diff --git a/exim-4.92-allow-filter.patch b/exim-4.92-allow-filter.patch deleted file mode 100644 index d5b5664..0000000 --- a/exim-4.92-allow-filter.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/configure.default b/src/configure.default -index cef3779..09f0b36 100644 ---- a/src/configure.default -+++ b/src/configure.default -@@ -810,7 +810,7 @@ userforward: - # local_part_suffix = +* : -* - # local_part_suffix_optional - file = $home/.forward --# allow_filter -+ allow_filter - no_verify - no_expn - check_ancestor diff --git a/exim-4.92-config.patch b/exim-4.92-config.patch deleted file mode 100644 index 5a839d6..0000000 --- a/exim-4.92-config.patch +++ /dev/null @@ -1,300 +0,0 @@ -diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile -index 7e0bf38..c97ccec 100755 ---- a/scripts/Configure-Makefile -+++ b/scripts/Configure-Makefile -@@ -297,7 +297,7 @@ if [ "${EXIM_PERL}" != "" ] ; then - - mv $mft $mftt - echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft -- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft -+ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft - echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft - echo "" >>$mft - cat $mftt >> $mft -diff --git a/src/EDITME b/src/EDITME -index cbb0805..343d24a 100644 ---- a/src/EDITME -+++ b/src/EDITME -@@ -98,7 +98,7 @@ - # /usr/local/sbin. The installation script will try to create this directory, - # and any superior directories, if they do not exist. - --BIN_DIRECTORY=/usr/exim/bin -+BIN_DIRECTORY=/usr/sbin - - - #------------------------------------------------------------------------------ -@@ -114,7 +114,7 @@ BIN_DIRECTORY=/usr/exim/bin - # don't exist. It will also install a default runtime configuration if this - # file does not exist. - --CONFIGURE_FILE=/usr/exim/configure -+CONFIGURE_FILE=/etc/exim/exim.conf - - # It is possible to specify a colon-separated list of files for CONFIGURE_FILE. - # In this case, Exim will use the first of them that exists when it is run. -@@ -131,7 +131,7 @@ CONFIGURE_FILE=/usr/exim/configure - # deliveries. (Local deliveries run as various non-root users, typically as the - # owner of a local mailbox.) Specifying these values as root is not supported. - --EXIM_USER= -+EXIM_USER=93 - - # If you specify EXIM_USER as a name, this is looked up at build time, and the - # uid number is built into the binary. However, you can specify that this -@@ -152,7 +152,7 @@ EXIM_USER= - # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless - # you want to use a group other than the default group for the given user. - --# EXIM_GROUP= -+EXIM_GROUP=93 - - # Many sites define a user called "exim", with an appropriate default group, - # and use -@@ -237,7 +237,7 @@ TRANSPORT_SMTP=yes - # This one is special-purpose, and commonly not required, so it is not - # included by default. - --# TRANSPORT_LMTP=yes -+TRANSPORT_LMTP=yes - - - #------------------------------------------------------------------------------ -@@ -246,9 +246,9 @@ TRANSPORT_SMTP=yes - # MBX, is included only when requested. If you do not know what this is about, - # leave these settings commented out. - --# SUPPORT_MAILDIR=yes --# SUPPORT_MAILSTORE=yes --# SUPPORT_MBX=yes -+SUPPORT_MAILDIR=yes -+SUPPORT_MAILSTORE=yes -+SUPPORT_MBX=yes - - - #------------------------------------------------------------------------------ -@@ -306,20 +306,23 @@ LOOKUP_DBM=yes - LOOKUP_LSEARCH=yes - LOOKUP_DNSDB=yes - --# LOOKUP_CDB=yes --# LOOKUP_DSEARCH=yes -+LOOKUP_CDB=yes -+LOOKUP_DSEARCH=yes - # LOOKUP_IBASE=yes --# LOOKUP_LDAP=yes --# LOOKUP_MYSQL=yes --# LOOKUP_MYSQL_PC=mariadb --# LOOKUP_NIS=yes --# LOOKUP_NISPLUS=yes -+LOOKUP_LDAP=yes -+LDAP_LIB_TYPE=OPENLDAP2 -+LOOKUP_INCLUDE=-I/usr/include/mysql -+LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient -lpq -+LOOKUP_MYSQL=2 -+#LOOKUP_MYSQL_PC=mariadb -+LOOKUP_NIS=yes -+LOOKUP_NISPLUS=yes - # LOOKUP_ORACLE=yes --# LOOKUP_PASSWD=yes --# LOOKUP_PGSQL=yes -+LOOKUP_PASSWD=yes -+LOOKUP_PGSQL=2 -+LOOKUP_PGSQL_LIBS=-lpq - # LOOKUP_REDIS=yes --# LOOKUP_SQLITE=yes --# LOOKUP_SQLITE_PC=sqlite3 -+LOOKUP_SQLITE=yes - # LOOKUP_WHOSON=yes - - # These two settings are obsolete; all three lookups are compiled when -@@ -402,7 +405,7 @@ EXIM_MONITOR=eximon.bin - # and the MIME ACL. Please read the documentation to learn more about these - # features. - --# WITH_CONTENT_SCAN=yes -+WITH_CONTENT_SCAN=yes - - # If you have content scanning you may wish to only include some of the scanner - # interfaces. Uncomment any of these lines to remove that code. -@@ -595,7 +598,7 @@ FIXED_NEVER_USERS=root - # CONFIGURE_OWNER setting, to specify a configuration file which is listed in - # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. - --# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs -+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs - - - #------------------------------------------------------------------------------ -@@ -640,17 +643,14 @@ FIXED_NEVER_USERS=root - # included in the Exim binary. You will then need to set up the run time - # configuration to make use of the mechanism(s) selected. - --# AUTH_CRAM_MD5=yes --# AUTH_CYRUS_SASL=yes --# AUTH_DOVECOT=yes --# AUTH_GSASL=yes --# AUTH_GSASL_PC=libgsasl --# AUTH_HEIMDAL_GSSAPI=yes --# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi --# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 --# AUTH_PLAINTEXT=yes --# AUTH_SPA=yes --# AUTH_TLS=yes -+AUTH_CRAM_MD5=yes -+AUTH_CYRUS_SASL=yes -+AUTH_DOVECOT=yes -+AUTH_GSASL=yes -+AUTH_GSASL_PC=libgsasl -+AUTH_PLAINTEXT=yes -+AUTH_SPA=yes -+AUTH_TLS=yes - - # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 - # requires multiple pkg-config files to work with Exim, so the second example -@@ -674,7 +674,7 @@ FIXED_NEVER_USERS=root - # one that is set in the headers_charset option. The default setting is - # defined by this setting: - --HEADERS_CHARSET="ISO-8859-1" -+HEADERS_CHARSET="UTF-8" - - # If you are going to make use of $header_xxx expansions in your configuration - # file, or if your users are going to use them in filter files, and the normal -@@ -694,7 +694,7 @@ HEADERS_CHARSET="ISO-8859-1" - # the Sieve filter support. For those OS where iconv() is known to be installed - # as standard, the file in OS/Makefile-xxxx contains - # --# HAVE_ICONV=yes -+HAVE_ICONV=yes - # - # If you are not using one of those systems, but have installed iconv(), you - # need to uncomment that line above. In some cases, you may find that iconv() -@@ -763,11 +763,11 @@ HEADERS_CHARSET="ISO-8859-1" - # leave these settings commented out. - - # This setting is required for any TLS support (either OpenSSL or GnuTLS) --# SUPPORT_TLS=yes -+SUPPORT_TLS=yes - - # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not --# USE_OPENSSL_PC=openssl --# TLS_LIBS=-lssl -lcrypto -+TLS_INCLUDE=-I/usr/kerberos/include -+TLS_LIBS=-lssl -lcrypto - - # Uncomment the first and either the second or the third of these if you - # are using GnuTLS. If you have pkg-config, then the second, else the third. -@@ -839,7 +839,7 @@ HEADERS_CHARSET="ISO-8859-1" - # Once you have done this, "make install" will build the info files and - # install them in the directory you have defined. - --# INFO_DIRECTORY=/usr/share/info -+INFO_DIRECTORY=/usr/share/info - - - #------------------------------------------------------------------------------ -@@ -852,7 +852,7 @@ HEADERS_CHARSET="ISO-8859-1" - # %s. This will be replaced by one of the strings "main", "panic", or "reject" - # to form the final file names. Some installations may want something like this: - --# LOG_FILE_PATH=/var/log/exim_%slog -+LOG_FILE_PATH=/var/log/exim/%s.log - - # which results in files with names /var/log/exim_mainlog, etc. The directory - # in which the log files are placed must exist; Exim does not try to create -@@ -924,7 +924,7 @@ ZCAT_COMMAND=/usr/bin/zcat - # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded - # Perl costs quite a lot of resources. Only do this if you really need it. - --# EXIM_PERL=perl.o -+EXIM_PERL=perl.o - - - #------------------------------------------------------------------------------ -@@ -934,7 +934,7 @@ ZCAT_COMMAND=/usr/bin/zcat - # that the local_scan API is made available by the linker. You may also need - # to add -ldl to EXTRALIBS so that dlopen() is available to