- Add procmail router and transport (#146848)

- Add localhost and localhost.localdomain as local domains (#198511) - Fix mispatched authenticators (#204591) - Other cleanups of config file and extra examples - Add exim-clamav subpackage
2006-09-04 02:51:36 +00:00 · 2006-09-04 02:51:36 +00:00 · 5bfed37f5c
parent 2e975357cf
commit 5bfed37f5c
8 changed files with 285 additions and 105 deletions
--- a/exim-4.33-cyrus.patch
+++ b/exim-4.33-cyrus.patch
@ -5,9 +5,9 @@
 +# This transport is used to deliver local mail to cyrus IMAP server via UNIX 
-+# socket.
+# socket. You'll need to configure the 'localuser' router above to use it.
 +#
-+#local_delivery:
+#lmtp_delivery:
 +#  driver = lmtp
 +#  command = "/usr/lib/cyrus-imapd/deliver -l"
 +#  batch_max = 20
--- a/exim-4.43-pamconfig.patch
+++ b/exim-4.43-pamconfig.patch
@ -1,25 +1,40 @@
 --- exim-4.43/src/configure.default.pam	2004-12-16 13:27:55.000000000 +0000
 +++ exim-4.43/src/configure.default	2004-12-16 15:41:34.000000000 +0000
-@@ -238,6 +238,40 @@
+@@ -160,7 +160,7 @@ acl_smtp_data = acl_check_data
 # Allow any client to use TLS.
 -# tls_advertise_hosts = *
 +tls_advertise_hosts = *
 # Specify the location of the Exim server's TLS certificate and private key.
 # The private key must not be encrypted (password protected). You can put
@@ -168,8 +168,8 @@ acl_smtp_data = acl_check_data
 # need the first setting, or in separate files, in which case you need both
 # options.
 -# tls_certificate = /etc/ssl/exim.crt
 -# tls_privatekey = /etc/ssl/exim.pem
 +tls_certificate = /etc/pki/tls/certs/exim.pem
 +tls_privatekey = /etc/pki/tls/private/exim.pem
 # In order to support roaming users who wish to send email from anywhere,
 # you may want to make Exim listen on other ports as well as port 25, in
@@ -180,8 +180,8 @@ acl_smtp_data = acl_check_data
 # them you should also allow TLS-on-connect on the traditional but
 # non-standard port 465.
 -# daemon_smtp_ports = 25 : 465 : 587
 -# tls_on_connect_ports = 465
 +daemon_smtp_ports = 25 : 465 : 587
 +tls_on_connect_ports = 465
 # Specify the domain you want to be added to all unqualified addresses
@@ -238,6 +238,24 @@
 timeout_frozen_after = 7d
 +# This option, if uncommented, allows Exim to listen on ports other than
 +# just the default port 25. For example, you may wish Exim to sldo listen
 +# on the 'message submission' port 587 for roaming clients which cannot
 +# use port 25 directly from their current location. (cf. RFC 2476).
 +#
 +# daemon_smtp_ports = smtp : msa
 +
 +# This option instructs Exim to advertise the availability of encrypted
 +# connections to all hosts, and uses the certificate which is automatically
 +# generated when the RPM is installed. You can disable TLS, should you need
 +# to do so, by commenting out the three lines below.
