# The full list of option settings for any particular driver instance,
# including all the defaulted values, can be extracted by making use of
# the -bP command line option.
+# exim -bP config_file to see what config file it used
+# exim -bP config to see
# exim clear out message queue. as root:
# adapted from somewhere on stackoverflow.
else # begin exim. has debian specific stuff for now
if [[ -e /p/c/filesystem ]]; then
- /a/exe/vpn-mk-client-cert -n mail li
+ /a/exe/vpn-mk-client-cert -b mail -n mail li
fi
cat >/etc/systemd/system/mailroute.service <<'EOF'
# options exim has to avoid having to alter the default config files
CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/rcpt_local_acl
CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/data_local_acl
+
+# debian exim config added this in 2016 or so?
+# it's part of the smtp spec, to limit lines to 998 chars
+# but a fair amount of legit mail does not adhere to it. I don't think
+# this should be default, like it says in
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828801
+# todo: the bug for introducing this was about headers, but
+# the fix maybe is for all lines? one says gmail rejects, the
+# other says gmail does not reject. figure out and open a new bug.
+IGNORE_SMTP_LINE_LENGTH_LIMIT = true
+EOF
+
+
+ ####### begin dovecot setup ########
+ # based on a little google and package search, just the dovecot
+ # packages we need instead of dovecot-common.
+ #
+ # dovecot-lmtpd is for exim to deliver to dovecot instead of maildir
+ # directly. The reason to do this is to use dovecot\'s sieve, which
+ # has extensions that allow it to be almost equivalent to exim\'s
+ # filter capabilities, some ways probably better, some worse, and
+ # sieve has the benefit of being supported in postfix and
+ # proprietary/weird environments, so there is more examples on the
+ # internet. I was torn about whether to do this or not, meh.
+ apt-get -y install --purge --auto-remove \
+ dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd
+
+ # if we changed 90-sieve.conf and removed the active part of the
+ # sieve option, we wouldn\'t need this, but I\'d rather not modify a
+ # default config if not needed. This won\'t work as a symlink in /a/c
+ # unfortunately.
+ sudo -u $postmaster /a/exe/lnf -T sieve/main.sieve $(eval echo ~$postmaster)/.dovecot.sieve
+
+ sed -ri -f - /etc/dovecot/conf.d/10-mail.conf <<'EOF'
+1i mail_location = maildir:/m/md:LAYOUT=fs:INBOX=/m/md/INBOX
+/^\s*mail_location\s*=/d
+EOF
+
+ cat >/etc/dovecot/conf.d/20-lmtp.conf <<'EOF'
+protocol lmtp {
+#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
+ mail_plugins = $mail_plugins sieve
+# default was
+ #mail_plugins = $mail_plugins
+
+# For a normal setup with exim, we need something like this, which
+# removes the domain part
+# auth_username_format = %Ln
+#
+# or else # Exim says something like
+# "LMTP error after RCPT ... 550 ... User doesn't exist someuser@somedomain"
+# Dovecot verbose log says something like
+# "auth-worker(9048): passwd(someuser@somedomain): unknown user"
+# reference: http://wiki.dovecot.org/LMTP/Exim
+#
+# However, I use this to direct all mail to the same inbox.
+# A normal way to do this, which I did at first is to have
+# a router in exim almost at the end, eg 950,
+#local_catchall:
+# debug_print = "R: catchall for $local_part@$domain"
+# driver = redirect
+# domains = +local_domains
+# data = ian
+# based on
+# http://blog.alteholz.eu/2015/04/exim4-and-catchall-email-address/
+# with superflous options removed.
+# However, this causes the envelope to be rewritten,
+# which makes filtering into mailboxes a little less robust or more complicated,
+# so I've done it this way instead. it also requires
+# modifying the local router in exim.
+ auth_username_format = ian
+}
+
+EOF
+
+
+ cat >/etc/dovecot/local.conf <<'EOF'
+# so I can use a different login that my shell login for mail. this is
+# worth doing solely for the reason that if this login is compromised,
+# it won't also compromise my shell password.
+!include conf.d/auth-passwdfile.conf.ext
+
+# settings derived from wiki and 10-ssl.conf
+ssl = required
+ssl_cert = </etc/exim4/exim.crt
+ssl_key = </etc/exim4/exim.key
+# https://github.com/certbot/certbot/raw/master/certbot-apache/certbot_apache/options-ssl-apache.conf
+# in my cert cronjob, I check if that has changed upstream.
+ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+
+# ian: added this, more secure, per google etc
+ssl_prefer_server_ciphers = yes
+
+# for debugging info, uncomment these.
