New version
Resolves: rhbz#1782320 Consolidated and simplified patches Dropped dane-enable patch (not needed)
This commit is contained in:
parent
fff63283f3
commit
83e2d62d42
|
@ -1,14 +0,0 @@
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
|
||||||
index be31066..e48dd93 100644
|
|
||||||
--- a/src/EDITME
|
|
||||||
+++ b/src/EDITME
|
|
||||||
@@ -316,6 +316,9 @@ LOOKUP_MYSQL=2
|
|
||||||
LOOKUP_MYSQL_PC=mariadb
|
|
||||||
LOOKUP_NIS=yes
|
|
||||||
LOOKUP_NISPLUS=yes
|
|
||||||
+CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc
|
|
||||||
+LIBS+=-L/usr/$(_lib)/nsl
|
|
||||||
+
|
|
||||||
# LOOKUP_ORACLE=yes
|
|
||||||
LOOKUP_PASSWD=yes
|
|
||||||
LOOKUP_PGSQL=2
|
|
|
@ -1,13 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index cef3779..09f0b36 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -810,7 +810,7 @@ userforward:
|
|
||||||
# local_part_suffix = +* : -*
|
|
||||||
# local_part_suffix_optional
|
|
||||||
file = $home/.forward
|
|
||||||
-# allow_filter
|
|
||||||
+ allow_filter
|
|
||||||
no_verify
|
|
||||||
no_expn
|
|
||||||
check_ancestor
|
|
|
@ -1,299 +0,0 @@
|
||||||
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
|
|
||||||
index 7e0bf38..c97ccec 100755
|
|
||||||
--- a/scripts/Configure-Makefile
|
|
||||||
+++ b/scripts/Configure-Makefile
|
|
||||||
@@ -297,7 +297,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
|
||||||
|
|
||||||
mv $mft $mftt
|
|
||||||
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
|
|
||||||
- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
|
|
||||||
+ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
|
|
||||||
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
|
|
||||||
echo "" >>$mft
|
|
||||||
cat $mftt >> $mft
|
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
|
||||||
index cbb0805..a42cd6f 100644
|
|
||||||
--- a/src/EDITME
|
|
||||||
+++ b/src/EDITME
|
|
||||||
@@ -98,7 +98,7 @@
|
|
||||||
# /usr/local/sbin. The installation script will try to create this directory,
|
|
||||||
# and any superior directories, if they do not exist.
|
|
||||||
|
|
||||||
-BIN_DIRECTORY=/usr/exim/bin
|
|
||||||
+BIN_DIRECTORY=/usr/sbin
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -114,7 +114,7 @@ BIN_DIRECTORY=/usr/exim/bin
|
|
||||||
# don't exist. It will also install a default runtime configuration if this
|
|
||||||
# file does not exist.
|
|
||||||
|
|
||||||
-CONFIGURE_FILE=/usr/exim/configure
|
|
||||||
+CONFIGURE_FILE=/etc/exim/exim.conf
|
|
||||||
|
|
||||||
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
|
|
||||||
# In this case, Exim will use the first of them that exists when it is run.
|
|
||||||
@@ -131,7 +131,7 @@ CONFIGURE_FILE=/usr/exim/configure
|
|
||||||
# deliveries. (Local deliveries run as various non-root users, typically as the
|
|
||||||
# owner of a local mailbox.) Specifying these values as root is not supported.
|
|
||||||
|
|
||||||
-EXIM_USER=
|
|
||||||
+EXIM_USER=93
|
|
||||||
|
|
||||||
# If you specify EXIM_USER as a name, this is looked up at build time, and the
|
|
||||||
# uid number is built into the binary. However, you can specify that this
|
|
||||||
@@ -152,7 +152,7 @@ EXIM_USER=
|
|
||||||
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
|
|
||||||
# you want to use a group other than the default group for the given user.
|
|
||||||
|
|
||||||
-# EXIM_GROUP=
|
|
||||||
+EXIM_GROUP=93
|
|
||||||
|
|
||||||
# Many sites define a user called "exim", with an appropriate default group,
|
|
||||||
# and use
|
|
||||||
@@ -237,7 +237,7 @@ TRANSPORT_SMTP=yes
|
|
||||||
# This one is special-purpose, and commonly not required, so it is not
|
|
||||||
# included by default.
|
|
||||||
|
|
||||||
-# TRANSPORT_LMTP=yes
|
|
||||||
+TRANSPORT_LMTP=yes
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -246,9 +246,9 @@ TRANSPORT_SMTP=yes
|
|
||||||
# MBX, is included only when requested. If you do not know what this is about,
|
|
||||||
# leave these settings commented out.
|
|
||||||
|
|
||||||
-# SUPPORT_MAILDIR=yes
|
|
||||||
-# SUPPORT_MAILSTORE=yes
|
|
||||||
-# SUPPORT_MBX=yes
|
|
||||||
+SUPPORT_MAILDIR=yes
|
|
||||||
+SUPPORT_MAILSTORE=yes
|
|
||||||
+SUPPORT_MBX=yes
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -306,20 +306,22 @@ LOOKUP_DBM=yes
|
|
||||||
LOOKUP_LSEARCH=yes
|
|
||||||
LOOKUP_DNSDB=yes
|
|
||||||
|
|
||||||
-# LOOKUP_CDB=yes
|
|
||||||
-# LOOKUP_DSEARCH=yes
|
|
||||||
+LOOKUP_CDB=yes
|
|
||||||
+LOOKUP_DSEARCH=yes
|
|
||||||
# LOOKUP_IBASE=yes
|
|
||||||
-# LOOKUP_LDAP=yes
|
|
||||||
-# LOOKUP_MYSQL=yes
|
|
||||||
-# LOOKUP_MYSQL_PC=mariadb
|
|
||||||
-# LOOKUP_NIS=yes
|
|
||||||
-# LOOKUP_NISPLUS=yes
|
|
||||||
+LOOKUP_LDAP=yes
|
|
||||||
+LDAP_LIB_TYPE=OPENLDAP2
|
|
||||||
+LOOKUP_LIBS=-lldap -llber -lsqlite3
|
|
||||||
+LOOKUP_MYSQL=2
|
|
||||||
+LOOKUP_MYSQL_PC=mariadb
|
|
||||||
+LOOKUP_NIS=yes
|
|
||||||
+LOOKUP_NISPLUS=yes
|
|
||||||
# LOOKUP_ORACLE=yes
|
|
||||||
-# LOOKUP_PASSWD=yes
|
|
||||||
-# LOOKUP_PGSQL=yes
|
|
||||||
+LOOKUP_PASSWD=yes
|
|
||||||
+LOOKUP_PGSQL=2
|
|
||||||
+LOOKUP_PGSQL_LIBS=-lpq
|
|
||||||
# LOOKUP_REDIS=yes
|
|
||||||
-# LOOKUP_SQLITE=yes
|
|
||||||
-# LOOKUP_SQLITE_PC=sqlite3
|
|
||||||
+LOOKUP_SQLITE=yes
|
|
||||||
# LOOKUP_WHOSON=yes
|
|
||||||
|
|
||||||
# These two settings are obsolete; all three lookups are compiled when
|
|
||||||
@@ -402,7 +404,7 @@ EXIM_MONITOR=eximon.bin
|
|
||||||
# and the MIME ACL. Please read the documentation to learn more about these
|
|
||||||
# features.
|
|
||||||
|
|
||||||
-# WITH_CONTENT_SCAN=yes
|
|
||||||
+WITH_CONTENT_SCAN=yes
|
|
||||||
|
|
||||||
# If you have content scanning you may wish to only include some of the scanner
|
|
||||||
# interfaces. Uncomment any of these lines to remove that code.
|
|
||||||
@@ -595,7 +597,7 @@ FIXED_NEVER_USERS=root
|
|
||||||
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
|
||||||
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
|
||||||
|
|
||||||
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
|
|
||||||
+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -640,17 +642,14 @@ FIXED_NEVER_USERS=root
|
|
||||||
# included in the Exim binary. You will then need to set up the run time
|
|
||||||
# configuration to make use of the mechanism(s) selected.
|
|
||||||
|
|
||||||
-# AUTH_CRAM_MD5=yes
|
|
||||||
-# AUTH_CYRUS_SASL=yes
|
|
||||||
-# AUTH_DOVECOT=yes
|
|
||||||
-# AUTH_GSASL=yes
|
|
||||||
-# AUTH_GSASL_PC=libgsasl
|
|
||||||
-# AUTH_HEIMDAL_GSSAPI=yes
|
|
||||||
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
|
|
||||||
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
|
|
||||||
-# AUTH_PLAINTEXT=yes
|
|
||||||
-# AUTH_SPA=yes
|
|
||||||
-# AUTH_TLS=yes
|
|
||||||
+AUTH_CRAM_MD5=yes
|
|
||||||
+AUTH_CYRUS_SASL=yes
|
|
||||||
+AUTH_DOVECOT=yes
|
|
||||||
+AUTH_GSASL=yes
|
|
||||||
+AUTH_GSASL_PC=libgsasl
|
|
||||||
+AUTH_PLAINTEXT=yes
|
|
||||||
+AUTH_SPA=yes
|
|
||||||
+AUTH_TLS=yes
|
|
||||||
|
|
||||||
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
|
|
||||||
# requires multiple pkg-config files to work with Exim, so the second example
|
|
||||||
@@ -674,7 +673,7 @@ FIXED_NEVER_USERS=root
|
|
||||||
# one that is set in the headers_charset option. The default setting is
|
|
||||||
# defined by this setting:
|
|
||||||
|
|
||||||
-HEADERS_CHARSET="ISO-8859-1"
|
|
||||||
+HEADERS_CHARSET="UTF-8"
|
|
||||||
|
|
||||||
# If you are going to make use of $header_xxx expansions in your configuration
|
|
||||||
# file, or if your users are going to use them in filter files, and the normal
|
|
||||||
@@ -694,7 +693,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
|
||||||
# the Sieve filter support. For those OS where iconv() is known to be installed
|
|
||||||
# as standard, the file in OS/Makefile-xxxx contains
|
|
||||||
#
|
|
||||||
-# HAVE_ICONV=yes
|
|
||||||
+HAVE_ICONV=yes
|
|
||||||
#
|
|
||||||
# If you are not using one of those systems, but have installed iconv(), you
|
|
||||||
# need to uncomment that line above. In some cases, you may find that iconv()
|
|
||||||
@@ -763,11 +762,11 @@ HEADERS_CHARSET="ISO-8859-1"
