From 6ebf7555f45713e31593ebf15c16624965b6c39f Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Mon, 3 Dec 2018 10:50:19 +0100
Subject: [PATCH] Improve mail setup.

---
 all_new_2018/letsencrypt_remote.sh                     |  2 +-
 .../mail/etc/dovecot/conf.d/99-auth.conf               |  3 +++
 .../mail/etc/dovecot/conf.d/99-lmtp.conf               |  4 ++++
 .../mail/etc/dovecot/conf.d/99-master.conf             | 10 ++++++++++
 .../linkable_etc_files/mail/etc/postfix/main.cf        |  8 +++++++-
 all_new_2018/setup_mail.sh                             |  8 ++++++--
 6 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf
 create mode 100644 all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf

diff --git a/all_new_2018/letsencrypt_remote.sh b/all_new_2018/letsencrypt_remote.sh
index 18f9aa4..6b7b54f 100755
--- a/all_new_2018/letsencrypt_remote.sh
+++ b/all_new_2018/letsencrypt_remote.sh
@@ -28,7 +28,7 @@ if [ "${action}" = "get" ]; then
 elif [ "${action}" = "put" ]; then
     # Expand letsencrypt.tar to /etc/letsencrypt/ on server.
     scp letsencrypt.tar plom@${server}:~/
-    ssh -t plom@${server} 'su -c "rmdir /etc/letsencrypt && mv letsencrypt.tar /etc/ && cd /etc/ && tar xf letsencrypt.tar && rm letsencrypt.tar"'
+    ssh -t plom@${server} 'su -c "apt -y install certbot && rmdir /etc/letsencrypt && mv letsencrypt.tar /etc/ && cd /etc/ && tar xf letsencrypt.tar && rm letsencrypt.tar"'
 else
     echo "Action must be 'get', or 'put'."
     false
diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf
new file mode 100644
index 0000000..4a8549c
--- /dev/null
+++ b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf
@@ -0,0 +1,3 @@
+# This is only necessary when we use dovecot's LMTP mechanism to receive
+# mail from postfix.
+auth_username_format = %Ln
diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf
new file mode 100644
index 0000000..097f04e
--- /dev/null
+++ b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf
@@ -0,0 +1,4 @@
+# Add sieve filtering.
+protocol lmtp {
+  mail_plugins = $mail_plugins sieve
+}
diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf
index 0871740..f8c5b43 100644
--- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf
+++ b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf
@@ -8,3 +8,13 @@ service auth {
 	group = postfix
   }
 }
+
+# We don't strictly need to provide a LMTP server to fetch mail from
+# postfix, but we do if we want to do sophisticated stuff like sieve
+# filtering on the way.
+service lmtp {
+  inet_listener lmtp {
+    address = 127.0.0.1
+    port = 2424
+  }
+}
diff --git a/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf b/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf
index 39d3720..7074961 100644
--- a/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf
+++ b/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf
@@ -50,4 +50,10 @@ smtpd_sasl_path = private/auth
 
 # connect to opendkim
 smtpd_milters = inet:localhost:12301
-non_smtpd_milters = inet:localhost:12301
\ No newline at end of file
+non_smtpd_milters = inet:localhost:12301
+
+# transport mail to dovecot; not strictly needed, as even without this
+# postfix will throw mail to /var/mail/USER to be found by dovecot for
+# serving via IMAP etc.; but using dovecot's LMTP server for delivery
+# allows us to do stuff like dovecot-side sieve filtering.
+mailbox_transport = lmtp:inet:127.0.0.1:2424
\ No newline at end of file
diff --git a/all_new_2018/setup_mail.sh b/all_new_2018/setup_mail.sh
index edd5319..18d7c31 100755
--- a/all_new_2018/setup_mail.sh
+++ b/all_new_2018/setup_mail.sh
@@ -53,8 +53,12 @@ echo "ssl_key = </etc/letsencrypt/live/$(hostname -f)/privkey.pem" >> /etc/dovec
 echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections
 echo "${mail_domain}" > /etc/mailname
 
-# Everything should now be ready for installations.
-apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd opendkim
+# Everything should now be ready for installations. Note that we don't
+# strictly need dovecot-lmtpd, as postfix will deliver mail to /var/mail/USER
+# in any case, to be found by dovecot; we use it as a transport mechanism to
+# allow for sophisticated stuff like dovecot-side sieve filtering (installed
+# with dovecot-sieve).
+apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd dovecot-lmtpd dovecot-sieve opendkim
 echo "TODO: Ensure MX entry for your system in your DNS configuration."
 echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 mx -all' mapped to your host."
 if [ "${add_dkim_record}" -eq "1" ]; then
-- 
2.30.2