email: Makefile fix for patched exim4



See merge request !1

This just makes the redirect a bit more reliable.

This removes a needless redirect when the HTTP_HOST is not the same as
the SERVER_NAME.

Fixes #12383

Although the diff is quite large, the changes are as follows:

* Allow a backup2l.conf to be specified as an argument
* A reguar expression is used to find the BACKUP_DIR definition
* More error checking around the running of the backup2l estimate
* The two regexes parsing the output have been squashed into one.
* When the estimate was just Bytes, the parsing failed, as a space was
  in between the number and the letter B.

This leads to a cron email every day.  Oops!

Fixes #12473

It has to check all the directories in sets/ to pick the next, not just
use the next name of the "last" available set.

The defaults are as follows:

* If the current set is available

** If it is due to expire inside the threshold

*** generate a new set if there is no set more recent (unless instructed
otherwise)
*** roll over to the new set if one has been generated (unless
instructed not to)

** Otherwise

*** do not generate a new set (unless instructed otherwise)
*** do not roll over (unless instructed to)

* If the "current" set is missing, but other sets are available

** If the most recent set is due to expire inside the threshold

*** generate a new set (unless instructed otherwise)
*** roll over to the new set if one has been generated (unless
instructed not to)

** If the most recent set is not due to expire soon

*** do not generate a new set (unless instructed otherwise)
*** roll over to the latest set (unless instructed not to)

* If there are no certificate sets

** generate a new one (unless instructed otherwise)
** roll over to the new set if one has been generate (unless instructed
not to)

Apparently the solution is to "retry a reasonable number of times".

  https://github.com/letsencrypt/boulder/issues/1217
  https://community.letsencrypt.org/t/getting-the-client-sent-an-unacceptable-anti-replay-nonce/9172

Also fixed up retrying when writing fails.  In now retries, and shouts
louder if the second attempt fails.

Just remove duff characters.

This adds in tests for previous commits too.

This ensures a good-looking email address is sent to letsencrypt.

The regex is taken from our Exim config.

This will hopefully help debugging.

Also the #verify_status is cached between tests, so we don't call it
lots of times by accident.

The sleep has moved to after the "pending" check makes testing (and
potentially production) faster.

Previously it was assumed that the bare domain would be the CN, but when
this doesn't verify, then that doesn't make sense.

This reverts commit 6054612a, reversing
changes made to d4d77473.

This now uses String#strip to remove any leading/trailing whitespace.

Test case added, changelog bumped.

Instead merge into previous release.

We load config from /srv/example.com/config/spf and then
encode the first line. However we need to make sure that we
cope with the `\r\n` which Windows-users might have added.

That will manifest itself in SPF records containing things
like this:

    "v=spf1 +mx +a -all\010"

Where \010 corresponds to "\n".

Reference RT-ticket #641993

This fixes the

    !! Failed: Error creating new authz :: DNS name was empty

errors seen by people.

Fixes: #12453

A bad pattern was copied all over the place, calling the wrong method.
The method has now been renamed (and an alias inserted for the old
name).

This should shorten the retry loops for domains that have gone away.