iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
various fixes, internal mail server
[distro-setup] / mail-setup
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7
8 # http://www.apache.org/licenses/LICENSE-2.0
9
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16
17 # misc exim notes:
18 # useful exim docs:
19 # /usr/share/doc/exim4-base/README.Debian.gz
20 # /usr/share/doc/exim4-base/spec.txt.gz
21
22 # routers, transports, and authenticators are sections, and you define
23 # driver instances in those sections, and the manual calls them driver
24 # types but there is also a more specific "type" of driver, which is specified
25 # with the driver = some_module setting in the driver.
26
27 # the driver option must precede and private options (options that are
28 # specific to that driver), so follow example of putting it at beginning.
29
30 # The full list of option settings for any particular driver instance,
31 # including all the defaulted values, can be extracted by making use of
32 # the -bP command line option.
33
34 # exim clear out message queue. as root:
35 # adapted from somewhere on stackoverflow.
36 # ser stop exim4; sleep 1; exim -bp | exiqgrep -i | xargs exim -Mrm; ser start exim4
37
38 # fastmail has changed their smtp server, but the old one still works,
39 # I see no reason to bother changing.
40 # New one is smtp.fastmail.com
41
42 # test delivery & rewrite settings:
43 #exim4 -bt ian@localhost
44
45
46 set -eE -o pipefail
47 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
48
49 type=$1
50 postfix() { [[ $type == postfix ]]; }
51 exim() { [[ $type == exim4 ]]; }
52 if ! exim && ! postfix; then
53 echo "$1: error: expected exim4 or postfix as first arg"
54 exit 1
55 fi
56
57
58 local_mx=mail.iankelling.org
59 if [[ $HOSTNAME == $MAIL_HOST ]]; then
60 host=mail.messagingengine.com
61 relayhost="[$host]:587" # postfix
62 smarthost="$host::587" # exim
63 else
64 host=$local_mx
65 relayhost="[$host]:25" # postfix
66 smarthost="$host::25" # exim
67 fi
68
69 forward=ian@$local_mx
70
71
72 # background: This also works instead of ~/.forward
73 # s sed -i --follow-symlinks '/^root/d' /etc/aliases ||:
74 #echo "root: $HOSTNAME@$SOME_DOMAIN" | s tee -a /etc/aliases
75 # this can't be a symlink and has permission restrictions
76 # it might work in /etc/aliases, but this seems more proper.
77 e $forward > ~/.forward
78 e $forward | s tee /root/.forward
79 # exim log complains about 664 permissions.
80 s chmod 644 ~/.forward /root/.forward
81
82
83 # offlineimap uses this too, it is much easier to use one location than to
84 # condition it's config and postfix's config
85 case $distro in
86 fedora) s lnf -T ca-certificates.crt /etc/ssl/ca-bundle.trust.crt ;;
87 *) :
88 esac
89
90 if postfix; then
91 # dunno why, but debian installed postfix with builddep emacs
92 # but I will just explicitly install it here since
93 # I use it for sending mail in emacs.
94 if isdeb; then
95 s debconf-set-selections <<EOF
96 postfix postfix/main_mailer_type select Satellite system
97 postfix postfix/mailname string $HOSTNAME
98 postfix postfix/relayhost string $relayhost
99 EOF
100
101 pi postfix
102 else
103 pi postfix
104 # Settings from reading the output when installing on debian,
105 # then seeing which were different in a default install on arch.
106 # I assume the same works for fedora.
107 postconfin <<EOF
108 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
109 mailbox_size_limit = 0
110 relayhost = $relayhost
111 inet_interfaces = loopback-only
112 EOF
113
114 s systemctl enable postfix
115 s systemctl start postfix
116 fi
117 # i'm assuming mail just won't work on systems without the sasl_passwd.
118 postconfin <<'EOF'
119 smtp_sasl_auth_enable = yes
120 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
121 smtp_sasl_security_options = noanonymous
122 smtp_tls_security_level = secure
123 message_size_limit = 20480000
124 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
125 inet_protocols = ipv4
126 EOF
127 # msg_size_limit: I ran into a log file not sending cuz of size. double from 10 to 20 meg limit
128 # inet_protocols: without this, postfix tries an ipv6 lookup then gives
129 # up and fails. snippet from syslog: type=AAAA: Host not found, try again
130
131
132 f=/etc/postfix/sasl_passwd
133 s rm -f $f
134 s touch $f
135 s chmod 600 $f
136 s cat /etc/mailpass| while read -r domain port pass; do
137 # format: domain port user:pass
138 # mailpass is just a name i made up, since postfix and
139 # exim both use a slightly crazy format to translate to
140 # each other, it\'s easier to use my own format.