Exim. - --# EXPAND_DLFUNC=yes -+EXPAND_DLFUNC=yes - - - #------------------------------------------------------------------------------ -@@ -944,7 +944,7 @@ ZCAT_COMMAND=/usr/bin/zcat - # support, which is intended for use in conjunction with the SMTP AUTH - # facilities, is included only when requested by the following setting: - --# SUPPORT_PAM=yes -+SUPPORT_PAM=yes - - # You probably need to add -lpam to EXTRALIBS, and in some releases of - # GNU/Linux -ldl is also needed. -@@ -1052,7 +1052,7 @@ ZCAT_COMMAND=/usr/bin/zcat - # group. Once you have installed saslauthd, you should arrange for it to be - # started by root at boot time. - --# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux -+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux - - - #------------------------------------------------------------------------------ -@@ -1066,8 +1066,8 @@ ZCAT_COMMAND=/usr/bin/zcat - # library for TCP wrappers, so you probably need something like this: - # - # USE_TCP_WRAPPERS=yes --# CFLAGS=-O -I/usr/local/include --# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap -+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE) -+EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic - # - # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM - # as well. -@@ -1119,7 +1119,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases - # is "yes", as well as supporting line editing, a history of input lines in the - # current run is maintained. - --# USE_READLINE=yes -+USE_READLINE=yes - - # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes. - # Note that this option adds to the size of the Exim binary, because the -@@ -1136,7 +1136,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases - #------------------------------------------------------------------------------ - # Uncomment this setting to include IPv6 support. - --# HAVE_IPV6=yes -+HAVE_IPV6=yes - - ############################################################################### - # THINGS YOU ALMOST NEVER NEED TO MENTION # -@@ -1157,13 +1157,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases - # haven't got Perl, Exim will still build and run; you just won't be able to - # use those utilities. - --# CHOWN_COMMAND=/usr/bin/chown --# CHGRP_COMMAND=/usr/bin/chgrp --# CHMOD_COMMAND=/usr/bin/chmod --# MV_COMMAND=/bin/mv --# RM_COMMAND=/bin/rm --# TOUCH_COMMAND=/usr/bin/touch --# PERL_COMMAND=/usr/bin/perl -+CHOWN_COMMAND=/usr/bin/chown -+CHGRP_COMMAND=/usr/bin/chgrp -+CHMOD_COMMAND=/usr/bin/chmod -+MV_COMMAND=/usr/bin/mv -+RM_COMMAND=/usr/bin/rm -+TOUCH_COMMAND=/usr/bin/touch -+PERL_COMMAND=/usr/bin/perl - - - #------------------------------------------------------------------------------ -@@ -1365,7 +1365,7 @@ EXIM_TMPDIR="/tmp" - # (process id) to a file so that it can easily be identified. The path of the - # file can be specified here. Some installations may want something like this: - --# PID_FILE_PATH=/var/lock/exim.pid -+PID_FILE_PATH=/var/run/exim.pid - - # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory - # using the name "exim-daemon.pid". diff --git a/exim-4.92-cyrus.patch b/exim-4.92-cyrus.patch deleted file mode 100644 index f8e2984..0000000 --- a/exim-4.92-cyrus.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/src/configure.default b/src/configure.default -index 69e0ed1..6db4947 100644 ---- a/src/configure.default -+++ b/src/configure.default -@@ -901,6 +901,16 @@ address_reply: - driver = autoreply - - -+# This transport is used to deliver local mail to cyrus IMAP server via UNIX -+# socket. You'll need to configure the 'localuser' router above to use it. -+# -+#lmtp_delivery: -+# home_directory = /var/spool/imap -+# driver = lmtp -+# command = "/usr/lib/cyrus-imapd/deliver -l" -+# batch_max = 20 -+# user = cyrus -+ - - ###################################################################### - # RETRY CONFIGURATION # diff --git a/exim-4.92-dane-enable.patch b/exim-4.92-dane-enable.patch deleted file mode 100644 index df2f54c..0000000 --- a/exim-4.92-dane-enable.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/EDITME b/src/EDITME -index d8c4fad..37bb3ab 100644 ---- a/src/EDITME -+++ b/src/EDITME -@@ -370,7 +370,7 @@ PCRE_CONFIG=yes - # Uncomment the following line to add DANE support - # Note: Enabling this unconditionally overrides DISABLE_DNSSEC - # For DANE under GnuTLS we need an additional library. See TLS_LIBS below. --# SUPPORT_DANE=yes -+SUPPORT_DANE=yes - - #------------------------------------------------------------------------------ - # Additional libraries and include directories may be required for some diff --git a/exim-4.92-environment.patch b/exim-4.92-environment.patch deleted file mode 100644 index 831a4e7..0000000 --- a/exim-4.92-environment.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/configure.default b/src/configure.default -index 241a961..1403d4a 100644 ---- a/src/configure.default -+++ b/src/configure.default -@@ -384,8 +384,8 @@ timeout_frozen_after = 7d - # Note that TZ is handled separately by the timezone runtime option - # and TIMEZONE_DEFAULT buildtime option. - --# keep_environment = ^LDAP --# add_environment = PATH=/usr/bin::/bin -+keep_environment = ^LDAP -+add_environment = PATH=/usr/bin::/bin - - - diff --git a/exim-4.92-greylist-conf.patch b/exim-4.92-greylist-conf.patch deleted file mode 100644 index e601fc9..0000000 --- a/exim-4.92-greylist-conf.patch +++ /dev/null @@ -1,119 +0,0 @@ -diff --git a/src/configure.default b/src/configure.default -index 9242bac..eabf102 100644 ---- a/src/configure.default -+++ b/src/configure.default -@@ -119,6 +119,7 @@ hostlist relay_from_hosts = localhost - # manual for details. The lists above are used in the access control lists for - # checking incoming messages. The names of these ACLs are defined here: - -+acl_smtp_mail = acl_check_mail - acl_smtp_rcpt = acl_check_rcpt - .ifdef _HAVE_PRDR - acl_smtp_data_prdr = acl_check_prdr -@@ -395,6 +396,29 @@ timeout_frozen_after = 7d - - begin acl - -+ -+# This access control list is used for the MAIL command in an incoming -+# SMTP message. -+ -+acl_check_mail: -+ -+ # Hosts are required to say HELO (or EHLO) before sending mail. -+ # So don't allow them to use the MAIL command if they haven't -+ # done so. -+ -+ deny condition = ${if eq{$sender_helo_name}{} {1}} -+ message = Nice boys say HELO first -+ -+ # Use the lack of reverse DNS to trigger greylisting. Some people -+ # even reject for it but that would be a little excessive. -+ -+ warn condition = ${if eq{$sender_host_name}{} {1}} -+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons -+ -+ accept -+ -+ -+ - # This access control list is used for every RCPT command in an incoming - # SMTP message. The tests are run in order until the address is either - # accepted or denied. -@@ -520,7 +544,8 @@ acl_check_rcpt: - # There are no default checks on DNS black lists because the domains that - # contain these lists are changing all the time. However, here are two - # examples of how you can get Exim to perform a DNS black list lookup at this -- # point. The first one denies, whereas the second just warns. -+ # point. The first one denies, whereas the second just warns. The third -+ # triggers greylisting for any host in the blacklist. - # - # deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text - # dnslists = black.list.example -@@ -528,6 +553,10 @@ acl_check_rcpt: - # warn dnslists = black.list.example - # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain - # log_message = found in $dnslist_domain -+ # -+ # warn dnslists = black.list.example -+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons -+ # - ############################################################################# - - ############################################################################# -@@ -554,6 +583,10 @@ acl_check_rcpt: - # set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER} - ############################################################################# - -+ # Alternatively, greylist for it: -+ # warn !verify = csa -+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons -+ - # At this point, the address has passed all the checks that have been - # configured, so we accept it unconditionally. - -@@ -612,6 +645,12 @@ acl_check_data: - # deny condition = ${if !def:h_Message-ID: {1}} - # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\ - # Most messages without it are spam, so your mail has been rejected. -+ # -+ # Alternatively if we're feeling more lenient we could just use it to -+ # trigger greylisting instead: -+ -+ warn condition = ${if !def:h_Message-ID: {1}} -+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons - - # Deny if the message contains a virus. Before enabling this check, you - # must install a virus scanner and set the av_scanner option above. -@@ -658,8 +697,31 @@ acl_check_data: - # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\ - # $spam_report - -+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5 -+ # -+ # warn condition = ${if >{$spam_score_int}{5} {1}} -+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons -+ -+ -+ # If you want to greylist _all_ mail rather than only mail which looks like there -+ # might be something wrong with it, then you can do this... -+ # -+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons -+ -+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist -+ # package which contains this subroutine, and you need to uncomment the bit below -+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty, -+ # greylisting will kick in and will defer the mail to check if the sender is a -+ # proper mail which which retries, or whether it's a zombie. For more details, see -+ # the exim-greylist.conf.inc file itself. -+ # -+ # require acl = greylist_mail -+ - accept - -+# To enable the greylisting, also uncomment this line: -+# .include /etc/exim/exim-greylist.conf.inc -+ - acl_check_mime: - - # File extension filtering. diff --git a/exim-4.92-localhost-is-local.patch b/exim-4.92-localhost-is-local.patch deleted file mode 100644 index 02a10a2..0000000 --- a/exim-4.92-localhost-is-local.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/configure.default b/src/configure.default -index 09f0b36..9242bac 100644 ---- a/src/configure.default -+++ b/src/configure.default -@@ -67,7 +67,7 @@ - # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They - # are all colon-separated lists: - --domainlist local_domains = @ -+domainlist local_domains = @ : localhost : localhost.localdomain - domainlist relay_to_domains = - hostlist relay_from_hosts = localhost - # (We rely upon hostname resolution working for localhost, because the default diff --git a/exim-4.92-pamconfig.patch b/exim-4.92-pamconfig.patch deleted file mode 100644 index bbe3dde..0000000 --- a/exim-4.92-pamconfig.patch +++ /dev/null @@ -1,78 +0,0 @@ -diff --git a/src/configure.default b/src/configure.default -index 6db4947..f1198b1 100644 ---- a/src/configure.default -+++ b/src/configure.default -@@ -157,7 +157,7 @@ acl_smtp_data = acl_check_data - - # Allow any client to use TLS. - --# tls_advertise_hosts = * -+tls_advertise_hosts = * - - # Specify the location of the Exim server's TLS certificate and private key. - # The private key must not be encrypted (password protected). You can put -@@ -165,8 +165,8 @@ acl_smtp_data = acl_check_data - # need the first setting, or in separate files, in which case you need both - # options. - --# tls_certificate = /etc/ssl/exim.crt --# tls_privatekey = /etc/ssl/exim.pem -+tls_certificate = /etc/pki/tls/certs/exim.pem -+tls_privatekey = /etc/pki/tls/private/exim.pem - - # For OpenSSL, prefer EC- over RSA-authenticated ciphers - # tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT -@@ -180,8 +180,8 @@ acl_smtp_data = acl_check_data - # them you should also allow TLS-on-connect on the traditional but - # non-standard port 465. - --# daemon_smtp_ports = 25 : 465 : 587 --# tls_on_connect_ports = 465 -+daemon_smtp_ports = 25 : 465 : 587 -+tls_on_connect_ports = 465 - - - # Specify the domain you want to be added to all unqualified addresses -@@ -239,6 +239,24 @@ never_users = root - - host_lookup = * - -+# This setting, if uncommented, allows users to authenticate using -+# their system passwords against saslauthd if they connect over a -+# secure connection. If you have network logins such as NIS or -+# Kerberos rather than only local users, then you possibly also want -+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism -+# too. Once a user is authenticated, the acl_check_rcpt ACL then -+# allows them to relay through the system. -+# -+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}} -+# -+# By default, we set this option to allow SMTP AUTH from nowhere -+# (Exim's default would be to allow it from anywhere, even on an -+# unencrypted connection). -+# -+# Comment this one out if you uncomment the above. Did you make sure -+# saslauthd is actually running first? -+# -+auth_advertise_hosts = - - # The setting below causes Exim to try to initialize the system resolver - # library with DNSSEC support. It has no effect if your library lacks -@@ -980,7 +998,7 @@ begin authenticators - # driver = plaintext - # server_set_id = $auth2 - # server_prompts = : --# server_condition = Authentication is not yet configured -+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}} - # server_advertise_condition = ${if def:tls_in_cipher } - - # LOGIN authentication has traditional prompts and responses. There is no -@@ -992,7 +1010,7 @@ begin authenticators - # driver = plaintext - # server_set_id = $auth1 - # server_prompts = <| Username: | Password: --# server_condition = Authentication is not yet configured -+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}} - # server_advertise_condition = ${if def:tls_in_cipher } - - diff --git a/exim-4.92-procmail.patch b/exim-4.92-procmail.patch deleted file mode 100644 index 5fd6f73..0000000 --- a/exim-4.92-procmail.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff --git a/src/configure.default b/src/configure.default -index 8f88a3b..cef3779 100644 ---- a/src/configure.default -+++ b/src/configure.default -@@ -818,6 +818,12 @@ userforward: - pipe_transport = address_pipe - reply_transport = address_reply - -+procmail: -+ driver = accept -+ check_local_user -+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail -+ transport = procmail -+ no_verify - - # This router matches local user mailboxes. If the router fails, the error - # message is "Unknown user". -@@ -866,6 +872,16 @@ remote_smtp: - hosts_try_prdr = * - .endif - -+# This transport invokes procmail to deliver mail -+procmail: -+ driver = pipe -+ command = "/usr/bin/procmail -d $local_part" -+ return_path_add -+ delivery_date_add -+ envelope_to_add -+ user = $local_part -+ initgroups -+ return_output - - # This transport is used for delivering messages to a smarthost, if the - # smarthost router is enabled. This starts from the same basis as diff --git a/exim-4.92-rhl.patch b/exim-4.92-rhl.patch deleted file mode 100644 index 236da8f..0000000 --- a/exim-4.92-rhl.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/src/configure.default b/src/configure.default -index 555dec3..69e0ed1 100644 ---- a/src/configure.default -+++ b/src/configure.default -@@ -718,7 +718,7 @@ system_aliases: - driver = redirect - allow_fail - allow_defer -- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}} -+ data = ${lookup{$local_part}lsearch{/etc/aliases}} - # user = exim - file_transport = address_file - pipe_transport = address_pipe -@@ -867,8 +867,8 @@ local_delivery: - delivery_date_add - envelope_to_add - return_path_add --# group = mail --# mode = 0660 -+ group = mail -+ mode = 0660 - - - # This transport is used for handling pipe deliveries generated by alias or diff --git a/exim-4.92-smarthost-config.patch b/exim-4.92-smarthost-config.patch deleted file mode 100644 index 08ecc1c..0000000 --- a/exim-4.92-smarthost-config.