Merge remote-tracking branch 'origin/master' into epel7
Resolves: CVE-2016-9963 Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
This commit is contained in:
commit
c81d281a9d
|
@ -0,0 +1,13 @@
|
||||||
|
diff --git a/src/lookups/Makefile b/src/lookups/Makefile
|
||||||
|
index 6ba0cb1..21a7ad7 100644
|
||||||
|
--- a/src/lookups/Makefile
|
||||||
|
+++ b/src/lookups/Makefile
|
||||||
|
@@ -22,7 +22,7 @@ lookups.a: $(OBJ)
|
||||||
|
$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) $*.c
|
||||||
|
|
||||||
|
.c.so:; @echo "$(CC) -shared $*.c"
|
||||||
|
- $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@
|
||||||
|
+ $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@
|
||||||
|
|
||||||
|
lf_check_file.o: $(PHDRS) lf_check_file.c lf_functions.h
|
||||||
|
lf_quote.o: $(PHDRS) lf_quote.c lf_functions.h
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
index 37a6a00..52e0536 100644
|
index e4ca5b9..d1ce2f1 100644
|
||||||
--- a/src/configure.default
|
--- a/src/configure.default
|
||||||
+++ b/src/configure.default
|
+++ b/src/configure.default
|
||||||
@@ -684,7 +684,7 @@ userforward:
|
@@ -722,7 +722,7 @@ userforward:
|
||||||
# local_part_suffix = +* : -*
|
# local_part_suffix = +* : -*
|
||||||
# local_part_suffix_optional
|
# local_part_suffix_optional
|
||||||
file = $home/.forward
|
file = $home/.forward
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
index b631a4d..153c77b 100644
|
index 12ed1e0..0af6fb8 100644
|
||||||
--- a/src/configure.default
|
--- a/src/configure.default
|
||||||
+++ b/src/configure.default
|
+++ b/src/configure.default
|
||||||
@@ -721,6 +721,16 @@ address_reply:
|
@@ -763,6 +763,16 @@ address_reply:
|
||||||
driver = autoreply
|
driver = autoreply
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
diff --git a/src/EDITME b/src/EDITME
|
||||||
index a3ffd48..19027ac 100644
|
index bbb7527..df3dcc8 100644
|
||||||
--- a/src/EDITME
|
--- a/src/EDITME
|
||||||
+++ b/src/EDITME
|
+++ b/src/EDITME
|
||||||
@@ -783,6 +783,20 @@ TLS_LIBS=-lssl -lcrypto
|
@@ -784,6 +784,20 @@ TLS_LIBS=-lssl -lcrypto
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
|
@ -24,10 +24,10 @@ index a3ffd48..19027ac 100644
|
||||||
# documentation. Other forms are available separately. If you want to install
|
# documentation. Other forms are available separately. If you want to install
|
||||||
# the documentation in "info" format, first fetch the Texinfo documentation
|
# the documentation in "info" format, first fetch the Texinfo documentation
|
||||||
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
||||||
index ba4615c..878e687 100644
|
index 266c268..6a4a1f8 100644
|
||||||
--- a/src/config.h.defaults
|
--- a/src/config.h.defaults
|
||||||
+++ b/src/config.h.defaults
|
+++ b/src/config.h.defaults
|
||||||
@@ -27,6 +27,8 @@ it's a default value. */
|
@@ -28,6 +28,8 @@ it's a default value. */
|
||||||
|
|
||||||
#define AUTH_VARS 3
|
#define AUTH_VARS 3
|
||||||
|
|
||||||
|
@ -37,11 +37,11 @@ index ba4615c..878e687 100644
|
||||||
|
|
||||||
#define CONFIGURE_FILE
|
#define CONFIGURE_FILE
|
||||||
diff --git a/src/globals.c b/src/globals.c
|
diff --git a/src/globals.c b/src/globals.c
|
||||||
index 08e6e8d..c78e731 100644
|
index ec2685b..f8375bf 100644
|
||||||
--- a/src/globals.c
|
--- a/src/globals.c
|
||||||
+++ b/src/globals.c
|
+++ b/src/globals.c
|
||||||
@@ -162,6 +162,10 @@ uschar *tls_verify_certificates= NULL;
|
@@ -171,6 +171,10 @@ uschar *tls_verify_hosts = NULL;
|
||||||
uschar *tls_verify_hosts = NULL;
|
uschar *tls_advertise_hosts = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
+#ifdef DLOPEN_LOCAL_SCAN
|
+#ifdef DLOPEN_LOCAL_SCAN
|
||||||
|
@ -52,20 +52,21 @@ index 08e6e8d..c78e731 100644
|
||||||
/* Per Recipient Data Response variables */
|
/* Per Recipient Data Response variables */
|
||||||
BOOL prdr_enable = FALSE;
|
BOOL prdr_enable = FALSE;
|
||||||
diff --git a/src/globals.h b/src/globals.h
|
diff --git a/src/globals.h b/src/globals.h
|
||||||
index b3ad4b2..30d00f0 100644
|
index 57a5695..0a60902 100644
|
||||||
--- a/src/globals.h
|
--- a/src/globals.h
|
||||||
+++ b/src/globals.h
|
+++ b/src/globals.h
|
||||||
@@ -126,6 +126,10 @@ extern uschar *tls_verify_certificates;/* Path for certificates to check */
|
@@ -129,6 +129,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */
|
||||||
|
