From 9d3e42f63363df3a9802e138b3fea1c4cd0211c4 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sat, 21 Feb 2026 07:59:27 -0500 Subject: [PATCH] big fix of email --- distro-end | 9 +-------- filesystem/usr/local/bin/exim-nn-iptables | 4 ++-- mail-setup | 10 ++++++++-- system-status | 6 ++++++ vpn-mail-forward | 9 +++------ 5 files changed, 20 insertions(+), 18 deletions(-) diff --git a/distro-end b/distro-end index 6ebed62..d09a62c 100755 --- a/distro-end +++ b/distro-end @@ -337,14 +337,7 @@ EOF ;;& bk) - sgo wg-quick-mail - # i just dont feel like setting up a special purpose ssh key to do this automatically. - end_msg <<'EOF' -# run this once for bk on local machine: -# only used for old openvpn setup -/a/exe/vpn-mk-client-cert -c bk.b8.nz -b expertpath -n mail li.iankelling.org -EOF end ;; je) @@ -461,7 +454,7 @@ EOF # needed for li's local mail delivery. tu /etc/hosts <<<"10.8.0.4 mx.iankelling.org" - sgo wg-quick-mail + sgo wg-quick@mail # setup let's encrypt cert m web-conf apache2 mail.iankelling.org diff --git a/filesystem/usr/local/bin/exim-nn-iptables b/filesystem/usr/local/bin/exim-nn-iptables index da631b5..dfb96d8 100755 --- a/filesystem/usr/local/bin/exim-nn-iptables +++ b/filesystem/usr/local/bin/exim-nn-iptables @@ -27,9 +27,9 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR # This prevents exim from connecting out to an ip not through the vpn. -# Before this, I had set exim to be BindsTo=wg-quick@wgmail, which +# Before this, I had set exim to be BindsTo=wg-quick@mail, which # generally made sure it wouldn't run unless the vpn ran, and plus I set -# a specific interface in the main remote smtp transport. However, +# a specific interface in the main remote smtp transport. # However, that wasn't bulletproof, exim spec says about "interface: The # first interface of the correct type (IPv4 or IPv6) is used for the # outgoing connection. If none of them are the correct type, the option diff --git a/mail-setup b/mail-setup index 4eb119e..f5c9ea2 100755 --- a/mail-setup +++ b/mail-setup @@ -1954,7 +1954,8 @@ local_user: driver = manualroute self = send EOF -u /etc/exim4/conf.d/transport/30_exim4-config_dovecot_lmtp <<'EOF' +{ + cat <<'EOF' dovecot_lmtp: driver = smtp protocol = lmtp @@ -1962,7 +1963,13 @@ dovecot_lmtp: port = 24 envelope_to_add hosts_avoid_tls = * +EOF + if [[ $HOSTNAME != li ]]; then + cat <<'EOF' message_linelength_limit = 2097152 +EOF + fi +} | u /etc/exim4/conf.d/transport/30_exim4-config_dovecot_lmtp ## unix socket version of lmtp. see notes elsewhere. # dovecot_lmtp: @@ -1971,7 +1978,6 @@ dovecot_lmtp: # #maximum number of deliveries per batch, default 1 # batch_max = 200 # envelope_to_add -EOF # iank: incomplete switch to exim mail filters u /etc/exim4/conf.d/transport/30_iank_maildir <<'EOF' diff --git a/system-status b/system-status index f99346a..891ef65 100755 --- a/system-status +++ b/system-status @@ -441,12 +441,18 @@ write-status() { chars+=("MTEST_SPAM") fi mtest_found=false + # shellcheck disable=SC2013 # these are words + mtest_count=0 for t in $(grep -E ^mailtest_check_last_usec $mprom | awk '{print $NF}' || [[ $? == 1 ]]); do + mtest_count=$(( mtest_count + 1 )) if (( t + 60 * 20 < EPOCHSECONDS )); then mtest_found=true fi done + if (( mtest_count < 4 )); then + mtest_found=true + fi if $mtest_found; then chars+=("MTEST_AGE") fi diff --git a/vpn-mail-forward b/vpn-mail-forward index 3af1c0f..4f8a562 100755 --- a/vpn-mail-forward +++ b/vpn-mail-forward @@ -53,12 +53,9 @@ do-forward() { m /sbin/iptables $cmd FORWARD -i $ifname -o $gw -j ACCEPT m /sbin/iptables $cmd FORWARD -i $gw -o $ifname -j ACCEPT - case $ifname in - wg*) - /sbin/iptables -t nat $cmd POSTROUTING -s 10.8.0.0/24 -o $gw -j MASQUERADE - /sbin/ip6tables -t nat $cmd POSTROUTING -s 2600:3c00:e002:3800::/64 -o $gw -j MASQUERADE - ;; - esac + # these were not used for openvpn, but I stopped maintaining that config. + /sbin/iptables -t nat $cmd POSTROUTING -s 10.8.0.0/24 -o $gw -j MASQUERADE + /sbin/ip6tables -t nat $cmd POSTROUTING -s 2600:3c00:e002:3800::/64 -o $gw -j MASQUERADE } -- 2.30.2