141 printf "[%s]:%s %s" "$domain" "$port" "${pass/@/#}" | s tee -a $f >/dev/null
142 done
143 s postmap hash:/etc/postfix/sasl_passwd
144 s service postfix reload
145
146 else # exim. has debian specific stuff for now
147
148 # wording of question from dpkg-reconfigure exim4-config
149 # 1. internet site; mail is sent and received directly using SMTP
150 # 2. mail sent by smarthost; received via SMTP or fetchmail
151 # 3. mail sent by smarthost; no local mail
152 # 4. local delivery only; not on a network
153 # 5. no configuration at this time
154 #
155 # only the one receiving host needs option 2, the rest can do option 1, but
156 # that host might change, so we pick option 2 and later
157 # don't set it up to receive anything. Also, only receiving host needs
158 # dc_other_hostnames and beyond, but no harm.
159
160 # note, another related setting is /etc/mailname, which
161 # is set to be $HOSTNAME.lan on stretch. this may need to be
162 # setup on other distros.
163
164 #
165 s debconf-set-selections <<EOF
166 exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; received via SMTP or fetchmail
167 exim4-config exim4/dc_smarthost string $smarthost
168 exim4-config exim4/use_split_config boolean true
169 exim4-config exim4/dc_other_hostnames string mail.iankelling.org
170 exim4-config exim4/dc_postmaster string ian
171 exim4-config exim4/dc_localdelivery select Maildir format in home directory
172 EOF
173 # debconf settings will not work if packages are already installed,
174 # such as on vps images.
175 pu exim4-daemon-light exim4-daemon-heavy exim4-config exim4-base exim4
176 # light version does not have sasl auth support.
177 pi exim4-daemon-heavy
178
179 s dd of=/etc/systemd/system/mailcert.service <<'EOF'
180 [Unit]
181 Description=Mail cert rsync
182 After=multi-user.target
183
184 [Service]
185 Type=oneshot
186 ExecStart=/a/bin/log-quiet/sysd-mail-once /a/bin/distro-setup/mail-cert-cron
187 EOF
188
189 s dd of=/etc/systemd/system/mailcert.timer <<'EOF'
190 [Unit]
191 Description=Run mail-cert once a day
192
193 [Timer]
194 OnCalendar=daily
195
196 [Install]
197 WantedBy=timers.target
198 EOF
199 ser start mailcert
200 sgo mailcert.timer
201
202 f=/etc/exim4/passwd.client
203 s rm -f $f
204 s touch $f
205 s chmod 640 $f
206 s chown root:Debian-exim $f
207 # generating secure pass, and storing for server too:
208 # user=USUALLY_SAME_AS_HOSTNAME
209 # f=$(mktemp)
210 # apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f
211 # echo "$user:$(mkpasswd -m sha-512 -s <$f)" >>/p/c/filesystem/etc/exim4/passwd
212 # echo "mail.iankelling.org:$user:$(<$f)" >> /p/c/machine_specific/$user/filesystem/etc/mailpass
213 #
214 # for ad-hoc testing of some random new host:
215 # host=testhost # client host username & hostname
216 # f=$(mktemp)
217 # apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f
218 # s sed "/^host:/d" /etc/exim4/passwd
219 # echo "$host:$(mkpasswd -m sha-512 -s <$f)" | s tee -a /etc/exim4/passwd
220 # echo "mail.iankelling.org:$host:$(<$f)" | ssh root@$host dd of=/etc/exim4/passwd.client
221 s cat /etc/mailpass| while read -r domain port pass; do
222 # reference: exim4_passwd_client(5)
223 printf "%s:%s" "$domain" "$pass" | s tee -a $f >/dev/null
224 done
225
226 # https://blog.dhampir.no/content/make-exim4-on-debian-respect-forward-and-etcaliases-when-using-a-smarthost
227 # i only need .forwards, so just doing that one.
228 cd /etc/exim4/conf.d/router
229 a=userforward
230 b=${a}_higher_priority
231 tmp=$(mktemp)
232 of=175_$b
233 # sed to make the router name unique
234 sed -r s/^\\S+:/$b:/ 600_exim4-config_$a | s dd of=$tmp 2>/dev/null
235 if ! diff -q $tmp $of &>/dev/null; then
236 s dd if=$tmp of=$of >/dev/null
237 ser restart exim4
238 fi
239 fi
240
241
242
243 # linode image has a root alias. completely useless, remove it.
244 sudo sed -i '/^root:/d' /etc/aliases
245
246 s newaliases
247
248
249 # based on http://www.postfix.org/qmgr.8.html and my notes in gnus
250 dir=/nocow/$type
251 sdir=/var/spool/$type
252 if [[ $(readlink -f $sdir) != $dir ]]; then
253 ser stop $type
254 if [[ ! -e $dir && -d $sdir ]]; then
255 s mv $sdir $dir
256 fi
257 s lnf -T $dir $sdir
258 fi
259
260 sgo $type
261
262
263 # if I wanted the from address to be renamed and sent to a different address,
264 # echo "sdx@localhost development@localhost" | sudo dd of=/etc/postfix/recipient_canonical
265 # sudo postmap hash:/etc/postfix/recipient_canonical
266 # sudo service postfix reload
~16k lines of my .bashrc + lots of my configs