-# wording of question from dpkg-reconfigure exim4-config
-# 1. internet site; mail is sent and received directly using SMTP
-# 2. mail sent by smarthost; received via SMTP or fetchmail
-# 3. mail sent by smarthost; no local mail
-# 4. local delivery only; not on a network
-# 5. no configuration at this time
-#
-# Note, I have used option 2 in the past for receiving mail
-# from lan hosts, sending external mail via another smtp server.
-#
-# Note, other than configtype, we could set all the options in
-# both types of configs without harm, they would either be
-# ignored or be disabled by other settings, but the default
-# local_interfaces definitely makes things more secure.
-
-# most of these settings get translated into settings
-# in /etc/exim4/update-exim4.conf.conf
-# how /etc/exim4/update-exim4.conf.conf translates into actual exim settings is
-# documented in man update-exim4.conf, which outputs to the config that
-# exim actually reads. except the man page is not perfect, for example,
-# it doesn't document that it sets
-# DCconfig_${dc_eximconfig_configtype}" "1"
-# which is a line from update-exim4.conf, which is a relatively short bash script.
-# mailname setting sets /etc/mailname
-
-debconf-set-selections <<EOF
-exim4-config exim4/use_split_config boolean true
-EOF
-
-source /a/bin/bash_unpublished/source-semi-priv
-mkdir -p /etc/exim4/conf.d/{main,transport,auth,router}
-
-cat >/etc/exim4/rcpt_local_acl <<'EOF'
-# Only hosts we control send to mail.iankelling.org, so make sure
+
+### make local bounces go to normal maildir
+# local mail that bounces goes to /Maildir or /root/Maildir
+dirs=(/m/md/bounces/{cur,tmp,new})
+m mkdir -p ${dirs[@]}
+m chown -R $u:Debian-exim /m/md/bounces
+m chmod 775 ${dirs[@]}
+m usermod -a -G Debian-exim $u
+for d in /Maildir /root/Maildir; do
+ if [[ ! -L $d ]]; then
+ m rm -rf $d
+ fi
+ m ln -sf -T /m/md/bounces $d
+done
+
+
+### begin setup passwd.client
+f=/etc/exim4/passwd.client
+rm -fv /etc/exim4/passwd.client
+m install -m 640 -g Debian-exim /dev/null $f
+while read -r domain _ pass; do
+ # reference: exim4_passwd_client(5)
+ printf "%s:%s\n" "$domain" "$pass" >>$f
+done </etc/mailpass
+### end setup passwd.client
+
+# by default, only 10 days of logs are kept. increase that.
+m sed -ri 's/^(\s*rotate\s).*/\11000/' /etc/logrotate.d/exim4-base
+
+
+## https://blog.dhampir.no/content/make-exim4-on-debian-respect-forward-and-etcaliases-when-using-a-smarthost
+# i only need .forwards, so just doing that one.
+cd /etc/exim4/conf.d/router
+b=userforward_higher_priority
+# replace the router name so it is unique
+sed -r s/^\\S+:/$b:/ 600_exim4-config_userforward >175_$b
+
+
+rm -vf /etc/exim4/conf.d/main/000_localmacros # old filename
+cat >/etc/exim4/conf.d/main/000_local <<EOF
+MAIN_TLS_ENABLE = true
+
+# debian exim config added this in 2016 or so?
+# it's part of the smtp spec, to limit lines to 998 chars
+# but a fair amount of legit mail does not adhere to it. I don't think
+# this should be default, like it says in
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828801
+# todo: the bug for introducing this was about headers, but
+# the fix maybe is for all lines? one says gmail rejects, the
+# other says gmail does not reject. figure out and open a new bug.
+IGNORE_SMTP_LINE_LENGTH_LIMIT = true
+
+# more verbose logs
+MAIN_LOG_SELECTOR = +all
+
+
+# normally empty, I set this so I can set the envelope address
+# when doing mail redelivery to invoke filters. Also allows
+# me exiqgrep and stuff.
+MAIN_TRUSTED_GROUPS = $u
+EOF
+
+rm -fv /etc/exim4/rcpt_local_acl # old path
+cat >/etc/exim4/conf.d/rcpt_local_acl <<'EOF'
+# Only hosts we control send to @mail.iankelling.org, so make sure