|
|
||||||
# leave these settings commented out.
|
|
||||||
|
|
||||||
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
|
|
||||||
-# SUPPORT_TLS=yes
|
|
||||||
+SUPPORT_TLS=yes
|
|
||||||
|
|
||||||
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
|
|
||||||
-# USE_OPENSSL_PC=openssl
|
|
||||||
-# TLS_LIBS=-lssl -lcrypto
|
|
||||||
+TLS_INCLUDE=-I/usr/kerberos/include
|
|
||||||
+TLS_LIBS=-lssl -lcrypto
|
|
||||||
|
|
||||||
# Uncomment the first and either the second or the third of these if you
|
|
||||||
# are using GnuTLS. If you have pkg-config, then the second, else the third.
|
|
||||||
@@ -839,7 +838,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
|
||||||
# Once you have done this, "make install" will build the info files and
|
|
||||||
# install them in the directory you have defined.
|
|
||||||
|
|
||||||
-# INFO_DIRECTORY=/usr/share/info
|
|
||||||
+INFO_DIRECTORY=/usr/share/info
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -852,7 +851,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
|
||||||
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
|
||||||
# to form the final file names. Some installations may want something like this:
|
|
||||||
|
|
||||||
-# LOG_FILE_PATH=/var/log/exim_%slog
|
|
||||||
+LOG_FILE_PATH=/var/log/exim/%s.log
|
|
||||||
|
|
||||||
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
|
||||||
# in which the log files are placed must exist; Exim does not try to create
|
|
||||||
@@ -924,7 +923,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
|
||||||
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
|
||||||
# Perl costs quite a lot of resources. Only do this if you really need it.
|
|
||||||
|
|
||||||
-# EXIM_PERL=perl.o
|
|
||||||
+EXIM_PERL=perl.o
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -934,7 +933,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
|
||||||
# that the local_scan API is made available by the linker. You may also need
|
|
||||||
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
|
||||||
|
|
||||||
-# EXPAND_DLFUNC=yes
|
|
||||||
+EXPAND_DLFUNC=yes
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -944,7 +943,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
|
||||||
# support, which is intended for use in conjunction with the SMTP AUTH
|
|
||||||
# facilities, is included only when requested by the following setting:
|
|
||||||
|
|
||||||
-# SUPPORT_PAM=yes
|
|
||||||
+SUPPORT_PAM=yes
|
|
||||||
|
|
||||||
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
|
||||||
# GNU/Linux -ldl is also needed.
|
|
||||||
@@ -1052,7 +1051,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
|
||||||
# group. Once you have installed saslauthd, you should arrange for it to be
|
|
||||||
# started by root at boot time.
|
|
||||||
|
|
||||||
-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
|
|
||||||
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -1066,8 +1065,8 @@ ZCAT_COMMAND=/usr/bin/zcat
|
|
||||||
# library for TCP wrappers, so you probably need something like this:
|
|
||||||
#
|
|
||||||
# USE_TCP_WRAPPERS=yes
|
|
||||||
-# CFLAGS=-O -I/usr/local/include
|
|
||||||
-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
|
|
||||||
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
|
|
||||||
+EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
|
|
||||||
#
|
|
||||||
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
|
||||||
# as well.
|
|
||||||
@@ -1119,7 +1118,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
|
||||||
# is "yes", as well as supporting line editing, a history of input lines in the
|
|
||||||
# current run is maintained.
|
|
||||||
|
|
||||||
-# USE_READLINE=yes
|
|
||||||
+USE_READLINE=yes
|
|
||||||
|
|
||||||
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
|
||||||
# Note that this option adds to the size of the Exim binary, because the
|
|
||||||
@@ -1136,7 +1135,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
# Uncomment this setting to include IPv6 support.
|
|
||||||
|
|
||||||
-# HAVE_IPV6=yes
|
|
||||||
+HAVE_IPV6=yes
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
|
||||||
@@ -1157,13 +1156,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
|
||||||
# haven't got Perl, Exim will still build and run; you just won't be able to
|
|
||||||
# use those utilities.
|
|
||||||
|
|
||||||
-# CHOWN_COMMAND=/usr/bin/chown
|
|
||||||
-# CHGRP_COMMAND=/usr/bin/chgrp
|
|
||||||
-# CHMOD_COMMAND=/usr/bin/chmod
|
|
||||||
-# MV_COMMAND=/bin/mv
|
|
||||||
-# RM_COMMAND=/bin/rm
|
|
||||||
-# TOUCH_COMMAND=/usr/bin/touch
|
|
||||||
-# PERL_COMMAND=/usr/bin/perl
|
|
||||||
+CHOWN_COMMAND=/usr/bin/chown
|
|
||||||
+CHGRP_COMMAND=/usr/bin/chgrp
|
|
||||||
+CHMOD_COMMAND=/usr/bin/chmod
|
|
||||||
+MV_COMMAND=/usr/bin/mv
|
|
||||||
+RM_COMMAND=/usr/bin/rm
|
|
||||||
+TOUCH_COMMAND=/usr/bin/touch
|
|
||||||
+PERL_COMMAND=/usr/bin/perl
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -1365,7 +1364,7 @@ EXIM_TMPDIR="/tmp"
|
|
||||||
# (process id) to a file so that it can easily be identified. The path of the
|
|
||||||
# file can be specified here. Some installations may want something like this:
|
|
||||||
|
|
||||||
-# PID_FILE_PATH=/var/lock/exim.pid
|
|
||||||
+PID_FILE_PATH=/var/run/exim.pid
|
|
||||||
|
|
||||||
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
|
|
||||||
# using the name "exim-daemon.pid".
|
|
|
@ -1,21 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 69e0ed1..6db4947 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -901,6 +901,16 @@ address_reply:
|
|
||||||
driver = autoreply
|
|
||||||
|
|
||||||
|
|
||||||
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
|
|
||||||
+# socket. You'll need to configure the 'localuser' router above to use it.
|
|
||||||
+#
|
|
||||||
+#lmtp_delivery:
|
|
||||||
+# home_directory = /var/spool/imap
|
|
||||||
+# driver = lmtp
|
|
||||||
+# command = "/usr/lib/cyrus-imapd/deliver -l"
|
|
||||||
+# batch_max = 20
|
|
||||||
+# user = cyrus
|
|
||||||
+
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
# RETRY CONFIGURATION #
|
|
|
@ -1,13 +0,0 @@
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
|
||||||
index e3b98e9..d621c46 100644
|
|
||||||
--- a/src/EDITME
|
|
||||||
+++ b/src/EDITME
|
|
||||||
@@ -372,7 +372,7 @@ PCRE_CONFIG=yes
|
|
||||||
# Uncomment the following line to add DANE support
|
|
||||||
# Note: Enabling this unconditionally overrides DISABLE_DNSSEC
|
|
||||||
# For DANE under GnuTLS we need an additional library. See TLS_LIBS below.
|
|
||||||
-# SUPPORT_DANE=yes
|
|
||||||
+SUPPORT_DANE=yes
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
# Additional libraries and include directories may be required for some
|
|
|
@ -1,15 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 241a961..1403d4a 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -384,8 +384,8 @@ timeout_frozen_after = 7d
|
|
||||||
# Note that TZ is handled separately by the timezone runtime option
|
|
||||||
# and TIMEZONE_DEFAULT buildtime option.
|
|
||||||
|
|
||||||
-# keep_environment = ^LDAP
|
|
||||||
-# add_environment = PATH=/usr/bin::/bin
|
|
||||||
+keep_environment = ^LDAP
|
|
||||||
+add_environment = PATH=/usr/bin::/bin
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,119 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 9242bac..eabf102 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -119,6 +119,7 @@ hostlist relay_from_hosts = localhost
|
|
||||||
# manual for details. The lists above are used in the access control lists for
|
|
||||||
# checking incoming messages. The names of these ACLs are defined here:
|
|
||||||
|
|
||||||
+acl_smtp_mail = acl_check_mail
|
|
||||||
acl_smtp_rcpt = acl_check_rcpt
|
|
||||||
.ifdef _HAVE_PRDR
|
|
||||||
acl_smtp_data_prdr = acl_check_prdr
|
|
||||||
@@ -395,6 +396,29 @@ timeout_frozen_after = 7d
|
|
||||||
|
|
||||||
begin acl
|
|
||||||
|
|
||||||
+
|
|
||||||
+# This access control list is used for the MAIL command in an incoming
|
|
||||||
+# SMTP message.
|
|
||||||
+
|
|
||||||
+acl_check_mail:
|
|
||||||
+
|
|
||||||
+ # Hosts are required to say HELO (or EHLO) before sending mail.
|
|
||||||
+ # So don't allow them to use the MAIL command if they haven't
|
|
||||||
+ # done so.
|
|
||||||
+
|
|
||||||
+ deny condition = ${if eq{$sender_helo_name}{} {1}}
|
|
||||||
+ message = Nice boys say HELO first
|
|
||||||
+
|
|
||||||
+ # Use the lack of reverse DNS to trigger greylisting. Some people
|
|
||||||
+ # even reject for it but that would be a little excessive.
|
|
||||||
+
|
|
||||||
+ warn condition = ${if eq{$sender_host_name}{} {1}}
|
|
||||||
+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
|
|
||||||
+
|
|
||||||
+ accept
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
# This access control list is used for every RCPT command in an incoming
|
|
||||||
# SMTP message. The tests are run in order until the address is either
|
|
||||||
# accepted or denied.
|
|
||||||
@@ -520,7 +544,8 @@ acl_check_rcpt:
|
|
||||||
# There are no default checks on DNS black lists because the domains that
|
|
||||||
# contain these lists are changing all the time. However, here are two
|
|
||||||
# examples of how you can get Exim to perform a DNS black list lookup at this
|
|
||||||
- # point. The first one denies, whereas the second just warns.
|
|
||||||
+ # point. The first one denies, whereas the second just warns. The third
|
|
||||||
+ # triggers greylisting for any host in the blacklist.