+# logs go to syslog and to /var/log/mail.log
+# auth_verbose=yes
+#mail_debug=yes
EOF
+ ####### end dovecot setup ########
systemctl enable offlineimapsync.timer
systemctl start offlineimapsync.timer
systemctl restart openvpn-client@mail
systemctl enable openvpn-client@mail
+ systemctl enable dovecot
+ systemctl restart dovecot
else # $HOSTNAME != $MAIL_HOST
systemctl disable offlineimapsync.timer &>/dev/null ||:
systemctl stop offlineimapsync.timer &>/dev/null ||:
systemctl disable openvpn-client@mail
systemctl stop openvpn-client@mail
+ systemctl disable dovecot ||:
+ systemctl stop dovecot ||:
#
#
# would only exist because I wrote it i the previous condition,
Type=oneshot
ExecStart=/a/bin/distro-setup/spamd-dns-fix
EOF
+ # 2017-09, debian closed the bug on this saying upstream had fixed it.
+ # remove this when i'm using the newer package, ie, debian 10, or maybe
+ # ubuntu 18.04.
cat >/etc/systemd/system/spamddnsfix.timer <<'EOF'
[Unit]
Description=run spamd bug fix script every 10 minutes
systemctl enable mailcert.timer
- ####### begin dovecot setup ########
- if [[ $HOSTNAME == $MAIL_HOST ]]; then
- # based on a little google and package search, just the dovecot
- # packages we need instead of dovecot-common.
- #
- # dovecot-lmtpd is for exim to deliver to dovecot instead of maildir
- # directly. The reason to do this is to use dovecot\'s sieve, which
- # has extensions that allow it to be almost equivalent to exim\'s
- # filter capabilities, some ways probably better, some worse, and
- # sieve has the benefit of being supported in postfix and
- # proprietary/weird environments, so there is more examples on the
- # internet. I was torn about whether to do this or not, meh.
- apt-get -y install --purge --auto-remove \
- dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd
-
- # if we changed 90-sieve.conf and removed the active part of the
- # sieve option, we wouldn\'t need this, but I\'d rather not modify a
- # default config if not needed. This won\'t work as a symlink in /a/c
- # unfortunately.
- sudo -u $postmaster /a/exe/lnf -T sieve/main.sieve $(eval echo ~$postmaster)/.dovecot.sieve
-
- sed -ri -f - /etc/dovecot/conf.d/10-mail.conf <<'EOF'
-1i mail_location = maildir:/m/md:LAYOUT=fs:INBOX=/m/md/INBOX
-/^\s*mail_location\s*=/d
-EOF
-
- cat >/etc/dovecot/conf.d/20-lmtp.conf <<'EOF'
-protocol lmtp {
-#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
- mail_plugins = $mail_plugins sieve
-# default was
- #mail_plugins = $mail_plugins
-
-# For a normal setup with exim, we need something like this, which
-# removes the domain part
-# auth_username_format = %Ln
-#
-# or else # Exim says something like
-# "LMTP error after RCPT ... 550 ... User doesn't exist someuser@somedomain"
-# Dovecot verbose log says something like
-# "auth-worker(9048): passwd(someuser@somedomain): unknown user"
-# reference: http://wiki.dovecot.org/LMTP/Exim
-#
-# However, I use this to direct all mail to the same inbox.
-# A normal way to do this, which I did at first is to have
-# a router in exim almost at the end, eg 950,
-#local_catchall:
-# debug_print = "R: catchall for $local_part@$domain"
-# driver = redirect
-# domains = +local_domains
-# data = ian
-# based on
-# http://blog.alteholz.eu/2015/04/exim4-and-catchall-email-address/
-# with superflous options removed.
-# However, this causes the envelope to be rewritten,
-# which makes filtering into mailboxes a little less robust or more complicated,
-# so I've done it this way instead. it also requires
-# modifying the local router in exim.
- auth_username_format = ian
-}
-
-EOF
-
-
- cat >/etc/dovecot/local.conf <<'EOF'
-# so I can use a different login that my shell login for mail. this is
-# worth doing solely for the reason that if this login is compromised,
-# it won't also compromise my shell password.
-!include conf.d/auth-passwdfile.conf.ext
-
-# settings derived from wiki and 10-ssl.conf
-ssl = required
-ssl_cert = </etc/exim4/exim.crt
-ssl_key = </etc/exim4/exim.key
-# https://github.com/certbot/certbot/raw/master/certbot-apache/certbot_apache/options-ssl-apache.conf
-# in my cert cronjob, I check if that has changed upstream.
-ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
-
-# ian: added this, more secure, per google etc
-ssl_prefer_server_ciphers = yes
-
-# for debugging info, uncomment these.
-# logs go to syslog and to /var/log/mail.log
-# auth_verbose=yes
-#mail_debug=yes
-EOF
- fi ####### end dovecot setup ########
iankelling.org / git / distro-setup / blobdiff