extern uschar *tls_verify_certificates;/* Path for certificates to check */
|
||||||
extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
||||||
#endif
|
#endif
|
||||||
|
+
|
||||||
+#ifdef DLOPEN_LOCAL_SCAN
|
+#ifdef DLOPEN_LOCAL_SCAN
|
||||||
+extern uschar *local_scan_path; /* Path to local_scan() library */
|
+extern uschar *local_scan_path; /* Path to local_scan() library */
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
#ifdef EXPERIMENTAL_DSN
|
extern uschar *tls_advertise_hosts; /* host for which TLS is advertised */
|
||||||
|
|
||||||
extern uschar *dsn_envid; /* DSN envid string */
|
extern uschar *dsn_envid; /* DSN envid string */
|
||||||
extern int dsn_ret; /* DSN ret type*/
|
|
||||||
diff --git a/src/local_scan.c b/src/local_scan.c
|
diff --git a/src/local_scan.c b/src/local_scan.c
|
||||||
index 3500047..8599172 100644
|
index 3500047..8599172 100644
|
||||||
--- a/src/local_scan.c
|
--- a/src/local_scan.c
|
||||||
|
@ -250,10 +251,10 @@ index 3500047..8599172 100644
|
||||||
+
|
+
|
||||||
/* End of local_scan.c */
|
/* End of local_scan.c */
|
||||||
diff --git a/src/readconf.c b/src/readconf.c
|
diff --git a/src/readconf.c b/src/readconf.c
|
||||||
index 6e33034..4688383 100644
|
index 5ca6a84..f1ec503 100644
|
||||||
--- a/src/readconf.c
|
--- a/src/readconf.c
|
||||||
+++ b/src/readconf.c
|
+++ b/src/readconf.c
|
||||||
@@ -295,6 +295,9 @@ static optionlist optionlist_config[] = {
|
@@ -317,6 +317,9 @@ static optionlist optionlist_config[] = {
|
||||||
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
|
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
|
||||||
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
|
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
|
||||||
{ "local_interfaces", opt_stringptr, &local_interfaces },
|
{ "local_interfaces", opt_stringptr, &local_interfaces },
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
diff --git a/src/EDITME b/src/EDITME
|
||||||
index 07f8211..7d7a4a4 100644
|
index df3dcc8..de01565 100644
|
||||||
--- a/src/EDITME
|
--- a/src/EDITME
|
||||||
+++ b/src/EDITME
|
+++ b/src/EDITME
|
||||||
@@ -301,14 +301,16 @@ LOOKUP_DSEARCH=yes
|
@@ -306,14 +306,16 @@ LOOKUP_DSEARCH=yes
|
||||||
# LOOKUP_IBASE=yes
|
# LOOKUP_IBASE=yes
|
||||||
LOOKUP_LDAP=yes
|
LOOKUP_LDAP=yes
|
||||||
LDAP_LIB_TYPE=OPENLDAP2
|
LDAP_LIB_TYPE=OPENLDAP2
|
||||||
|
@ -20,6 +20,6 @@ index 07f8211..7d7a4a4 100644
|
||||||
LOOKUP_PASSWD=yes
|
LOOKUP_PASSWD=yes
|
||||||
-LOOKUP_PGSQL=yes
|
-LOOKUP_PGSQL=yes
|
||||||
+LOOKUP_PGSQL=2
|
+LOOKUP_PGSQL=2
|
||||||
|
# LOOKUP_REDIS=yes
|
||||||
LOOKUP_SQLITE=yes
|
LOOKUP_SQLITE=yes
|
||||||
# LOOKUP_WHOSON=yes
|
# LOOKUP_WHOSON=yes
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
|
--- a/src/configure.default
|
||||||
|
+++ b/src/configure.default
|
||||||
|
@@ -357,8 +357,8 @@ timeout_frozen_after = 7d
|
||||||
|
# Note that TZ is handled separateley by the timezone runtime option
|
||||||
|
# and TIMEZONE_DEFAULT buildtime option.
|
||||||
|
|
||||||
|
-# keep_environment = ^LDAP
|
||||||
|
-# add_environment = PATH=/usr/bin::/bin
|
||||||
|
+keep_environment = ^LDAP
|
||||||
|
+add_environment = PATH=/usr/bin::/bin
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
index 3728043..0126880 100644
|
index 1f10008..40b3bb2 100644
|
||||||
--- a/src/configure.default
|
--- a/src/configure.default
|
||||||
+++ b/src/configure.default
|
+++ b/src/configure.default
|
||||||
@@ -106,6 +106,7 @@ hostlist relay_from_hosts = localhost
|
@@ -107,6 +107,7 @@ hostlist relay_from_hosts = localhost
|
||||||
# manual for details. The lists above are used in the access control lists for
|
# manual for details. The lists above are used in the access control lists for
|
||||||
# checking incoming messages. The names of these ACLs are defined here:
|
# checking incoming messages. The names of these ACLs are defined here:
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@ index 3728043..0126880 100644
|
||||||
acl_smtp_rcpt = acl_check_rcpt
|
acl_smtp_rcpt = acl_check_rcpt
|
||||||
acl_smtp_data = acl_check_data
|
acl_smtp_data = acl_check_data
|
||||||
acl_smtp_mime = acl_check_mime
|
acl_smtp_mime = acl_check_mime
|
||||||
@@ -340,6 +341,29 @@ timeout_frozen_after = 7d
|
@@ -368,6 +369,29 @@ timeout_frozen_after = 7d
|
||||||
|
|
||||||
begin acl
|
begin acl
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@ index 3728043..0126880 100644
