Updated config to explictly link with spf2 and opendmarc

Fixed bogus date in changelog
2020-04-29 18:41:19 +02:00 · 2020-04-29 18:41:19 +02:00 · 2eab8d2bc5
parent 28c7077c05
commit 2eab8d2bc5
2 changed files with 35 additions and 27 deletions
--- a/exim-4.93-config.patch
+++ b/exim-4.93-config.patch
@ -12,7 +12,7 @@ index ecd2083..cf1eeb2 100755
   echo "" >>$mft
   cat $mftt >> $mft
 diff --git a/src/EDITME b/src/EDITME
-index 83325ab..a861c7f 100644
+index 83325ab..4cc0c80 100644
 --- a/src/EDITME
 +++ b/src/EDITME
@@ -100,7 +100,7 @@
@ -150,14 +150,15 @@ index 83325ab..a861c7f 100644
 # If you have content scanning you may wish to only include some of the scanner
 # interfaces.  Uncomment any of these lines to remove that code.
-@@ -592,12 +598,12 @@
+@@ -592,12 +598,12 @@ DISABLE_MAL_MKS=yes
 # Uncomment the following line to add DMARC checking capability, implemented
 # using libopendmarc libraries. You must have SPF and DKIM support enabled also.
 -# SUPPORT_DMARC=yes
 +SUPPORT_DMARC=yes
 # CFLAGS += -I/usr/local/include
- # LDFLAGS += -lopendmarc
+-# LDFLAGS += -lopendmarc
 +LDFLAGS += -lopendmarc
 # Uncomment the following if you need to change the default. You can
 # override it at runtime (main config option dmarc_tld_file)
 -# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
@ -279,15 +280,18 @@ index 83325ab..a861c7f 100644
 #------------------------------------------------------------------------------
-@@ -1029,7 +1050,7 @@
+@@ -1029,9 +1035,9 @@ ZCAT_COMMAND=/usr/bin/zcat
 # installed on your system (www.libspf2.org). Depending on where it is installed
 # you may have to edit the CFLAGS and LDFLAGS lines.
 -# SUPPORT_SPF=yes
 +SUPPORT_SPF=yes
 # CFLAGS  += -I/usr/local/include
- # LDFLAGS += -lspf2
+-# LDFLAGS += -lspf2
 +LDFLAGS += -lspf2
 #------------------------------------------------------------------------------
@@ -1096,7 +1102,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # group. Once you have installed saslauthd, you should arrange for it to be
 # started by root at boot time.
@ -357,7 +361,7 @@ index 83325ab..a861c7f 100644
 # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
 # using the name "exim-daemon.pid".
 diff --git a/src/configure.default b/src/configure.default
-index cf38305..472b801 100644
+index cf38305..8ddabfe 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -67,7 +67,7 @@
@ -489,7 +493,7 @@ index cf38305..472b801 100644
 # This access control list is used for every RCPT command in an incoming
 # SMTP message. The tests are run in order until the address is either
 # accepted or denied.
-@@ -392,6 +435,7 @@
+@@ -392,6 +435,7 @@ acl_check_rcpt:
   accept  hosts = :
           control = dkim_disable_verify
@ -497,7 +501,7 @@ index cf38305..472b801 100644
   #############################################################################
   # The following section of the ACL is concerned with local parts that contain
-@@ -445,7 +488,8 @@ acl_check_rcpt:
+@@ -445,7 +489,8 @@ acl_check_rcpt:
   accept  local_parts   = postmaster
           domains       = +local_domains
@ -507,7 +511,7 @@ index cf38305..472b801 100644
   require verify        = sender
-@@ -471,6 +516,7 @@
+@@ -471,6 +516,7 @@ acl_check_rcpt:
   accept  hosts         = +relay_from_hosts
           control       = submission
           control       = dkim_disable_verify
@ -515,7 +519,7 @@ index cf38305..472b801 100644
   # Accept if the message arrived over an authenticated connection, from
   # any host. Again, these messages are usually from MUAs, so recipient
-@@ -480,6 +526,7 @@
+@@ -480,6 +526,7 @@ acl_check_rcpt:
   accept  authenticated = *
           control       = submission
           control       = dkim_disable_verify
@ -523,7 +527,7 @@ index cf38305..472b801 100644
   # Insist that a HELO/EHLO was accepted.
-@@ -505,7 +549,8 @@ acl_check_rcpt:
+@@ -505,7 +552,8 @@ acl_check_rcpt:
   # There are no default checks on DNS black lists because the domains that
   # contain these lists are changing all the time. However, here are two
   # examples of how you can get Exim to perform a DNS black list lookup at this
@ -533,7 +537,7 @@ index cf38305..472b801 100644
   #
   # deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
   #         dnslists      = black.list.example
-@@ -513,6 +558,10 @@ acl_check_rcpt:
+@@ -513,6 +561,10 @@ acl_check_rcpt:
   # warn    dnslists      = black.list.example
   #         add_header    = X-Warning: $sender_host_address is in a black list at $dnslist_domain
   #         log_message   = found in $dnslist_domain
@ -544,7 +548,7 @@ index cf38305..472b801 100644
   #############################################################################
   #############################################################################
-@@ -539,6 +588,10 @@ acl_check_rcpt:
+@@ -539,6 +591,10 @@ acl_check_rcpt:
   #        set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
   #############################################################################
@ -555,7 +559,7 @@ index cf38305..472b801 100644
   # At this point, the address has passed all the checks that have been
   # configured, so we accept it unconditionally.
-@@ -588,21 +641,32 @@ acl_check_data:
+@@ -588,21 +644,32 @@ acl_check_data:
           message =     header syntax
           log_message = header syntax ($acl_verify_message)
@ -596,7 +600,7 @@ index cf38305..472b801 100644
   #############################################################################
   # No more tests if PRDR was actively used.
-@@ -616,11 +680,63 @@ acl_check_data:
+@@ -616,11 +683,63 @@ acl_check_data:
   #           condition    = ...
   #############################################################################
@ -661,7 +665,7 @@ index cf38305..472b801 100644
 ######################################################################
-@@ -722,7 +838,7 @@ system_aliases:
+@@ -722,7 +841,7 @@ system_aliases:
   driver = redirect
   allow_fail
   allow_defer
@ -670,7 +674,7 @@ index cf38305..472b801 100644
 # user = exim
   file_transport = address_file
   pipe_transport = address_pipe
-@@ -760,7 +876,7 @@ userforward:
+@@ -760,7 +879,7 @@ userforward:
 # local_part_suffix = +* : -*
 # local_part_suffix_optional
   file = $home/.forward
@ -679,7 +683,7 @@ index cf38305..472b801 100644
   no_verify
   no_expn
   check_ancestor
-@@ -768,6 +884,12 @@ userforward:
+@@ -768,6 +887,12 @@ userforward:
   pipe_transport = address_pipe
   reply_transport = address_reply
@ -692,7 +696,7 @@ index cf38305..472b801 100644
 # This router matches local user mailboxes. If the router fails, the error
 # message is "Unknown user".
-@@ -812,6 +934,25 @@ remote_smtp:
+@@ -812,6 +937,25 @@ remote_smtp:
   hosts_try_prdr = *
 .endif
@ -718,7 +722,7 @@ index cf38305..472b801 100644
 # This transport is used for delivering messages to a smarthost, if the
 # smarthost router is enabled.  This starts from the same basis as
-@@ -867,8 +1008,8 @@ local_delivery:
+@@ -867,8 +1011,8 @@ local_delivery:
   delivery_date_add
   envelope_to_add
   return_path_add
@ -729,7 +733,7 @@ index cf38305..472b801 100644
 # This transport is used for handling pipe deliveries generated by alias or
-@@ -901,6 +1042,16 @@ address_reply:
+@@ -901,6 +1045,16 @@ address_reply:
   driver = autoreply
@ -746,7 +750,7 @@ index cf38305..472b801 100644
 ######################################################################
 #                      RETRY CONFIGURATION                           #
-@@ -941,6 +1092,21 @@ begin rewrite
+@@ -941,6 +1095,21 @@ begin rewrite
 #                   AUTHENTICATION CONFIGURATION                     #
 ######################################################################
@ -768,7 +772,7 @@ index cf38305..472b801 100644
 # The following authenticators support plaintext username/password
 # authentication using the standard PLAIN mechanism and the traditional
 # but non-standard LOGIN mechanism, with Exim acting as the server.
-@@ -956,7 +1122,7 @@ begin rewrite
+@@ -956,7 +1125,7 @@ begin rewrite
 # The default RCPT ACL checks for successful authentication, and will accept
 # messages from authenticated users from anywhere on the Internet.
@ -777,7 +781,7 @@ index cf38305..472b801 100644
 # PLAIN authentication has no server prompts. The client sends its
 # credentials in one lump, containing an authorization ID (which we do not
-@@ -970,7 +1136,7 @@ begin authenticators
+@@ -970,7 +1139,7 @@ begin authenticators
 #  driver                     = plaintext
 #  server_set_id              = $auth2
 #  server_prompts             = :
@ -786,7 +790,7 @@ index cf38305..472b801 100644
 #  server_advertise_condition = ${if def:tls_in_cipher }
 # LOGIN authentication has traditional prompts and responses. There is no
-@@ -982,7 +1148,7 @@ begin authenticators
+@@ -982,7 +1151,7 @@ begin authenticators
 #  driver                     = plaintext
 #  server_set_id              = $auth1
 #  server_prompts             = <| Username: | Password:
--- a/exim.spec
+++ b/exim.spec
@ -12,7 +12,7 @@
 Summary: The exim mail transfer agent
 Name: exim
 Version: 4.93
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+
 Url: https://www.exim.org/
@ -477,6 +477,10 @@ fi
 %{_sysconfdir}/cron.daily/greylist-tidy.sh
 %changelog
 * Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-6
 - Updated config to explictly link with spf2 and opendmarc
 - Fixed bogus date in changelog
 * Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-5
 - Bump for rebuild with the fixed clamd requirement
  Resolves: rhbz#1801329
@ -491,7 +495,7 @@ fi
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.93-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-* Wed Jan 12 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-1
+* Sun Jan 12 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-1
 - New version
  Resolves: rhbz#1782320
 - Consolidated and simplified patches