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/src/configure.default b/src/configure.default -index eabf102..db2d98a 100644 ---- a/src/configure.default -+++ b/src/configure.default -@@ -934,6 +934,15 @@ remote_smtp: - hosts_try_prdr = * - .endif - -+# This transport is used for delivering messages over SMTP using the -+# "message submission" port (RFC4409). -+ -+remote_msa: -+ driver = smtp -+ port = 587 -+ hosts_require_auth = * -+ -+ - # This transport invokes procmail to deliver mail - procmail: - driver = pipe -@@ -1083,6 +1092,21 @@ begin rewrite - # AUTHENTICATION CONFIGURATION # - ###################################################################### - -+begin authenticators -+ -+# This authenticator supports CRAM-MD5 username/password authentication -+# with Exim acting as a _client_, as it might when sending its outgoing -+# mail to a smarthost rather than directly to the final recipient. -+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate. -+ -+#client_auth: -+# driver = cram_md5 -+# public_name = CRAM-MD5 -+# client_name = SMTPAUTH_USERNAME -+# client_secret = SMTPAUTH_PASSWORD -+ -+# -+ - # The following authenticators support plaintext username/password - # authentication using the standard PLAIN mechanism and the traditional - # but non-standard LOGIN mechanism, with Exim acting as the server. -@@ -1098,7 +1122,7 @@ begin rewrite - # The default RCPT ACL checks for successful authentication, and will accept - # messages from authenticated users from anywhere on the Internet. - --begin authenticators -+# - - # PLAIN authentication has no server prompts. The client sends its - # credentials in one lump, containing an authorization ID (which we do not diff --git a/exim-4.92-spamdconf.patch b/exim-4.92-spamdconf.patch deleted file mode 100644 index cab7969..0000000 --- a/exim-4.92-spamdconf.patch +++ /dev/null @@ -1,108 +0,0 @@ -diff --git a/src/configure.default b/src/configure.default -index f1198b1..8f88a3b 100644 ---- a/src/configure.default -+++ b/src/configure.default -@@ -124,6 +124,7 @@ acl_smtp_rcpt = acl_check_rcpt - acl_smtp_data_prdr = acl_check_prdr - .endif - acl_smtp_data = acl_check_data -+acl_smtp_mime = acl_check_mime - - # You should not change those settings until you understand how ACLs work. - -@@ -136,7 +137,7 @@ acl_smtp_data = acl_check_data - # of what to set for other virus scanners. The second modification is in the - # acl_check_data access control list (see below). - --# av_scanner = clamd:/tmp/clamd -+av_scanner = clamd:/var/run/clamd.exim/clamd.sock - - - # For spam scanning, there is a similar option that defines the interface to -@@ -458,7 +459,8 @@ acl_check_rcpt: - accept local_parts = postmaster - domains = +local_domains - -- # Deny unless the sender address can be verified. -+ # Deny unless the sender address can be routed. For proper verification of the -+ # address, read the documentation on callouts and add the /callout modifier. - - require verify = sender - -@@ -601,21 +603,26 @@ acl_check_data: - message = header syntax - log_message = header syntax ($acl_verify_message) - -+ # Put simple tests first. A good one is to check for the presence of a -+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken -+ # or misconfigured mailer software occasionally omits this from genuine -+ # messages too, though -- although it's not hard for the offender to fix -+ # after they receive a bounce because of it. -+ # -+ # deny condition = ${if !def:h_Message-ID: {1}} -+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\ -+ # Most messages without it are spam, so your mail has been rejected. -+ - # Deny if the message contains a virus. Before enabling this check, you - # must install a virus scanner and set the av_scanner option above. - # - # deny malware = * - # message = This message contains a virus ($malware_name). - -- # Add headers to a message if it is judged to be spam. Before enabling this, -- # you must install SpamAssassin. You may also need to set the spamd_address -- # option above. -+ # Bypass SpamAssassin checks if the message is too large. - # -- # warn spam = nobody -- # add_header = X-Spam_score: $spam_score\n\ -- # X-Spam_score_int: $spam_score_int\n\ -- # X-Spam_bar: $spam_bar\n\ -- # X-Spam_report: $spam_report -+ # accept condition = ${if >={$message_size}{100000} {1}} -+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size - - ############################################################################# - # No more tests if PRDR was actively used. -@@ -629,11 +636,40 @@ acl_check_data: - # condition = ... - ############################################################################# - -+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message -+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA -+ # score exceeds the SA system threshold. -+ # -+ # warn spam = nobody/defer_ok -+ # add_header = X-Spam-Flag: YES -+ # -+ # accept condition = ${if !def:spam_score_int {1}} -+ # add_header = X-Spam-Note: SpamAssassin invocation failed -+ # - -- # Accept the message. -+ # Unconditionally add score and report headers -+ # -+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\ -+ # X-Spam-Report: $spam_report -+ -+ # And reject if the SpamAssassin score is greater than ten -+ # -+ # deny condition = ${if >{$spam_score_int}{100} {1}} -+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\ -+ # $spam_report - - accept - -+acl_check_mime: -+ -+ # File extension filtering. -+ deny message = Blacklisted file extension detected -+ condition = ${if match \ -+ {${lc:$mime_filename}} \ -+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \ -+ {1}{0}} -+ -+ accept - - - ###################################################################### diff --git a/exim-4.92-support-proxies.patch b/exim-4.92-support-proxies.patch deleted file mode 100644 index 32c1284..0000000 --- a/exim-4.92-support-proxies.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff --git a/src/EDITME b/src/EDITME -index a588b25..d8c4fad 100644 ---- a/src/EDITME -+++ b/src/EDITME -@@ -970,12 +970,12 @@ SUPPORT_PAM=yes - # If you may want to use outbound (client-side) proxying, using Socks5, - # uncomment the line below. - --# SUPPORT_SOCKS=yes -+SUPPORT_SOCKS=yes - - # If you may want to use inbound (server-side) proxying, using Proxy Protocol, - # uncomment the line below. - --# SUPPORT_PROXY=yes -+SUPPORT_PROXY=yes - - - #------------------------------------------------------------------------------ diff --git a/exim-4.93-config.patch b/exim-4.93-config.patch new file mode 100644 index 0000000..ddc3be5 --- /dev/null +++ b/exim-4.93-config.patch @@ -0,0 +1,781 @@ +diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile +index ecd2083..cf1eeb2 100755 +--- a/scripts/Configure-Makefile ++++ b/scripts/Configure-Makefile +@@ -297,7 +297,7 @@ if [ "${EXIM_PERL}" != "" ] ; then + + mv $mft $mftt + echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft +- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft ++ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft + echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft + echo "" >>$mft + cat $mftt >> $mft +diff --git a/src/EDITME b/src/EDITME +index 83325ab..968ef81 100644 +--- a/src/EDITME ++++ b/src/EDITME +@@ -100,7 +100,7 @@ + # /usr/local/sbin. The installation script will try to create this directory, + # and any superior directories, if they do not exist. + +-BIN_DIRECTORY=/usr/exim/bin ++BIN_DIRECTORY=/usr/sbin + + + #------------------------------------------------------------------------------ +@@ -116,7 +116,7 @@ BIN_DIRECTORY=/usr/exim/bin + # don't exist. It will also install a default runtime configuration if this + # file does not exist. + +-CONFIGURE_FILE=/usr/exim/configure ++CONFIGURE_FILE=/etc/exim/exim.conf + + # It is possible to specify a colon-separated list of files for CONFIGURE_FILE. + # In this case, Exim will use the first of them that exists when it is run. +@@ -133,7 +133,7 @@ CONFIGURE_FILE=/usr/exim/configure + # deliveries. (Local deliveries run as various non-root users, typically as the + # owner of a local mailbox.) Specifying these values as root is not supported. + +-EXIM_USER= ++EXIM_USER=93 + + # If you specify EXIM_USER as a name, this is looked up at build time, and the + # uid number is built into the binary. However, you can specify that this +@@ -154,7 +154,7 @@ EXIM_USER= + # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless + # you want to use a group other than the default group for the given user. + +-# EXIM_GROUP= ++EXIM_GROUP=93 + + # Many sites define a user called "exim", with an appropriate default group, + # and use +@@ -211,10 +211,10 @@ SPOOL_DIRECTORY=/var/spool/exim + # If you are buliding with TLS, the library configuration must be done: + + # Uncomment this if you are using OpenSSL +-# USE_OPENSSL=yes ++USE_OPENSSL=yes + # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not + # and an optional