X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=blobdiff_plain;f=mail-setup;h=b0454841ad1874b53f5a9dc85890743183fb9275;hp=6f96982c559c23c9542856f1efda1a145321966e;hb=77917a8fbf2032a8b2634a1b3de0879ec45cf213;hpb=ef571de225d48762aad38f9a5a3b28bbab654e39 diff --git a/mail-setup b/mail-setup index 6f96982..b045484 100755 --- a/mail-setup +++ b/mail-setup @@ -308,25 +308,19 @@ f=/a/bin/bash_unpublished/source-state if [[ -e $f ]]; then source $f fi -if [[ $HOSTNAME == "$MAIL_HOST" ]]; then - local_mx=mail.iankelling.org - mkdir -p /etc/letsencrypt/live/$local_mx - chmod 700 /etc/letsencrypt/live - rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/" - ${rsync_common}fullchain.pem /etc/exim4/exim.crt - ret=$? - ${rsync_common}privkey.pem /etc/exim4/exim.key - new_ret=$? - if [[ $ret != $new_ret ]]; then - echo "$0: error: differing rsync returns, $ret, $new_ret" - exit 1 - fi +if [[ $HOSTNAME != "$MAIL_HOST" ]]; then + exit 0 fi -if [[ $new_ret != 0 ]]; then - if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt; then - echo "$0: error!: cert rsync failed and it will expire in less than 3 days" - exit 1 - fi +local_mx=mail.iankelling.org +mkdir -p /etc/letsencrypt/live/$local_mx +chmod 700 /etc/letsencrypt/live +rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/" +# allow for temporary connection issues +${rsync_common}fullchain.pem /etc/exim4/exim.crt ||: +${rsync_common}privkey.pem /etc/exim4/exim.key ||: +if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt; then + echo "$0: error!: cert rsync failed and it will expire in less than 3 days" + exit 1 fi exit 0 EOF @@ -446,7 +440,7 @@ DKIM_SELECTOR = li # The file is based on the outgoing domain-name in the from-header. DKIM_DOMAIN = \${lc:\${domain:\$h_from:}} # sign if key exists -DKIM_PRIVATE_KEY= \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}} +DKIM_PRIVATE_KEY = \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}} # most of the ones that gmail seems to use. # Exim has horrible default of signing unincluded @@ -689,13 +683,16 @@ case $HOSTNAME in /^127\.0\.1\.1.* mail\.iankelling\.org\b/{p;d} /^127\.0\.1\.1 /s/ *$/ mail.iankelling.org/ EOF + + # note: systemd-resolved will consult /etc/hosts, dnsmasq wont. this assumes + # weve configured this file in dnsmasq if we are using it. /a/exe/cedit mail /etc/dnsmasq-servers.conf <<'EOF' || [[ $? == 1 ]] server=/mail.iankelling.org/127.0.1.1 EOF if systemctl is-active dnsmasq >/dev/null; then m systemctl restart dnsmasq - m nscd -i hosts fi + m nscd -i hosts # I used to use debconf-set-selections + dpkg-reconfigure, # which then updates this file @@ -818,7 +815,7 @@ EOF ;; # * not MAIL_HOST *) # $HOSTNAME != $MAIL_HOST - # remove mail. 2 lines to properly remove whitespace + # remove mail. uses 2 lines to properly remove whitespace sed -ri -f - /etc/hosts <<'EOF' s#^(127\.0\.1\.1 .*) +mail\.iankelling\.org$#\1# s#^(127\.0\.1\.1 .*)mail\.iankelling\.org +(.*)#\1\2# @@ -826,9 +823,9 @@ EOF echo | /a/exe/cedit mail /etc/dnsmasq-servers.conf || [[ $? == 1 ]] if systemctl is-active dnsmasq >/dev/null; then - m nscd -i hosts m systemctl restart dnsmasq # reload does not ensure new config is used fi + m nscd -i hosts m systemctl disable mailclean.timer &>/dev/null ||: m systemctl stop mailclean.timer &>/dev/null ||: @@ -941,8 +938,8 @@ elif [[ $uid != 608 ]]; then m usermod -u 608 Debian-exim m groupmod -g 608 Debian-exim m usermod -g 608 Debian-exim - m find / /nocow -xdev -uid $uid -exec chown -h 608 {} + - m find / /nocow -xdev -gid $gid -exec chgrp -h 608 {} + + m find / /nocow -path ./var/tmp -prune -o -xdev -uid $uid -execdir chown -h 608 {} + + m find / /nocow -path ./var/tmp -prune -o -xdev -gid $gid -execdir chgrp -h 608 {} + fi