From 61f1751416bfc81037994bb955e25c8d1de79e7d Mon Sep 17 00:00:00 2001
From: Jim Hague <jim.hague@acm.org>
Date: Thu, 18 May 2023 16:54:48 +0100
Subject: [PATCH] Final email tweaks to delivery without errors.

1. Get Exim from backports because SRS.
2. Get rspamd from rspamd repo, because that works with Exim.
3. Fix permissions issue on delivery via Dovecot.
---
 states/email/exim4.sls                              | 13 +++----------
 states/email/exim4/conf.d/transport/30_dovecot_home |  1 +
 states/email/rspamd.sls                             | 12 ++++++++++--
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/states/email/exim4.sls b/states/email/exim4.sls
index 0b89e9d..0f73e15 100644
--- a/states/email/exim4.sls
+++ b/states/email/exim4.sls
@@ -1,6 +1,9 @@
+# Stock exim4 gives 'unknown condition "inbound_srs".
+# the backports version to start.
 exim4:
   pkg.installed:
     - name: exim4-daemon-heavy
+    - fromrepo: bullseye-backports
 
 exim4_conf:
   file.recurse:
@@ -17,16 +20,6 @@ exim4_certs_group:
     - addusers:
       - Debian-exim
 
-# To deliver using the Dovecot LDA without getting a perms
-# error on /run/dovecot/stats-writer, the Exim user must be in
-# the dovecot group.
-exim4_dovecot_group:
-  group.present:
-    - name: dovecot
-    - system: true
-    - addusers:
-      - Debian-exim
-
 exim4_dkim_private_keys:
   file.managed:
     - mode: 0640
diff --git a/states/email/exim4/conf.d/transport/30_dovecot_home b/states/email/exim4/conf.d/transport/30_dovecot_home
index 0276592..d852258 100644
--- a/states/email/exim4/conf.d/transport/30_dovecot_home
+++ b/states/email/exim4/conf.d/transport/30_dovecot_home
@@ -6,6 +6,7 @@ dovecot_home:
   driver = pipe
   #command = sh -c "/usr/bin/bogofilter -e -u -p | /usr/lib/dovecot/deliver"
   command = /usr/lib/dovecot/deliver
+  group = dovecot
   message_prefix =
   message_suffix =
   log_output
diff --git a/states/email/rspamd.sls b/states/email/rspamd.sls
index 14e8134..015fc3d 100644
--- a/states/email/rspamd.sls
+++ b/states/email/rspamd.sls
@@ -1,8 +1,16 @@
-# Stock bullseye rspamd doesn't start.
+# Stock bullseye rspamd doesn't start. bullseye-backports doesn't
+# work with Exim.
+rspamd_repo:
+  pkgrepo.managed:
+    - name: deb [arch=arm64] http://rspamd.com/apt-stable/ bullseye main
+    - dist: bullseye
+    - key_url: https://rspamd.com/apt-stable/gpg.key
+    - file: /etc/apt/sources.list.d/rspamd.list
+
 rspamd:
   pkg.installed:
     - name: rspamd
-    - fromrepo: bullseye-backports
+    - fromrepo: bullseye
 
 rspamd_conf:
   file.recurse: