Merge remote-tracking branch 'origin/master' into epel8

2019-09-26 18:02:23 +02:00 · 2019-09-26 18:02:23 +02:00 · c83c2550aa
parent efeefeae8c 1464ae5f2b
commit c83c2550aa
35 changed files with 2871 additions and 21 deletions
--- a/.cvsignore
+++ b/.cvsignore
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+exim-*.tar.xz
--- a/21
+++ b/21
@ -1,21 +0,0 @@
-# Makefile for source rpm: exim
-# $Id$
-NAME := exim
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attept a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)
--- a/clamd.exim.service
+++ b/clamd.exim.service
@ -0,0 +1,11 @@
+[Unit]
+Description=Clamd Exim An Interface Between MTA And Content Checkers
+After=network.target
+
+[Service]
+Type=forking
+PIDFile=/run/clamd.exim/clamd.pid
+ExecStart=/usr/sbin/clamd -c /etc/clamd.d/exim.conf
+
+[Install]
+WantedBy=multi-user.target
--- a/exim-4.82-libdir.patch
+++ b/exim-4.82-libdir.patch
@ -0,0 +1,15 @@
+diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
+index 990f884..d1ef114 100644
+--- a/OS/Makefile-Linux
+++ b/OS/Makefile-Linux
+@@ -24,8 +24,8 @@ LIBRESOLV = -lresolv
+ 
+ X11=/usr/X11R6
+ XINCLUDE=-I$(X11)/include
+-XLFLAGS=-L$(X11)/lib
+-X11_LD_LIB=$(X11)/lib
+XLFLAGS=-L$(X11)/$(_lib)
+X11_LD_LIB=$(X11)/$(_lib)
+ 
+ EXIWHAT_PS_ARG=ax
+ EXIWHAT_EGREP_ARG='/exim( |$$)'
--- a/exim-4.85-pic.patch
+++ b/exim-4.85-pic.patch
@ -0,0 +1,13 @@
+diff --git a/src/lookups/Makefile b/src/lookups/Makefile
+index 6ba0cb1..21a7ad7 100644
+--- a/src/lookups/Makefile
+++ b/src/lookups/Makefile
+@@ -22,7 +22,7 @@ lookups.a:       $(OBJ)
+ 		 $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) $*.c
+ 
+ .c.so:;          @echo "$(CC) -shared $*.c"
+-		 $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@
+		 $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@
+ 
+ lf_check_file.o: $(PHDRS) lf_check_file.c  lf_functions.h
+ lf_quote.o:      $(PHDRS) lf_quote.c       lf_functions.h
--- a/exim-4.90.1-nsl-fix.patch
+++ b/exim-4.90.1-nsl-fix.patch
@ -0,0 +1,14 @@
+diff --git a/src/EDITME b/src/EDITME
+index be31066..e48dd93 100644
+--- a/src/EDITME
+++ b/src/EDITME
+@@ -316,6 +316,9 @@ LOOKUP_MYSQL=2
+ LOOKUP_MYSQL_PC=mariadb
+ LOOKUP_NIS=yes
+ LOOKUP_NISPLUS=yes
+CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc
+LIBS+=-L/usr/$(_lib)/nsl
+
+ # LOOKUP_ORACLE=yes
+ LOOKUP_PASSWD=yes
+ LOOKUP_PGSQL=2
--- a/exim-4.92-allow-filter.patch
+++ b/exim-4.92-allow-filter.patch
@ -0,0 +1,13 @@
+diff --git a/src/configure.default b/src/configure.default
+index cef3779..09f0b36 100644
+--- a/src/configure.default
+++ b/src/configure.default
+@@ -810,7 +810,7 @@ userforward:
+ # local_part_suffix = +* : -*
+ # local_part_suffix_optional
+   file = $home/.forward
+-# allow_filter
+  allow_filter
+   no_verify
+   no_expn
+   check_ancestor
--- a/exim-4.92-config.patch
+++ b/exim-4.92-config.patch
@ -0,0 +1,299 @@
+diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
+index 7e0bf38..c97ccec 100755
+--- a/scripts/Configure-Makefile
+++ b/scripts/Configure-Makefile
+@@ -297,7 +297,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
+ 
+   mv $mft $mftt
+   echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
+-  echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
+  echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
+   echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
+   echo "" >>$mft
+   cat $mftt >> $mft
+diff --git a/src/EDITME b/src/EDITME
+index cbb0805..a42cd6f 100644
+--- a/src/EDITME
+++ b/src/EDITME
+@@ -98,7 +98,7 @@
+ # /usr/local/sbin. The installation script will try to create this directory,
+ # and any superior directories, if they do not exist.
+ 
+-BIN_DIRECTORY=/usr/exim/bin
+BIN_DIRECTORY=/usr/sbin
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -114,7 +114,7 @@ BIN_DIRECTORY=/usr/exim/bin
+ # don't exist. It will also install a default runtime configuration if this
+ # file does not exist.
+ 
+-CONFIGURE_FILE=/usr/exim/configure
+CONFIGURE_FILE=/etc/exim/exim.conf
+ 
+ # It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
+ # In this case, Exim will use the first of them that exists when it is run.
+@@ -131,7 +131,7 @@ CONFIGURE_FILE=/usr/exim/configure
+ # deliveries. (Local deliveries run as various non-root users, typically as the
+ # owner of a local mailbox.) Specifying these values as root is not supported.
+ 
+-EXIM_USER=
+EXIM_USER=93
+ 
+ # If you specify EXIM_USER as a name, this is looked up at build time, and the
+ # uid number is built into the binary. However, you can specify that this
+@@ -152,7 +152,7 @@ EXIM_USER=
+ # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
+ # you want to use a group other than the default group for the given user.
