From: Ian Kelling <ian@iankelling.org>
Date: Mon, 29 Jul 2019 02:56:37 +0000 (-0400)
Subject: more mail fixes
X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=commitdiff_plain;h=f31ab4e29572ea4948f292bee814bc23061e992a

more mail fixes
---

diff --git a/brc b/brc
index df4b908..ee6ca19 100644
--- a/brc
+++ b/brc
@@ -2192,11 +2192,11 @@ if [[ $- == *i* ]]; then
     if [[ -e /nocow/btrfs-stale ]] && ((`command ls -AUq /nocow/btrfs-stale|wc -l`)); then
       ps_char="! $ps_char"
     fi
-    if test -e /Maildir/new/*; then
+    if test -e /m/md/bounces/new/*; then
       ps_char='!BOUNCE! '"$ps_char"
     fi
-    if [[ -e /nocow/mailtest-failure ]]; then
-      ps_char='@#$@#$ '"$ps_char"
+    if [[ -e /nocow/user/mailtest-failure ]]; then
+      ps_char='!MAILPING! '"$ps_char"
     fi
     source /a/bin/bash_unpublished/source-state
     if [[ ! $SSH_CLIENT && $MAIL_HOST != $HOSTNAME ]]; then
diff --git a/filesystem/etc/cron.d/ian b/filesystem/etc/cron.d/ian
index 343c25b..87b2bc6 100644
--- a/filesystem/etc/cron.d/ian
+++ b/filesystem/etc/cron.d/ian
@@ -1,2 +1,2 @@
 SHELL=/bin/bash
-*/10 * * * *   iank /a/exe/rootsshsync 2>&1 | /usr/local/bin/log-once -15 rootsshsync
\ No newline at end of file
+*/10 * * * *   iank /a/exe/rootsshsync 2>&1 | /usr/local/bin/log-once -15 rootsshsync
diff --git a/filesystem/usr/local/bin/mailtest-check b/filesystem/usr/local/bin/mailtest-check
index 73f3b33..7fb1cbc 100755
--- a/filesystem/usr/local/bin/mailtest-check
+++ b/filesystem/usr/local/bin/mailtest-check
@@ -2,9 +2,21 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
+if [[ $EUID != 1000 ]]; then
+  echo "$0: error run as normal user" >&2
+  exit 1
+fi
+
 cd /m/md/l/testignore/new
 shopt -s nullglob
 
+# we run this cronjob along with sending the test email every 10
+# minutes, so give it 2 minutes to arrive, then if there is an email at
+# least 23 minutes old, the last 2 test emails have failed.
+if [[ ! $@ && $- != *i* ]]; then
+  sleep 120
+fi
+
 last_sec=0
 for file in *; do
   if [[ $file -nt $latest ]]; then
@@ -17,13 +29,13 @@ if [[ $latest ]]; then
 fi
 
 now=$(date +%s)
-limit=$(( now - 60 * 22 ))
+limit=$(( now - 60 * 23 ))
 
-if (( last_sec < limit )); then
+if (( last_sec <= limit )); then
   echo $HOSTNAME mailtest failure
-  touch /nocow/mailtest-failure
+  touch /nocow/user/mailtest-failure
 else
-  rm -f /nocow/mailtest-failure
+  rm -f /nocow/user/mailtest-failure
 fi
 
 find -type f -mtime +1 -delete
diff --git a/mail-setup b/mail-setup
index 65c9d8b..b79fd84 100755
--- a/mail-setup
+++ b/mail-setup
@@ -182,7 +182,7 @@ if [[ ! -e /lib/systemd/system/openvpn-client@.service ]]; then
   vpn_ser=openvpn
 fi
 
-if [[ $HOSTNAME == $MAIL_HOST ]]; then
+if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
   # afaik, these will get ignored because they are routing to my own
   # machine, but rm them is safer
   rm -f $(eval echo ~$u)/.forward /root/.forward
@@ -317,6 +317,7 @@ EOF
 
 cat >/etc/exim4/host_local_deny_exceptions <<'EOF'
 mail.fsf.org
+*.posteo.de
 EOF
 
 cat >/etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost <<'EOF'
@@ -348,7 +349,7 @@ f=/a/bin/bash_unpublished/source-state
 if [[ -e $f ]]; then
     source $f
 fi
-if [[ $HOSTNAME == $MAIL_HOST ]]; then
+if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
     local_mx=mail.iankelling.org
     rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/"
     ${rsync_common}fullchain.pem /etc/exim4/exim.crt
@@ -409,7 +410,7 @@ dc_mailname_in_oh='true'
 EOF
 
 
-if [[ $HOSTNAME == $MAIL_HOST ]]; then
+if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
 
