From 7579e5401dc3072a52ae355a00e0c89a77fdd538 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Tue, 26 Aug 2025 05:15:10 -0400
Subject: [PATCH] fix the exim crash

---
 filesystem/usr/local/bin/mailbindwatchdog |  21 +-
 mail-setup                                | 312 +++++++++++++++-------
 2 files changed, 223 insertions(+), 110 deletions(-)

diff --git a/filesystem/usr/local/bin/mailbindwatchdog b/filesystem/usr/local/bin/mailbindwatchdog
index aededd1..e6c3d6d 100755
--- a/filesystem/usr/local/bin/mailbindwatchdog
+++ b/filesystem/usr/local/bin/mailbindwatchdog
@@ -54,16 +54,19 @@ while true; do
     esac
   done
 
-  # settings that go away when exim gets upgraded. obviously the best way to do this would be to modify the exim package itself, but this is easier
+  run_as_nonroot=true
 
-  ## temporarily running as root
-  # caps=$(getcap /usr/sbin/exim4)
-  # if [[ ! $caps ]]; then
-  #   echo "$0: setting capabilities, user and setuid/gid on /usr/sbin/exim4"
-  #   chown Debian-exim:Debian-exim /usr/sbin/exim4
-  #   chmod g+s,u+s /usr/sbin/exim4
-  #   setcap CAP_NET_BIND_SERVICE+ei /usr/sbin/exim4
-  # fi
+  if $run_as_nonroot; then
+  # settings that go away when exim gets upgraded. obviously the best
+  # way to do this would be to modify the exim package itself, but this
+  # is easier.
+  caps=$(getcap /usr/sbin/exim4)
+  if [[ ! $caps ]]; then
+    echo "$0: setting capabilities, user and setuid/gid on /usr/sbin/exim4"
+    chown Debian-exim:Debian-exim /usr/sbin/exim4
+    chmod g+s,u+s /usr/sbin/exim4
+    setcap CAP_NET_BIND_SERVICE+ei /usr/sbin/exim4
+  fi
 
 
 done
diff --git a/mail-setup b/mail-setup
index 9b56707..5bc8af5 100755
--- a/mail-setup
+++ b/mail-setup
@@ -66,19 +66,6 @@
 #
 #&! testignore|jtuttle|eximbackup|/usr/sbin/exim4 -bpu
 
-# todo: this should have been rejected at smtp-time. the <FF> is a translation of �
-# 2025-02-28 23:41:40 [3939978] 1toEfR-0000000GWy2-4A1N <= <FF>Amazon.meguminozaki@tischlermeister-luempert.de H=(localhost) [183.167.149.235] P=esmtp S=9416 id=1461312104.1131284.1740804083757@localhost T="\343\200\214\351\207\215\350\246\201\343\201\252\343\201\212\347\237\245\343\202\211\343\201\233\357\274\232\343\202\242\343\202\253\343\202\246\343\203\263\343\203\210\345\206\215\350\252\215\350\250\274\343\201\256\343\201\212\351\241\230\343\201\204\343\200\215" from <<FF>Amazon.meguminozaki@tischlermeister-luempert.de> for ian@iankelling.org
-# 2025-02-28 23:41:41 [3940022] 1toEfR-0000000GWy2-4A1N ** ian@iankelling.org F=<<FF>Amazon.meguminozaki@tischlermeister-luempert.de> P=<<FF>Amazon.meguminozaki@tischlermeister-luempert.de> R=local_user T=dovecot_lmtp: LMTP error after MAIL FROM:<\377Amazon.meguminozaki@tischlermeister-luempert.de>: 500 5.5.2 Invalid command syntax DT=0s
-# There was nothing useful in /var/log/mail.log.
-#
-# I was going to fix by transitioning to exim mailfilter, but I think I
-# found an acl that will work and is less work for now.
-# I was initially testing exim mail filter with:
-# exim -f vojdedIdNejyebni@b8.nz -bf /m/exim-filter </m/4e/Sent/cur/1739266450.de3db24c7af81d7a.frodo:2,S
-# I would need to put exim-filter into a git repo, perhaps put it into /m with conflink.
-#
-# I would also need to setup a way to do an offline refile, I think I could do it with some exim command line flags.
-#
 