|
||||||
# This access control list is used for every RCPT command in an incoming
|
# This access control list is used for every RCPT command in an incoming
|
||||||
# SMTP message. The tests are run in order until the address is either
|
# SMTP message. The tests are run in order until the address is either
|
||||||
# accepted or denied.
|
# accepted or denied.
|
||||||
@@ -460,7 +484,8 @@ acl_check_rcpt:
|
@@ -493,7 +517,8 @@ acl_check_rcpt:
|
||||||
# There are no default checks on DNS black lists because the domains that
|
# There are no default checks on DNS black lists because the domains that
|
||||||
# contain these lists are changing all the time. However, here are two
|
# contain these lists are changing all the time. However, here are two
|
||||||
# examples of how you can get Exim to perform a DNS black list lookup at this
|
# examples of how you can get Exim to perform a DNS black list lookup at this
|
||||||
|
@ -50,7 +50,7 @@ index 3728043..0126880 100644
|
||||||
#
|
#
|
||||||
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
||||||
# dnslists = black.list.example
|
# dnslists = black.list.example
|
||||||
@@ -468,6 +493,10 @@ acl_check_rcpt:
|
@@ -501,6 +526,10 @@ acl_check_rcpt:
|
||||||
# warn dnslists = black.list.example
|
# warn dnslists = black.list.example
|
||||||
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
||||||
# log_message = found in $dnslist_domain
|
# log_message = found in $dnslist_domain
|
||||||
|
@ -61,7 +61,7 @@ index 3728043..0126880 100644
|
||||||
#############################################################################
|
#############################################################################
|
||||||
|
|
||||||
#############################################################################
|
#############################################################################
|
||||||
@@ -481,6 +510,10 @@ acl_check_rcpt:
|
@@ -514,6 +543,10 @@ acl_check_rcpt:
|
||||||
# require verify = csa
|
# require verify = csa
|
||||||
#############################################################################
|
#############################################################################
|
||||||
|
|
||||||
|
@ -72,7 +72,7 @@ index 3728043..0126880 100644
|
||||||
# At this point, the address has passed all the checks that have been
|
# At this point, the address has passed all the checks that have been
|
||||||
# configured, so we accept it unconditionally.
|
# configured, so we accept it unconditionally.
|
||||||
|
|
||||||
@@ -506,6 +539,12 @@ acl_check_data:
|
@@ -544,6 +577,12 @@ acl_check_data:
|
||||||
# deny condition = ${if !def:h_Message-ID: {1}}
|
# deny condition = ${if !def:h_Message-ID: {1}}
|
||||||
# message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
# message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
||||||
# Most messages without it are spam, so your mail has been rejected.
|
# Most messages without it are spam, so your mail has been rejected.
|
||||||
|
@ -85,7 +85,7 @@ index 3728043..0126880 100644
|
||||||
|
|
||||||
# Deny if the message contains a virus. Before enabling this check, you
|
# Deny if the message contains a virus. Before enabling this check, you
|
||||||
# must install a virus scanner and set the av_scanner option above.
|
# must install a virus scanner and set the av_scanner option above.
|
||||||
@@ -540,8 +579,30 @@ acl_check_data:
|
@@ -578,8 +617,30 @@ acl_check_data:
|
||||||
# message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
# message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
||||||
# $spam_report
|
# $spam_report
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
index 52e0536..3728043 100644
|
index d1ce2f1..1f10008 100644
|
||||||
--- a/src/configure.default
|
--- a/src/configure.default
|
||||||
+++ b/src/configure.default
|
+++ b/src/configure.default
|
||||||
@@ -54,7 +54,7 @@
|
@@ -55,7 +55,7 @@
|
||||||
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
|
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
|
||||||
# are all colon-separated lists:
|
# are all colon-separated lists:
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
index 153c77b..38f0f56 100644
|
index 0af6fb8..531435b 100644
|
||||||
--- a/src/configure.default
|
--- a/src/configure.default
|
||||||
+++ b/src/configure.default
|
+++ b/src/configure.default
|
||||||
@@ -141,7 +141,7 @@ acl_smtp_data = acl_check_data
|
@@ -142,7 +142,7 @@ acl_smtp_data = acl_check_data
|
||||||
|
|
||||||
# Allow any client to use TLS.
|
# Allow any client to use TLS.
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ index 153c77b..38f0f56 100644
|
||||||
|
|
||||||
# Specify the location of the Exim server's TLS certificate and private key.
|
# Specify the location of the Exim server's TLS certificate and private key.
|
||||||
# The private key must not be encrypted (password protected). You can put
|
# The private key must not be encrypted (password protected). You can put
|
||||||
@@ -149,8 +149,8 @@ acl_smtp_data = acl_check_data
|
@@ -150,8 +150,8 @@ acl_smtp_data = acl_check_data
|
||||||
# need the first setting, or in separate files, in which case you need both
|
# need the first setting, or in separate files, in which case you need both
|
||||||
# options.
|
# options.
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ index 153c77b..38f0f56 100644
|
||||||
|
|
||||||
# In order to support roaming users who wish to send email from anywhere,
|
# In order to support roaming users who wish to send email from anywhere,
|
||||||
# you may want to make Exim listen on other ports as well as port 25, in
|
# you may want to make Exim listen on other ports as well as port 25, in
|
||||||
@@ -161,8 +161,8 @@ acl_smtp_data = acl_check_data
|
@@ -162,8 +162,8 @@ acl_smtp_data = acl_check_data
|
||||||
# them you should also allow TLS-on-connect on the traditional but
|
# them you should also allow TLS-on-connect on the traditional but
|
||||||
# non-standard port 465.
|
# non-standard port 465.
|
||||||
|
|
||||||
|
@ -33,7 +33,7 @@ index 153c77b..38f0f56 100644
|
||||||
|
|
||||||
|
|
||||||
# Specify the domain you want to be added to all unqualified addresses
|
# Specify the domain you want to be added to all unqualified addresses
|
||||||
@@ -220,6 +220,24 @@ never_users = root
|
@@ -221,6 +221,24 @@ never_users = root
|
||||||
|
|
||||||
host_lookup = *
|
host_lookup = *
|
||||||
|
|
||||||
|
@ -56,9 +56,9 @@ index 153c77b..38f0f56 100644
|
||||||
+#
|
+#
|
||||||
+auth_advertise_hosts =
|
+auth_advertise_hosts =
|
||||||
|
|
||||||
# The settings below, which are actually the same as the defaults in the
|
# The settings below cause Exim to make RFC 1413 (ident) callbacks
|
||||||
# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
|
# for all incoming SMTP calls. You can limit the hosts to which these
|
||||||
@@ -800,7 +818,7 @@ begin authenticators
|
@@ -842,7 +860,7 @@ begin authenticators
|
||||||
# driver = plaintext
|
# driver = plaintext
|
||||||
# server_set_id = $auth2
|
# server_set_id = $auth2
|
||||||
# server_prompts = :
|
# server_prompts = :
|
||||||
|
@ -67,7 +67,7 @@ index 153c77b..38f0f56 100644
|
||||||
# server_advertise_condition = ${if def:tls_in_cipher }
|
# server_advertise_condition = ${if def:tls_in_cipher }
|
||||||
|
|
||||||
# LOGIN authentication has traditional prompts and responses. There is no
|
# LOGIN authentication has traditional prompts and responses. There is no
|
||||||
@@ -812,7 +830,7 @@ begin authenticators
|
@@ -854,7 +872,7 @@ begin authenticators
|
||||||
# driver = plaintext
|
# driver = plaintext
|
||||||
# server_set_id = $auth1
|
# server_set_id = $auth1
|
||||||
# server_prompts = <| Username: | Password:
|
# server_prompts = <| Username: | Password:
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
index 8b599d2..37a6a00 100644
|
index 374c51d..e4ca5b9 100644
|
||||||
--- a/src/configure.default
|
--- a/src/configure.default
|
||||||
+++ b/src/configure.default
|
+++ b/src/configure.default
|
||||||
@@ -692,6 +692,12 @@ userforward:
|
@@ -730,6 +730,12 @@ userforward:
|
||||||
pipe_transport = address_pipe
|
pipe_transport = address_pipe
|
||||||
reply_transport = address_reply
|
reply_transport = address_reply
|
||||||
|
|
||||||
|
@ -15,9 +15,9 @@ index 8b599d2..37a6a00 100644
|
||||||
|
|
||||||
# This router matches local user mailboxes. If the router fails, the error
|
# This router matches local user mailboxes. If the router fails, the error
|
||||||
# message is "Unknown user".
|
# message is "Unknown user".
|
||||||
@@ -729,6 +735,16 @@ begin transports
|
@@ -771,6 +777,16 @@ remote_smtp:
|
||||||
remote_smtp:
|
|
||||||
driver = smtp
|
driver = smtp
|
||||||
|
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
|
||||||
|
|
||||||
+# This transport invokes procmail to deliver mail
|
+# This transport invokes procmail to deliver mail
|
||||||
+procmail:
|
+procmail:
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
index 1274349..b631a4d 100644
|
index 3c8cf97..12ed1e0 100644
|
||||||
--- a/src/configure.default
|
--- a/src/configure.default
|
||||||
+++ b/src/configure.default
|
+++ b/src/configure.default
|
||||||
@@ -590,7 +590,7 @@ system_aliases:
|
@@ -628,7 +628,7 @@ system_aliases:
|
||||||
driver = redirect
|
driver = redirect
|
||||||
allow_fail
|
allow_fail
|
||||||
allow_defer
|
allow_defer
|
||||||
|
@ -11,7 +11,7 @@ index 1274349..b631a4d 100644
|
||||||
# user = exim
|
# user = exim
|
||||||
file_transport = address_file
|
file_transport = address_file
|
||||||
pipe_transport = address_pipe
|
pipe_transport = address_pipe
|
||||||
@@ -687,8 +687,8 @@ local_delivery:
|
@@ -729,8 +729,8 @@ local_delivery:
|
||||||
delivery_date_add
|
delivery_date_add
|
||||||
envelope_to_add
|
envelope_to_add
|
||||||
return_path_add
|
return_path_add
|
|
@ -1,10 +1,10 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
index 0126880..b7c30ac 100644
|
index 40b3bb2..9acae90 100644
|
||||||
--- a/src/configure.default
|
--- a/src/configure.default
|
||||||
+++ b/src/configure.default
|
+++ b/src/configure.default
|
||||||
@@ -796,6 +796,15 @@ begin transports
|
@@ -838,6 +838,15 @@ remote_smtp:
|
||||||
remote_smtp:
|
|
||||||
driver = smtp
|
driver = smtp
|
||||||
|
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
|
||||||
|
|
||||||
+# This transport is used for delivering messages over SMTP using the
|
+# This transport is used for delivering messages over SMTP using the
|
||||||
+# "message submission" port (RFC4409).
|
+# "message submission" port (RFC4409).
|
||||||
|
@ -18,7 +18,7 @@ index 0126880..b7c30ac 100644
|
||||||
# This transport invokes procmail to deliver mail
|
# This transport invokes procmail to deliver mail
|
||||||
procmail:
|
procmail:
|
||||||
driver = pipe
|
driver = pipe
|
||||||
@@ -904,6 +913,21 @@ begin rewrite
|
@@ -946,6 +955,21 @@ begin rewrite
|
||||||
# AUTHENTICATION CONFIGURATION #
|
# AUTHENTICATION CONFIGURATION #
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@ index 0126880..b7c30ac 100644
|
||||||
# The following authenticators support plaintext username/password
|
# The following authenticators support plaintext username/password
|
||||||
# authentication using the standard PLAIN mechanism and the traditional
|
# authentication using the standard PLAIN mechanism and the traditional
|
||||||
# but non-standard LOGIN mechanism, with Exim acting as the server.
|
# but non-standard LOGIN mechanism, with Exim acting as the server.
|
||||||
@@ -919,7 +943,7 @@ begin rewrite
|
@@ -961,7 +985,7 @@ begin rewrite
|
||||||
# The default RCPT ACL checks for successful authentication, and will accept
|
# The default RCPT ACL checks for successful authentication, and will accept
|
||||||
# messages from authenticated users from anywhere on the Internet.
|
# messages from authenticated users from anywhere on the Internet.
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
--- a/src/configure.default.spamd 2016-12-25 21:06:57.453758443 +0000
|
||||||
index 38f0f56..8b599d2 100644
|
+++ b/src/configure.default 2016-12-25 21:07:49.940188407 +0000
|
||||||
--- a/src/configure.default
|
@@ -109,6 +109,7 @@ hostlist relay_from_hosts = localhost
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -108,6 +108,7 @@ hostlist relay_from_hosts = localhost
