# Check we have the necessary arguments.
if [ "$#" -lt 1 ]; then
- echo 'Need mail for letsencrypt (and optionally old server IP).'
+ echo 'Need mail for letsencrypt, mail domain, and optionally old server IP.'
false
fi
mail="$1"
-old_server="$2"
+mail_domain="$2"
+old_server="$3"
+
+read -p'You sure you entered the correct mail domain? (not the server domain, but what comes after the @ in your mail addresses) If not, abort here!' ignore
config_tree_prefix="${HOME}/config/buster"
echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
-echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections
+echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections
./install_for_target.sh mail
./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" mail
nft -f /etc/nftables.conf
# TODO: Is it auto-renewed?
certbot certonly --standalone --agree-tos --no-eff-email -m "${mail}" -d "$(hostname -f)"
+# For if FQDN != mail domain name.
+sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf
+sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/postfix/main.cf
+
# OpenDKIM setup.
selector=$(hostname)$(date +%Y%m%d)
-opendkim-genkey -d "$(hostname -f)" -D /etc/dkimkeys -s "${selector}"
-sed -i "s/REPLACE_hostname_ECALPER/$(hostname -f)/g" /etc/opendkim.conf
+opendkim-genkey -d "${mail_domain}" -D /etc/dkimkeys -s "${selector}"
+sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/opendkim.conf
sed -i "s/REPLACE_selector_ECALPER/${selector}/g" /etc/opendkim.conf
# Dovecot sieve filtering via LMTP. Without this, mail only gets
chown plom:plom /home/plom/.pingmailrc
su -lc "cd && git clone https://plomlompom.com/repos/clone/pingmail" plom
-# Pingmail and fetchmail have some systemd timers waiting. To let systemd
-# know about them, do this.
-systemctl daemon-reload
-systemctl enable --now fetchmail_old_account.timer
-systemctl enable --now pingmail.timer
-
# To allow IMAPS access.
echo "ssl_cert = </etc/letsencrypt/live/$(hostname -f)/fullchain.pem" > /etc/dovecot/conf.d/99-ssl-certs.conf
echo "ssl_key = </etc/letsencrypt/live/$(hostname -f)/privkey.pem" >> /etc/dovecot/conf.d/99-ssl-certs.conf
# Get old mail data, shutdown old postfix server.
if [ "${old_server}" != "" ]; then
cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
- #chown plom:plom /home/plom/prepare_to_meet_server.sh
su -lc "./prepare_to_meet_server.sh ${old_server}" plom
read -p'Hit Enter when you are done.' ignore
rm /home/plom/prepare_to_meet_server.sh
su -lc "scp plom@${old_server}:.dovecot.sieve ~" plom
su -lc "scp plom@${old_server}:.fetchmailrc ~" plom
su -lc "scp plom@${old_server}:.pingmailrc ~" plom
- su -lc "ssh plom@${old_server} \"su -lc 'service postfix stop'\"" plom
+ su -lc "ssh -t plom@${old_server} \"su -lc 'service postfix stop'\"" plom
+ su -lc "ssh plom@${old_server} \"su -lc 'systemctl disable fetchmail_old_account.timer'\"" plom
+ su -lc "ssh plom@${old_server} \"su -lc 'service fetchmail_old_account stop'\"" plom
+ #su -lc "ssh -t plom@${old_server} \"su -lc 'service fetchmail stop'\"" plom
cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
su -lc "./mirror_dir.sh ${old_server} /home/plom/mail" plom
rm /home/plom/mirror_dir.sh
service postfix restart
service dovecot restart
+# Pingmail and fetchmail have some systemd timers waiting. To let systemd
+# know about them, do this.
+systemctl daemon-reload
+systemctl enable --now fetchmail_old_account.timer
+systemctl enable --now pingmail.timer
+
# Final advice to user.
echo "To put into DNS:"
cat "/etc/dkimkeys/${selector}.txt"
echo "Also ensure reverse DNS lookup for our IP points to $(hostname -f)"
echo "Also ensure MX record of priority 10 for @ or subdomain pointing to $(hostname -f)"
echo "IMAPS password for user plom is: ${password}"
-
-# TODO:
-# - mailutils.conf from old config for pingmail?
+echo "Also don't forget borgbackup migration …"
# todo just for proper mail /sending/:
# * how to check IP safety