail cron for 3rd host cat >/etc/cron.d/mailtest <>/etc/cron.d/mailtest </usr/local/bin/send-test-forward <