|
|
||||||
|
|
||||||
acl_smtp_rcpt = acl_check_rcpt
|
acl_smtp_rcpt = acl_check_rcpt
|
||||||
acl_smtp_data = acl_check_data
|
acl_smtp_data = acl_check_data
|
||||||
|
@ -10,7 +8,7 @@ index 38f0f56..8b599d2 100644
|
||||||
|
|
||||||
# You should not change those settings until you understand how ACLs work.
|
# You should not change those settings until you understand how ACLs work.
|
||||||
|
|
||||||
@@ -120,7 +121,7 @@ acl_smtp_data = acl_check_data
|
@@ -121,7 +122,7 @@ acl_smtp_data = acl_check_data
|
||||||
# of what to set for other virus scanners. The second modification is in the
|
# of what to set for other virus scanners. The second modification is in the
|
||||||
# acl_check_data access control list (see below).
|
# acl_check_data access control list (see below).
|
||||||
|
|
||||||
|
@ -19,7 +17,7 @@ index 38f0f56..8b599d2 100644
|
||||||
|
|
||||||
|
|
||||||
# For spam scanning, there is a similar option that defines the interface to
|
# For spam scanning, there is a similar option that defines the interface to
|
||||||
@@ -403,7 +404,8 @@ acl_check_rcpt:
|
@@ -431,7 +432,8 @@ acl_check_rcpt:
|
||||||
accept local_parts = postmaster
|
accept local_parts = postmaster
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
|
|
||||||
|
@ -29,9 +27,9 @@ index 38f0f56..8b599d2 100644
|
||||||
|
|
||||||
require verify = sender
|
require verify = sender
|
||||||
|
|
||||||
@@ -495,27 +497,63 @@ acl_check_rcpt:
|
@@ -535,27 +537,63 @@ acl_check_data:
|
||||||
|
got $max_received_linelength
|
||||||
acl_check_data:
|
condition = ${if > {$max_received_linelength}{998}}
|
||||||
|
|
||||||
+ # Put simple tests first. A good one is to check for the presence of a
|
+ # Put simple tests first. A good one is to check for the presence of a
|
||||||
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
|
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
|
||||||
|
@ -52,6 +50,12 @@ index 38f0f56..8b599d2 100644
|
||||||
- # Add headers to a message if it is judged to be spam. Before enabling this,
|
- # Add headers to a message if it is judged to be spam. Before enabling this,
|
||||||
- # you must install SpamAssassin. You may also need to set the spamd_address
|
- # you must install SpamAssassin. You may also need to set the spamd_address
|
||||||
- # option above.
|
- # option above.
|
||||||
|
- #
|
||||||
|
- # warn spam = nobody
|
||||||
|
- # add_header = X-Spam_score: $spam_score\n\
|
||||||
|
- # X-Spam_score_int: $spam_score_int\n\
|
||||||
|
- # X-Spam_bar: $spam_bar\n\
|
||||||
|
- # X-Spam_report: $spam_report
|
||||||
+ # Bypass SpamAssassin checks if the message is too large.
|
+ # Bypass SpamAssassin checks if the message is too large.
|
||||||
+ #
|
+ #
|
||||||
+ # accept condition = ${if >={$message_size}{100000} {1}}
|
+ # accept condition = ${if >={$message_size}{100000} {1}}
|
||||||
|
@ -66,12 +70,7 @@ index 38f0f56..8b599d2 100644
|
||||||
+ #
|
+ #
|
||||||
+ # accept condition = ${if !def:spam_score_int {1}}
|
+ # accept condition = ${if !def:spam_score_int {1}}
|
||||||
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
|
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
|
||||||
#
|
+ #
|
||||||
- # warn spam = nobody
|
|
||||||
- # add_header = X-Spam_score: $spam_score\n\
|
|
||||||
- # X-Spam_score_int: $spam_score_int\n\
|
|
||||||
- # X-Spam_bar: $spam_bar\n\
|
|
||||||
- # X-Spam_report: $spam_report
|
|
||||||
+
|
+
|
||||||
+ # Unconditionally add score and report headers
|
+ # Unconditionally add score and report headers
|
||||||
+ #
|
+ #
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
|
diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile
|
||||||
index eeb26ee..9cb6385 100755
|
index 3e486a6..6c4afec 100755
|
||||||
--- a/scripts/Configure-Makefile
|
--- a/scripts/Configure-Makefile
|
||||||
+++ b/scripts/Configure-Makefile
|
+++ b/scripts/Configure-Makefile
|
||||||
@@ -249,7 +249,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
@@ -269,7 +269,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
||||||
|
|
||||||
mv $mft $mftt
|
mv $mft $mftt
|
||||||
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
|
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
|
||||||
|
@ -11,8 +11,8 @@ index eeb26ee..9cb6385 100755
|
||||||
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
|
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
|
||||||
echo "" >>$mft
|
echo "" >>$mft
|
||||||
cat $mftt >> $mft
|
cat $mftt >> $mft
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
diff --git a/src/src/EDITME b/src/src/EDITME
|
||||||
index d576fd7..a3ffd48 100644
|
index 6929346..5a08197 100644
|
||||||
--- a/src/EDITME
|
--- a/src/EDITME
|
||||||
+++ b/src/EDITME
|
+++ b/src/EDITME
|
||||||
@@ -98,7 +98,7 @@
|
@@ -98,7 +98,7 @@
|
||||||
|
@ -73,7 +73,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -296,18 +296,20 @@ LOOKUP_DBM=yes