|
|
||||||
#
|
|
||||||
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
|
||||||
# dnslists = black.list.example
|
|
||||||
@@ -528,6 +553,10 @@ acl_check_rcpt:
|
|
||||||
# warn dnslists = black.list.example
|
|
||||||
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
|
||||||
# log_message = found in $dnslist_domain
|
|
||||||
+ #
|
|
||||||
+ # warn dnslists = black.list.example
|
|
||||||
+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
|
|
||||||
+ #
|
|
||||||
#############################################################################
|
|
||||||
|
|
||||||
#############################################################################
|
|
||||||
@@ -554,6 +583,10 @@ acl_check_rcpt:
|
|
||||||
# set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
|
|
||||||
#############################################################################
|
|
||||||
|
|
||||||
+ # Alternatively, greylist for it:
|
|
||||||
+ # warn !verify = csa
|
|
||||||
+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
|
|
||||||
+
|
|
||||||
# At this point, the address has passed all the checks that have been
|
|
||||||
# configured, so we accept it unconditionally.
|
|
||||||
|
|
||||||
@@ -612,6 +645,12 @@ acl_check_data:
|
|
||||||
# deny condition = ${if !def:h_Message-ID: {1}}
|
|
||||||
# message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
|
||||||
# Most messages without it are spam, so your mail has been rejected.
|
|
||||||
+ #
|
|
||||||
+ # Alternatively if we're feeling more lenient we could just use it to
|
|
||||||
+ # trigger greylisting instead:
|
|
||||||
+
|
|
||||||
+ warn condition = ${if !def:h_Message-ID: {1}}
|
|
||||||
+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
|
|
||||||
|
|
||||||
# Deny if the message contains a virus. Before enabling this check, you
|
|
||||||
# must install a virus scanner and set the av_scanner option above.
|
|
||||||
@@ -658,8 +697,31 @@ acl_check_data:
|
|
||||||
# message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
|
||||||
# $spam_report
|
|
||||||
|
|
||||||
+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
|
|
||||||
+ #
|
|
||||||
+ # warn condition = ${if >{$spam_score_int}{5} {1}}
|
|
||||||
+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+ # If you want to greylist _all_ mail rather than only mail which looks like there
|
|
||||||
+ # might be something wrong with it, then you can do this...
|
|
||||||
+ #
|
|
||||||
+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
|
|
||||||
+
|
|
||||||
+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist
|
|
||||||
+ # package which contains this subroutine, and you need to uncomment the bit below
|
|
||||||
+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
|
|
||||||
+ # greylisting will kick in and will defer the mail to check if the sender is a
|
|
||||||
+ # proper mail which which retries, or whether it's a zombie. For more details, see
|
|
||||||
+ # the exim-greylist.conf.inc file itself.
|
|
||||||
+ #
|
|
||||||
+ # require acl = greylist_mail
|
|
||||||
+
|
|
||||||
accept
|
|
||||||
|
|
||||||
+# To enable the greylisting, also uncomment this line:
|
|
||||||
+# .include /etc/exim/exim-greylist.conf.inc
|
|
||||||
+
|
|
||||||
acl_check_mime:
|
|
||||||
|
|
||||||
# File extension filtering.
|
|
|
@ -1,13 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 09f0b36..9242bac 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -67,7 +67,7 @@
|
|
||||||
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
|
|
||||||
# are all colon-separated lists:
|
|
||||||
|
|
||||||
-domainlist local_domains = @
|
|
||||||
+domainlist local_domains = @ : localhost : localhost.localdomain
|
|
||||||
domainlist relay_to_domains =
|
|
||||||
hostlist relay_from_hosts = localhost
|
|
||||||
# (We rely upon hostname resolution working for localhost, because the default
|
|
|
@ -1,78 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 6db4947..f1198b1 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -157,7 +157,7 @@ acl_smtp_data = acl_check_data
|
|
||||||
|
|
||||||
# Allow any client to use TLS.
|
|
||||||
|
|
||||||
-# tls_advertise_hosts = *
|
|
||||||
+tls_advertise_hosts = *
|
|
||||||
|
|
||||||
# Specify the location of the Exim server's TLS certificate and private key.
|
|
||||||
# The private key must not be encrypted (password protected). You can put
|
|
||||||
@@ -165,8 +165,8 @@ acl_smtp_data = acl_check_data
|
|
||||||
# need the first setting, or in separate files, in which case you need both
|
|
||||||
# options.
|
|
||||||
|
|
||||||
-# tls_certificate = /etc/ssl/exim.crt
|
|
||||||
-# tls_privatekey = /etc/ssl/exim.pem
|
|
||||||
+tls_certificate = /etc/pki/tls/certs/exim.pem
|
|
||||||
+tls_privatekey = /etc/pki/tls/private/exim.pem
|
|
||||||
|
|
||||||
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
|
|
||||||
# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
|
|
||||||
@@ -180,8 +180,8 @@ acl_smtp_data = acl_check_data
|
|
||||||
# them you should also allow TLS-on-connect on the traditional but
|
|
||||||
# non-standard port 465.
|
|
||||||
|
|
||||||
-# daemon_smtp_ports = 25 : 465 : 587
|
|
||||||
-# tls_on_connect_ports = 465
|
|
||||||
+daemon_smtp_ports = 25 : 465 : 587
|
|
||||||
+tls_on_connect_ports = 465
|
|
||||||
|
|
||||||
|
|
||||||
# Specify the domain you want to be added to all unqualified addresses
|
|
||||||
@@ -239,6 +239,24 @@ never_users = root
|
|
||||||
|
|
||||||
host_lookup = *
|
|
||||||
|
|
||||||
+# This setting, if uncommented, allows users to authenticate using
|
|
||||||
+# their system passwords against saslauthd if they connect over a
|
|
||||||
+# secure connection. If you have network logins such as NIS or
|
|
||||||
+# Kerberos rather than only local users, then you possibly also want
|
|
||||||
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
|
|
||||||
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
|
|
||||||
+# allows them to relay through the system.
|
|
||||||
+#
|
|
||||||
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
|
|
||||||
+#
|
|
||||||
+# By default, we set this option to allow SMTP AUTH from nowhere
|
|
||||||
+# (Exim's default would be to allow it from anywhere, even on an
|
|
||||||
+# unencrypted connection).
|
|
||||||
+#
|
|
||||||
+# Comment this one out if you uncomment the above. Did you make sure
|
|
||||||
+# saslauthd is actually running first?
|
|
||||||
+#
|
|
||||||
+auth_advertise_hosts =
|
|
||||||
|
|
||||||
# The setting below causes Exim to try to initialize the system resolver
|
|
||||||
# library with DNSSEC support. It has no effect if your library lacks
|
|
||||||
@@ -980,7 +998,7 @@ begin authenticators
|
|
||||||
# driver = plaintext
|
|
||||||
# server_set_id = $auth2
|
|
||||||
# server_prompts = :
|
|
||||||
-# server_condition = Authentication is not yet configured
|
|
||||||
+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
|
|
||||||
# server_advertise_condition = ${if def:tls_in_cipher }
|
|
||||||
|
|
||||||
# LOGIN authentication has traditional prompts and responses. There is no
|
|
||||||
@@ -992,7 +1010,7 @@ begin authenticators
|
|
||||||
# driver = plaintext
|
|
||||||
# server_set_id = $auth1
|
|
||||||
# server_prompts = <| Username: | Password:
|
|
||||||
-# server_condition = Authentication is not yet configured
|
|
||||||
+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
|
|
||||||
# server_advertise_condition = ${if def:tls_in_cipher }
|
|
||||||
|
|
||||||
|
|
|
@ -1,34 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 8f88a3b..cef3779 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -818,6 +818,12 @@ userforward:
|
|
||||||
pipe_transport = address_pipe
|
|
||||||
reply_transport = address_reply
|
|
||||||
|
|
||||||
+procmail:
|
|
||||||
+ driver = accept
|
|
||||||
+ check_local_user
|
|
||||||
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
|
|
||||||
+ transport = procmail
|
|
||||||
+ no_verify
|
|
||||||
|
|
||||||
# This router matches local user mailboxes. If the router fails, the error
|
|
||||||
# message is "Unknown user".
|
|
||||||
@@ -866,6 +872,16 @@ remote_smtp:
|
|
||||||
hosts_try_prdr = *
|
|
||||||
.endif
|
|
||||||
|
|
||||||
+# This transport invokes procmail to deliver mail
|
|
||||||
+procmail:
|
|
||||||
+ driver = pipe
|
|
||||||
+ command = "/usr/bin/procmail -d $local_part"
|
|
||||||
+ return_path_add
|
|
||||||
+ delivery_date_add
|
|
||||||
+ envelope_to_add
|
|
||||||
+ user = $local_part
|
|
||||||
+ initgroups
|
|
||||||
+ return_output
|
|
||||||
|
|
||||||
# This transport is used for delivering messages to a smarthost, if the
|
|
||||||
# smarthost router is enabled. This starts from the same basis as
|
|
|
@ -1,24 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 555dec3..69e0ed1 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -718,7 +718,7 @@ system_aliases:
|
|
||||||
driver = redirect
|
|
||||||
allow_fail
|
|
||||||
allow_defer
|
|
||||||
- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
|
|
||||||
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
|
|
||||||
# user = exim
|
|
||||||
file_transport = address_file
|
|
||||||
pipe_transport = address_pipe
|
|
||||||
@@ -867,8 +867,8 @@ local_delivery:
|
|
||||||
delivery_date_add
|
|
||||||
envelope_to_add
|
|
||||||
return_path_add
|
|
||||||
-# group = mail
|
|
||||||
-# mode = 0660
|
|
||||||
+ group = mail
|
|
||||||
+ mode = 0660
|
|
||||||
|
|
||||||
|
|
||||||
# This transport is used for handling pipe deliveries generated by alias or
|
|
|
@ -1,51 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index eabf102..db2d98a 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -934,6 +934,15 @@ remote_smtp:
|
|
||||||
hosts_try_prdr = *
|
|
||||||
.endif
|
|
||||||
|
|
||||||
+# This transport is used for delivering messages over SMTP using the
|
|
||||||
+# "message submission" port (RFC4409).
|
|
||||||
+
|
|
||||||
+remote_msa:
|
|
||||||
+ driver = smtp
|
|
||||||
+ port = 587
|
|
||||||
+ hosts_require_auth = *
|
|
||||||
+
|
|
||||||
+
|
|
||||||
# This transport invokes procmail to deliver mail
|
|
||||||
procmail:
|
|
||||||
driver = pipe
|
|
||||||
@@ -1083,6 +1092,21 @@ begin rewrite
|
|
||||||
# AUTHENTICATION CONFIGURATION #
|
|
||||||
######################################################################
|
|
||||||
|
|
||||||
+begin authenticators
|
|
||||||
+
|
|
||||||
+# This authenticator supports CRAM-MD5 username/password authentication
|
|
||||||
+# with Exim acting as a _client_, as it might when sending its outgoing
|
|
||||||
+# mail to a smarthost rather than directly to the final recipient.
