#!/bin/bash -l
# Copyright (C) 2016 Ian Kelling

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

#     http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


# misc exim notes:
# useful exim docs:
# /usr/share/doc/exim4-base/README.Debian.gz
# /usr/share/doc/exim4-base/spec.txt.gz

# routers, transports, and authenticators are sections, and you define
# driver instances in those sections, and the manual calls them driver
# types but there is also a more specific "type" of driver, which is specified
# with the driver = some_module setting in the driver.

# the driver option must precede and private options (options that are
# specific to that driver), so follow example of putting it at beginning.

# The full list of option settings for any particular driver instance,
# including all the defaulted values, can be extracted by making use of
# the -bP command line option.

# exim clear out message queue. as root:
# adapted from somewhere on stackoverflow.
# ser stop exim4; sleep 1; exim -bp | exiqgrep -i | xargs exim -Mrm; ser start exim4

# fastmail has changed their smtp server, but the old one still works,
# I see no reason to bother changing.
# New one is smtp.fastmail.com

# test delivery & rewrite settings:
#exim4 -bt ian@localhost


set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

type=$1
postfix() { [[ $type == postfix ]]; }
exim() { [[ $type == exim4 ]]; }
if ! exim && ! postfix; then
    echo "$1: error: expected exim4 or postfix as first arg"
    exit 1
fi


local_mx=mail.iankelling.org
if [[ $HOSTNAME == $MAIL_HOST ]]; then
    host=mail.messagingengine.com
    relayhost="[$host]:587" # postfix
    smarthost="$host::587" # exim
else
    host=$local_mx
    relayhost="[$host]:25" # postfix
    smarthost="$host::25" # exim
fi

forward=ian@$local_mx


# background: This also works instead of ~/.forward
# s sed -i --follow-symlinks '/^root/d' /etc/aliases ||:
#echo "root: $HOSTNAME@$SOME_DOMAIN" | s tee -a /etc/aliases
# this can't be a symlink and has permission restrictions
# it might work in /etc/aliases, but this seems more proper.
e $forward > ~/.forward
e $forward | s tee /root/.forward
# exim log complains about 664 permissions.
s chmod 644 ~/.forward /root/.forward


# offlineimap uses this too, it is much easier to use one location than to
# condition it's config and postfix's config
case $distro in
    fedora) s lnf -T ca-certificates.crt /etc/ssl/ca-bundle.trust.crt ;;
    *) :
esac

if postfix; then
    # dunno why, but debian installed postfix with builddep emacs
    # but I will just explicitly install it here since
    # I use it for sending mail in emacs.
    if isdeb; then
        s debconf-set-selections <<EOF
postfix postfix/main_mailer_type select Satellite system
postfix postfix/mailname string $HOSTNAME
postfix postfix/relayhost string $relayhost
EOF

        pi postfix
    else
        pi postfix
        # Settings from reading the output when installing on debian,
        # then seeing which were different in a default install on arch.
        # I assume the same works for fedora.
        postconfin <<EOF
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
relayhost = $relayhost
inet_interfaces = loopback-only
EOF

        s systemctl enable postfix
        s systemctl start postfix
    fi
    # i'm assuming mail just won't work on systems without the sasl_passwd.
    postconfin <<'EOF'
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = secure
message_size_limit =  20480000
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
inet_protocols = ipv4
EOF
    # msg_size_limit: I ran into a log file not sending cuz of size. double from 10 to 20 meg limit
    # inet_protocols: without this, postfix tries an ipv6 lookup then gives
    # up and fails. snippet from syslog: type=AAAA: Host not found, try again


    f=/etc/postfix/sasl_passwd
    s rm -f $f
    s touch $f
    s chmod 600 $f
    s cat /etc/mailpass| while read -r domain port pass; do
        # format: domain port user:pass
        # mailpass is just a name i made up, since postfix and
        # exim both use a slightly crazy format to translate to
        # each other, it\'s easier to use my own format.
        printf "[%s]:%s %s" "$domain" "$port" "${pass/@/#}" | s tee -a $f >/dev/null
    done
    s postmap hash:/etc/postfix/sasl_passwd
    s service postfix reload

else # exim. has debian specific stuff for now
    # debconf settings will not work if packages are already installed,
    # such as on vps images.
    pu exim4-daemon-light exim4-daemon-heavy exim4-config exim4-base exim4

    # wording of question from dpkg-reconfigure exim4-config
    # 1. internet site; mail is sent and received directly using SMTP
    # 2. mail sent by smarthost; received via SMTP or fetchmail
    # 3. mail sent by smarthost; no local mail
    # 4. local delivery only; not on a network
    # 5. no configuration at this time
    #
    # only the one receiving host needs option 2, the rest can do option
    # 1, but that host might change, so we pick option 2 and later don't
    # set it up to receive anything, because it has nothing in it's
    # receiving password file and we make that mandatory. Also, only
    # receiving host needs dc_other_hostnames and beyond, but no harm.

