if [[ -e $f ]]; then
source $f
fi
-if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
- local_mx=mail.iankelling.org
- mkdir -p /etc/letsencrypt/live/$local_mx
- chmod 700 /etc/letsencrypt/live
- rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/"
- ${rsync_common}fullchain.pem /etc/exim4/exim.crt
- ret=$?
- ${rsync_common}privkey.pem /etc/exim4/exim.key
- new_ret=$?
- if [[ $ret != $new_ret ]]; then
- echo "$0: error: differing rsync returns, $ret, $new_ret"
- exit 1
- fi
+if [[ $HOSTNAME != "$MAIL_HOST" ]]; then
+ exit 0
fi
-if [[ $new_ret != 0 ]]; then
- if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt; then
- echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
- exit 1
- fi
+local_mx=mail.iankelling.org
+mkdir -p /etc/letsencrypt/live/$local_mx
+chmod 700 /etc/letsencrypt/live
+rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/"
+# allow for temporary connection issues
+${rsync_common}fullchain.pem /etc/exim4/exim.crt ||:
+${rsync_common}privkey.pem /etc/exim4/exim.key ||:
+if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt; then
+ echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
+ exit 1
fi
exit 0
EOF
# The file is based on the outgoing domain-name in the from-header.
DKIM_DOMAIN = \${lc:\${domain:\$h_from:}}
# sign if key exists
-DKIM_PRIVATE_KEY= \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}}
+DKIM_PRIVATE_KEY = \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}}
# most of the ones that gmail seems to use.
# Exim has horrible default of signing unincluded
/^127\.0\.1\.1.* mail\.iankelling\.org\b/{p;d}
/^127\.0\.1\.1 /s/ *$/ mail.iankelling.org/
EOF
+
+ # note: systemd-resolved will consult /etc/hosts, dnsmasq wont. this assumes
+ # weve configured this file in dnsmasq if we are using it.
/a/exe/cedit mail /etc/dnsmasq-servers.conf <<'EOF' || [[ $? == 1 ]]
server=/mail.iankelling.org/127.0.1.1
EOF
if systemctl is-active dnsmasq >/dev/null; then
m systemctl restart dnsmasq
- m nscd -i hosts
fi
+ m nscd -i hosts
# I used to use debconf-set-selections + dpkg-reconfigure,
# which then updates this file
;;
# * not MAIL_HOST
*) # $HOSTNAME != $MAIL_HOST
- # remove mail. 2 lines to properly remove whitespace
+ # remove mail. uses 2 lines to properly remove whitespace
sed -ri -f - /etc/hosts <<'EOF'
s#^(127\.0\.1\.1 .*) +mail\.iankelling\.org$#\1#
s#^(127\.0\.1\.1 .*)mail\.iankelling\.org +(.*)#\1\2#
echo | /a/exe/cedit mail /etc/dnsmasq-servers.conf || [[ $? == 1 ]]
if systemctl is-active dnsmasq >/dev/null; then
- m nscd -i hosts
m systemctl restart dnsmasq # reload does not ensure new config is used
fi
+ m nscd -i hosts
m systemctl disable mailclean.timer &>/dev/null ||:
m systemctl stop mailclean.timer &>/dev/null ||:
m usermod -u 608 Debian-exim
m groupmod -g 608 Debian-exim
m usermod -g 608 Debian-exim
- m find / /nocow -xdev -uid $uid -exec chown -h 608 {} +
- m find / /nocow -xdev -gid $gid -exec chgrp -h 608 {} +
+ m find / /nocow -path ./var/tmp -prune -o -xdev -uid $uid -execdir chown -h 608 {} +
+ m find / /nocow -path ./var/tmp -prune -o -xdev -gid $gid -execdir chgrp -h 608 {} +
fi