|
|
||||||
+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
|
|
||||||
+
|
|
||||||
+#client_auth:
|
|
||||||
+# driver = cram_md5
|
|
||||||
+# public_name = CRAM-MD5
|
|
||||||
+# client_name = SMTPAUTH_USERNAME
|
|
||||||
+# client_secret = SMTPAUTH_PASSWORD
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
# The following authenticators support plaintext username/password
|
|
||||||
# authentication using the standard PLAIN mechanism and the traditional
|
|
||||||
# but non-standard LOGIN mechanism, with Exim acting as the server.
|
|
||||||
@@ -1098,7 +1122,7 @@ begin rewrite
|
|
||||||
# The default RCPT ACL checks for successful authentication, and will accept
|
|
||||||
# messages from authenticated users from anywhere on the Internet.
|
|
||||||
|
|
||||||
-begin authenticators
|
|
||||||
+#
|
|
||||||
|
|
||||||
# PLAIN authentication has no server prompts. The client sends its
|
|
||||||
# credentials in one lump, containing an authorization ID (which we do not
|
|
|
@ -1,108 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index f1198b1..8f88a3b 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -124,6 +124,7 @@ acl_smtp_rcpt = acl_check_rcpt
|
|
||||||
acl_smtp_data_prdr = acl_check_prdr
|
|
||||||
.endif
|
|
||||||
acl_smtp_data = acl_check_data
|
|
||||||
+acl_smtp_mime = acl_check_mime
|
|
||||||
|
|
||||||
# You should not change those settings until you understand how ACLs work.
|
|
||||||
|
|
||||||
@@ -136,7 +137,7 @@ acl_smtp_data = acl_check_data
|
|
||||||
# of what to set for other virus scanners. The second modification is in the
|
|
||||||
# acl_check_data access control list (see below).
|
|
||||||
|
|
||||||
-# av_scanner = clamd:/tmp/clamd
|
|
||||||
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
|
|
||||||
|
|
||||||
|
|
||||||
# For spam scanning, there is a similar option that defines the interface to
|
|
||||||
@@ -458,7 +459,8 @@ acl_check_rcpt:
|
|
||||||
accept local_parts = postmaster
|
|
||||||
domains = +local_domains
|
|
||||||
|
|
||||||
- # Deny unless the sender address can be verified.
|
|
||||||
+ # Deny unless the sender address can be routed. For proper verification of the
|
|
||||||
+ # address, read the documentation on callouts and add the /callout modifier.
|
|
||||||
|
|
||||||
require verify = sender
|
|
||||||
|
|
||||||
@@ -601,21 +603,26 @@ acl_check_data:
|
|
||||||
message = header syntax
|
|
||||||
log_message = header syntax ($acl_verify_message)
|
|
||||||
|
|
||||||
+ # Put simple tests first. A good one is to check for the presence of a
|
|
||||||
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
|
|
||||||
+ # or misconfigured mailer software occasionally omits this from genuine
|
|
||||||
+ # messages too, though -- although it's not hard for the offender to fix
|
|
||||||
+ # after they receive a bounce because of it.
|
|
||||||
+ #
|
|
||||||
+ # deny condition = ${if !def:h_Message-ID: {1}}
|
|
||||||
+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
|
||||||
+ # Most messages without it are spam, so your mail has been rejected.
|
|
||||||
+
|
|
||||||
# Deny if the message contains a virus. Before enabling this check, you
|
|
||||||
# must install a virus scanner and set the av_scanner option above.
|
|
||||||
#
|
|
||||||
# deny malware = *
|
|
||||||
# message = This message contains a virus ($malware_name).
|
|
||||||
|
|
||||||
- # Add headers to a message if it is judged to be spam. Before enabling this,
|
|
||||||
- # you must install SpamAssassin. You may also need to set the spamd_address
|
|
||||||
- # option above.
|
|
||||||
+ # Bypass SpamAssassin checks if the message is too large.
|
|
||||||
#
|
|
||||||
- # warn spam = nobody
|
|
||||||
- # add_header = X-Spam_score: $spam_score\n\
|
|
||||||
- # X-Spam_score_int: $spam_score_int\n\
|
|
||||||
- # X-Spam_bar: $spam_bar\n\
|
|
||||||
- # X-Spam_report: $spam_report
|
|
||||||
+ # accept condition = ${if >={$message_size}{100000} {1}}
|
|
||||||
+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
|
|
||||||
|
|
||||||
#############################################################################
|
|
||||||
# No more tests if PRDR was actively used.
|
|
||||||
@@ -629,11 +636,40 @@ acl_check_data:
|
|
||||||
# condition = ...
|
|
||||||
#############################################################################
|
|
||||||
|
|
||||||
+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
|
|
||||||
+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
|
|
||||||
+ # score exceeds the SA system threshold.
|
|
||||||
+ #
|
|
||||||
+ # warn spam = nobody/defer_ok
|
|
||||||
+ # add_header = X-Spam-Flag: YES
|
|
||||||
+ #
|
|
||||||
+ # accept condition = ${if !def:spam_score_int {1}}
|
|
||||||
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
|
|
||||||
+ #
|
|
||||||
|
|
||||||
- # Accept the message.
|
|
||||||
+ # Unconditionally add score and report headers
|
|
||||||
+ #
|
|
||||||
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
|
|
||||||
+ # X-Spam-Report: $spam_report
|
|
||||||
+
|
|
||||||
+ # And reject if the SpamAssassin score is greater than ten
|
|
||||||
+ #
|
|
||||||
+ # deny condition = ${if >{$spam_score_int}{100} {1}}
|
|
||||||
+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
|
||||||
+ # $spam_report
|
|
||||||
|
|
||||||
accept
|
|
||||||
|
|
||||||
+acl_check_mime:
|
|
||||||
+
|
|
||||||
+ # File extension filtering.
|
|
||||||
+ deny message = Blacklisted file extension detected
|
|
||||||
+ condition = ${if match \
|
|
||||||
+ {${lc:$mime_filename}} \
|
|
||||||
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
|
|
||||||
+ {1}{0}}
|
|
||||||
+
|
|
||||||
+ accept
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
|
|
@ -1,19 +0,0 @@
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
|
||||||
index 4c20169..fbfade3 100644
|
|
||||||
--- a/src/EDITME
|
|
||||||
+++ b/src/EDITME
|
|
||||||
@@ -973,12 +973,12 @@ SUPPORT_PAM=yes
|
|
||||||
# If you may want to use outbound (client-side) proxying, using Socks5,
|
|
||||||
# uncomment the line below.
|
|
||||||
|
|
||||||
-# SUPPORT_SOCKS=yes
|
|
||||||
+SUPPORT_SOCKS=yes
|
|
||||||
|
|
||||||
# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
|
|
||||||
# uncomment the line below.
|
|
||||||
|
|
||||||
-# SUPPORT_PROXY=yes
|
|
||||||
+SUPPORT_PROXY=yes
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
|
@ -0,0 +1,749 @@
|
||||||
|
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
|
||||||
|
index ecd2083..cf1eeb2 100755
|
||||||
|
--- a/scripts/Configure-Makefile
|
||||||
|
+++ b/scripts/Configure-Makefile
|
||||||
|
@@ -297,7 +297,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
||||||
|
|
||||||
|
mv $mft $mftt
|
||||||
|
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
|
||||||
|
- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
|
||||||
|
+ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
|
||||||
|
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
|
||||||
|
echo "" >>$mft
|
||||||
|
cat $mftt >> $mft
|
||||||
|
diff --git a/src/EDITME b/src/EDITME
|
||||||
|
index 83325ab..a861c7f 100644
|
||||||
|
--- a/src/EDITME
|
||||||
|
+++ b/src/EDITME
|
||||||
|
@@ -100,7 +100,7 @@
|
||||||
|
# /usr/local/sbin. The installation script will try to create this directory,
|
||||||
|
# and any superior directories, if they do not exist.
|
||||||
|
|
||||||
|
-BIN_DIRECTORY=/usr/exim/bin
|
||||||
|
+BIN_DIRECTORY=/usr/sbin
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -116,7 +116,7 @@ BIN_DIRECTORY=/usr/exim/bin
|
||||||
|
# don't exist. It will also install a default runtime configuration if this
|
||||||
|
# file does not exist.
|
||||||
|
|
||||||
|
-CONFIGURE_FILE=/usr/exim/configure
|
||||||
|
+CONFIGURE_FILE=/etc/exim/exim.conf
|
||||||
|
|
||||||
|
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
|
||||||
|
# In this case, Exim will use the first of them that exists when it is run.
|
||||||
|
@@ -133,7 +133,7 @@ CONFIGURE_FILE=/usr/exim/configure
|
||||||
|
# deliveries. (Local deliveries run as various non-root users, typically as the
|
||||||
|
# owner of a local mailbox.) Specifying these values as root is not supported.
|
||||||
|
|
||||||
|
-EXIM_USER=
|
||||||
|
+EXIM_USER=93
|
||||||
|
|
||||||
|
# If you specify EXIM_USER as a name, this is looked up at build time, and the
|
||||||
|
# uid number is built into the binary. However, you can specify that this
|
||||||
|
@@ -154,7 +154,7 @@ EXIM_USER=
|
||||||
|
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
|
||||||
|
# you want to use a group other than the default group for the given user.
|
||||||
|
|
||||||
|
-# EXIM_GROUP=
|
||||||
|
+EXIM_GROUP=93
|
||||||
|
|
||||||
|
# Many sites define a user called "exim", with an appropriate default group,
|
||||||
|
# and use
|
||||||
|
@@ -211,10 +211,10 @@ SPOOL_DIRECTORY=/var/spool/exim
|
||||||
|
# If you are buliding with TLS, the library configuration must be done:
|
||||||
|
|
||||||
|
# Uncomment this if you are using OpenSSL
|
||||||
|
-# USE_OPENSSL=yes
|
||||||
|
+USE_OPENSSL=yes
|
||||||
|
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
|
||||||
|
# and an optional location.
|
||||||
|
-# USE_OPENSSL_PC=openssl
|
||||||
|
+USE_OPENSSL_PC=openssl
|
||||||
|
# TLS_LIBS=-lssl -lcrypto
|
||||||
|
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
|
||||||
|
|
||||||
|
@@ -338,7 +338,7 @@ TRANSPORT_SMTP=yes
|
||||||
|
# This one is special-purpose, and commonly not required, so it is not
|
||||||
|
# included by default.
|
||||||
|
|
||||||
|
-# TRANSPORT_LMTP=yes
|
||||||
|
+TRANSPORT_LMTP=yes
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -347,9 +347,9 @@ TRANSPORT_SMTP=yes