 # todo: this message seems to get dropped on the floor, it was due to a missing 2nd colon in
 #  condition = ${if def:h_fdate:}
@@ -1581,8 +1568,8 @@ domainlist local_hostnames = ! je.b8.nz : ! bk.b8.nz : *.b8.nz : b8.nz
 
 # note: most of these are duplicated in spamassassin config
 hostlist iank_trusted = <; \
-# veth0
-10.173.8.1 ; \
+# veth0/1-mail
+10.173.8.1 ; 10.173.8.2 ;  \
 # li li_ip6
 72.14.176.105 ; 2600:3c00::f03c:91ff:fe6d:baf8 ; \
 # li_vpn_net li_vpn_net_ip6s
@@ -2017,7 +2004,8 @@ u /etc/exim4/conf.d/router/900_exim4-config_local_user <<'EOF'
 # message is "Unknown user".
 local_user:
   debug_print = "R: local_user for $local_part@$domain"
-  driver = accept
+  #driver = accept # for lmtp via unix socket.
+
   domains = +local_domains
 # ian: default file except where mentioned.
 # ian: commented this. I get all local parts. for bk, an rcpt
@@ -2029,14 +2017,27 @@ local_user:
 # ian: added for + addressing.
   local_part_suffix = +*
   local_part_suffix_optional
+  # these 3 for lmtp via tcp socket. (last one is host conditional)
+  driver = manualroute
+  self = send
 EOF
 u /etc/exim4/conf.d/transport/30_exim4-config_dovecot_lmtp <<'EOF'
 dovecot_lmtp:
-  driver = lmtp
-  socket = /var/run/dovecot/lmtp
-  #maximum number of deliveries per batch, default 1
-  batch_max = 200
+  driver = smtp
+  protocol = lmtp
+  # Set port appropriate to your setup.
+  port = 24
   envelope_to_add
+  hosts_avoid_tls = *
+  message_linelength_limit = 2097152
+
+## unix socket version of lmtp. see notes elsewhere.
+# dovecot_lmtp:
+#   driver = lmtp
+#   socket = /var/run/dovecot/lmtp
+#   #maximum number of deliveries per batch, default 1
+#   batch_max = 200
+#   envelope_to_add
 EOF
 
 # iank: incomplete switch to exim mail filters
@@ -2382,27 +2383,6 @@ xioE3sYKdjOt+p6mlg3l8+OLtODEFPHDqwIBAg==
 EOF
     {
 
-      if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
-        # begin dovecot settings
-        cat <<'EOF'
-listen = 127.0.0.1, ::1, 10.8.0.4
-
-info_log_path = /dev/null
-
-ssl_cert = </etc/exim4/fullchain.pem
-ssl_key = </etc/exim4/privkey.pem
-EOF
-      else
-        # We have a lets encrypt hooks that puts things here.
-        # This is just for bk, which uses the vpn cert in exim
-        # for sending mail, but the local hostname cert for
-        # dovecot.
-        cat <<'EOF'
-ssl_cert = </etc/exim4/exim.crt
-ssl_key = </etc/exim4/exim.key
-EOF
-      fi
-
       cat <<'EOF'
 # https://ssl-config.mozilla.org
 ssl = required
@@ -2411,11 +2391,6 @@ ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDH
 ssl_min_protocol = TLSv1.2
 ssl_prefer_server_ciphers = no
 
-protocol lmtp {
-#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
-# default is just $mail_plugins
-  mail_plugins = $mail_plugins sieve
-}
 
 # /etc/dovecot/conf.d/10-master.conf says the default is 256M.
 # but I started getting oom errors in the syslog
@@ -2462,6 +2437,23 @@ EOF
     # preferable use a bit more cpu to recalculate indexes.
     install -d -m 700 -o iank -g iank /var/dovecot-indexes
     cat >>/etc/dovecot/local.conf <<EOF
+listen = 127.0.0.1, ::1, 10.8.0.4
+# afaik, just making normal mail and spammers create less logs.
+info_log_path = /dev/null
+
+ssl_cert = </etc/exim4/fullchain.pem
+ssl_key = </etc/exim4/privkey.pem
+
+# Default uses unix socket file. note also, it would be fine to add
+# localhost to the address option: ::1 127.0.0.1,
+# but i have nothing configured to use that, so just leaving it off.
+service lmtp {
+  inet_listener lmtp {
+    address = 10.173.8.2
+    port = 24
+  }
+}
+
 
 
 # This will decrease memory use, and seems likely to decrease cpu & disk
@@ -2480,6 +2472,10 @@ mail_uid = iank
 mail_gid = iank
 
 protocol lmtp {
+#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
+# default is just \$mail_plugins
+  mail_plugins = \$mail_plugins sieve
+
 # For a normal setup with exim, we need something like this, which
 # removes the domain part
 #  auth_username_format = %Ln
@@ -2519,6 +2515,23 @@ EOF
     fi
 
     cat >>/etc/dovecot/local.conf <<EOF
+# We have a lets encrypt hooks that puts things here.
+# This is just for bk, which uses the vpn cert in exim
+# for sending mail, but the local hostname cert for
+# dovecot.
+ssl_cert = </etc/exim4/exim.crt
+ssl_key = </etc/exim4/exim.key
+
+# Default uses unix socket file. note also, it would be fine to add
+# localhost to the address option: ::1 127.0.0.1,
+# but i have nothing configured to use that, so just leaving it off.
+service lmtp {
+  inet_listener lmtp {
+    address = 127.0.0.1
+    port = 24
+  }
+}
+
 !include /etc/dovecot/local.conf.ext
 
 # for debugging info, uncomment these.
@@ -2528,11 +2541,22 @@ EOF
 
 
 protocol lmtp {
+#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
+# default is just \$mail_plugins
+  mail_plugins = \$mail_plugins sieve
+
 # This downcases the localpart. default is case sensitive.
 # case sensitive local part will miss out on valid email when some person or system
 # mistakenly capitalizes things.
   auth_username_format = %Lu
 }
+service lmtp {
+  inet_listener lmtp {
+    address =
+    port = 24
+  }
+}
+
 
 # make 147 only listen on localhost, plan to use for nextcloud.
 # copied from mailinabox
@@ -3363,6 +3387,8 @@ EOF
 fi
 
 # ** exim: main daemon use non-default config file
+run_as_nonroot=true
+
 case $HOSTNAME in
   bk|$MAIL_HOST)
     # to see the default comments in /etc/default/exim4:
@@ -3379,36 +3405,48 @@ EXIMSERVICE='-bdf -q10m -C /etc/exim4/nn-mainlog.conf'
 E4BCD_WATCH_PANICLOG='no'
 EOF
 
-    ## temporarily running as root. undo nonroot modifications
-    ## note: nonroot also exists in
-    ## /b/ds/filesystem/usr/local/bin/mailbindwatchdog
+    # for debugging/testing, sometimes I need debian to run as root, so
+    # made it conditional here.
+    # note: nonroot settings also exists in
+    # /b/ds/filesystem/usr/local/bin/mailbindwatchdog
 