 +
 +tls_advertise_hosts = *
 +tls_certificate = /etc/pki/tls/certs/exim.pem
 +tls_privatekey = /etc/pki/tls/private/exim.pem
 +
 +# This setting, if uncommented, allows users to authenticate using
 +# their system passwords against saslauthd if they connect over a
 +# secure connection. If you have network logins such as NIS or
@ -41,23 +56,21 @@
 ######################################################################
-@@ -657,6 +691,19 @@
+@@ -850,7 +837,7 @@ begin authenticators
 #  driver                     = plaintext
 #  server_set_id              = $auth2
 #  server_prompts             = :
 -#  server_condition           = Authentication is not yet configured
 +#  server_condition           = ${if saslauthd{{$2}{$3}{smtp}} {1}}
 #  server_advertise_condition = ${if def:tls_cipher }
- begin authenticators
+ # LOGIN authentication has traditional prompts and responses. There is no
- 
+@@ -862,7 +849,7 @@ begin authenticators
-+plain:
+ #  driver                     = plaintext
-+   driver = plaintext
+ #  server_set_id              = $auth1
-+   public_name = PLAIN
+ #  server_prompts             = <| Username: | Password:
-+   server_prompts = :
+-#  server_condition           = Authentication is not yet configured
-+   server_condition = "${if saslauthd{{$2}{$3}{smtp}} {1}}"
+#  server_condition           = ${if saslauthd{{$1}{$2}{smtp}} {1}}
-+   server_set_id = $2
+ #  server_advertise_condition = ${if def:tls_cipher }
 +
 +login:
 +   driver = plaintext
 +   public_name = LOGIN
 +   server_prompts = "Username:: : Password::"
 +   server_condition = "${if saslauthd{{$1}{$2}{smtp}} {1}}"
 +   server_set_id = $1
 ######################################################################
--- a/exim-4.50-spamdconf.patch
+++ b/exim-4.50-spamdconf.patch
@ -1,86 +1,102 @@
 --- exim-4.50/src/configure.default.orig	2005-02-22 19:49:15.000000000 +0000
 +++ exim-4.50/src/configure.default	2005-02-22 19:46:55.000000000 +0000
-@@ -108,6 +108,26 @@
+@@ -108,6 +108,7 @@
 acl_smtp_rcpt = acl_check_rcpt
 acl_smtp_data = acl_check_data
 +acl_smtp_mime = acl_check_mime
 # You should not change that setting until you understand how ACLs work.
-+# The following ACL entries are used if you want to do content scanning with
+@@ -120,7 +120,7 @@ acl_smtp_mime = acl_check_mime
-+# the exiscan-acl patch. When you uncomment one of these lines, you must also
+ # of what to set for other virus scanners. The second modification is in the
-+# review the respective entries in the ACL section further below.
+ # acl_check_data access control list (see below).
 +
 +# acl_smtp_mime = acl_check_mime
 +# acl_smtp_data = acl_check_content
 +
 +# This configuration variable defines the virus scanner that is used with
 +# the 'malware' ACL condition of the exiscan acl-patch. If you do not use
 +# virus scanning, leave it commented. Please read doc/exiscan-acl-readme.txt
 +# for a list of supported scanners.
 +
 +# av_scanner = sophie:/var/run/sophie
 +
 +# The following setting is only needed if you use the 'spam' ACL condition
 +# of the exiscan-acl patch. It specifies on which host and port the SpamAssassin
 +# "spamd" daemon is listening. If you do not use this condition, or you use
 +# the default of "127.0.0.1 783", you can omit this option.
 +
 +# spamd_address = 127.0.0.1 783
- # Specify the domain you want to be added to all unqualified addresses
+-# av_scanner = clamd:/tmp/clamd
- # here. An unqualified address is one that does not contain an "@" character
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
@@ -376,6 +396,56 @@
   deny    message       = relay not permitted
-+# These access control lists are used for content scanning with the exiscan-acl
+ # For spam scanning, there is a similar option that defines the interface to
-+# patch. You must also uncomment the entries for acl_smtp_data and acl_smtp_mime
+@@ -365,7 +365,8 @@ acl_check_rcpt:
-+# (scroll up), otherwise the ACLs will not be used. IMPORTANT: the default entries here
+   accept  local_parts   = postmaster
-+# should be treated as EXAMPLES. You MUST read the file doc/exiscan-acl-spec.txt
+           domains       = +local_domains
-+# to fully understand what you are doing ...
+ 
 -  # Deny unless the sender address can be verified.
 +  # Deny unless the sender address can be routed. For proper verification of the
 +  # address, read the documentation on callouts and add the /callout modifier.
   require verify        = sender
@@ -455,26 +456,62 @@ acl_check_rcpt:
 acl_check_data:
 +  # Put simple tests first. A good one is to check for the presence of a
 +  # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
 +  # or misconfigured mailer software occasionally omits this from genuine
 +  # messages too, though -- although it's not hard for the offender to fix
 +  # after they receive a bounce because of it.
 +  #
 +  # deny    condition  = ${if !def:h_Message-ID: {1}}
 +  #         message    = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
 +  #                      Most messages without it are spam, so your mail has been rejected.
 +
   # Deny if the message contains a virus. Before enabling this check, you
   # must install a virus scanner and set the av_scanner option above.
   #
   # deny    malware    = *
   #         message    = This message contains a virus ($malware_name).
 -  # Add headers to a message if it is judged to be spam. Before enabling this,
 -  # you must install SpamAssassin. You may also need to set the spamd_address
 -  # option above.
