## * Install packages
# light version of exim does not have sasl auth support.
-pi exim4-daemon-heavy spamassassin spf-tools-perl openvpn dnsmasq
+pi exim4-daemon-heavy spamassassin spf-tools-perl dnsmasq openvpn
+# our nostart pi fails to avoid enabling
+sudo systemctl disable openvpn
# trisquel 8 = openvpn, debian stretch = openvpn-client
vpn_ser=openvpn-client
fi
if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
local_mx=mail.iankelling.org
+ mkdir -p /etc/letsencrypt/live/$local_mx
+ chmod 700 /etc/letsencrypt/live
rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/"
${rsync_common}fullchain.pem /etc/exim4/exim.crt
ret=$?
# * common exim4 config
source /a/bin/bash_unpublished/source-state
+if [[ ! $MAIL_HOST ]]; then
+ err "\$MAIL_HOST not set"
+fi
+
m sudo gpasswd -a iank adm #needed for reading logs
m ln -sf -T /m/md/bounces $d
done
+# Note, even the server needs permissions of this file right
+# if it exists, so do this up here.
+f=/p/c/filesystem/etc/exim4/passwd.client
+if [[ ! -e $f ]]; then
+ f=/p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/passwd.client
+fi
+m sudo rsync -ahhi --chown=root:Debian-exim --chmod=0640 $f /etc/exim4/
# by default, only 10 days of logs are kept. increase that.
m sed -ri 's/^(\s*rotate\s).*/\11000/' /etc/logrotate.d/exim4-base
hostname -f >/etc/mailname
- f=/p/c/filesystem/etc/exim4/passwd.client
- if [[ ! -e $f ]]; then
- f=/p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/passwd.client
- fi
- m sudo rsync -ahhi --chown=root:Debian-exim --chmod=0640 $f /etc/exim4/
;;&
## we use this host to monitor MAIL_HOST