|
@@ -301,19 +301,21 @@ LOOKUP_DBM=yes
|
||||||
LOOKUP_LSEARCH=yes
|
LOOKUP_LSEARCH=yes
|
||||||
LOOKUP_DNSDB=yes
|
LOOKUP_DNSDB=yes
|
||||||
|
|
||||||
|
@ -96,32 +96,25 @@ index d576fd7..a3ffd48 100644
|
||||||
# LOOKUP_ORACLE=yes
|
# LOOKUP_ORACLE=yes
|
||||||
-# LOOKUP_PASSWD=yes
|
-# LOOKUP_PASSWD=yes
|
||||||
-# LOOKUP_PGSQL=yes
|
-# LOOKUP_PGSQL=yes
|
||||||
-# LOOKUP_SQLITE=yes
|
|
||||||
-# LOOKUP_SQLITE_PC=sqlite3
|
|
||||||
+LOOKUP_PASSWD=yes
|
+LOOKUP_PASSWD=yes
|
||||||
+LOOKUP_PGSQL=yes
|
+LOOKUP_PGSQL=yes
|
||||||
|
# LOOKUP_REDIS=yes
|
||||||
|
-# LOOKUP_SQLITE=yes
|
||||||
|
-# LOOKUP_SQLITE_PC=sqlite3
|
||||||
+LOOKUP_SQLITE=yes
|
+LOOKUP_SQLITE=yes
|
||||||
# LOOKUP_WHOSON=yes
|
# LOOKUP_WHOSON=yes
|
||||||
|
|
||||||
# These two settings are obsolete; all three lookups are compiled when
|
# These two settings are obsolete; all three lookups are compiled when
|
||||||
@@ -383,14 +385,14 @@ EXIM_MONITOR=eximon.bin
|
@@ -390,7 +392,7 @@ EXIM_MONITOR=eximon.bin
|
||||||
# and the MIME ACL. Please read the documentation to learn more about these
|
# and the MIME ACL. Please read the documentation to learn more about these
|
||||||
# features.
|
# features.
|
||||||
|
|
||||||
-# WITH_CONTENT_SCAN=yes
|
-# WITH_CONTENT_SCAN=yes
|
||||||
+WITH_CONTENT_SCAN=yes
|
+WITH_CONTENT_SCAN=yes
|
||||||
|
|
||||||
# If you want to use the deprecated "demime" condition in the DATA ACL,
|
#------------------------------------------------------------------------------
|
||||||
# uncomment the line below. Doing so will also explicitly turn on the
|
|
||||||
# WITH_CONTENT_SCAN option. If possible, use the MIME ACL instead of
|
|
||||||
# the "demime" condition.
|
|
||||||
|
|
||||||
-# WITH_OLD_DEMIME=yes
|
|
||||||
+WITH_OLD_DEMIME=yes
|
|
||||||
|
|
||||||
# If you're using ClamAV and are backporting fixes to an old version, instead
|
# If you're using ClamAV and are backporting fixes to an old version, instead
|
||||||
# of staying current (which is the more usual approach) then you may need to
|
@@ -577,7 +579,7 @@ FIXED_NEVER_USERS=root
|
||||||
@@ -573,7 +575,7 @@ FIXED_NEVER_USERS=root
|
|
||||||
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
||||||
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
||||||
|
|
||||||
|
@ -130,7 +123,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -618,15 +620,13 @@ FIXED_NEVER_USERS=root
|
@@ -622,16 +624,14 @@ FIXED_NEVER_USERS=root
|
||||||
# included in the Exim binary. You will then need to set up the run time
|
# included in the Exim binary. You will then need to set up the run time
|
||||||
# configuration to make use of the mechanism(s) selected.
|
# configuration to make use of the mechanism(s) selected.
|
||||||
|
|
||||||
|
@ -143,6 +136,7 @@ index d576fd7..a3ffd48 100644
|
||||||
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
|
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
|
||||||
-# AUTH_PLAINTEXT=yes
|
-# AUTH_PLAINTEXT=yes
|
||||||
-# AUTH_SPA=yes
|
-# AUTH_SPA=yes
|
||||||
|
-# AUTH_TLS=yes
|
||||||
+AUTH_CRAM_MD5=yes
|
+AUTH_CRAM_MD5=yes
|
||||||
+AUTH_CYRUS_SASL=yes
|
+AUTH_CYRUS_SASL=yes
|
||||||
+AUTH_DOVECOT=yes
|
+AUTH_DOVECOT=yes
|
||||||
|
@ -150,10 +144,11 @@ index d576fd7..a3ffd48 100644
|
||||||
+AUTH_GSASL_PC=libgsasl
|
+AUTH_GSASL_PC=libgsasl
|
||||||
+AUTH_PLAINTEXT=yes
|
+AUTH_PLAINTEXT=yes
|
||||||
+AUTH_SPA=yes
|
+AUTH_SPA=yes
|
||||||
|
+AUTH_TLS=yes
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -647,7 +647,7 @@ FIXED_NEVER_USERS=root
|
@@ -652,7 +652,7 @@ FIXED_NEVER_USERS=root
|
||||||
# one that is set in the headers_charset option. The default setting is
|
# one that is set in the headers_charset option. The default setting is
|
||||||
# defined by this setting:
|
# defined by this setting:
|
||||||
|
|
||||||
|
@ -162,7 +157,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
# If you are going to make use of $header_xxx expansions in your configuration
|
# If you are going to make use of $header_xxx expansions in your configuration
|
||||||
# file, or if your users are going to use them in filter files, and the normal
|
# file, or if your users are going to use them in filter files, and the normal
|
||||||
@@ -667,7 +667,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -672,7 +672,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# the Sieve filter support. For those OS where iconv() is known to be installed
|
# the Sieve filter support. For those OS where iconv() is known to be installed
|
||||||
# as standard, the file in OS/Makefile-xxxx contains
|
# as standard, the file in OS/Makefile-xxxx contains
|
||||||
#
|
#
|
||||||
|
@ -171,7 +166,7 @@ index d576fd7..a3ffd48 100644
|
||||||
#
|
#
|
||||||
# If you are not using one of those systems, but have installed iconv(), you
|
# If you are not using one of those systems, but have installed iconv(), you
|
||||||
# need to uncomment that line above. In some cases, you may find that iconv()
|
# need to uncomment that line above. In some cases, you may find that iconv()
|
||||||
@@ -729,11 +729,11 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -734,11 +734,11 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# leave these settings commented out.