   # mail.iankelling.org so local imap clients can connect with tls and
   # when they happen to not be local.
@@ -547,6 +548,10 @@ wget -nv -N https://publicsuffix.org/list/public_suffix_list.dat
 EOF
   chmod 755 $f
 
+  sed -i --follow-symlinks -f - /etc/aliases <<EOF
+\$a root: $postmaster
+/^root:/d
+EOF
 
   ####### begin dovecot setup ########
   # based on a little google and package search, just the dovecot
@@ -610,7 +615,7 @@ protocol lmtp {
 EOF
 
 
-  cat >/etc/dovecot/local.conf <<'EOF'
+  cat >/etc/dovecot/local.conf <<EOF
 # so I can use a different login that my shell login for mail.  this is
 # worth doing solely for the reason that if this login is compromised,
 # it won't also compromise my shell password.
@@ -629,8 +634,8 @@ ssl_prefer_server_ciphers = yes
 
 
 mail_location = maildir:/m/%u:LAYOUT=fs:INBOX=/m/%u/INBOX
-mail_uid = iank
-mail_gid = iank
+mail_uid = $u
+mail_gid = $u
 
 # for debugging info, uncomment these.
 # logs go to syslog and to /var/log/mail.log
@@ -653,6 +658,8 @@ RestartSec=1
 StartLimitInterval=0
 EOF
 
+
+
   systemctl enable mailclean.timer
   systemctl start mailclean.timer
   systemctl restart $vpn_ser@mail
@@ -693,6 +700,13 @@ EOF
 
   hostname -f > /etc/mailname
 
+  # We set this to alerts on MAIL_HOST, but using a user that doesn't exist elsewhere
+  # is no good.
+  sed -i --follow-symlinks -f - /etc/aliases <<EOF
+\$a root:
+/^root:/d
+EOF
+
 fi # end $HOSTNAME != $MAIL_HOST
 
 systemctl reload exim4
@@ -810,23 +824,18 @@ systemctl restart exim4
 # Multiple user names need to be separated by spaces.
 # Root and postmaster mail recipient:
 
-if [[ $postmaster != root ]]; then
-  sed -i --follow-symlinks -f - /etc/aliases <<EOF
-\$a root: $postmaster
-/^root:/d
-EOF
-  newaliases
-fi
-
-# local mail that bounces to alerts goes to /Maildir
-dirs=(/Maildir/{cur,tmp,new})
+# local mail that bounces goes to /Maildir or /root/Maildir
+dirs=(/m/md/bounces/{cur,tmp,new})
 mkdir -p ${dirs[@]}
-chown -R $u:Debian-exim /Maildir
+chown -R $u:Debian-exim /m/md/bounces
 chmod 775 ${dirs[@]}
 usermod -a -G Debian-exim $u
-if [[ -d /m/md ]]; then
-  sudo -u $u ln -sf -T /Maildir /m/md/bounces
-fi
+for d in /Maildir /root/Maildir; do
+  if [[ ! -L $d ]]; then
+    rm -rf $d
+  fi
+  ln -sf -T /m/md/bounces $d
+done
 
 # put spool dir in directory that spans multiple distros.
 # based on http://www.postfix.org/qmgr.8.html and my notes in gnus
@@ -867,10 +876,13 @@ systemctl restart exim4
 systemctl enable exim4
 
 
-if [[ $HOSTNAME == $MAIL_HOST ]]; then
-  cat >/etc/cron.d/mailtest <<'EOF'
-*/10 * * * *   iank echo body_test | mail -s "primary_test $(date +%s) $(date +%Y-%m-%dT%H:%M:%S%z)" iank@posteo.de
-2/10 * * * *   root /usr/local/bin/mailtest-check
+if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
+  cat >/etc/cron.d/mailtest <<EOF
+SHELL=/bin/bash
+# running as user just because no need to run as root
+*/10 * * * *   $u echo body_test | mail -s "primary_test \$(date +%s) \$(date +%Y-%m-%dT%H:%M:%S%z)" iank@posteo.de
+*/10 * * * *   $u /usr/local/bin/mailtest-check
+*/10 * * * *   root chmod -R g+rw /m/md/bounces
 EOF
   cp /a/bin/distro-setup/filesystem/usr/local/bin/mailtest-check /usr/local/bin
 else
@@ -881,7 +893,7 @@ fi
 # for when MAIL_HOST changes, so radicale gets the synced files and
 # does not stop us from remounting /o.
 if dpkg -s radicale &>/dev/null; then
-  if [[ $HOSTNAME == $MAIL_HOST ]]; then
+  if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
     systemctl restart radicale
     systemctl enable radicale
     if [[ -e /etc/logrotate.d/radicale.disabled ]]; then