|
||||||
|
# MBX, is included only when requested. If you do not know what this is about,
|
||||||
|
# leave these settings commented out.
|
||||||
|
|
||||||
|
-# SUPPORT_MAILDIR=yes
|
||||||
|
-# SUPPORT_MAILSTORE=yes
|
||||||
|
-# SUPPORT_MBX=yes
|
||||||
|
+SUPPORT_MAILDIR=yes
|
||||||
|
+SUPPORT_MAILSTORE=yes
|
||||||
|
+SUPPORT_MBX=yes
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -407,20 +407,26 @@ LOOKUP_DBM=yes
|
||||||
|
LOOKUP_LSEARCH=yes
|
||||||
|
LOOKUP_DNSDB=yes
|
||||||
|
|
||||||
|
-# LOOKUP_CDB=yes
|
||||||
|
-# LOOKUP_DSEARCH=yes
|
||||||
|
+LOOKUP_CDB=yes
|
||||||
|
+LOOKUP_DSEARCH=yes
|
||||||
|
# LOOKUP_IBASE=yes
|
||||||
|
# LOOKUP_JSON=yes
|
||||||
|
-# LOOKUP_LDAP=yes
|
||||||
|
-# LOOKUP_MYSQL=yes
|
||||||
|
-# LOOKUP_MYSQL_PC=mariadb
|
||||||
|
-# LOOKUP_NIS=yes
|
||||||
|
-# LOOKUP_NISPLUS=yes
|
||||||
|
+LOOKUP_LDAP=yes
|
||||||
|
+LDAP_LIB_TYPE=OPENLDAP2
|
||||||
|
+LOOKUP_LIBS=-lldap -llber -lsqlite3
|
||||||
|
+LOOKUP_MYSQL=2
|
||||||
|
+LOOKUP_MYSQL_PC=mariadb
|
||||||
|
+LOOKUP_NIS=yes
|
||||||
|
+LOOKUP_NISPLUS=yes
|
||||||
|
+CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc
|
||||||
|
+LIBS+=-L/usr/$(_lib)/nsl
|
||||||
|
+
|
||||||
|
# LOOKUP_ORACLE=yes
|
||||||
|
-# LOOKUP_PASSWD=yes
|
||||||
|
-# LOOKUP_PGSQL=yes
|
||||||
|
+LOOKUP_PASSWD=yes
|
||||||
|
+LOOKUP_PGSQL=2
|
||||||
|
+LOOKUP_PGSQL_LIBS=-lpq
|
||||||
|
# LOOKUP_REDIS=yes
|
||||||
|
-# LOOKUP_SQLITE=yes
|
||||||
|
+LOOKUP_SQLITE=yes
|
||||||
|
# LOOKUP_SQLITE_PC=sqlite3
|
||||||
|
# LOOKUP_WHOSON=yes
|
||||||
|
|
||||||
|
@@ -433,7 +439,7 @@ LOOKUP_DNSDB=yes
|
||||||
|
|
||||||
|
|
||||||
|
# Some platforms may need this for LOOKUP_NIS:
|
||||||
|
-# LIBS += -lnsl
|
||||||
|
+LIBS += -lnsl
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
|
||||||
|
@@ -499,7 +505,7 @@ SUPPORT_DANE=yes
|
||||||
|
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
|
||||||
|
# local OS-specific make files.
|
||||||
|
|
||||||
|
-# EXIM_MONITOR=eximon.bin
|
||||||
|
+EXIM_MONITOR=eximon.bin
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -509,7 +515,7 @@ SUPPORT_DANE=yes
|
||||||
|
# and the MIME ACL. Please read the documentation to learn more about these
|
||||||
|
# features.
|
||||||
|
|
||||||
|
-# WITH_CONTENT_SCAN=yes
|
||||||
|
+WITH_CONTENT_SCAN=yes
|
||||||
|
|
||||||
|
# If you have content scanning you may wish to only include some of the scanner
|
||||||
|
# interfaces. Uncomment any of these lines to remove that code.
|
||||||
|
@@ -707,7 +713,7 @@ FIXED_NEVER_USERS=root
|
||||||
|
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
||||||
|
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
||||||
|
|
||||||
|
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
|
||||||
|
+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -752,18 +758,18 @@ FIXED_NEVER_USERS=root
|
||||||
|
# included in the Exim binary. You will then need to set up the run time
|
||||||
|
# configuration to make use of the mechanism(s) selected.
|
||||||
|
|
||||||
|
-# AUTH_CRAM_MD5=yes
|
||||||
|
-# AUTH_CYRUS_SASL=yes
|
||||||
|
-# AUTH_DOVECOT=yes
|
||||||
|
+AUTH_CRAM_MD5=yes
|
||||||
|
+AUTH_CYRUS_SASL=yes
|
||||||
|
+AUTH_DOVECOT=yes
|
||||||
|
# AUTH_EXTERNAL=yes
|
||||||
|
-# AUTH_GSASL=yes
|
||||||
|
-# AUTH_GSASL_PC=libgsasl
|
||||||
|
+AUTH_GSASL=yes
|
||||||
|
+AUTH_GSASL_PC=libgsasl
|
||||||
|
# AUTH_HEIMDAL_GSSAPI=yes
|
||||||
|
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
|
||||||
|
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
|
||||||
|
-# AUTH_PLAINTEXT=yes
|
||||||
|
-# AUTH_SPA=yes
|
||||||
|
-# AUTH_TLS=yes
|
||||||
|
+AUTH_PLAINTEXT=yes
|
||||||
|
+AUTH_SPA=yes
|
||||||
|
+AUTH_TLS=yes
|
||||||
|
|
||||||
|
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
|
||||||
|
# requires multiple pkg-config files to work with Exim, so the second example
|
||||||
|
@@ -787,7 +793,7 @@ FIXED_NEVER_USERS=root
|
||||||
|
# one that is set in the headers_charset option. The default setting is
|
||||||
|
# defined by this setting:
|
||||||
|
|
||||||
|
-HEADERS_CHARSET="ISO-8859-1"
|
||||||
|
+HEADERS_CHARSET="UTF-8"
|
||||||
|
|
||||||
|
# If you are going to make use of $header_xxx expansions in your configuration
|
||||||
|
# file, or if your users are going to use them in filter files, and the normal
|
||||||
|
@@ -807,7 +813,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
|
# the Sieve filter support. For those OS where iconv() is known to be installed
|
||||||
|
# as standard, the file in OS/Makefile-xxxx contains
|
||||||
|
#
|
||||||
|
-# HAVE_ICONV=yes
|
||||||
|
+HAVE_ICONV=yes
|
||||||
|
#
|
||||||
|
# If you are not using one of those systems, but have installed iconv(), you
|
||||||
|
# need to uncomment that line above. In some cases, you may find that iconv()
|
||||||
|
@@ -883,7 +889,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
|
# Once you have done this, "make install" will build the info files and
|
||||||
|
# install them in the directory you have defined.
|
||||||
|
|
||||||
|
-# INFO_DIRECTORY=/usr/share/info
|
||||||
|
+INFO_DIRECTORY=/usr/share/info
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -896,7 +902,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
|
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
||||||
|
# to form the final file names. Some installations may want something like this:
|
||||||
|
|
||||||
|
-# LOG_FILE_PATH=/var/log/exim_%slog
|
||||||
|
+LOG_FILE_PATH=/var/log/exim/%s.log
|
||||||
|
|
||||||
|
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
||||||
|
# in which the log files are placed must exist; Exim does not try to create
|
||||||
|
@@ -968,7 +974,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
||||||
|
# Perl costs quite a lot of resources. Only do this if you really need it.
|
||||||
|
|
||||||
|
-# EXIM_PERL=perl.o
|
||||||
|
+EXIM_PERL=perl.o
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -978,7 +984,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# that the local_scan API is made available by the linker. You may also need
|
||||||
|
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
||||||
|
|
||||||
|
-# EXPAND_DLFUNC=yes
|
||||||
|
+EXPAND_DLFUNC=yes
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -988,7 +994,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# support, which is intended for use in conjunction with the SMTP AUTH
|
||||||
|
# facilities, is included only when requested by the following setting:
|
||||||
|
|
||||||
|
-# SUPPORT_PAM=yes
|
||||||
|
+SUPPORT_PAM=yes
|
||||||
|
|
||||||
|
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
||||||
|
# GNU/Linux -ldl is also needed.
|
||||||
|
@@ -1000,12 +1006,12 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# If you may want to use outbound (client-side) proxying, using Socks5,
|
||||||
|
# uncomment the line below.
|
||||||
|
|
||||||
|
-# SUPPORT_SOCKS=yes
|
||||||
|
+SUPPORT_SOCKS=yes
|
||||||
|
|
||||||
|
# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
|
||||||
|
# uncomment the line below.
|
||||||
|
|
||||||
|
-# SUPPORT_PROXY=yes
|
||||||
|
+SUPPORT_PROXY=yes
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -1096,7 +1102,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# group. Once you have installed saslauthd, you should arrange for it to be
|
||||||
|
# started by root at boot time.
|
||||||
|
|
||||||
|
-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
|
||||||
|
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -1110,8 +1116,8 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# library for TCP wrappers, so you probably need something like this:
|
||||||
|
#
|
||||||
|
# USE_TCP_WRAPPERS=yes
|
||||||
|
-# CFLAGS=-O -I/usr/local/include
|
||||||
|
-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
|
||||||
|
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
|
||||||
|
+EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
|
||||||
|
#
|
||||||
|
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
||||||
|
# as well.
|
||||||
|
@@ -1163,7 +1169,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
|
# is "yes", as well as supporting line editing, a history of input lines in the
|
||||||
|
# current run is maintained.
|
||||||
|
|
||||||
|
-# USE_READLINE=yes
|
||||||
|
+USE_READLINE=yes
|
||||||
|
|
||||||
|
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
||||||
|
# Note that this option adds to the size of the Exim binary, because the
|
||||||
|
@@ -1180,7 +1186,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# Uncomment this setting to include IPv6 support.