-    owners=$(stat -c %U:%G /usr/sbin/exim4)
-    if [[ $owners != root:root ]]; then
-      m chown root:root /usr/sbin/exim4
-      # chown clears setuid
-      m chmod 4755 /usr/sbin/exim4
-    fi
-    m chmod g-s /usr/sbin/exim4
-    caps=$(getcap /usr/sbin/exim4)
-    if [[ $caps ]]; then
-      # this returns an error if it has no capabilities.
-      m setcap -r /usr/sbin/exim4
-    fi
+    if $run_as_nonroot; then
+      owners=$(stat -c %U:%G /usr/sbin/exim4)
+      if [[ $owners != Debian-exim:Debian-exim ]]; then
+        # make exim be a nonroot setuid program.
+        m chown Debian-exim:Debian-exim /usr/sbin/exim4
+      fi
+      # needs guid set in order to become Debian-exim
+      m chmod g+s,u+s /usr/sbin/exim4
+      # need this to avoid error on service reload:
+      # 2022-08-07 18:44:34.005 [892491] pid 892491: SIGHUP received: re-exec daemon
+      # 2022-08-07 18:44:34.036 [892491] cwd=/var/spool/exim4 5 args: /usr/sbin/exim4 -bd -q30m -C /etc/exim4/nn-mainlog.conf
+      # 2022-08-07 18:44:34.043 [892491] socket bind() to port 25 for address (any IPv6) failed: Permission denied: waiting 30s before trying again (9 more tries)
+      # note: the daemon gives up and dies after retrying those 9 times.
+      # I came upon this by guessing and trial and error.
+      # set capability
+      caps=$(getcap /usr/sbin/exim4)
+      if [[ ! $caps ]]; then
+        m setcap CAP_NET_BIND_SERVICE+ei /usr/sbin/exim4
+      fi
 
-    # # make exim be a nonroot setuid program.
-    # chown Debian-exim:Debian-exim /usr/sbin/exim4
-    # # needs guid set in order to become Debian-exim
-    # chmod g+s,u+s /usr/sbin/exim4
+    else
 
-    # # need this to avoid error on service reload:
-    # # pid 892491: SIGHUP received: re-exec daemon
-    # # cwd=/var/spool/exim4 5 args: /usr/sbin/exim4 -bd -q30m -C /etc/exim4/nn-mainlog.conf
-    # #  socket bind() to port 25 for address (any IPv6) failed: Permission denied: waiting 30s before trying again (9 more tries)
-    # # note: the daemon gives up and dies after retrying those 9 times.
-    # # I came upon this by guessing and trial and error.
+      ##  undo nonroot modifications
 
-    # setcap CAP_NET_BIND_SERVICE+ei /usr/sbin/exim4
+      owners=$(stat -c %U:%G /usr/sbin/exim4)
+      if [[ $owners != root:root ]]; then
+        m chown root:root /usr/sbin/exim4
+        ## note: chown clears setuid
+        m chmod 4755 /usr/sbin/exim4
+      fi
+      m chmod g-s /usr/sbin/exim4
+      caps=$(getcap /usr/sbin/exim4)
+      if [[ $caps ]]; then
+        # this returns an error if it has no capabilities.
+        m setcap -r /usr/sbin/exim4
+      fi
+    fi
 
     u /etc/exim4/trusted_configs <<'EOF'
 /etc/exim4/nn-mainlog.conf
@@ -3440,8 +3478,7 @@ case $HOSTNAME in
     u /etc/systemd/system/exim4.service.d/nonroot.conf <<EOF
 [Service]
 # see 56.2 Root privilege in exim spec
-# disabled due to running as root.
-#AmbientCapabilities=CAP_NET_BIND_SERVICE
+$(if $run_as_nonroot; then e AmbientCapabilities=CAP_NET_BIND_SERVICE; fi)
 
 # https://www.redhat.com/sysadmin/mastering-systemd
 # things that seem good and reasonabl.e
@@ -3461,23 +3498,24 @@ ProtectSystem=yes
 #ProtectDevices=yes
 EOF
 
