exim/exim-4.43-pamconfig.patch

diff -uNr exim-4.69-new/src/configure.default exim-4.69/src/configure.default
--- exim-4.69-new/src/configure.default	2008-08-13 15:15:01.000000000 +0100
+++ exim-4.69/src/configure.default	2008-08-13 15:16:44.000000000 +0100
@@ -140,7 +140,7 @@
 
 # Allow any client to use TLS.
 
-# tls_advertise_hosts = *
+tls_advertise_hosts = *
 
 # Specify the location of the Exim server's TLS certificate and private key.
 # The private key must not be encrypted (password protected). You can put
@@ -148,8 +148,8 @@
 # need the first setting, or in separate files, in which case you need both
 # options.
 
-# tls_certificate = /etc/ssl/exim.crt
-# tls_privatekey = /etc/ssl/exim.pem
+tls_certificate = /etc/pki/tls/certs/exim.pem
+tls_privatekey = /etc/pki/tls/private/exim.pem
 
 # In order to support roaming users who wish to send email from anywhere,
 # you may want to make Exim listen on other ports as well as port 25, in
@@ -160,8 +160,8 @@
 # them you should also allow TLS-on-connect on the traditional but
 # non-standard port 465.
 
-# daemon_smtp_ports = 25 : 465 : 587
-# tls_on_connect_ports = 465
+daemon_smtp_ports = 25 : 465 : 587
+tls_on_connect_ports = 465
 
 
 # Specify the domain you want to be added to all unqualified addresses
@@ -219,6 +219,24 @@
 
 host_lookup = *
 
+# This setting, if uncommented, allows users to authenticate using
+# their system passwords against saslauthd if they connect over a
+# secure connection. If you have network logins such as NIS or
+# Kerberos rather than only local users, then you possibly also want
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
+# allows them to relay through the system. 
+#
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
+#
+# By default, we set this option to allow SMTP AUTH from nowhere
+# (Exim's default would be to allow it from anywhere, even on an
+# unencrypted connection).
+#
+# Comment this one out if you uncomment the above. Did you make sure
+# saslauthd is actually running first?
+#
+auth_advertise_hosts =
 
 # The settings below, which are actually the same as the defaults in the
 # code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
@@ -756,7 +774,7 @@
 #  driver                     = plaintext
 #  server_set_id              = $auth2
 #  server_prompts             = :
-#  server_condition           = Authentication is not yet configured
+#  server_condition           = ${if saslauthd{{$2}{$3}{smtp}} {1}}
 #  server_advertise_condition = ${if def:tls_cipher }
 
 # LOGIN authentication has traditional prompts and responses. There is no
@@ -768,7 +786,7 @@
 #  driver                     = plaintext
 #  server_set_id              = $auth1
 #  server_prompts             = <| Username: | Password:
-#  server_condition           = Authentication is not yet configured
+#  server_condition           = ${if saslauthd{{$1}{$2}{smtp}} {1}}
 #  server_advertise_condition = ${if def:tls_cipher }
no fuzz 2008-08-13 14:36:02 +00:00			`diff -uNr exim-4.69-new/src/configure.default exim-4.69/src/configure.default`
			`--- exim-4.69-new/src/configure.default 2008-08-13 15:15:01.000000000 +0100`
			`+++ exim-4.69/src/configure.default 2008-08-13 15:16:44.000000000 +0100`
			`@@ -140,7 +140,7 @@`
auto-import exim-4.50-2 on branch devel from exim-4.50-2.src.rpm 2005-04-19 04:06:04 +00:00
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00			`# Allow any client to use TLS.`
auto-import exim-4.50-2 on branch devel from exim-4.50-2.src.rpm 2005-04-19 04:06:04 +00:00
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00			`-# tls_advertise_hosts = *`
auto-import exim-4.50-2 on branch devel from exim-4.50-2.src.rpm 2005-04-19 04:06:04 +00:00			`+tls_advertise_hosts = *`
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00
			`# Specify the location of the Exim server's TLS certificate and private key.`
			`# The private key must not be encrypted (password protected). You can put`
no fuzz 2008-08-13 14:36:02 +00:00			`@@ -148,8 +148,8 @@`
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00			`# need the first setting, or in separate files, in which case you need both`
			`# options.`

			`-# tls_certificate = /etc/ssl/exim.crt`
			`-# tls_privatekey = /etc/ssl/exim.pem`
package review updates 2006-07-27 07:05:24 +00:00			`+tls_certificate = /etc/pki/tls/certs/exim.pem`
			`+tls_privatekey = /etc/pki/tls/private/exim.pem`
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00
			`# In order to support roaming users who wish to send email from anywhere,`
			`# you may want to make Exim listen on other ports as well as port 25, in`
no fuzz 2008-08-13 14:36:02 +00:00			`@@ -160,8 +160,8 @@`
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00			`# them you should also allow TLS-on-connect on the traditional but`
			`# non-standard port 465.`

			`-# daemon_smtp_ports = 25 : 465 : 587`
			`-# tls_on_connect_ports = 465`
			`+daemon_smtp_ports = 25 : 465 : 587`
			`+tls_on_connect_ports = 465`


			`# Specify the domain you want to be added to all unqualified addresses`
no fuzz 2008-08-13 14:36:02 +00:00			`@@ -219,6 +219,24 @@`
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00
no fuzz 2008-08-13 14:36:02 +00:00			`host_lookup = *`
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00
auto-import exim-4.50-2 on branch devel from exim-4.50-2.src.rpm 2005-04-19 04:06:04 +00:00			`+# This setting, if uncommented, allows users to authenticate using`
			`+# their system passwords against saslauthd if they connect over a`
			`+# secure connection. If you have network logins such as NIS or`
			`+# Kerberos rather than only local users, then you possibly also want`
			`+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism`
			`+# too. Once a user is authenticated, the acl_check_rcpt ACL then`
			`+# allows them to relay through the system.`
			`+#`
			`+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}`
			`+#`
			`+# By default, we set this option to allow SMTP AUTH from nowhere`
			`+# (Exim's default would be to allow it from anywhere, even on an`
			`+# unencrypted connection).`
			`+#`
			`+# Comment this one out if you uncomment the above. Did you make sure`
			`+# saslauthd is actually running first?`
			`+#`
			`+auth_advertise_hosts =`

no fuzz 2008-08-13 14:36:02 +00:00			`# The settings below, which are actually the same as the defaults in the`
			`# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP`
			`@@ -756,7 +774,7 @@`
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00			`# driver = plaintext`
			`# server_set_id = $auth2`
			`# server_prompts = :`
			`-# server_condition = Authentication is not yet configured`
			`+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}`
			`# server_advertise_condition = ${if def:tls_cipher }`
auto-import exim-4.50-2 on branch devel from exim-4.50-2.src.rpm 2005-04-19 04:06:04 +00:00
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00			`# LOGIN authentication has traditional prompts and responses. There is no`
no fuzz 2008-08-13 14:36:02 +00:00			`@@ -768,7 +786,7 @@`
- Add procmail router and transport (#146848) - Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage 2006-09-04 02:51:36 +00:00			`# driver = plaintext`
			`# server_set_id = $auth1`
			`# server_prompts = <\| Username: \| Password:`
			`-# server_condition = Authentication is not yet configured`
			`+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}`
			`# server_advertise_condition = ${if def:tls_cipher }`
auto-import exim-4.50-2 on branch devel from exim-4.50-2.src.rpm 2005-04-19 04:06:04 +00:00