From 2eab8d2bc591d4444a3acf30863268018411337e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= Date: Wed, 29 Apr 2020 18:41:19 +0200 Subject: [PATCH] Updated config to explictly link with spf2 and opendmarc Fixed bogus date in changelog --- exim-4.93-config.patch | 54 +++++++++++++++++++++++------------------- exim.spec | 8 +++++-- 2 files changed, 35 insertions(+), 27 deletions(-) diff --git a/exim-4.93-config.patch b/exim-4.93-config.patch index c97eadc..5ba9021 100644 --- a/exim-4.93-config.patch +++ b/exim-4.93-config.patch @@ -12,7 +12,7 @@ index ecd2083..cf1eeb2 100755 echo "" >>$mft cat $mftt >> $mft diff --git a/src/EDITME b/src/EDITME -index 83325ab..a861c7f 100644 +index 83325ab..4cc0c80 100644 --- a/src/EDITME +++ b/src/EDITME @@ -100,7 +100,7 @@ @@ -150,14 +150,15 @@ index 83325ab..a861c7f 100644 # If you have content scanning you may wish to only include some of the scanner # interfaces. Uncomment any of these lines to remove that code. -@@ -592,12 +598,12 @@ +@@ -592,12 +598,12 @@ DISABLE_MAL_MKS=yes # Uncomment the following line to add DMARC checking capability, implemented # using libopendmarc libraries. You must have SPF and DKIM support enabled also. -# SUPPORT_DMARC=yes +SUPPORT_DMARC=yes # CFLAGS += -I/usr/local/include - # LDFLAGS += -lopendmarc +-# LDFLAGS += -lopendmarc ++LDFLAGS += -lopendmarc # Uncomment the following if you need to change the default. You can # override it at runtime (main config option dmarc_tld_file) -# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds @@ -279,15 +280,18 @@ index 83325ab..a861c7f 100644 #------------------------------------------------------------------------------ -@@ -1029,7 +1050,7 @@ +@@ -1029,9 +1035,9 @@ ZCAT_COMMAND=/usr/bin/zcat # installed on your system (www.libspf2.org). Depending on where it is installed # you may have to edit the CFLAGS and LDFLAGS lines. -# SUPPORT_SPF=yes +SUPPORT_SPF=yes # CFLAGS += -I/usr/local/include - # LDFLAGS += -lspf2 +-# LDFLAGS += -lspf2 ++LDFLAGS += -lspf2 + + #------------------------------------------------------------------------------ @@ -1096,7 +1102,7 @@ ZCAT_COMMAND=/usr/bin/zcat # group. Once you have installed saslauthd, you should arrange for it to be # started by root at boot time. @@ -357,7 +361,7 @@ index 83325ab..a861c7f 100644 # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory # using the name "exim-daemon.pid". diff --git a/src/configure.default b/src/configure.default -index cf38305..472b801 100644 +index cf38305..8ddabfe 100644 --- a/src/configure.default +++ b/src/configure.default @@ -67,7 +67,7 @@ @@ -489,7 +493,7 @@ index cf38305..472b801 100644 # This access control list is used for every RCPT command in an incoming # SMTP message. The tests are run in order until the address is either # accepted or denied. -@@ -392,6 +435,7 @@ +@@ -392,6 +435,7 @@ acl_check_rcpt: accept hosts = : control = dkim_disable_verify @@ -497,7 +501,7 @@ index cf38305..472b801 100644 ############################################################################# # The following section of the ACL is concerned with local parts that contain -@@ -445,7 +488,8 @@ acl_check_rcpt: +@@ -445,7 +489,8 @@ acl_check_rcpt: accept local_parts = postmaster domains = +local_domains @@ -507,7 +511,7 @@ index cf38305..472b801 100644 require verify = sender -@@ -471,6 +516,7 @@ +@@ -471,6 +516,7 @@ acl_check_rcpt: accept hosts = +relay_from_hosts control = submission control = dkim_disable_verify @@ -515,7 +519,7 @@ index cf38305..472b801 100644 # Accept if the message arrived over an authenticated connection, from # any host. Again, these messages are usually from MUAs, so recipient -@@ -480,6 +526,7 @@ +@@ -480,6 +526,7 @@ acl_check_rcpt: accept authenticated = * control = submission control = dkim_disable_verify @@ -523,7 +527,7 @@ index cf38305..472b801 100644 # Insist that a HELO/EHLO was accepted. -@@ -505,7 +549,8 @@ acl_check_rcpt: +@@ -505,7 +552,8 @@ acl_check_rcpt: # There are no default checks on DNS black lists because the domains that # contain these lists are changing all the time. However, here are two # examples of how you can get Exim to perform a DNS black list lookup at this @@ -533,7 +537,7 @@ index cf38305..472b801 100644 # # deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text # dnslists = black.list.example -@@ -513,6 +558,10 @@ acl_check_rcpt: +@@ -513,6 +561,10 @@ acl_check_rcpt: # warn dnslists = black.list.example # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain # log_message = found in $dnslist_domain @@ -544,7 +548,7 @@ index cf38305..472b801 100644 ############################################################################# ############################################################################# -@@ -539,6 +588,10 @@ acl_check_rcpt: +@@ -539,6 +591,10 @@ acl_check_rcpt: # set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER} ############################################################################# @@ -555,7 +559,7 @@ index cf38305..472b801 100644 # At this point, the address has passed all the checks that have been # configured, so we accept it unconditionally. -@@ -588,21 +641,32 @@ acl_check_data: +@@ -588,21 +644,32 @@ acl_check_data: message = header syntax log_message = header syntax ($acl_verify_message) @@ -596,7 +600,7 @@ index cf38305..472b801 100644 ############################################################################# # No more tests if PRDR was actively used. -@@ -616,11 +680,63 @@ acl_check_data: +@@ -616,11 +683,63 @@ acl_check_data: # condition = ... ############################################################################# @@ -661,7 +665,7 @@ index cf38305..472b801 100644 ###################################################################### -@@ -722,7 +838,7 @@ system_aliases: +@@ -722,7 +841,7 @@ system_aliases: driver = redirect allow_fail allow_defer @@ -670,7 +674,7 @@ index cf38305..472b801 100644 # user = exim file_transport = address_file pipe_transport = address_pipe -@@ -760,7 +876,7 @@ userforward: +@@ -760,7 +879,7 @@ userforward: # local_part_suffix = +* : -* # local_part_suffix_optional file = $home/.forward @@ -679,7 +683,7 @@ index cf38305..472b801 100644 no_verify no_expn check_ancestor -@@ -768,6 +884,12 @@ userforward: +@@ -768,6 +887,12 @@ userforward: pipe_transport = address_pipe reply_transport = address_reply @@ -692,7 +696,7 @@ index cf38305..472b801 100644 # This router matches local user mailboxes. If the router fails, the error # message is "Unknown user". -@@ -812,6 +934,25 @@ remote_smtp: +@@ -812,6 +937,25 @@ remote_smtp: hosts_try_prdr = * .endif @@ -718,7 +722,7 @@ index cf38305..472b801 100644 # This transport is used for delivering messages to a smarthost, if the # smarthost router is enabled. This starts from the same basis as -@@ -867,8 +1008,8 @@ local_delivery: +@@ -867,8 +1011,8 @@ local_delivery: delivery_date_add envelope_to_add return_path_add @@ -729,7 +733,7 @@ index cf38305..472b801 100644 # This transport is used for handling pipe deliveries generated by alias or -@@ -901,6 +1042,16 @@ address_reply: +@@ -901,6 +1045,16 @@ address_reply: driver = autoreply @@ -746,7 +750,7 @@ index cf38305..472b801 100644 ###################################################################### # RETRY CONFIGURATION # -@@ -941,6 +1092,21 @@ begin rewrite +@@ -941,6 +1095,21 @@ begin rewrite # AUTHENTICATION CONFIGURATION # ###################################################################### @@ -768,7 +772,7 @@ index cf38305..472b801 100644 # The following authenticators support plaintext username/password # authentication using the standard PLAIN mechanism and the traditional # but non-standard LOGIN mechanism, with Exim acting as the server. -@@ -956,7 +1122,7 @@ begin rewrite +@@ -956,7 +1125,7 @@ begin rewrite # The default RCPT ACL checks for successful authentication, and will accept # messages from authenticated users from anywhere on the Internet. @@ -777,7 +781,7 @@ index cf38305..472b801 100644 # PLAIN authentication has no server prompts. The client sends its # credentials in one lump, containing an authorization ID (which we do not -@@ -970,7 +1136,7 @@ begin authenticators +@@ -970,7 +1139,7 @@ begin authenticators # driver = plaintext # server_set_id = $auth2 # server_prompts = : @@ -786,7 +790,7 @@ index cf38305..472b801 100644 # server_advertise_condition = ${if def:tls_in_cipher } # LOGIN authentication has traditional prompts and responses. There is no -@@ -982,7 +1148,7 @@ begin authenticators +@@ -982,7 +1151,7 @@ begin authenticators # driver = plaintext # server_set_id = $auth1 # server_prompts = <| Username: | Password: diff --git a/exim.spec b/exim.spec index 130f3c6..1b08b6d 100644 --- a/exim.spec +++ b/exim.spec @@ -12,7 +12,7 @@ Summary: The exim mail transfer agent Name: exim Version: 4.93 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ Url: https://www.exim.org/ @@ -477,6 +477,10 @@ fi %{_sysconfdir}/cron.daily/greylist-tidy.sh %changelog +* Wed Apr 29 2020 Jaroslav Škarvada - 4.93-6 +- Updated config to explictly link with spf2 and opendmarc +- Fixed bogus date in changelog + * Wed Apr 29 2020 Jaroslav Škarvada - 4.93-5 - Bump for rebuild with the fixed clamd requirement Resolves: rhbz#1801329 @@ -491,7 +495,7 @@ fi * Tue Jan 28 2020 Fedora Release Engineering - 4.93-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -* Wed Jan 12 2020 Jaroslav Škarvada - 4.93-1 +* Sun Jan 12 2020 Jaroslav Škarvada - 4.93-1 - New version Resolves: rhbz#1782320 - Consolidated and simplified patches