 -  #
 -  # warn    spam       = nobody
 -  #         add_header = X-Spam_score: $spam_score\n\
 -  #                      X-Spam_score_int: $spam_score_int\n\
 -  #                      X-Spam_bar: $spam_bar\n\
 -  #                      X-Spam_report: $spam_report
 +  # Bypass SpamAssassin checks if the message is too large.
 +  #
 +  # accept  condition  = ${if >={$message_size}{100000} {1}}
 +  #         add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
 -  # Accept the message.
 +  # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
 +  # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
 +  # score exceeds the SA system threshold.
 +  #
 +  # warn    spam       = nobody/defer_ok
 +  #         add_header = X-Spam-Flag: YES
 +  #
 +  # accept  condition  = ${if !def:spam_score_int {1}}
 +  #         add_header = X-Spam-Note: SpamAssassin invocation failed
 +  #
 +  
 +  # Unconditionally add score and report headers
 +  #
 +  # warn    add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
 +  #                      X-Spam-Report: $spam_report
 +
 +  # And reject if the SpamAssassin score is greater than ten
 +  #
 +  # deny    condition = ${if >{$spam_score_int}{100} {1}}
 +  #         message   = Your message scored $spam_score SpamAssassin point. Report follows:\n\
 +  #  	    	        $spam_report
   accept
 +
 +acl_check_mime:
 +
 +  # Decode MIME parts to disk. This will support virus scanners later.
 +  warn decode = default
 +
 +  # File extension filtering.
 +  deny message = Blacklisted file extension detected
 +       condition = ${if match \
 +                        {${lc:$mime_filename}} \
 +                        {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
 +                     {1}{0}}
 +  
 +#  # Reject messages that carry chinese character sets.
 +#  # WARNING: This is an EXAMPLE.
 +#  deny message = Sorry, noone speaks chinese here
 +#       condition = ${if eq{$mime_charset}{gb2312}{1}{0}}
 +
 +  accept
 +
 +acl_check_content:
 +
 +  # Reject virus infested messages.
 +  deny  message = This message contains malware ($malware_name)
 +        malware = *
 +
 +  # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings
 +  # (user "nobody"), no matter if over threshold or not.
 +  warn  message = X-Spam-Score: $spam_score ($spam_bar)
 +        spam = nobody:true
 +  warn  message = X-Spam-Report: $spam_report
 +        spam = nobody:true
 +
 +  # Add X-Spam-Flag if spam is over system-wide threshold
 +  warn message = X-Spam-Flag: YES
 +       spam = nobody
 +
 +  # Reject spam messages with score over 10, using an extra condition.
 +  deny  message = This message scored $spam_score points. Congratulations!
 +        spam = nobody:true
 +        condition = ${if >{$spam_score_int}{100}{1}{0}}
 +
 +  # finally accept all the rest
 +  accept
 +  
 ######################################################################
 #                      ROUTERS CONFIGURATION                         #
--- a/exim-4.63-allow-filter.patch
+++ b/exim-4.63-allow-filter.patch
@ -0,0 +1,11 @@
 --- exim-4.63/src/configure.default~	2006-09-03 15:02:28.000000000 -0700
 +++ exim-4.63/src/configure.default	2006-09-03 15:46:53.000000000 -0700
@@ -672,7 +672,7 @@ userforward:
 # local_part_suffix = +* : -*
 # local_part_suffix_optional
   file = $home/.forward
 -# allow_filter
 +  allow_filter
   no_verify
   no_expn
   check_ancestor
--- a/exim-4.63-localhost-is-local.patch
+++ b/exim-4.63-localhost-is-local.patch
@ -0,0 +1,11 @@
 --- exim-4.63/src/configure.default~	2006-09-03 19:31:28.000000000 -0700
 +++ exim-4.63/src/configure.default	2006-09-03 19:37:42.000000000 -0700
@@ -56,7 +56,7 @@
 # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
 # are all colon-separated lists:
 -domainlist local_domains = @
 +domainlist local_domains = @ : localhost : localhost.localdomain
 domainlist relay_to_domains =
 hostlist   relay_from_hosts = 127.0.0.1
--- a/exim-4.63-procmail.patch
+++ b/exim-4.63-procmail.patch
@ -0,0 +1,32 @@
 --- exim-4.63/src/configure.default~	2006-09-03 15:02:28.000000000 -0700
 +++ exim-4.63/src/configure.default	2006-09-03 15:46:53.000000000 -0700
@@ -680,6 +680,12 @@ userforward:
   pipe_transport = address_pipe
   reply_transport = address_reply
 +procmail:
 +  driver = accept
 +  check_local_user
 +  require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
 +  transport = procmail
 +  no_verify
 # This router matches local user mailboxes. If the router fails, the error
 # message is "Unknown user".
@@ -717,6 +723,16 @@ begin transports
 remote_smtp:
   driver = smtp
 +# This transport invokes procmail to deliver mail
 +procmail:
 +  driver = pipe
 +  command = "/usr/bin/procmail -d $local_part"
 +  return_path_add
 +  delivery_date_add
 +  envelope_to_add
 +  user = $local_part
 +  initgroups
 +  return_output
 # This transport is used for local delivery to user mailboxes in traditional
 # BSD mailbox format. By default it will be run under the uid and gid of the
--- a/exim.spec
+++ b/exim.spec
@ -1,11 +1,18 @@
 # SA-Exim has long since been obsoleted by the proper built-in ACL support
 # from exiscan. Disable it for FC6 unless people scream.
-# %define buildsa 1
+%if 0%{?fedora} < 6
 %define buildsa 1
 %endif
 # Build clamav subpackage for FC5 and above.
 %if 0%{?fedora} >= 5
 %define buildclam 1
 %endif
 Summary: The exim mail transfer agent
 Name: exim
 Version: 4.63
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPL
 Url: http://www.exim.org/
 Group: System Environment/Daemons
@ -15,6 +22,9 @@ Provides: /usr/sbin/sendmail /usr/bin/mailq /usr/bin/rmail
 Requires(post): /sbin/chkconfig /sbin/service %{_sbindir}/alternatives
 Requires(preun): /sbin/chkconfig /sbin/service %{_sbindir}/alternatives
 Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
 %if 0%{?buildclam}
 BuildRequires: clamav-devel
 %endif
 Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
 Source2: exim.init
 Source3: exim.sysconfig
@ -32,6 +42,9 @@ Patch14: exim-4.50-spamdconf.patch
 Patch15: exim-4.52-dynamic-pcre.patch
 Patch17: exim-4.61-ldap-deprecated.patch
 Patch18: exim-4.62-dlopen-localscan.patch
 Patch19: exim-4.63-procmail.patch
 Patch20: exim-4.63-allow-filter.patch
 Patch21: exim-4.63-localhost-is-local.patch
 Requires: /etc/aliases
 BuildRequires: db4-devel openssl-devel openldap-devel pam-devel
@ -70,6 +83,31 @@ Requires: exim = %{version}-%{release}
 Allows running of SA on incoming mail and rejection at SMTP time as
 well as other nasty things like teergrubing.
 %package clamav
 Summary: Clam Antivirus scanner dæmon configuration for use with Exim
 Group: System Environment/Daemons
 Requires: clamav-server
 Obsoletes: clamav-exim <= 0.86.2
 Requires(post): /sbin/chkconfig /sbin/service
 Requires(preun): /sbin/chkconfig /sbin/service
 %description clamav
 This package contains configuration files which invoke a copy of the
 clamav dæmon for use with Exim. It can be activated by adding (or
 uncommenting)
   av_scanner = clamd:%{_var}/run/clamd.exim/clamd.sock
 in your exim.conf, and using the 'malware' condition in the DATA ACL,
 as follows:
   deny message = This message contains malware ($malware_name)
      malware = *
 For further details of Exim content scanning, see chapter 40 of the Exim
 specification:
 http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch40.html#SECTscanvirus
 %prep
 %setup -q
 %if 0%{?buildsa}
@ -87,6 +125,9 @@ cp exim_monitor/EDITME Local/eximon.conf
 %patch15 -p1 -b .pcre
 %patch17 -p1 -b .ldap
 %patch18 -p1 -b .dl
 %patch19 -p1 -b .procmail
 %patch20 -p1 -b .filter
 %patch21 -p1 -b .localhost
 %build
 %ifnarch s390 s390x
@ -159,8 +200,8 @@ pod2man --center=EXIM --section=8 \
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
 install -m 644 %SOURCE3 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/exim
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
+mkdir -p $RPM_BUILD_ROOT%{_initrddir}
-install %SOURCE2 $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/exim
+install %SOURCE2 $RPM_BUILD_ROOT%{_initrddir}/exim
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
 install -m 0644 %SOURCE4 $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/exim
@ -179,12 +220,41 @@ mkdir -p $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}