-    # temp: running as root
-    echo | u /etc/exim4/conf.d/main/000_local-noroot
-    #     u /etc/exim4/conf.d/main/000_local-noroot <<'EOF'
-    # # see 56.2 Root privilege in exim spec
-    # deliver_drop_privilege = true
-    # EOF
-    #
-    files=(
-      300_exim4-config_real_local
-      600_exim4-config_userforward
-      700_exim4-config_procmail
-      800_exim4-config_maildrop
-      mmm_mail4root
-    )
-    for f in ${files[@]}; do
-      echo "# iank: removed due to running nonroot"|u /etc/exim4/conf.d/router/$f
-    done
+    if $run_as_nonroot; then
+      u /etc/exim4/conf.d/main/000_local-noroot <<'EOF'
+    # see 56.2 Root privilege in exim spec
+    deliver_drop_privilege = true
+EOF
+      files=(
+        300_exim4-config_real_local
+        600_exim4-config_userforward
+        700_exim4-config_procmail
+        800_exim4-config_maildrop
+        mmm_mail4root
+      )
+      for f in ${files[@]}; do
+        echo "# iank: removed due to running nonroot"|u /etc/exim4/conf.d/router/$f
+      done
+    else
+      echo | u /etc/exim4/conf.d/main/000_local-noroot
+    fi
     ;;
 esac
 
@@ -3566,6 +3604,13 @@ EOF
   # ** $MAIL_HOST)
   $MAIL_HOST)
 
+    cat >>/etc/exim4/conf.d/router/900_exim4-config_local_user <<'EOF'
+# note: in my debug testing, byname option makes no diff,
+# it seems byname gets used either way.
+  route_list = * 10.173.8.2::24
+EOF
+
+
     if [[ ! -e /etc/exim4/no-delay-eximids ]]; then
       install -o iank -g iank <(echo) /etc/exim4/no-delay-eximids
     fi
@@ -3681,12 +3726,69 @@ mail.fsf.org
 *.posteo.de
 EOF
 