|
||||||
|
|
||||||
|
-# HAVE_IPV6=yes
|
||||||
|
+HAVE_IPV6=yes
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
||||||
|
@@ -1201,13 +1207,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
|
# haven't got Perl, Exim will still build and run; you just won't be able to
|
||||||
|
# use those utilities.
|
||||||
|
|
||||||
|
-# CHOWN_COMMAND=/usr/bin/chown
|
||||||
|
-# CHGRP_COMMAND=/usr/bin/chgrp
|
||||||
|
-# CHMOD_COMMAND=/usr/bin/chmod
|
||||||
|
-# MV_COMMAND=/bin/mv
|
||||||
|
-# RM_COMMAND=/bin/rm
|
||||||
|
-# TOUCH_COMMAND=/usr/bin/touch
|
||||||
|
-# PERL_COMMAND=/usr/bin/perl
|
||||||
|
+CHOWN_COMMAND=/usr/bin/chown
|
||||||
|
+CHGRP_COMMAND=/usr/bin/chgrp
|
||||||
|
+CHMOD_COMMAND=/usr/bin/chmod
|
||||||
|
+MV_COMMAND=/usr/bin/mv
|
||||||
|
+RM_COMMAND=/usr/bin/rm
|
||||||
|
+TOUCH_COMMAND=/usr/bin/touch
|
||||||
|
+PERL_COMMAND=/usr/bin/perl
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -1409,7 +1415,7 @@ EXIM_TMPDIR="/tmp"
|
||||||
|
# (process id) to a file so that it can easily be identified. The path of the
|
||||||
|
# file can be specified here. Some installations may want something like this:
|
||||||
|
|
||||||
|
-# PID_FILE_PATH=/var/lock/exim.pid
|
||||||
|
+PID_FILE_PATH=/var/run/exim.pid
|
||||||
|
|
||||||
|
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
|
||||||
|
# using the name "exim-daemon.pid".
|
||||||
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
|
index cf38305..472b801 100644
|
||||||
|
--- a/src/configure.default
|
||||||
|
+++ b/src/configure.default
|
||||||
|
@@ -67,7 +67,7 @@
|
||||||
|
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
|
||||||
|
# are all colon-separated lists:
|
||||||
|
|
||||||
|
-domainlist local_domains = @
|
||||||
|
+domainlist local_domains = @ : localhost : localhost.localdomain
|
||||||
|
domainlist relay_to_domains =
|
||||||
|
hostlist relay_from_hosts = localhost
|
||||||
|
# (We rely upon hostname resolution working for localhost, because the default
|
||||||
|
@@ -119,11 +119,13 @@ hostlist relay_from_hosts = localhost
|
||||||
|
# manual for details. The lists above are used in the access control lists for
|
||||||
|
# checking incoming messages. The names of these ACLs are defined here:
|
||||||
|
|
||||||
|
+acl_smtp_mail = acl_check_mail
|
||||||
|
acl_smtp_rcpt = acl_check_rcpt
|
||||||
|
.ifdef _HAVE_PRDR
|
||||||
|
acl_smtp_data_prdr = acl_check_prdr
|
||||||
|
.endif
|
||||||
|
acl_smtp_data = acl_check_data
|
||||||
|
+acl_smtp_mime = acl_check_mime
|
||||||
|
|
||||||
|
# You should not change those settings until you understand how ACLs work.
|
||||||
|
|
||||||
|
@@ -136,7 +138,7 @@ acl_smtp_data = acl_check_data
|
||||||
|
# of what to set for other virus scanners. The second modification is in the
|
||||||
|
# acl_check_data access control list (see below).
|
||||||
|
|
||||||
|
-# av_scanner = clamd:/tmp/clamd
|
||||||
|
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
|
||||||
|
|
||||||
|
|
||||||
|
# For spam scanning, there is a similar option that defines the interface to
|
||||||
|
@@ -157,7 +159,7 @@ acl_smtp_data = acl_check_data
|
||||||
|
|
||||||
|
# Allow any client to use TLS.
|
||||||
|
|
||||||
|
-# tls_advertise_hosts = *
|
||||||
|
+tls_advertise_hosts = *
|
||||||
|
|
||||||
|
# Specify the location of the Exim server's TLS certificate and private key.
|
||||||
|
# The private key must not be encrypted (password protected). You can put
|
||||||
|
@@ -165,8 +167,8 @@ acl_smtp_data = acl_check_data
|
||||||
|
# need the first setting, or in separate files, in which case you need both
|
||||||
|
# options.
|
||||||
|
|
||||||
|
-# tls_certificate = /etc/ssl/exim.crt
|
||||||
|
-# tls_privatekey = /etc/ssl/exim.pem
|
||||||
|
+tls_certificate = /etc/pki/tls/certs/exim.pem
|
||||||
|
+tls_privatekey = /etc/pki/tls/private/exim.pem
|
||||||
|
|
||||||
|
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
|
||||||
|
# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
|
||||||
|
@@ -180,8 +182,8 @@ acl_smtp_data = acl_check_data
|
||||||
|
# them you should also allow TLS-on-connect on the traditional but
|
||||||
|
# non-standard port 465.
|
||||||
|
|
||||||
|
-# daemon_smtp_ports = 25 : 465 : 587
|
||||||
|
-# tls_on_connect_ports = 465
|
||||||
|
+daemon_smtp_ports = 25 : 465 : 587
|
||||||
|
+tls_on_connect_ports = 465
|
||||||
|
|
||||||
|
|
||||||
|
# Specify the domain you want to be added to all unqualified addresses
|
||||||
|
@@ -239,6 +241,24 @@ never_users = root
|
||||||
|
|
||||||
|
host_lookup = *
|
||||||
|
|
||||||
|
+# This setting, if uncommented, allows users to authenticate using
|
||||||
|
+# their system passwords against saslauthd if they connect over a
|
||||||
|
+# secure connection. If you have network logins such as NIS or
|
||||||
|
+# Kerberos rather than only local users, then you possibly also want
|
||||||
|
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
|
||||||
|
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
|
||||||
|
+# allows them to relay through the system.
|
||||||
|
+#
|
||||||
|
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
|
||||||
|
+#
|
||||||
|
+# By default, we set this option to allow SMTP AUTH from nowhere
|
||||||
|
+# (Exim's default would be to allow it from anywhere, even on an
|
||||||
|
+# unencrypted connection).
|
||||||
|
+#
|
||||||
|
+# Comment this one out if you uncomment the above. Did you make sure
|
||||||
|
+# saslauthd is actually running first?
|
||||||
|
+#
|
||||||
|
+auth_advertise_hosts =
|
||||||
|
|
||||||
|
# The setting below causes Exim to try to initialize the system resolver
|
||||||
|
# library with DNSSEC support. It has no effect if your library lacks
|
||||||
|
@@ -369,8 +389,8 @@ timeout_frozen_after = 7d
|
||||||
|
# Note that TZ is handled separately by the timezone runtime option
|
||||||
|
# and TIMEZONE_DEFAULT buildtime option.
|
||||||
|
|
||||||
|
-# keep_environment = ^LDAP
|
||||||
|
-# add_environment = PATH=/usr/bin::/bin
|
||||||
|
+keep_environment = ^LDAP
|
||||||
|
+add_environment = PATH=/usr/bin::/bin
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@@ -381,6 +401,29 @@ timeout_frozen_after = 7d
|
||||||
|
|
||||||
|
begin acl
|
||||||
|
|
||||||
|
+
|
||||||
|
+# This access control list is used for the MAIL command in an incoming
|
||||||
|
+# SMTP message.
|
||||||
|
+
|
||||||
|
+acl_check_mail:
|
||||||
|
+
|
||||||
|
+ # Hosts are required to say HELO (or EHLO) before sending mail.
|
||||||
|
+ # So don't allow them to use the MAIL command if they haven't
|
||||||
|
+ # done so.
|
||||||
|
+
|
||||||
|
+ deny condition = ${if eq{$sender_helo_name}{} {1}}
|
||||||
|
+ message = Nice boys say HELO first
|
||||||
|
+
|
||||||
|
+ # Use the lack of reverse DNS to trigger greylisting. Some people
|
||||||
|
+ # even reject for it but that would be a little excessive.
|
||||||
|
+
|
||||||
|
+ warn condition = ${if eq{$sender_host_name}{} {1}}
|
||||||
|
+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
|
||||||
|
+
|
||||||
|
+ accept
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+
|
||||||
|
# This access control list is used for every RCPT command in an incoming
|
||||||
|
# SMTP message. The tests are run in order until the address is either
|
||||||
|
# accepted or denied.
|
||||||
|
@@ -445,7 +488,8 @@ acl_check_rcpt:
|
||||||
|
accept local_parts = postmaster
|
||||||
|
domains = +local_domains
|
||||||
|
|
||||||
|
- # Deny unless the sender address can be verified.
|
||||||
|
+ # Deny unless the sender address can be routed. For proper verification of the
|
||||||
|
+ # address, read the documentation on callouts and add the /callout modifier.
|
||||||
|
|
||||||
|
require verify = sender
|
||||||
|
|
||||||
|
@@ -505,7 +549,8 @@ acl_check_rcpt:
|
||||||
|
# There are no default checks on DNS black lists because the domains that
|
||||||
|
# contain these lists are changing all the time. However, here are two
|
||||||
|
# examples of how you can get Exim to perform a DNS black list lookup at this
|
||||||
|
- # point. The first one denies, whereas the second just warns.
|
||||||
|
+ # point. The first one denies, whereas the second just warns. The third
|
||||||
|
+ # triggers greylisting for any host in the blacklist.
|
||||||
|
#
|
||||||
|
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
||||||
|
# dnslists = black.list.example
|
||||||
|
@@ -513,6 +558,10 @@ acl_check_rcpt:
|
||||||
|
# warn dnslists = black.list.example
|
||||||
|
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
||||||
|
# log_message = found in $dnslist_domain
|
||||||
|
+ #
|
||||||
|
+ # warn dnslists = black.list.example
|
||||||
|
+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
|
||||||
|
+ #
|
||||||
|
#############################################################################
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
@@ -539,6 +588,10 @@ acl_check_rcpt:
|
||||||
|
# set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
|
||||||
|
#############################################################################
|
||||||
|
|
||||||
|
+ # Alternatively, greylist for it:
|
||||||
|
+ # warn !verify = csa
|
||||||
|
+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
|
||||||
|
+
|
||||||
|
# At this point, the address has passed all the checks that have been
|
||||||
|
# configured, so we accept it unconditionally.
|
||||||
|
|
||||||
|
@@ -588,21 +641,32 @@ acl_check_data:
|
||||||
|
message = header syntax
|
||||||
|
log_message = header syntax ($acl_verify_message)
|
||||||
|
|
||||||
|
+ # Put simple tests first. A good one is to check for the presence of a
|
||||||
|
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
|
||||||
|
+ # or misconfigured mailer software occasionally omits this from genuine
|
||||||
|
+ # messages too, though -- although it's not hard for the offender to fix
|
||||||
|
+ # after they receive a bounce because of it.
|
||||||
|
+ #
|
||||||
|
+ # deny condition = ${if !def:h_Message-ID: {1}}
|
||||||
|
+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
||||||
|
+ # Most messages without it are spam, so your mail has been rejected.
|
||||||
|
+ #
|
||||||
|
+ # Alternatively if we're feeling more lenient we could just use it to
|
||||||
|
+ # trigger greylisting instead:
|
||||||
|
+
|
||||||
|
+ warn condition = ${if !def:h_Message-ID: {1}}
|
||||||
|
+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
|
||||||
|
+
|
||||||
|
# Deny if the message contains a virus. Before enabling this check, you
|
||||||
|
# must install a virus scanner and set the av_scanner option above.
|
||||||
|
#
|
||||||
|
# deny malware = *
|
||||||
|
# message = This message contains a virus ($malware_name).
|
||||||
|
|
||||||
|
- # Add headers to a message if it is judged to be spam. Before enabling this,
|
||||||
|
- # you must install SpamAssassin. You may also need to set the spamd_address
|
||||||
|
- # option above.