|
# leave these settings commented out.
|
||||||
|
|
||||||
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
|
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
|
||||||
|
@ -186,7 +181,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
# Uncomment the first and either the second or the third of these if you
|
# Uncomment the first and either the second or the third of these if you
|
||||||
# are using GnuTLS. If you have pkg-config, then the second, else the third.
|
# are using GnuTLS. If you have pkg-config, then the second, else the third.
|
||||||
@@ -798,7 +798,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -807,7 +807,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# Once you have done this, "make install" will build the info files and
|
# Once you have done this, "make install" will build the info files and
|
||||||
# install them in the directory you have defined.
|
# install them in the directory you have defined.
|
||||||
|
|
||||||
|
@ -195,7 +190,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -811,7 +811,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -820,7 +820,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
||||||
# to form the final file names. Some installations may want something like this:
|
# to form the final file names. Some installations may want something like this:
|
||||||
|
|
||||||
|
@ -204,7 +199,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
||||||
# in which the log files are placed must exist; Exim does not try to create
|
# in which the log files are placed must exist; Exim does not try to create
|
||||||
@@ -877,7 +877,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -892,7 +892,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
||||||
# Perl costs quite a lot of resources. Only do this if you really need it.
|
# Perl costs quite a lot of resources. Only do this if you really need it.
|
||||||
|
|
||||||
|
@ -213,7 +208,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -887,7 +887,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -902,7 +902,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# that the local_scan API is made available by the linker. You may also need
|
# that the local_scan API is made available by the linker. You may also need
|
||||||
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
||||||
|
|
||||||
|
@ -222,7 +217,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -897,7 +897,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -912,7 +912,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# support, which is intended for use in conjunction with the SMTP AUTH
|
# support, which is intended for use in conjunction with the SMTP AUTH
|
||||||
# facilities, is included only when requested by the following setting:
|
# facilities, is included only when requested by the following setting:
|
||||||
|
|
||||||
|
@ -231,7 +226,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
||||||
# GNU/Linux -ldl is also needed.
|
# GNU/Linux -ldl is also needed.
|
||||||
@@ -965,7 +965,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -1006,7 +1006,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# group. Once you have installed saslauthd, you should arrange for it to be
|
# group. Once you have installed saslauthd, you should arrange for it to be
|
||||||
# started by root at boot time.
|
# started by root at boot time.
|
||||||
|
|
||||||
|
@ -240,7 +235,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -978,9 +978,9 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -1019,9 +1019,9 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# You may well also have to specify a local "include" file and an additional
|
# You may well also have to specify a local "include" file and an additional
|
||||||
# library for TCP wrappers, so you probably need something like this:
|
# library for TCP wrappers, so you probably need something like this:
|
||||||
#
|
#
|
||||||
|
@ -253,7 +248,7 @@ index d576fd7..a3ffd48 100644
|
||||||
#
|
#
|
||||||
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
||||||
# as well.
|
# as well.
|
||||||
@@ -1032,7 +1032,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
@@ -1073,7 +1073,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
# is "yes", as well as supporting line editing, a history of input lines in the
|
# is "yes", as well as supporting line editing, a history of input lines in the
|
||||||
# current run is maintained.
|
# current run is maintained.
|
||||||
|
|
||||||
|
@ -262,7 +257,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
||||||
# Note that this option adds to the size of the Exim binary, because the
|
# Note that this option adds to the size of the Exim binary, because the
|
||||||
@@ -1042,7 +1042,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
@@ -1083,7 +1083,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
# Uncomment this setting to include IPv6 support.
|
# Uncomment this setting to include IPv6 support.
|
||||||
|
|
||||||
|
@ -271,7 +266,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
||||||
@@ -1063,13 +1063,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
@@ -1104,13 +1104,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
# haven't got Perl, Exim will still build and run; you just won't be able to
|
# haven't got Perl, Exim will still build and run; you just won't be able to
|
||||||
# use those utilities.
|
# use those utilities.
|
||||||
|
|
||||||
|
@ -292,7 +287,7 @@ index d576fd7..a3ffd48 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -1269,7 +1269,7 @@ TMPDIR="/tmp"
|
@@ -1312,7 +1312,7 @@ EXIM_TMPDIR="/tmp"
|
||||||
# (process id) to a file so that it can easily be identified. The path of the
|
# (process id) to a file so that it can easily be identified. The path of the
|
||||||
# file can be specified here. Some installations may want something like this:
|
# file can be specified here. Some installations may want something like this:
|
||||||
|
|
|
@ -2,6 +2,14 @@
|
||||||
|
|
||||||
. /etc/sysconfig/network
|
. /etc/sysconfig/network
|
||||||
|
|
||||||
|
# Source exim configureation.
|
||||||
|
if [ -f /etc/sysconfig/exim ] ; then
|
||||||
|
. /etc/sysconfig/exim
|
||||||
|
fi
|
||||||
|
|
||||||
|
USER=${USER:=exim}
|
||||||
|
