iankelling.org Git - distro-setup/blob - mail-setup

   1 #!/bin/bash -l
   2 # Copyright (C) 2016 Ian Kelling
   3
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7
   8 #     http://www.apache.org/licenses/LICENSE-2.0
   9
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16
  17 # misc exim notes:
  18 # useful exim docs:
  19 # /usr/share/doc/exim4-base/README.Debian.gz
  20 # /usr/share/doc/exim4-base/spec.txt.gz
  21
  22 # routers, transports, and authenticators are sections, and you define
  23 # driver instances in those sections, and the manual calls them driver
  24 # types but there is also a more specific "type" of driver, which is specified
  25 # with the driver = some_module setting in the driver.
  26
  27 # the driver option must precede and private options (options that are
  28 # specific to that driver), so follow example of putting it at beginning.
  29
  30 # The full list of option settings for any particular driver instance,
  31 # including all the defaulted values, can be extracted by making use of
  32 # the -bP command line option.
  33
  34 # exim clear out message queue. as root:
  35 # adapted from somewhere on stackoverflow.
  36 # ser stop exim4; sleep 1; exim -bp | exiqgrep -i | xargs exim -Mrm; ser start exim4
  37
  38 # fastmail has changed their smtp server, but the old one still works,
  39 # I see no reason to bother changing.
  40 # New one is smtp.fastmail.com
  41
  42 # test delivery & rewrite settings:
  43 #exim4 -bt ian@localhost
  44
  45
  46 set -eE -o pipefail
  47 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
  48
  49 type=$1
  50 postfix() { [[ $type == postfix ]]; }
  51 exim() { [[ $type == exim4 ]]; }
  52 if ! exim && ! postfix; then
  53     echo "$1: error: expected exim4 or postfix as first arg"
  54     exit 1
  55 fi
  56
  57 if private-host; then
  58     host=mail.messagingengine.com
  59     forward=$HOSTNAME@$PERSONAL_DOMAIN
  60 else
  61     # ses initially suggests port 25, but I had problems connecting to that.
  62     host=email-smtp.us-west-2.amazonaws.com
  63     forward=$HOSTNAME@$IMPERSONAL_DOMAIN
  64 fi
  65
  66 relayhost="[$host]:587" # postfix
  67 smarthost="$host::587" # exim
  68
  69 # background: This also works instead of ~/.forward
  70 # s sed -i --follow-symlinks '/^root/d' /etc/aliases ||:
  71 #echo "root: $HOSTNAME@$SOME_DOMAIN" | s tee -a /etc/aliases
  72 # this can't be a symlink and has permission restrictions
  73 # it might work in /etc/aliases, but this seems more proper.
  74 e $forward > ~/.forward
  75 e $forward | s tee /root/.forward
  76
  77
  78 # offlineimap uses this too, it is much easier to use one location than to
  79 # condition it's config and postfix's config
  80 case $distro in
  81     fedora) s lnf -T ca-certificates.crt /etc/ssl/ca-bundle.trust.crt ;;
  82     *) :
  83 esac
  84
  85 read -r domain pass < <(s cat /etc/mailpass)
  86 if postfix; then
  87     # dunno why, but debian installed postfix with builddep emacs
  88     # but I will just explicitly install it here since
  89     # I use it for sending mail in emacs.
  90     if isdeb; then
  91         s debconf-set-selections <<EOF
  92 postfix postfix/main_mailer_type select Satellite system
  93 postfix postfix/mailname string $HOSTNAME
  94 postfix postfix/relayhost string $relayhost
  95 EOF
  96
  97         pi postfix
  98     else
  99         pi postfix
 100         # Settings from reading the output when installing on debian,
 101         # then seeing which were different in a default install on arch.
 102         # I assume the same works for fedora.
 103         postconfin <<EOF
 104 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 105 mailbox_size_limit = 0
 106 relayhost = $relayhost
 107 inet_interfaces = loopback-only
 108 EOF
 109
 110         s systemctl enable postfix
 111         s systemctl start postfix
 112     fi
 113     # i'm assuming mail just won't work on systems without the sasl_passwd.