|
||||||
|
+ # Bypass SpamAssassin checks if the message is too large.
|
||||||
|
#
|
||||||
|
- # warn spam = nobody
|
||||||
|
- # add_header = X-Spam_score: $spam_score\n\
|
||||||
|
- # X-Spam_score_int: $spam_score_int\n\
|
||||||
|
- # X-Spam_bar: $spam_bar\n\
|
||||||
|
- # X-Spam_report: $spam_report
|
||||||
|
+ # accept condition = ${if >={$message_size}{100000} {1}}
|
||||||
|
+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
# No more tests if PRDR was actively used.
|
||||||
|
@@ -616,11 +680,63 @@ acl_check_data:
|
||||||
|
# condition = ...
|
||||||
|
#############################################################################
|
||||||
|
|
||||||
|
+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
|
||||||
|
+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
|
||||||
|
+ # score exceeds the SA system threshold.
|
||||||
|
+ #
|
||||||
|
+ # warn spam = nobody/defer_ok
|
||||||
|
+ # add_header = X-Spam-Flag: YES
|
||||||
|
+ #
|
||||||
|
+ # accept condition = ${if !def:spam_score_int {1}}
|
||||||
|
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
|
||||||
|
+ #
|
||||||
|
+
|
||||||
|
+ # Unconditionally add score and report headers
|
||||||
|
+ #
|
||||||
|
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
|
||||||
|
+ # X-Spam-Report: $spam_report
|
||||||
|
|
||||||
|
- # Accept the message.
|
||||||
|
+ # And reject if the SpamAssassin score is greater than ten
|
||||||
|
+ #
|
||||||
|
+ # deny condition = ${if >{$spam_score_int}{100} {1}}
|
||||||
|
+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
||||||
|
+ # $spam_report
|
||||||
|
+
|
||||||
|
+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
|
||||||
|
+ #
|
||||||
|
+ # warn condition = ${if >{$spam_score_int}{5} {1}}
|
||||||
|
+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ # If you want to greylist _all_ mail rather than only mail which looks like there
|
||||||
|
+ # might be something wrong with it, then you can do this...
|
||||||
|
+ #
|
||||||
|
+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
|
||||||
|
+
|
||||||
|
+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist
|
||||||
|
+ # package which contains this subroutine, and you need to uncomment the bit below
|
||||||
|
+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
|
||||||
|
+ # greylisting will kick in and will defer the mail to check if the sender is a
|
||||||
|
+ # proper mail which which retries, or whether it's a zombie. For more details, see
|
||||||
|
+ # the exim-greylist.conf.inc file itself.
|
||||||
|
+ #
|
||||||
|
+ # require acl = greylist_mail
|
||||||
|
|
||||||
|
accept
|
||||||
|
|
||||||
|
+# To enable the greylisting, also uncomment this line:
|
||||||
|
+# .include /etc/exim/exim-greylist.conf.inc
|
||||||
|
+
|
||||||
|
+acl_check_mime:
|
||||||
|
+
|
||||||
|
+ # File extension filtering.
|
||||||
|
+ deny message = Blacklisted file extension detected
|
||||||
|
+ condition = ${if match \
|
||||||
|
+ {${lc:$mime_filename}} \
|
||||||
|
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
|
||||||
|
+ {1}{0}}
|
||||||
|
+
|
||||||
|
+ accept
|
||||||
|
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
@@ -722,7 +838,7 @@ system_aliases:
|
||||||
|
driver = redirect
|
||||||
|
allow_fail
|
||||||
|
allow_defer
|
||||||
|
- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
|
||||||
|
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
|
||||||
|
# user = exim
|
||||||
|
file_transport = address_file
|
||||||
|
pipe_transport = address_pipe
|
||||||
|
@@ -760,7 +876,7 @@ userforward:
|
||||||
|
# local_part_suffix = +* : -*
|
||||||
|
# local_part_suffix_optional
|
||||||
|
file = $home/.forward
|
||||||
|
-# allow_filter
|
||||||
|
+ allow_filter
|
||||||
|
no_verify
|
||||||
|
no_expn
|
||||||
|
check_ancestor
|
||||||
|
@@ -768,6 +884,12 @@ userforward:
|
||||||
|
pipe_transport = address_pipe
|
||||||
|
reply_transport = address_reply
|
||||||
|
|
||||||
|
+procmail:
|
||||||
|
+ driver = accept
|
||||||
|
+ check_local_user
|
||||||
|
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
|
||||||
|
+ transport = procmail
|
||||||
|
+ no_verify
|
||||||
|
|
||||||
|
# This router matches local user mailboxes. If the router fails, the error
|
||||||
|
# message is "Unknown user".
|
||||||
|
@@ -812,6 +934,25 @@ remote_smtp:
|
||||||
|
hosts_try_prdr = *
|
||||||
|
.endif
|
||||||
|
|
||||||
|
+# This transport is used for delivering messages over SMTP using the
|
||||||
|
+# "message submission" port (RFC4409).
|
||||||
|
+
|
||||||
|
+remote_msa:
|
||||||
|
+ driver = smtp
|
||||||
|
+ port = 587
|
||||||
|
+ hosts_require_auth = *
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+# This transport invokes procmail to deliver mail
|
||||||
|
+procmail:
|
||||||
|
+ driver = pipe
|
||||||
|
+ command = "/usr/bin/procmail -d $local_part"
|
||||||
|
+ return_path_add
|
||||||
|
+ delivery_date_add
|
||||||
|
+ envelope_to_add
|
||||||
|
+ user = $local_part
|
||||||
|
+ initgroups
|
||||||
|
+ return_output
|
||||||
|
|
||||||
|
# This transport is used for delivering messages to a smarthost, if the
|
||||||
|
# smarthost router is enabled. This starts from the same basis as
|
||||||
|
@@ -867,8 +1008,8 @@ local_delivery:
|
||||||
|
delivery_date_add
|
||||||
|
envelope_to_add
|
||||||
|
return_path_add
|
||||||
|
-# group = mail
|
||||||
|
-# mode = 0660
|
||||||
|
+ group = mail
|
||||||
|
+ mode = 0660
|
||||||
|
|
||||||
|
|
||||||
|
# This transport is used for handling pipe deliveries generated by alias or
|
||||||
|
@@ -901,6 +1042,16 @@ address_reply:
|
||||||
|
driver = autoreply
|
||||||
|
|
||||||
|
|
||||||
|
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
|
||||||
|
+# socket. You'll need to configure the 'localuser' router above to use it.
|
||||||
|
+#
|
||||||
|
+#lmtp_delivery:
|
||||||
|
+# home_directory = /var/spool/imap
|
||||||
|
+# driver = lmtp
|
||||||
|
+# command = "/usr/lib/cyrus-imapd/deliver -l"
|
||||||
|
+# batch_max = 20
|
||||||
|
+# user = cyrus
|
||||||
|
+
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
# RETRY CONFIGURATION #
|
||||||
|
@@ -941,6 +1092,21 @@ begin rewrite
|
||||||
|
# AUTHENTICATION CONFIGURATION #
|
||||||
|
######################################################################
|
||||||
|
|
||||||
|
+begin authenticators
|
||||||
|
+
|
||||||
|
+# This authenticator supports CRAM-MD5 username/password authentication
|
||||||
|
+# with Exim acting as a _client_, as it might when sending its outgoing
|
||||||
|
+# mail to a smarthost rather than directly to the final recipient.
|
||||||
|
+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
|
||||||
|
+
|
||||||
|
+#client_auth:
|
||||||
|
+# driver = cram_md5
|
||||||
|
+# public_name = CRAM-MD5
|
||||||
|
+# client_name = SMTPAUTH_USERNAME
|
||||||
|
+# client_secret = SMTPAUTH_PASSWORD
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+
|
||||||
|
# The following authenticators support plaintext username/password
|
||||||
|
# authentication using the standard PLAIN mechanism and the traditional
|
||||||
|
# but non-standard LOGIN mechanism, with Exim acting as the server.
|
||||||
|
@@ -956,7 +1122,7 @@ begin rewrite
|
||||||
|
# The default RCPT ACL checks for successful authentication, and will accept
|
||||||
|
# messages from authenticated users from anywhere on the Internet.
|
||||||
|
|
||||||
|
-begin authenticators
|
||||||
|
+#
|
||||||
|
|
||||||
|
# PLAIN authentication has no server prompts. The client sends its
|
||||||
|
# credentials in one lump, containing an authorization ID (which we do not
|
||||||
|
@@ -970,7 +1136,7 @@ begin authenticators
|
||||||
|
# driver = plaintext
|
||||||
|
# server_set_id = $auth2
|
||||||
|
# server_prompts = :
|
||||||
|
-# server_condition = Authentication is not yet configured
|
||||||
|
+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
|
||||||
|
# server_advertise_condition = ${if def:tls_in_cipher }
|
||||||
|
|
||||||
|
# LOGIN authentication has traditional prompts and responses. There is no
|
||||||
|
@@ -982,7 +1148,7 @@ begin authenticators
|
||||||
|
# driver = plaintext
|
||||||
|
# server_set_id = $auth1
|
||||||
|
# server_prompts = <| Username: | Password:
|
||||||
|
-# server_condition = Authentication is not yet configured
|
||||||
|
+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
|
||||||
|
# server_advertise_condition = ${if def:tls_in_cipher }
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
diff --git a/src/EDITME b/src/EDITME
|
||||||
index a42cd6f..0acd673 100644
|
index 5ba24d9..4451572 100644
|
||||||
--- a/src/EDITME
|
--- a/src/EDITME
|
||||||
+++ b/src/EDITME
|
+++ b/src/EDITME
|
||||||
@@ -822,6 +822,21 @@ TLS_LIBS=-lssl -lcrypto
|
@@ -873,6 +873,21 @@ HAVE_ICONV=yes
|
||||||
# specified in INCLUDE.
|
# *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***
|
||||||
|
|
||||||
|
|
||||||
+#------------------------------------------------------------------------------
|
+#------------------------------------------------------------------------------
|
||||||
|
@ -25,10 +25,10 @@ index a42cd6f..0acd673 100644
|
||||||
# The default distribution of Exim contains only the plain text form of the
|
# The default distribution of Exim contains only the plain text form of the
|
||||||
# documentation. Other forms are available separately. If you want to install
|
# documentation. Other forms are available separately. If you want to install
|
||||||
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
||||||
index 7c2e534..3fafe61 100644
|
index b94b368..89b39e8 100644
|
||||||
--- a/src/config.h.defaults
|
--- a/src/config.h.defaults
|
||||||
+++ b/src/config.h.defaults
|
+++ b/src/config.h.defaults
|
||||||
@@ -32,6 +32,8 @@ Do not put spaces between # and the 'define'.