GROUP=${GROUP:=exim}
|
||||||
|
|
||||||
gen_cert() {
|
gen_cert() {
|
||||||
if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
|
if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
|
||||||
umask 077
|
umask 077
|
||||||
|
@ -22,11 +30,11 @@ ${FQDN}
|
||||||
root@${FQDN}
|
root@${FQDN}
|
||||||
EOF
|
EOF
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
success
|
echo success
|
||||||
chown exim.exim /etc/pki/tls/{private,certs}/exim.pem
|
chown $USER:$GROUP /etc/pki/tls/{private,certs}/exim.pem
|
||||||
chmod 600 /etc/pki/tls/{private,certs}/exim.pem
|
chmod 600 /etc/pki/tls/{private,certs}/exim.pem
|
||||||
else
|
else
|
||||||
failure
|
echo failure
|
||||||
fi
|
fi
|
||||||
echo
|
echo
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -23,6 +23,9 @@ else
|
||||||
QUEUE=1h
|
QUEUE=1h
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
USER=${USER:=exim}
|
||||||
|
GROUP=${GROUP:=exim}
|
||||||
|
|
||||||
gen_cert() {
|
gen_cert() {
|
||||||
if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
|
if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
|
||||||
umask 077
|
umask 077
|
||||||
|
@ -44,7 +47,7 @@ root@${FQDN}
|
||||||
EOF
|
EOF
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
success
|
success
|
||||||
chown exim.exim /etc/pki/tls/{private,certs}/exim.pem
|
chown $USER:$GROUP /etc/pki/tls/{private,certs}/exim.pem
|
||||||
chmod 600 /etc/pki/tls/{private,certs}/exim.pem
|
chmod 600 /etc/pki/tls/{private,certs}/exim.pem
|
||||||
else
|
else
|
||||||
failure
|
failure
|
||||||
|
@ -65,7 +68,7 @@ start() {
|
||||||
then
|
then
|
||||||
if [ "exim" != "`ls -l /var/log/exim/main.log | awk '{print $4}'`" ]
|
if [ "exim" != "`ls -l /var/log/exim/main.log | awk '{print $4}'`" ]
|
||||||
then
|
then
|
||||||
chown -R exim:exim /var/log/exim /var/spool/exim
|
chown -R $USER:$GROUP /var/log/exim /var/spool/exim
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
55
exim.spec
55
exim.spec
|
@ -14,8 +14,8 @@
|
||||||
|
|
||||||
Summary: The exim mail transfer agent
|
Summary: The exim mail transfer agent
|
||||||
Name: exim
|
Name: exim
|
||||||
Version: 4.84.2
|
Version: 4.88
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Url: http://www.exim.org/
|
Url: http://www.exim.org/
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
|
@ -52,21 +52,22 @@ Source25: exim-gen-cert
|
||||||
Source26: clamd.exim.service
|
Source26: clamd.exim.service
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Patch4: exim-rhl.patch
|
Patch4: exim-4.87-rhl.patch
|
||||||
Patch6: exim-4.83-config.patch
|
Patch6: exim-4.88-config.patch
|
||||||
Patch8: exim-4.82-libdir.patch
|
Patch8: exim-4.82-libdir.patch
|
||||||
Patch12: exim-4.82-cyrus.patch
|
Patch12: exim-4.87-cyrus.patch
|
||||||
Patch13: exim-4.82-pamconfig.patch
|
Patch13: exim-4.87-pamconfig.patch
|
||||||
Patch14: exim-4.83-spamdconf.patch
|
Patch14: exim-4.87-spamdconf.patch
|
||||||
Patch18: exim-4.84.2-dlopen-localscan.patch
|
Patch18: exim-4.87-dlopen-localscan.patch
|
||||||
Patch19: exim-4.82-procmail.patch
|
Patch19: exim-4.87-procmail.patch
|
||||||
Patch20: exim-4.82-allow-filter.patch
|
Patch20: exim-4.87-allow-filter.patch
|
||||||
Patch21: exim-4.82-localhost-is-local.patch
|
Patch21: exim-4.87-localhost-is-local.patch
|
||||||
Patch22: exim-4.82-greylist-conf.patch
|
Patch22: exim-4.87-greylist-conf.patch
|
||||||
Patch23: exim-4.82-smarthost-config.patch
|
Patch23: exim-4.87-smarthost-config.patch
|
||||||
Patch25: exim-4.82-dynlookup-config.patch
|
Patch25: exim-4.87-dynlookup-config.patch
|
||||||
Patch26: exim-4.84-mime-fix.patch
|
# Upstream ticket: http://bugs.exim.org/show_bug.cgi?id=1584
|
||||||
Patch27: exim-4.84.2-environment.patch
|
Patch26: exim-4.85-pic.patch
|
||||||
|
Patch27: exim-4.87-environment.patch
|
||||||
|
|
||||||
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
||||||
Requires: /etc/aliases
|
Requires: /etc/aliases
|
||||||
|
@ -223,7 +224,7 @@ greylisting unconditional.
|
||||||
%patch22 -p1 -b .grey
|
%patch22 -p1 -b .grey
|
||||||
%patch23 -p1 -b .smarthost
|
%patch23 -p1 -b .smarthost
|
||||||
%patch25 -p1 -b .dynconfig
|
%patch25 -p1 -b .dynconfig
|
||||||
%patch26 -p1 -b .mime-fix
|
%patch26 -p1 -b .fpic
|
||||||
%patch27 -p1 -b .environment
|
%patch27 -p1 -b .environment
|
||||||
|
|
||||||
cp src/EDITME Local/Makefile
|
cp src/EDITME Local/Makefile
|
||||||
|
@ -235,8 +236,10 @@ cp exim_monitor/EDITME Local/eximon.conf
|
||||||
%build
|
%build
|
||||||
%ifnarch s390 s390x sparc sparcv9 sparcv9v sparc64 sparc64v
|
%ifnarch s390 s390x sparc sparcv9 sparcv9v sparc64 sparc64v
|
||||||
export PIE=-fpie
|
export PIE=-fpie
|
||||||
|
export PIC=-fpic
|
||||||
%else
|
%else
|
||||||
export PIE=-fPIE
|
export PIE=-fPIE
|
||||||
|
export PIC=-fPIC
|
||||||
%endif
|
%endif
|
||||||
make _lib=%{_lib} FULLECHO=
|
make _lib=%{_lib} FULLECHO=
|
||||||
|
|
||||||
|
@ -615,20 +618,10 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
||||||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Apr 18 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-2
|
* Mon Jan 2 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.88-1
|
||||||
- Used sane environment defaults in default configuration
|
- New version
|
||||||
Resolves: rhbz#1323775
|
- Fixed DKIM private key leakage
|
||||||
|
Resolves: CVE-2016-9963
|
||||||
* Thu Mar 3 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-1
|
|
||||||
- New version (security bug fix release)
|
|
||||||
Resolves: rhbz#1314118
|
|
||||||
- Fixed local privilege escalation for set-uid root when using perl_startup
|
|
||||||
Resolves: CVE-2016-1531
|
|
||||||
- Defuzzified patches
|
|
||||||
|
|
||||||
* Mon Dec 7 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84-5
|
|
||||||
- MIME crash fix (by mime-fix patch)
|
|
||||||
Resolves: rhbz#1289056
|
|
||||||
|
|
||||||
* Fri Oct 10 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84-4
|
* Fri Oct 10 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84-4
|
||||||
- Do not override LFLAGS (problem reported by Todd Lyons)
|
- Do not override LFLAGS (problem reported by Todd Lyons)
|
||||||
|
|
|
@ -1,2 +1,4 @@
|
||||||
DAEMON=yes
|
DAEMON=yes
|
||||||
QUEUE=1h
|
QUEUE=1h
|
||||||
|
USER=exim
|
||||||
|
GROUP=exim
|
||||||
|
|
Loading…
Reference in New Issue