exit 1
fi
-if private-host; then
+
+local_mx=mail.iankelling.org
+if [[ $HOSTNAME == $MAIL_HOST ]]; then
host=mail.messagingengine.com
- forward=$HOSTNAME@$PERSONAL_DOMAIN
+ relayhost="[$host]:587" # postfix
+ smarthost="$host::587" # exim
else
- # ses initially suggests port 25, but I had problems connecting to that.
- host=email-smtp.us-west-2.amazonaws.com
- forward=$HOSTNAME@$IMPERSONAL_DOMAIN
+ host=$local_mx
+ relayhost="[$host]:25" # postfix
+ smarthost="$host::25" # exim
fi
-relayhost="[$host]:587" # postfix
-smarthost="$host::587" # exim
+forward=ian@$local_mx
+
# background: This also works instead of ~/.forward
# s sed -i --follow-symlinks '/^root/d' /etc/aliases ||:
*) :
esac
-read -r domain pass < <(s cat /etc/mailpass) # format: domain user:pass
if postfix; then
# dunno why, but debian installed postfix with builddep emacs
# but I will just explicitly install it here since
# up and fails. snippet from syslog: type=AAAA: Host not found, try again
- # mailpass is just a name i made up, since postfix and
- # exim both use a slightly crazy format to translate to
- # each other, it's easier to use my own format.
f=/etc/postfix/sasl_passwd
+ s rm -f $f
s touch $f
s chmod 600 $f
- printf "[%s]:587 %s" "$domain" "${pass/@/#}" | s dd of=/etc/postfix/sasl_passwd 2>/dev/null
+ s cat /etc/mailpass| while read -r domain port pass; do
+ # format: domain port user:pass
+ # mailpass is just a name i made up, since postfix and
+ # exim both use a slightly crazy format to translate to
+ # each other, it\'s easier to use my own format.
+ printf "[%s]:%s %s" "$domain" "$port" "${pass/@/#}" | s tee -a $f >/dev/null
+ done
s postmap hash:/etc/postfix/sasl_passwd
s service postfix reload
-else # exim
+else # exim. has debian specific stuff for now
# wording of question from dpkg-reconfigure exim4-config
# 1. internet site; mail is sent and received directly using SMTP
# 3. mail sent by smarthost; no local mail
# 4. local delivery only; not on a network
# 5. no configuration at this time
+ #
+ # only the one receiving host needs option 2, the rest can do option 1, but
+ # that host might change, so we pick option 2 and later
+ # don't set it up to receive anything. Also, only receiving host needs
+ # dc_other_hostnames and beyond, but no harm.
- # default mailname is $HOSTNAME.lan,
- # mailname makes addresses like "root" be root@mailname
- # and a qualified domain does not get forwarded per
- # .forward. whatever, this fixes that.
+ # note, another related setting is /etc/mailname, which
+ # is set to be $HOSTNAME.lan on stretch. this may need to be
+ # setup on other distros.
+
+ #
s debconf-set-selections <<EOF
-exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; no local mail
+exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; received via SMTP or fetchmail
exim4-config exim4/dc_smarthost string $smarthost
exim4-config exim4/use_split_config boolean true
-exim4-config exim4/mailname string $HOSTNAME
+exim4-config exim4/dc_other_hostnames string mail.iankelling.org
+exim4-config exim4/dc_postmaster string ian
+exim4-config exim4/dc_localdelivery select Maildir format in home directory
EOF
+ # debconf settings will not work if packages are already installed,
+ # such as on vps images.
+ pu exim4-daemon-light exim4-daemon-heavy exim4-config exim4-base exim4
# light version does not have sasl auth support.
pi exim4-daemon-heavy
+ s dd of=/etc/systemd/system/mailcert.service <<'EOF'
+[Unit]
+Description=Mail cert rsync
+After=multi-user.target
+
+[Service]
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once /a/bin/distro-setup/mail-cert-cron
+EOF
+
+ s dd of=/etc/systemd/system/mailcert.timer <<'EOF'
+[Unit]
+Description=Run mail-cert once a day
+
+[Timer]
+OnCalendar=daily
+
+[Install]
+WantedBy=timers.target
+EOF
+ ser start mailcert
+ sgo mailcert.timer
+
f=/etc/exim4/passwd.client
+ s rm -f $f
s touch $f
- s chmod 640 $f # before writing sensitive info
+ s chmod 640 $f
s chown root:Debian-exim $f
- # reference: exim4_passwd_client(5)
- printf "%s:%s" "$domain" "$pass" | s dd of=$f 2>/dev/null
+ # generating secure pass, and storing for server too:
+ # user=USUALLY_SAME_AS_HOSTNAME
+ # f=$(mktemp)
+ # apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f
+ # echo "$user:$(mkpasswd -m sha-512 -s <$f)" >>/p/c/filesystem/etc/exim4/passwd
+ # echo "mail.iankelling.org:$user:$(<$f)" >> /p/c/machine_specific/$user/filesystem/etc/mailpass
+ #
+ # for ad-hoc testing of some random new host:
+ # host=testhost # client host username & hostname
+ # f=$(mktemp)
+ # apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f
+ # s sed "/^host:/d" /etc/exim4/passwd
+ # echo "$host:$(mkpasswd -m sha-512 -s <$f)" | s tee -a /etc/exim4/passwd
+ # echo "mail.iankelling.org:$host:$(<$f)" | ssh root@$host dd of=/etc/exim4/passwd.client
+ s cat /etc/mailpass| while read -r domain port pass; do
+ # reference: exim4_passwd_client(5)
+ printf "%s:%s" "$domain" "$pass" | s tee -a $f >/dev/null
+ done
+
# https://blog.dhampir.no/content/make-exim4-on-debian-respect-forward-and-etcaliases-when-using-a-smarthost
# i only need .forwards, so just doing that one.
cd /etc/exim4/conf.d/router
of=175_$b
# sed to make the router name unique
sed -r s/^\\S+:/$b:/ 600_exim4-config_$a | s dd of=$tmp 2>/dev/null
- if ! diff -q >/dev/null $tmp $of; then
+ if ! diff -q $tmp $of &>/dev/null; then
s dd if=$tmp of=$of >/dev/null
ser restart exim4
fi
fi
+
+
# linode image has a root alias. completely useless, remove it.
sudo sed -i '/^root:/d' /etc/aliases