-    # cron email from smarthost hosts will automatically be to
-    # USER@FQDN. I redirect that to alerts@, on the smarthosts, but in
-    # case that doesn't work, we still want to accept that mail, but not
-    # from any host except the smarthosts. local_hostnames and this rule
-    # is for that purpose.
     u /etc/exim4/conf.d/rcpt_local_acl <<'EOF'
+
+## I thought up the following acl to deal with this lmtp 500 error. However,
+# exim doesn't support a callout except over smtp. So, i switched dovecot's
+# lmto to use tcp, and then lmtp in exim is set to use smtp. But, that actually
+# fixed the 500 error. So, whatever, but I'm still leaving this here
+# just so that if dovecot does reject any mail, we won't have a backscatter
+# problem. I was initially going to fix by transitioning to using exim mailfilter
+# instead of dovecot's sieve, and then have exim just deliver to the maildir
+# without using dovecot at all, but I figured this would be easier.
+# I would also need to setup a way to do an offline refile, I think I
+# could do it with some exim command line flags. I wrote some initial config
+# changes to enable that, including disabling extra exim security.
+# TODO: reenable that.
+
+# I tested this acl with the following script:
+# while read -r line; do
+#   echo "$line"
+#   sleep 2
+# done <<'EOF'| exim -d+all -bhc 177.185.43.158
+# helo localhost
+# mail from:<ÿMatsu.cha1971@skmsm.com>
+# rcpt to:<ian@iankelling.org>
+# data
+# From: Matsu.cha1971@skmsm.com
+# To: ian@iankelling.org
+# Subject: Testing Exim
+
+# This is a test message.
+# .
+# quit
+# EOF
+
+# 2025-07-23 02:11:52 [514980] 1ueShh-000000029y8-15RA <= ÿMatsu.cha1971@skmsm.com H=(vm253) [177.185.43.158] P=esmtp S=11805 id=1039013636.43627.1753251091676@vm253 T="\343\200\214\346\235\276\344\272\225\350\250\274\345\210\270\357\274\232\343\202\273\343\202\255\343\203\245\343\203\252\343\203\206\343\202\243\343\202\242\343\203\203\343\203\227\343\202\260\343\203\254\343\203\274\343\203\211\343\201\253\351\226\242\343\201\231\343\202\213\343\201\224\346\241\210\345\206\205\343\200\215" from <ÿMatsu.cha1971@skmsm.com> for ian@iankelling.org
+# 2025-07-23 02:11:52 [516231] cwd=/var/spool/exim4 5 args: /usr/sbin/exim4 -C /etc/exim4/nn-mainlog.conf -Mc 1ueShh-000000029y8-15RA
+# 2025-07-23 02:11:52 [516231] 1ueShh-000000029y8-15RA ** ian@iankelling.org F=<ÿMatsu.cha1971@skmsm.com> P=<ÿMatsu.cha1971@skmsm.com> R=local_user T=dovecot_lmtp: LMTP error after MAIL FROM:<\377Matsu.cha1971@skmsm.com>: 500 5.5.2 Invalid command syntax DT=0s
+# 2025-07-23 02:11:52 [516244] 1ueShh-000000029y8-15RA no IP address found for host REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOST
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA SIGSEGV (fault address: (nil))
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA SEGV_MAPERR
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA SIGSEGV (null pointer indirection)
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA SIGSEGV (516231 delivering 1ueShh-000000029y8-15RA
+# )
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA backtrace
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA ---
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(+0x5a9b2) [0x556f5a0699b2]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(+0x5ab74) [0x556f5a069b74]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/lib/x86_64-linux-gnu/libc.so.6(+0x45330) [0x712c65e45330]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/lib/x86_64-linux-gnu/libc.so.6(+0x18b75d) [0x712c65f8b75d]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(+0xc9725) [0x556f5a0d8725]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(+0x4da90) [0x556f5a05ca90]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(+0x4e6aa) [0x556f5a05d6aa]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(+0x4f364) [0x556f5a05e364]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(+0x4f9a9) [0x556f5a05e9a9]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(+0x4fdaa) [0x556f5a05edaa]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(+0x60fb2) [0x556f5a06ffb2]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(+0x3aea6) [0x556f5a049ea6]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/lib/x86_64-linux-gnu/libc.so.6(+0x2a1ca) [0x712c65e2a1ca]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x8b) [0x712c65e2a28b]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA 	/usr/sbin/exim4(_start+0x25) [0x556f5a04d9d5]
+# 2025-07-23 02:11:53 [516231] 1ueShh-000000029y8-15RA ---
+
+
+
 # iank: i think this will deal with the spam of mail from
 # <FF>Amaz..., because it has use_sender.
 deny
@@ -3694,6 +3796,11 @@ deny
   domains = +local_domains
   !verify = recipient/callout=no_cache,use_sender
 
+# Cron email from smarthost hosts will automatically be to
+# USER@FQDN. I redirect that to alerts@, on the smarthosts, but in
+# case that doesn't work, we still want to accept that mail, but not
+# from any host except the smarthosts. local_hostnames and this rule
+# is for that purpose.
 deny
   !authenticated = *
   domains = +local_hostnames
@@ -3830,6 +3937,11 @@ EOF
   ## we use this host to monitor MAIL_HOST and host a mail server for someone
   bk)
 
+    cat >>/etc/exim4/conf.d/router/900_exim4-config_local_user <<'EOF'
+  route_list = * 127.0.0.1
+EOF
+
+
     # No clamav on je, it has 1.5g memory and clamav uses most of it.
     #
     # No clamav on MAIL_HOST because it is just a waste of useful cpu
@@ -4302,11 +4414,9 @@ EOF
         fi
         test_to+=", $t"
       done
-      case $test_from in
-        testignore@expertpathologyreview.com)
-          test_to=testignore@zroe.org
-          ;;
-      esac
+      if [[ $test_from ==  testignore@expertpathologyreview.com ]]; then
+        test_to=testignore@zroe.org
+      fi
 
       cat >>/usr/local/bin/send-test-forward <<EOFOUTER
 /usr/sbin/exim -odf -f $test_from -t <<EOF
-- 
2.30.2