    # note, another related setting is /etc/mailname, which
    # is set to be $HOSTNAME.lan on stretch. this may need to be
    # setup on other distros.

    # setting local_interfaces to empty listens on all interfaces.
    # default is 127.0.0.1 ; ::1, so only listen to lo interface.
    s debconf-set-selections <<EOF
exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; received via SMTP or fetchmail
exim4-config exim4/dc_smarthost string $smarthost
exim4-config exim4/use_split_config boolean true
exim4-config exim4/dc_other_hostnames string mail.iankelling.org
exim4-config exim4/dc_local_interfaces	string
exim4-config exim4/dc_postmaster string ian
exim4-config exim4/dc_localdelivery select Maildir format in home directory
EOF
    # light version does not have sasl auth support.
    pi exim4-daemon-heavy

    s dd of=/etc/systemd/system/mailcert.service <<'EOF'
[Unit]
Description=Mail cert rsync
After=multi-user.target

[Service]
Type=oneshot
ExecStart=/a/bin/log-quiet/sysd-mail-once mailcert /a/bin/distro-setup/mail-cert-cron
EOF

    s dd of=/etc/systemd/system/mailcert.timer <<'EOF'
[Unit]
Description=Run mail-cert once a day

[Timer]
OnCalendar=daily

[Install]
WantedBy=timers.target
EOF
    ser start mailcert
    sgo mailcert.timer

    f=/etc/exim4/passwd.client
    s rm -f $f
    s touch $f
    s chmod 640 $f
    s chown root:Debian-exim $f
    # generating secure pass, and storing for server too:
    # user=USUALLY_SAME_AS_HOSTNAME
    # f=$(mktemp)
    # apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f
    # echo "$user:$(mkpasswd -m sha-512 -s <$f)" >>/p/c/filesystem/etc/exim4/passwd
    # echo "mail.iankelling.org:$user:$(<$f)" >> /p/c/machine_specific/$user/filesystem/etc/mailpass
    #
    # for ad-hoc testing of some random new host:
    # host=testhost # client host username & hostname
    # f=$(mktemp)
    # apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f
    # s sed "/^host:/d" /etc/exim4/passwd
    # echo "$host:$(mkpasswd -m sha-512 -s <$f)" | s tee -a /etc/exim4/passwd
    # echo "mail.iankelling.org:$host:$(<$f)" | ssh root@$host dd of=/etc/exim4/passwd.client
    s cat /etc/mailpass| while read -r domain port pass; do
        # reference: exim4_passwd_client(5)
        printf "%s:%s" "$domain" "$pass" | s tee -a $f >/dev/null
    done

    # https://blog.dhampir.no/content/make-exim4-on-debian-respect-forward-and-etcaliases-when-using-a-smarthost
    # i only need .forwards, so just doing that one.
    cd /etc/exim4/conf.d/router
    a=userforward
    b=${a}_higher_priority
    tmp=$(mktemp)
    of=175_$b
    # sed to make the router name unique
    sed -r s/^\\S+:/$b:/ 600_exim4-config_$a | s dd of=$tmp 2>/dev/null
    if ! diff -q $tmp $of &>/dev/null; then
        s dd if=$tmp of=$of >/dev/null
        ser restart exim4
    fi
fi



# linode image has a root alias. completely useless, remove it.
sudo sed -i '/^root:/d' /etc/aliases

s newaliases


# based on http://www.postfix.org/qmgr.8.html and my notes in gnus
dir=/nocow/$type
sdir=/var/spool/$type
if [[ $(readlink -f $sdir) != $dir ]]; then
    ser stop $type
    if [[ ! -e $dir && -d $sdir ]]; then
        s mv $sdir $dir
    fi
    s lnf -T $dir $sdir
fi

sgo $type


# if I wanted the from address to be renamed and sent to a different address,
# echo "sdx@localhost development@localhost" | sudo dd of=/etc/postfix/recipient_canonical
# sudo postmap hash:/etc/postfix/recipient_canonical
# sudo service postfix reload