location. +-# USE_OPENSSL_PC=openssl ++USE_OPENSSL_PC=openssl + # TLS_LIBS=-lssl -lcrypto + # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto + +@@ -338,7 +338,7 @@ TRANSPORT_SMTP=yes + # This one is special-purpose, and commonly not required, so it is not + # included by default. + +-# TRANSPORT_LMTP=yes ++TRANSPORT_LMTP=yes + + + #------------------------------------------------------------------------------ +@@ -347,9 +347,9 @@ TRANSPORT_SMTP=yes + # MBX, is included only when requested. If you do not know what this is about, + # leave these settings commented out. + +-# SUPPORT_MAILDIR=yes +-# SUPPORT_MAILSTORE=yes +-# SUPPORT_MBX=yes ++SUPPORT_MAILDIR=yes ++SUPPORT_MAILSTORE=yes ++SUPPORT_MBX=yes + + + #------------------------------------------------------------------------------ +@@ -407,20 +407,25 @@ LOOKUP_DBM=yes + LOOKUP_LSEARCH=yes + LOOKUP_DNSDB=yes + +-# LOOKUP_CDB=yes +-# LOOKUP_DSEARCH=yes ++LOOKUP_CDB=yes ++LOOKUP_DSEARCH=yes + # LOOKUP_IBASE=yes + # LOOKUP_JSON=yes +-# LOOKUP_LDAP=yes +-# LOOKUP_MYSQL=yes +-# LOOKUP_MYSQL_PC=mariadb +-# LOOKUP_NIS=yes +-# LOOKUP_NISPLUS=yes ++LOOKUP_LDAP=yes ++LDAP_LIB_TYPE=OPENLDAP2 ++LOOKUP_INCLUDE=-I/usr/include/mysql ++LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient ++LOOKUP_MYSQL=2 ++#LOOKUP_MYSQL_PC=mariadb ++LOOKUP_NIS=yes ++LOOKUP_NISPLUS=yes ++ + # LOOKUP_ORACLE=yes +-# LOOKUP_PASSWD=yes +-# LOOKUP_PGSQL=yes ++LOOKUP_PASSWD=yes ++LOOKUP_PGSQL=2 ++LOOKUP_PGSQL_LIBS=-lpq + # LOOKUP_REDIS=yes +-# LOOKUP_SQLITE=yes ++LOOKUP_SQLITE=yes + # LOOKUP_SQLITE_PC=sqlite3 + # LOOKUP_WHOSON=yes + +@@ -433,7 +438,7 @@ LOOKUP_DNSDB=yes + + + # Some platforms may need this for LOOKUP_NIS: +-# LIBS += -lnsl ++LIBS += -lnsl + + #------------------------------------------------------------------------------ + # If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate +@@ -499,7 +504,7 @@ SUPPORT_DANE=yes + # files are defaulted in the OS/Makefile-Default file, but can be overridden in + # local OS-specific make files. + +-# EXIM_MONITOR=eximon.bin ++EXIM_MONITOR=eximon.bin + + + #------------------------------------------------------------------------------ +@@ -509,7 +514,7 @@ SUPPORT_DANE=yes + # and the MIME ACL. Please read the documentation to learn more about these + # features. + +-# WITH_CONTENT_SCAN=yes ++WITH_CONTENT_SCAN=yes + + # If you have content scanning you may wish to only include some of the scanner + # interfaces. Uncomment any of these lines to remove that code. +@@ -597,7 +602,7 @@ DISABLE_MAL_MKS=yes + # LDFLAGS += -lopendmarc + # Uncomment the following if you need to change the default. You can + # override it at runtime (main config option dmarc_tld_file) +-# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds ++DMARC_TLD_FILE=/usr/share/publicsuffix/public_suffix_list.dat + + # Uncomment the following line to add ARC (Authenticated Received Chain) + # support. You must have SPF and DKIM support enabled also. +@@ -707,7 +712,7 @@ FIXED_NEVER_USERS=root + # CONFIGURE_OWNER setting, to specify a configuration file which is listed in + # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. + +-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs ++TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs + + + #------------------------------------------------------------------------------ +@@ -752,18 +757,18 @@ FIXED_NEVER_USERS=root + # included in the Exim binary. You will then need to set up the run time + # configuration to make use of the mechanism(s) selected. + +-# AUTH_CRAM_MD5=yes +-# AUTH_CYRUS_SASL=yes +-# AUTH_DOVECOT=yes ++AUTH_CRAM_MD5=yes ++AUTH_CYRUS_SASL=yes ++AUTH_DOVECOT=yes + # AUTH_EXTERNAL=yes +-# AUTH_GSASL=yes +-# AUTH_GSASL_PC=libgsasl ++AUTH_GSASL=yes ++AUTH_GSASL_PC=libgsasl + # AUTH_HEIMDAL_GSSAPI=yes + # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi + # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 +-# AUTH_PLAINTEXT=yes +-# AUTH_SPA=yes +-# AUTH_TLS=yes ++AUTH_PLAINTEXT=yes ++AUTH_SPA=yes ++AUTH_TLS=yes + + # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 + # requires multiple pkg-config files to work with Exim, so the second example +@@ -787,7 +792,7 @@ FIXED_NEVER_USERS=root + # one that is set in the headers_charset option. The default setting is + # defined by this setting: + +-HEADERS_CHARSET="ISO-8859-1" ++HEADERS_CHARSET="UTF-8" + + # If you are going to make use of $header_xxx expansions in your configuration + # file, or if your users are going to use them in filter files, and the normal +@@ -807,7 +812,7 @@ HEADERS_CHARSET="ISO-8859-1" + # the Sieve filter support. For those OS where iconv() is known to be installed + # as standard, the file in OS/Makefile-xxxx contains + # +-# HAVE_ICONV=yes ++HAVE_ICONV=yes + # + # If you are not using one of those systems, but have installed iconv(), you + # need to uncomment that line above. In some cases, you may find that iconv() +@@ -883,7 +888,7 @@ HEADERS_CHARSET="ISO-8859-1" + # Once you have done this, "make install" will build the info files and + # install them in the directory you have defined. + +-# INFO_DIRECTORY=/usr/share/info ++INFO_DIRECTORY=/usr/share/info + + + #------------------------------------------------------------------------------ +@@ -896,7 +901,7 @@ HEADERS_CHARSET="ISO-8859-1" + # %s. This will be replaced by one of the strings "main", "panic", or "reject" + # to form the final file names. Some installations may want something like this: + +-# LOG_FILE_PATH=/var/log/exim_%slog ++LOG_FILE_PATH=/var/log/exim/%s.log + + # which results in files with names /var/log/exim_mainlog, etc. The directory + # in which the log files are placed must exist; Exim does not try to create +@@ -968,7 +973,7 @@ ZCAT_COMMAND=/usr/bin/zcat + # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded + # Perl costs quite a lot of resources. Only do this if you really need it. + +-# EXIM_PERL=perl.o ++EXIM_PERL=perl.o + + + #------------------------------------------------------------------------------ +@@ -978,7 +983,7 @@ ZCAT_COMMAND=/usr/bin/zcat + # that the local_scan API is made available by the linker. You may also need + # to add -ldl to EXTRALIBS so that dlopen() is available to Exim. + +-# EXPAND_DLFUNC=yes ++EXPAND_DLFUNC=yes + + + #------------------------------------------------------------------------------ +@@ -988,7 +993,7 @@ ZCAT_COMMAND=/usr/bin/zcat + # support, which is intended for use in conjunction with the SMTP AUTH + # facilities, is included only when requested by the following setting: + +-# SUPPORT_PAM=yes ++SUPPORT_PAM=yes + + # You probably need to add -lpam to EXTRALIBS, and in some releases of + # GNU/Linux -ldl is also needed. +@@ -1000,12 +1005,12 @@ ZCAT_COMMAND=/usr/bin/zcat + # If you may want to use outbound (client-side) proxying, using Socks5, + # uncomment the line below. + +-# SUPPORT_SOCKS=yes ++SUPPORT_SOCKS=yes + + # If you may want to use inbound (server-side) proxying, using Proxy Protocol, + # uncomment the line below. + +-# SUPPORT_PROXY=yes ++SUPPORT_PROXY=yes + + + #------------------------------------------------------------------------------ +@@ -1096,7 +1101,7 @@ ZCAT_COMMAND=/usr/bin/zcat + # group. Once you have installed saslauthd, you should arrange for it to be + # started by root at boot time. + +-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux ++CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux + + + #------------------------------------------------------------------------------ +@@ -1110,8 +1115,8 @@ ZCAT_COMMAND=/usr/bin/zcat + # library for TCP wrappers, so you probably need something like this: + # + # USE_TCP_WRAPPERS=yes +-# CFLAGS=-O -I/usr/local/include +-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap ++CFLAGS+=$(RPM_OPT_FLAGS) $(PIE) -std=gnu99 ++EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic + # + # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM + # as well. +@@ -1163,7 +1168,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases + # is "yes", as well as supporting line editing, a history of input lines in the + # current run is maintained. + +-# USE_READLINE=yes ++USE_READLINE=yes + + # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes. + # Note that this option adds to the size of the Exim binary, because the +@@ -1180,7 +1185,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases + #------------------------------------------------------------------------------ + # Uncomment this setting to include IPv6 support. + +-# HAVE_IPV6=yes ++HAVE_IPV6=yes + + ############################################################################### + # THINGS YOU ALMOST NEVER NEED TO MENTION # +@@ -1201,13 +1206,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases + # haven't got Perl, Exim will still build and run; you just won't be able to + # use those utilities. + +-# CHOWN_COMMAND=/usr/bin/chown +-# CHGRP_COMMAND=/usr/bin/chgrp +-# CHMOD_COMMAND=/usr/bin/chmod +-# MV_COMMAND=/bin/mv +-# RM_COMMAND=/bin/rm +-# TOUCH_COMMAND=/usr/bin/touch +-# PERL_COMMAND=/usr/bin/perl ++CHOWN_COMMAND=/usr/bin/chown ++CHGRP_COMMAND=/usr/bin/chgrp ++CHMOD_COMMAND=/usr/bin/chmod ++MV_COMMAND=/usr/bin/mv ++RM_COMMAND=/usr/bin/rm ++TOUCH_COMMAND=/usr/bin/touch ++PERL_COMMAND=/usr/bin/perl + + + #------------------------------------------------------------------------------ +@@ -1409,7 +1414,7 @@ EXIM_TMPDIR="/tmp" + # (process id) to a file so that it can easily be identified. The path of the + # file can be specified here. Some installations may want something like this: + +-# PID_FILE_PATH=/var/lock/exim.pid ++PID_FILE_PATH=/var/run/exim.pid + + # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory + # using the name "exim-daemon.pid". +diff --git a/src/configure.default b/src/configure.default +index cf38305..8ddabfe 100644 +--- a/src/configure.default ++++ b/src/configure.default +@@ -67,7 +67,7 @@ + # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They + # are all colon-separated lists: + +-domainlist local_domains = @ ++domainlist local_domains = @ : localhost : localhost.localdomain + domainlist relay_to_domains = + hostlist relay_from_hosts = localhost + # (We rely upon hostname resolution working for localhost, because the default +@@ -119,11 +119,13 @@ hostlist relay_from_hosts = localhost + # manual for details. The lists above are used in the access control lists for + # checking incoming messages. The names of these ACLs are defined here: + ++acl_smtp_mail = acl_check_mail + acl_smtp_rcpt = acl_check_rcpt + .ifdef _HAVE_PRDR + acl_smtp_data_prdr = acl_check_prdr + .endif + acl_smtp_data = acl_check_data ++acl_smtp_mime = acl_check_mime + + # You should not change those settings until you understand how ACLs work. + +@@ -136,7 +138,7 @@ acl_smtp_data = acl_check_data + # of what to set for other virus scanners. The second modification is in the + # acl_check_data access control list (see below). + +-# av_scanner = clamd:/tmp/clamd ++av_scanner = clamd:/var/run/clamd.exim/clamd.sock + + + # For spam scanning, there is a similar option that defines the interface to +@@ -157,7 +159,7 @@ acl_smtp_data = acl_check_data + + # Allow any client to use TLS. + +-# tls_advertise_hosts = * ++tls_advertise_hosts = * + + # Specify the location of the Exim server's TLS certificate and private key. + # The private key must not be encrypted (password protected). You can put +@@ -165,8 +167,8 @@ acl_smtp_data = acl_check_data + # need the first setting, or in separate files, in which case you need both + # options. + +-# tls_certificate = /etc/ssl/exim.crt +-# tls_privatekey = /etc/ssl/exim.pem ++tls_certificate = /etc/pki/tls/certs/exim.pem ++tls_privatekey = /etc/pki/tls/private/exim.pem + + # For OpenSSL, prefer EC- over RSA-authenticated ciphers + # tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT +@@ -180,8 +182,8 @@ acl_smtp_data = acl_check_data + # them you should also allow TLS-on-connect on the traditional but + # non-standard port 465. + +-# daemon_smtp_ports = 25 : 465 : 587 +-# tls_on_connect_ports = 465 ++daemon_smtp_ports = 25 : 465 : 587 ++tls_on_connect_ports = 465 + + + # Specify the domain you want to be added to all unqualified addresses +@@ -239,6 +241,24 @@ never_users = root + + host_lookup = * + ++# This setting, if uncommented, allows users to authenticate using ++# their system passwords against saslauthd if they connect over a ++# secure connection. If you have network logins such as NIS or ++# Kerberos rather than only local users, then you possibly also want ++# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism ++# too. Once a user is authenticated, the acl_check_rcpt ACL then ++# allows them to relay through the system. ++# ++# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}} ++# ++# By default, we set this option to allow SMTP AUTH from nowhere ++# (Exim's default would be to allow it from anywhere, even on an ++# unencrypted connection). ++# ++# Comment this one out if you uncomment the above. Did you make sure ++# saslauthd is actually running first? ++# ++auth_advertise_hosts = + + # The setting below causes Exim to try to initialize the system resolver + # library with DNSSEC support. It has no effect if your library lacks +@@ -369,8 +389,8 @@ timeout_frozen_after = 7d + # Note that TZ is handled separately by the timezone runtime option + # and TIMEZONE_DEFAULT buildtime option. + +-# keep_environment = ^LDAP +-# add_environment = PATH=/usr/bin::/bin ++keep_environment = ^LDAP ++add_environment = PATH=/usr/bin::/bin + + + +@@ -381,6 +401,29 @@ timeout_frozen_after = 7d + + begin acl + ++ ++# This access control list is used for the MAIL command in an incoming ++# SMTP message. ++ ++acl_check_mail: ++ ++ # Hosts are required to say HELO (or EHLO) before sending mail. ++ # So don't allow them to use the MAIL command if they haven't ++ # done so. ++ ++ deny condition = ${if eq{$sender_helo_name}{} {1}} ++ message = Nice boys say HELO first ++ ++ # Use the lack of reverse DNS to trigger greylisting. Some people ++ # even reject for it but that would be a little excessive. ++ ++ warn condition = ${if eq{$sender_host_name}{} {1}} ++ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons ++ ++ accept ++ ++ ++ + # This access control list is used for every RCPT command in an incoming + # SMTP message. The tests are run in order until the address is either + # accepted or denied. +@@ -392,6 +435,7 @@ acl_check_rcpt: + + accept hosts = : + control = dkim_disable_verify ++ control = dmarc_disable_verify + + ############################################################################# + # The following section of the ACL is concerned with local parts that contain +@@ -445,7 +489,8 @@ acl_check_rcpt: + accept local_parts = postmaster + domains = +local_domains + +- # Deny unless the sender address can be verified. ++ # Deny unless the sender address can be routed. For proper verification of the ++ # address, read the documentation on callouts and add the /callout modifier. + + require verify = sender + +@@ -471,6 +516,7 @@ acl_check_rcpt: + accept hosts = +relay_from_hosts + control = submission + control = dkim_disable_verify ++ control = dmarc_disable_verify + + # Accept if the message arrived over an authenticated connection, from + # any host. Again, these messages are usually from MUAs, so recipient +@@ -480,6 +526,7 @@ acl_check_rcpt: + accept authenticated = * + control = submission + control = dkim_disable_verify ++ control = dmarc_disable_verify + + # Insist that a HELO/EHLO was accepted. + +@@ -505,7 +552,8 @@ acl_check_rcpt: + # There are no default checks on DNS black lists because the domains that + # contain these lists are changing all the time. However, here are two + # examples of how you can get Exim to perform a DNS black list lookup at this +- # point. The first one denies, whereas the second just warns. ++ # point. The first one denies, whereas the second just warns. The third ++ # triggers greylisting for any host in the blacklist. + # + # deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + # dnslists = black.list.example +@@ -513,6 +561,10 @@ acl_check_rcpt: + # warn dnslists = black.list.example + # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain + # log_message = found in $dnslist_domain ++ # ++ # warn dnslists = black.list.example ++ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons ++ # + ############################################################################# + + ############################################################################# +@@ -539,6 +591,10 @@ acl_check_rcpt: + # set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER} + ############################################################################# + ++ # Alternatively, greylist for it: ++ # warn !verify = csa ++ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons ++ + # At this point, the address has passed all the checks that have been + # configured, so we accept it unconditionally. + +@@ -588,21 +644,32 @@ acl_check_data: + message = header syntax + log_message = header syntax ($acl_verify_message) + ++ # Put simple tests first. A good one is to check for the presence of a ++ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken ++ # or misconfigured mailer software occasionally omits this from genuine ++ # messages too, though -- although it's not hard for the offender to fix ++ # after they receive a bounce because of it. ++ # ++ # deny condition = ${if !def:h_Message-ID: {1}} ++ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\ ++ # Most messages without it are spam, so your mail has been rejected. ++ # ++ # Alternatively if we're feeling more lenient we could just use it to ++ # trigger greylisting instead: ++ ++ warn condition = ${if !def:h_Message-ID: {1}} ++ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons ++ + # Deny if the message contains a virus. Before enabling this check, you + # must install a virus scanner and set the av_scanner option above. + # + # deny malware = * + # message = This message contains a virus ($malware_name). + +- # Add headers to a message if it is judged to be spam. Before enabling this, +- # you must install SpamAssassin. You may also need to set the spamd_address +- # option above. ++ # Bypass SpamAssassin checks if the message is too large. + # +- # warn spam = nobody +- # add_header = X-Spam_score: $spam_score\n\ +- # X-Spam_score_int: $spam_score_int\n\ +- # X-Spam_bar: $spam_bar\n\ +- # X-Spam_report: $spam_report ++ # accept condition = ${if >={$message_size}{100000} {1}} ++ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size + + ############################################################################# + # No more tests if PRDR was actively used. +@@ -616,11 +683,63 @@ acl_check_data: + # condition = ... + ############################################################################# + ++ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message ++ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA ++ # score exceeds the SA system threshold. ++ # ++ # warn spam = nobody/defer_ok ++ # add_header = X-Spam-Flag: YES ++ # ++ # accept condition = ${if !def:spam_score_int {1}} ++ # add_header = X-Spam-Note: SpamAssassin invocation failed ++ # ++ ++ # Unconditionally add score and report headers ++ # ++ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\ ++ # X-Spam-Report: $spam_report + +- # Accept the message. ++ # And reject if the SpamAssassin score is greater than ten ++ # ++ # deny condition = ${if >{$spam_score_int}{100} {1}} ++ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\ ++ # $spam_report ++ ++ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5 ++ # ++ # warn condition = ${if >{$spam_score_int}{5} {1}} ++ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons ++ ++ ++ # If you want to greylist _all_ mail rather than only mail which looks like there ++ # might be something wrong with it, then you can do this... ++ # ++ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons ++ ++ # Now, invoke the greylisting. For this you need to have installed the exim-greylist ++ # package which contains this subroutine, and you need to uncomment the bit below ++ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty, ++ # greylisting will kick in and will defer the mail to check if the sender is a ++ # proper mail which which retries, or whether it's a zombie. For more details, see ++ # the exim-greylist.conf.inc file itself. ++ # ++ # require acl = greylist_mail + + accept + ++# To enable the greylisting, also uncomment this line: ++# .include /etc/exim/exim-greylist.conf.inc ++ ++acl_check_mime: ++ ++ # File extension filtering. ++ deny message = Blacklisted file extension detected ++ condition = ${if match \ ++ {${lc:$mime_filename}} \ ++ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \ ++ {1}{0}} ++ ++ accept + + + ###################################################################### +@@ -722,7 +841,7 @@ system_aliases: + driver = redirect + allow_fail + allow_defer +- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}} ++ data = ${lookup{$local_part}lsearch{/etc/aliases}} + # user = exim + file_transport = address_file + pipe_transport = address_pipe +@@ -760,7 +879,7 @@ userforward: + # local_part_suffix = +* : -* + # local_part_suffix_optional + file = $home/.forward +-# allow_filter ++ allow_filter + no_verify + no_expn + check_ancestor +@@ -768,6 +887,12 @@ userforward: + pipe_transport = address_pipe + reply_transport = address_reply + ++procmail: ++ driver = accept ++ check_local_user ++ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail ++ transport = procmail ++ no_verify + + # This router matches local user mailboxes. If the router fails, the error + # message is "Unknown user". +@@ -812,6 +937,25 @@ remote_smtp: + hosts_try_prdr = * + .endif + ++# This transport is used for delivering messages over SMTP using the ++# "message submission" port (RFC4409). ++ ++remote_msa: ++ driver = smtp ++ port = 587 ++ hosts_require_auth = * ++ ++ ++# This transport invokes procmail to deliver mail ++procmail: ++ driver = pipe ++ command = "/usr/bin/procmail -d $local_part" ++ return_path_add ++ delivery_date_add ++ envelope_to_add ++ user = $local_part ++ initgroups ++ return_output + + # This transport is used for delivering messages to a smarthost, if the + # smarthost router is enabled. This starts from the same basis as +@@ -867,8 +1011,8 @@ local_delivery: + delivery_date_add + envelope_to_add + return_path_add +-# group = mail +-# mode = 0660 ++ group = mail ++ mode = 0660 + + + # This transport is used for handling pipe deliveries generated by alias or +@@ -901,6 +1045,16 @@ address_reply: + driver = autoreply + + ++# This transport is used to deliver local mail to cyrus IMAP server via UNIX ++# socket. You'll need to configure the 'localuser' router above to use it. ++# ++#lmtp_delivery: ++# home_directory = /var/spool/imap ++# driver = lmtp ++# command = "/usr/lib/cyrus-imapd/deliver -l" ++# batch_max = 20 ++# user = cyrus ++ + + ###################################################################### + # RETRY CONFIGURATION # +@@ -941,6 +1095,21 @@ begin rewrite + # AUTHENTICATION CONFIGURATION # + ###################################################################### + ++begin authenticators ++ ++# This authenticator supports CRAM-MD5 username/password authentication ++# with Exim acting as a _client_, as it might when sending its outgoing ++# mail to a smarthost rather than directly to the final recipient. ++# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate. ++ ++#client_auth: ++# driver = cram_md5 ++# public_name = CRAM-MD5 ++# client_name = SMTPAUTH_USERNAME ++# client_secret = SMTPAUTH_PASSWORD ++ ++# ++ + # The following authenticators support plaintext username/password + # authentication using the standard PLAIN mechanism and the traditional + # but non-standard LOGIN mechanism, with Exim acting as the server. +@@ -956,7 +1125,7 @@ begin rewrite + # The default RCPT ACL checks for successful authentication, and will accept + # messages from authenticated users from anywhere on the Internet. + +-begin authenticators ++# + + # PLAIN authentication has no server prompts. The client sends its + # credentials in one lump, containing an authorization ID (which we do not +@@ -970,7 +1139,7 @@ begin authenticators + # driver = plaintext + # server_set_id = $auth2 + # server_prompts = : +-# server_condition = Authentication is not yet configured ++# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}} + # server_advertise_condition = ${if def:tls_in_cipher } + + # LOGIN authentication has traditional prompts and responses. There is no +@@ -982,7 +1151,7 @@ begin authenticators + # driver = plaintext + # server_set_id = $auth1 + # server_prompts = <| Username: | Password: +-# server_condition = Authentication is not yet configured ++# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}} + # server_advertise_condition = ${if def:tls_in_cipher } + + diff --git a/exim-4.92-dlopen-localscan.patch b/exim-4.93-dlopen-localscan.patch similarity index 92% rename from exim-4.92-dlopen-localscan.patch rename to exim-4.93-dlopen-localscan.patch index 43f5d27..2791305 100644 --- a/exim-4.92-dlopen-localscan.patch +++ b/exim-4.93-dlopen-localscan.patch @@ -1,9 +1,9 @@ diff --git a/src/EDITME b/src/EDITME -index 343d24a..a588b25 100644 +index 968ef81..477f088 100644 --- a/src/EDITME +++ b/src/EDITME -@@ -823,6 +823,20 @@ TLS_LIBS=-lssl -lcrypto - # specified in INCLUDE. +@@ -872,6 +872,21 @@ HAVE_ICONV=yes + # *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** +#------------------------------------------------------------------------------ @@ -13,6 +13,7 @@ index 343d24a..a588b25 100644 +# description of the API to this function, see the Exim specification. + +DLOPEN_LOCAL_SCAN=yes ++HAVE_LOCAL_SCAN=yes + +# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the +# linker flags. Without it, the loaded .so won't be able to access any @@ -24,10 +25,10 @@ index 343d24a..a588b25 100644 # The default distribution of Exim contains only the plain text form of the # documentation. Other forms are available separately. If you want to install diff --git a/src/config.h.defaults b/src/config.h.defaults -index 7c2e534..3fafe61 100644 +index b94b368..89b39e8 100644 --- a/src/config.h.defaults +++ b/src/config.h.defaults -@@ -32,6 +32,8 @@ Do not put spaces between # and the 'define'. +@@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'. #define AUTH_VARS 3 @@ -37,10 +38,10 @@ index 7c2e534..3fafe61 100644 #define CONFIGURE_FILE diff --git a/src/globals.c b/src/globals.c -index b3362a3..0884fe5 100644 +index 358c380..590ac63 100644 --- a/src/globals.c +++ b/src/globals.c -@@ -173,6 +173,10 @@ uschar *tls_verify_hosts = NULL; +@@ -145,6 +145,10 @@ uschar *tls_verify_hosts = NULL; uschar *tls_advertise_hosts = NULL; #endif @@ -52,10 +53,10 @@ index b3362a3..0884fe5 100644 /* Per Recipient Data Response variables */ BOOL prdr_enable = FALSE; diff --git a/src/globals.h b/src/globals.h -index f71f104..3faf176 100644 +index ca342ac..82a8661 100644 --- a/src/globals.h +++ b/src/globals.h -@@ -131,6 +131,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */ +@@ -138,6 +138,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */ extern uschar *tls_verify_certificates;/* Path for certificates to check */ extern uschar *tls_verify_hosts; /* Mandatory client verification */ #endif @@ -68,21 +69,24 @@ index f71f104..3faf176 100644 extern uschar *dsn_envid; /* DSN envid string */ diff --git a/src/local_scan.c b/src/local_scan.c -index 4dd0b2b..8599172 100644 +index 4dd0b2b..72e0033 100644 --- a/src/local_scan.c +++ b/src/local_scan.c -@@ -5,61 +5,131 @@ +@@ -5,61 +5,135 @@ /* Copyright (c) University of Cambridge 1995 - 2009 */ /* See the file NOTICE for conditions of use and distribution. */ -+#include "exim.h" ++#include -/****************************************************************************** -This file contains a template local_scan() function that just returns ACCEPT. -If you want to implement your own version, you should copy this file to, say -Local/local_scan.c, and edit the copy. To use your version instead of the -default, you must set -- ++#ifdef DLOPEN_LOCAL_SCAN ++extern uschar *local_scan_path; /* Path to local_scan() library */ ++#endif + -HAVE_LOCAL_SCAN=yes -LOCAL_SCAN_SOURCE=Local/local_scan.c - @@ -252,10 +256,10 @@ index 4dd0b2b..8599172 100644 + /* End of local_scan.c */ diff --git a/src/readconf.c b/src/readconf.c -index 5742d10..3f1d9c1 100644 +index 0233019..186ba39 100644 --- a/src/readconf.c +++ b/src/readconf.c -@@ -199,6 +199,9 @@ static optionlist optionlist_config[] = { +@@ -203,6 +203,9 @@ static optionlist optionlist_config[] = { { "local_from_prefix", opt_stringptr, &local_from_prefix }, { "local_from_suffix", opt_stringptr, &local_from_suffix }, { "local_interfaces", opt_stringptr, &local_interfaces }, diff --git a/exim-4.82-libdir.patch b/exim-4.93-libdir.patch similarity index 81% rename from exim-4.82-libdir.patch rename to exim-4.93-libdir.patch index bf3cc3a..7d560b4 100644 --- a/exim-4.82-libdir.patch +++ b/exim-4.93-libdir.patch @@ -1,8 +1,8 @@ diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux -index 990f884..d1ef114 100644 +index ae9f249..060658a 100644 --- a/OS/Makefile-Linux +++ b/OS/Makefile-Linux -@@ -24,8 +24,8 @@ LIBRESOLV = -lresolv +@@ -26,8 +26,8 @@ LIBRESOLV = -lresolv X11=/usr/X11R6 XINCLUDE=-I$(X11)/include diff --git a/exim.spec b/exim.spec index 8371bbc..55da4f7 100644 --- a/exim.spec +++ b/exim.spec @@ -14,10 +14,10 @@ Summary: The exim mail transfer agent Name: exim -Version: 4.92.3 +Version: 4.93 Release: 1%{?dist} License: GPLv2+ -Url: http://www.exim.org/ +Url: https://www.exim.org/ Group: System Environment/Daemons Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Provides: MTA smtpd smtpdaemon server(smtp) @@ -29,7 +29,7 @@ Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd Requires: initscripts BuildRequires: clamav-devel %endif -Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz +Source: https://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz Source2: exim.init Source3: exim.sysconfig Source4: exim.logrotate @@ -52,23 +52,10 @@ Source25: exim-gen-cert Source26: clamd.exim.service %endif -Patch4: exim-4.92-rhl.patch -Patch6: exim-4.92-config.patch -Patch8: exim-4.82-libdir.patch -Patch12: exim-4.92-cyrus.patch -Patch13: exim-4.92-pamconfig.patch -Patch14: exim-4.92-spamdconf.patch -Patch18: exim-4.92-dlopen-localscan.patch -Patch19: exim-4.92-procmail.patch -Patch20: exim-4.92-allow-filter.patch -Patch21: exim-4.92-localhost-is-local.patch -Patch22: exim-4.92-greylist-conf.patch -Patch23: exim-4.92-smarthost-config.patch -Patch26: exim-4.85-pic.patch -Patch27: exim-4.92-environment.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1542870 -Patch34: exim-4.92-support-proxies.patch -Patch35: exim-4.92-dane-enable.patch +Patch0: exim-4.93-config.patch +Patch1: exim-4.93-libdir.patch +Patch2: exim-4.93-dlopen-localscan.patch +Patch3: exim-4.85-pic.patch Requires: /etc/pki/tls/certs /etc/pki/tls/private Requires: /etc/aliases @@ -212,22 +199,10 @@ greylisting unconditional. %setup -q -T -D -a 13 %endif -%patch4 -p1 -b .rhl -%patch6 -p1 -b .config -%patch8 -p1 -b .libdir -%patch12 -p1 -b .cyrus -%patch13 -p1 -b .pam -%patch14 -p1 -b .spamd -%patch18 -p1 -b .dl -%patch19 -p1 -b .procmail -%patch20 -p1 -b .filter -%patch21 -p1 -b .localhost -%patch22 -p1 -b .grey -%patch23 -p1 -b .smarthost -%patch26 -p1 -b .fpic -%patch27 -p1 -b .environment -%patch34 -p1 -b .proxy -%patch35 -p1 -b .dane-enable +%patch0 -p1 -b .config +%patch1 -p1 -b .libdir +%patch2 -p1 -b .dl +%patch3 -p1 -b .fpic cp src/EDITME Local/Makefile sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile @@ -395,6 +370,18 @@ touch $RPM_BUILD_ROOT/%_var/spool/exim/db/greylist.db %clean rm -rf $RPM_BUILD_ROOT +%check +build-`scripts/os-type`-`scripts/arch-type`/exim -C src/configure.default -bV + +%pretrans +# Workaround for rhbz#1791878 +if [ -d %{_docdir}/exim/doc/cve-2019-13917 ]; then + rm -f %{_docdir}/exim/doc/cve-2019-13917/* + rmdir %{_docdir}/exim/doc/cve-2019-13917 +fi + +exit 0 + %pre %{_sbindir}/groupadd -g 93 exim 2>/dev/null %{_sbindir}/useradd -d %{_var}/spool/exim -s /sbin/nologin -G mail -M -r -u 93 -g exim exim 2>/dev/null @@ -620,6 +607,10 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || : %{_sysconfdir}/cron.daily/greylist-tidy.sh %changelog +* Fri Mar 20 2020 Jaroslav Škarvada - 4.93-1 +- Rebased to 4.93 + Resolves: rhbz#1827425 + * Mon Sep 30 2019 Jaroslav Škarvada - 4.92.3-1 - New version Resolves: rhbz#1756656 diff --git a/sources b/sources index 8548930..371d096 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (sa-exim-4.2.tar.gz) = 2c1839c4d897bf65d19c754bbc9dc0674276ccad4a564c639591396afc23f1456decceec94817f62ee9b688f5d6d90436d3d47c869e04a69c955b1376c9fbd7b -SHA512 (exim-4.92.3.tar.xz) = ca6d6f50653502345511b683859b33aa02faa48454fb2100ff89fed3dcb8af8933e7bce68939365fdee42f96eec0c3b135cf748f4581e92a62be0f0ab093868a +SHA512 (exim-4.93.tar.xz) = 556c7fe75042739c3e92346b96c40960680fe2838589add5fad1f69f18600dd9ed128f367627c812051b3a3a1a64e740488d5ce8c198bf87b59fa84ab8a0eb5b