|
@@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'.
|
||||||
|
|
||||||
#define AUTH_VARS 3
|
#define AUTH_VARS 3
|
||||||
|
|
||||||
|
@ -38,10 +38,10 @@ index 7c2e534..3fafe61 100644
|
||||||
|
|
||||||
#define CONFIGURE_FILE
|
#define CONFIGURE_FILE
|
||||||
diff --git a/src/globals.c b/src/globals.c
|
diff --git a/src/globals.c b/src/globals.c
|
||||||
index b3362a3..0884fe5 100644
|
index 358c380..590ac63 100644
|
||||||
--- a/src/globals.c
|
--- a/src/globals.c
|
||||||
+++ b/src/globals.c
|
+++ b/src/globals.c
|
||||||
@@ -173,6 +173,10 @@ uschar *tls_verify_hosts = NULL;
|
@@ -145,6 +145,10 @@ uschar *tls_verify_hosts = NULL;
|
||||||
uschar *tls_advertise_hosts = NULL;
|
uschar *tls_advertise_hosts = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -53,10 +53,10 @@ index b3362a3..0884fe5 100644
|
||||||
/* Per Recipient Data Response variables */
|
/* Per Recipient Data Response variables */
|
||||||
BOOL prdr_enable = FALSE;
|
BOOL prdr_enable = FALSE;
|
||||||
diff --git a/src/globals.h b/src/globals.h
|
diff --git a/src/globals.h b/src/globals.h
|
||||||
index f71f104..3faf176 100644
|
index ca342ac..82a8661 100644
|
||||||
--- a/src/globals.h
|
--- a/src/globals.h
|
||||||
+++ b/src/globals.h
|
+++ b/src/globals.h
|
||||||
@@ -131,6 +131,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */
|
@@ -138,6 +138,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */
|
||||||
extern uschar *tls_verify_certificates;/* Path for certificates to check */
|
extern uschar *tls_verify_certificates;/* Path for certificates to check */
|
||||||
extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
||||||
#endif
|
#endif
|
||||||
|
@ -72,11 +72,15 @@ diff --git a/src/local_scan.c b/src/local_scan.c
|
||||||
index 4dd0b2b..8599172 100644
|
index 4dd0b2b..8599172 100644
|
||||||
--- a/src/local_scan.c
|
--- a/src/local_scan.c
|
||||||
+++ b/src/local_scan.c
|
+++ b/src/local_scan.c
|
||||||
@@ -5,61 +5,131 @@
|
@@ -5,61 +5,135 @@
|
||||||
/* Copyright (c) University of Cambridge 1995 - 2009 */
|
/* Copyright (c) University of Cambridge 1995 - 2009 */
|
||||||
/* See the file NOTICE for conditions of use and distribution. */
|
/* See the file NOTICE for conditions of use and distribution. */
|
||||||
|
|
||||||
+#include "exim.h"
|
+#include <local_scan.h>
|
||||||
|
+
|
||||||
|
+#ifdef DLOPEN_LOCAL_SCAN
|
||||||
|
+extern uschar *local_scan_path; /* Path to local_scan() library */
|
||||||
|
+#endif
|
||||||
|
|
||||||
-/******************************************************************************
|
-/******************************************************************************
|
||||||
-This file contains a template local_scan() function that just returns ACCEPT.
|
-This file contains a template local_scan() function that just returns ACCEPT.
|
||||||
|
@ -253,10 +257,10 @@ index 4dd0b2b..8599172 100644
|
||||||
+
|
+
|
||||||
/* End of local_scan.c */
|
/* End of local_scan.c */
|
||||||
diff --git a/src/readconf.c b/src/readconf.c
|
diff --git a/src/readconf.c b/src/readconf.c
|
||||||
index 5742d10..3f1d9c1 100644
|
index 0233019..186ba39 100644
|
||||||
--- a/src/readconf.c
|
--- a/src/readconf.c
|
||||||
+++ b/src/readconf.c
|
+++ b/src/readconf.c
|
||||||
@@ -199,6 +199,9 @@ static optionlist optionlist_config[] = {
|
@@ -203,6 +203,9 @@ static optionlist optionlist_config[] = {
|
||||||
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
|
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
|
||||||
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
|
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
|
||||||
{ "local_interfaces", opt_stringptr, &local_interfaces },
|
{ "local_interfaces", opt_stringptr, &local_interfaces },
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
|
diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
|
||||||
index 990f884..d1ef114 100644
|
index ae9f249..060658a 100644
|
||||||
--- a/OS/Makefile-Linux
|
--- a/OS/Makefile-Linux
|
||||||
+++ b/OS/Makefile-Linux
|
+++ b/OS/Makefile-Linux
|
||||||
@@ -24,8 +24,8 @@ LIBRESOLV = -lresolv
|
@@ -26,8 +26,8 @@ LIBRESOLV = -lresolv
|
||||||
|
|
||||||
X11=/usr/X11R6
|
X11=/usr/X11R6
|
||||||
XINCLUDE=-I$(X11)/include
|
XINCLUDE=-I$(X11)/include
|
53
exim.spec
53
exim.spec
|
@ -11,8 +11,8 @@
|
||||||
|
|
||||||
Summary: The exim mail transfer agent
|
Summary: The exim mail transfer agent
|
||||||
Name: exim
|
Name: exim
|
||||||
Version: 4.92.3
|
Version: 4.93
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Url: https://www.exim.org/
|
Url: https://www.exim.org/
|
||||||
|
|
||||||
|
@ -42,24 +42,10 @@ Source24: exim.service
|
||||||
Source25: exim-gen-cert
|
Source25: exim-gen-cert
|
||||||
Source26: clamd.exim.service
|
Source26: clamd.exim.service
|
||||||
|
|
||||||
Patch4: exim-4.92-rhl.patch
|
Patch0: exim-4.93-config.patch
|
||||||
Patch6: exim-4.92-config.patch
|
Patch1: exim-4.93-libdir.patch
|
||||||
Patch8: exim-4.82-libdir.patch
|
Patch2: exim-4.93-dlopen-localscan.patch
|
||||||
Patch12: exim-4.92-cyrus.patch
|
Patch3: exim-4.85-pic.patch
|
||||||
Patch13: exim-4.92-pamconfig.patch
|
|
||||||
Patch14: exim-4.92-spamdconf.patch
|
|
||||||
Patch18: exim-4.92-dlopen-localscan.patch
|
|
||||||
Patch19: exim-4.92-procmail.patch
|
|
||||||
Patch20: exim-4.92-allow-filter.patch
|
|
||||||
Patch21: exim-4.92-localhost-is-local.patch
|
|
||||||
Patch22: exim-4.92-greylist-conf.patch
|
|
||||||
Patch23: exim-4.92-smarthost-config.patch
|
|
||||||
Patch26: exim-4.85-pic.patch
|
|
||||||
Patch27: exim-4.92-environment.patch
|
|
||||||
# Workaround for NIS removal from glibc, bug 1534920
|
|
||||||
Patch33: exim-4.90.1-nsl-fix.patch
|
|
||||||
Patch40: exim-4.92-support-proxies.patch
|
|
||||||
Patch41: exim-4.92-dane-enable.patch
|
|
||||||
|
|
||||||
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
||||||
Requires: /etc/aliases
|
Requires: /etc/aliases
|
||||||
|
@ -167,23 +153,10 @@ greylisting unconditional.
|
||||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
%patch4 -p1 -b .rhl
|
%patch0 -p1 -b .config
|
||||||
%patch6 -p1 -b .config
|
%patch1 -p1 -b .libdir
|
||||||
%patch8 -p1 -b .libdir
|
%patch2 -p1 -b .dl
|
||||||
%patch12 -p1 -b .cyrus
|
%patch3 -p1 -b .fpic
|
||||||
%patch13 -p1 -b .pam
|
|
||||||
%patch14 -p1 -b .spamd
|
|
||||||
%patch18 -p1 -b .dl
|
|
||||||
%patch19 -p1 -b .procmail
|
|
||||||
%patch20 -p1 -b .filter
|
|
||||||
%patch21 -p1 -b .localhost
|
|
||||||
%patch22 -p1 -b .grey
|
|
||||||
%patch23 -p1 -b .smarthost
|
|
||||||
%patch26 -p1 -b .fpic
|
|
||||||
%patch27 -p1 -b .environment
|
|
||||||
%patch33 -p1 -b .nsl-fix
|
|
||||||
%patch40 -p1 -b .proxy
|
|
||||||
%patch41 -p1 -b .dane-enable
|
|
||||||
|
|
||||||
cp src/EDITME Local/Makefile
|
cp src/EDITME Local/Makefile
|
||||||
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
||||||
|
@ -493,6 +466,12 @@ fi
|
||||||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 12 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-1
|
||||||
|
- New version
|
||||||
|
Resolves: rhbz#1782320
|
||||||
|
- Consolidated and simplified patches
|
||||||
|
- Dropped dane-enable patch (not needed)
|
||||||
|
|
||||||
* Thu Jan 2 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-5
|
* Thu Jan 2 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-5
|
||||||
- Fixed FTBFS due to changes in clamav package
|
- Fixed FTBFS due to changes in clamav package
|
||||||
Resolves: rhbz#1787285
|
Resolves: rhbz#1787285
|
||||||
|
|
4
sources
4
sources
|
@ -1,2 +1,2 @@
|
||||||
SHA512 (exim-4.92.3.tar.xz) = ca6d6f50653502345511b683859b33aa02faa48454fb2100ff89fed3dcb8af8933e7bce68939365fdee42f96eec0c3b135cf748f4581e92a62be0f0ab093868a
|
SHA512 (exim-4.93.tar.xz) = 556c7fe75042739c3e92346b96c40960680fe2838589add5fad1f69f18600dd9ed128f367627c812051b3a3a1a64e740488d5ce8c198bf87b59fa84ab8a0eb5b
|
||||||
SHA512 (exim-4.92.3.tar.xz.asc) = 67a0adbb01d07979ea6fa88608217ce4f77c37d5f28472227cd7f671b12310f5b47ebefe70939fb366e37e738b07e186a725816f37c32862eba5ebb3d9d4cfa7
|
SHA512 (exim-4.93.tar.xz.asc) = 7347ccd84c5f1e25751d491f2867ab22e191d54a5138da497e8117c2224688d102ebc72f0f688775876b38095390173f66daf60a556366c357c6972d28e41ffa
|
||||||
|
|
Loading…
Reference in New Issue