 touch $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
 chmod 600 $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
 %if 0%{?buildclam}
 # Munge the clamav init and config files from clamav-devel. This really ought
 # to be a subpackage of clamav, but this hack will have to do for now.
 function clamsubst() {
 	 sed -e "s!<SERVICE>!$3!g;s!<USER>!$4!g;""$5" %{_datadir}/clamav/template/"$1" >"$RPM_BUILD_ROOT$2"
 }
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/clamd.d
 clamsubst clamd.conf %{_sysconfdir}/clamd.d/exim.conf exim exim \
       's!^##*\(\(LogFile\|LocalSocket\|PidFile\|User\)\s\|\(StreamSaveToDisk\|ScanMail\|LogTime\|ScanArchive\)$\)!\1!;s!^Example!#Example!;'
 clamsubst clamd.init %{_initrddir}/clamd.exim exim exim ''
 clamsubst clamd.logrotate %{_sysconfdir}/logrotate.d/clamd.exim exim exim ''
 cat <<EOF > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/clamd.exim
 CLAMD_CONFIG='%_sysconfdir/clamd.d/exim.conf'
 CLAMD_SOCKET=%{_var}/run/clamd.exim/clamd.sock
 EOF
 ln -sf clamd $RPM_BUILD_ROOT/usr/sbin/clamd.exim
 mkdir -p $RPM_BUILD_ROOT%{_var}/run/clamd.exim
 %endif
 %clean
 rm -rf $RPM_BUILD_ROOT
 %pre
 %{_sbindir}/useradd -d %{_var}/spool/exim -s /sbin/nologin -G mail -M -r -u 93 exim 2>/dev/null
 # Copy TLS certs from old location to new -- don't move them, because the
 # config file may be modified and may be pointing to the old location.
 if [ ! -f /etc/pki/tls/certs/exim.pem -a -f %{_datadir}/ssl/certs/exim.pem ] ; then
   cp %{_datadir}/ssl/certs/exim.pem /etc/pki/tls/certs/exim.pem
   cp %{_datadir}/ssl/private/exim.pem /etc/pki/tls/private/exim.pem
 fi
 exit 0
 %post
@ -301,7 +371,35 @@ fi
 %doc sa-exim*/{ACKNOWLEDGEMENTS,INSTALL,LICENSE,TODO}
 %endif
 %if 0%{?buildclam}
 %post clamav
 /sbin/chkconfig --add clamd.exim
 %preun clamav
 test "$1" != 0 || %{_initrddir}/clamd.exim stop &>/dev/null || :
 test "$1" != 0 || /sbin/chkconfig --del clamd.exim
 %postun clamav
 test "$1"  = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null || :
 %files clamav
 %defattr(0644,root,root,-)
 %attr(0755,root,root)%{_sbindir}/clamd.exim
 %config %{_initrddir}/clamd.exim
 %config(noreplace) %verify(not mtime) %{_sysconfdir}/clamd.d/exim.conf
 %config(noreplace) %verify(not mtime) %{_sysconfdir}/sysconfig/clamd.exim
 %config(noreplace) %verify(not mtime) %{_sysconfdir}/logrotate.d/clamd.exim
 %attr(0750,exim,exim) %dir %{_var}/run/clamd.exim
 %endif
 %changelog
 * Sun Sep 3 2006 David Woodhouse <dwmw2@infradead.org> - 4.63-2
 - Add procmail router and transport (#146848)
 - Add localhost and localhost.localdomain as local domains (#198511)
 - Fix mispatched authenticators (#204591)
 - Other cleanups of config file and extra examples
 - Add exim-clamav subpackage
 * Sat Aug 26 2006 David Woodhouse <dwmw2@infradead.org> - 4.63-1
 - Update to 4.63
 - Disable sa-exim, but leave the dlopen patch in
--- a/needs.rebuild
+++ b/needs.rebuild
@ -1 +0,0 @@
 http://fedoraproject.org/wiki/Extras/Schedule/FC6MassRebuild
		`@ -1 +0,0 @@`
			`http://fedoraproject.org/wiki/Extras/Schedule/FC6MassRebuild`