 114     postconfin <<'EOF'
 115 smtp_sasl_auth_enable = yes
 116 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 117 smtp_sasl_security_options = noanonymous
 118 smtp_tls_security_level = secure
 119 message_size_limit =  20480000
 120 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 121 inet_protocols = ipv4
 122 EOF
 123     # msg_size_limit: I ran into a log file not sending cuz of size. double from 10 to 20 meg limit
 124     # inet_protocols: without this, postfix tries an ipv6 lookup then gives
 125     # up and fails. snippet from syslog: type=AAAA: Host not found, try again
 126
 127
 128     # mailpass is just a name i made up, since postfix and
 129     # exim both use a slightly crazy format to translate to
 130     # each other, it's easier to use my own format.
 131     f=/etc/postfix/sasl_passwd
 132     s touch $f
 133     s chmod 600 $f
 134     echo "[$domain]:587 ${pass/@/#}" | s dd of=/etc/postfix/sasl_passwd >/dev/null
 135     s postmap hash:/etc/postfix/sasl_passwd
 136     s service postfix reload
 137 else
 138
 139     # wording of question from dpkg-reconfigure exim4-config
 140     # 1. internet site; mail is sent and received directly using SMTP
 141     # 2. mail sent by smarthost; received via SMTP or fetchmail
 142     # 3. mail sent by smarthost; no local mail
 143     # 4. local delivery only; not on a network
 144     # 5. no configuration at this time
 145
 146     # default mailname is $HOSTNAME.lan,
 147     # mailname makes addresses like "root" be root@mailname
 148     # and a qualified domain does not get forwarded per
 149     # .forward. whatever, this fixes that.
 150     s debconf-set-selections <<EOF
 151 exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; no local mail
 152 exim4-config exim4/dc_smarthost string $smarthost
 153 exim4-config exim4/use_split_config boolean true
 154 exim4-config exim4/mailname string $HOSTNAME
 155 EOF
 156     # light version does not have sasl auth support.
 157     pi exim4-daemon-heavy
 158
 159     f=/etc/exim4/passwd.client
 160     s touch $f
 161     s chmod 600 $f # make it 600 before writing sensitive info
 162     echo "$domain:${pass/:/::}" | s dd of=$f >/dev/null
 163     # https://blog.dhampir.no/content/make-exim4-on-debian-respect-forward-and-etcaliases-when-using-a-smarthost
 164     # i only need .forwards, so just doing that one.
 165     cd /etc/exim4/conf.d/router
 166     a=userforward
 167     b=${a}_higher_priority
 168     tmp=$(mktemp)
 169     of=175_$b
 170     # sed to make the router name unique
 171     sed -r s/^\\S+:/$b:/ 600_exim4-config_$a >$tmp
 172     if diff -q >/dev/null $tmp $of; then
 173         s dd if=$tmp of=$of >/dev/null
 174         ser restart exim4
 175     fi
 176 fi
 177
 178 # linode image has a root alias. completely useless, remove it.
 179 sudo sed -i '/^root:/d' /etc/aliases
 180
 181 s newaliases
 182
 183
 184 # based on http://www.postfix.org/qmgr.8.html and my notes in gnus
 185 dir=/nocow/$type
 186 sdir=/var/spool/$type
 187 if [[ $(readlink -f $sdir) != $dir ]]; then
 188     ser stop $type
 189     if [[ ! -e $dir && -d $sdir ]]; then
 190         s mv $sdir $dir
 191     fi
 192     s lnf -T $dir $sdir
 193 fi
 194
 195 sgo $type
 196
 197
 198 # if I wanted the from address to be renamed and sent to a different address,
 199 # echo "sdx@localhost development@localhost" | sudo dd of=/etc/postfix/recipient_canonical
 200 # sudo postmap hash:/etc/postfix/recipient_canonical
 201 # sudo service postfix reload