+ 
+-# EXIM_GROUP=
+EXIM_GROUP=93
+ 
+ # Many sites define a user called "exim", with an appropriate default group,
+ # and use
+@@ -237,7 +237,7 @@ TRANSPORT_SMTP=yes
+ # This one is special-purpose, and commonly not required, so it is not
+ # included by default.
+ 
+-# TRANSPORT_LMTP=yes
+TRANSPORT_LMTP=yes
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -246,9 +246,9 @@ TRANSPORT_SMTP=yes
+ # MBX, is included only when requested. If you do not know what this is about,
+ # leave these settings commented out.
+ 
+-# SUPPORT_MAILDIR=yes
+-# SUPPORT_MAILSTORE=yes
+-# SUPPORT_MBX=yes
+SUPPORT_MAILDIR=yes
+SUPPORT_MAILSTORE=yes
+SUPPORT_MBX=yes
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -306,20 +306,22 @@ LOOKUP_DBM=yes
+ LOOKUP_LSEARCH=yes
+ LOOKUP_DNSDB=yes
+ 
+-# LOOKUP_CDB=yes
+-# LOOKUP_DSEARCH=yes
+LOOKUP_CDB=yes
+LOOKUP_DSEARCH=yes
+ # LOOKUP_IBASE=yes
+-# LOOKUP_LDAP=yes
+-# LOOKUP_MYSQL=yes
+-# LOOKUP_MYSQL_PC=mariadb
+-# LOOKUP_NIS=yes
+-# LOOKUP_NISPLUS=yes
+LOOKUP_LDAP=yes
+LDAP_LIB_TYPE=OPENLDAP2
+LOOKUP_LIBS=-lldap -llber -lsqlite3
+LOOKUP_MYSQL=2
+LOOKUP_MYSQL_PC=mariadb
+LOOKUP_NIS=yes
+LOOKUP_NISPLUS=yes
+ # LOOKUP_ORACLE=yes
+-# LOOKUP_PASSWD=yes
+-# LOOKUP_PGSQL=yes
+LOOKUP_PASSWD=yes
+LOOKUP_PGSQL=2
+LOOKUP_PGSQL_LIBS=-lpq
+ # LOOKUP_REDIS=yes
+-# LOOKUP_SQLITE=yes
+-# LOOKUP_SQLITE_PC=sqlite3
+LOOKUP_SQLITE=yes
+ # LOOKUP_WHOSON=yes
+ 
+ # These two settings are obsolete; all three lookups are compiled when
+@@ -402,7 +404,7 @@ EXIM_MONITOR=eximon.bin
+ # and the MIME ACL. Please read the documentation to learn more about these
+ # features.
+ 
+-# WITH_CONTENT_SCAN=yes
+WITH_CONTENT_SCAN=yes
+ 
+ # If you have content scanning you may wish to only include some of the scanner
+ # interfaces.  Uncomment any of these lines to remove that code.
+@@ -595,7 +597,7 @@ FIXED_NEVER_USERS=root
+ # CONFIGURE_OWNER setting, to specify a configuration file which is listed in
+ # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
+ 
+-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -640,17 +642,14 @@ FIXED_NEVER_USERS=root
+ # included in the Exim binary. You will then need to set up the run time
+ # configuration to make use of the mechanism(s) selected.
+ 
+-# AUTH_CRAM_MD5=yes
+-# AUTH_CYRUS_SASL=yes
+-# AUTH_DOVECOT=yes
+-# AUTH_GSASL=yes
+-# AUTH_GSASL_PC=libgsasl
+-# AUTH_HEIMDAL_GSSAPI=yes
+-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
+-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
+-# AUTH_PLAINTEXT=yes
+-# AUTH_SPA=yes
+-# AUTH_TLS=yes
+AUTH_CRAM_MD5=yes
+AUTH_CYRUS_SASL=yes
+AUTH_DOVECOT=yes
+AUTH_GSASL=yes
+AUTH_GSASL_PC=libgsasl
+AUTH_PLAINTEXT=yes
+AUTH_SPA=yes
+AUTH_TLS=yes
+ 
+ # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
+ # requires multiple pkg-config files to work with Exim, so the second example
+@@ -674,7 +673,7 @@ FIXED_NEVER_USERS=root
+ # one that is set in the headers_charset option. The default setting is
+ # defined by this setting:
+ 
+-HEADERS_CHARSET="ISO-8859-1"
+HEADERS_CHARSET="UTF-8"
+ 
+ # If you are going to make use of $header_xxx expansions in your configuration
+ # file, or if your users are going to use them in filter files, and the normal
+@@ -694,7 +693,7 @@ HEADERS_CHARSET="ISO-8859-1"
+ # the Sieve filter support. For those OS where iconv() is known to be installed
+ # as standard, the file in OS/Makefile-xxxx contains
+ #
+-# HAVE_ICONV=yes
+HAVE_ICONV=yes
+ #
+ # If you are not using one of those systems, but have installed iconv(), you
+ # need to uncomment that line above. In some cases, you may find that iconv()
+@@ -763,11 +762,11 @@ HEADERS_CHARSET="ISO-8859-1"
+ # leave these settings commented out.
+ 
+ # This setting is required for any TLS support (either OpenSSL or GnuTLS)
+-# SUPPORT_TLS=yes
+SUPPORT_TLS=yes
+ 
+ # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
+-# USE_OPENSSL_PC=openssl
+-# TLS_LIBS=-lssl -lcrypto
+TLS_INCLUDE=-I/usr/kerberos/include
+TLS_LIBS=-lssl -lcrypto
+ 
+ # Uncomment the first and either the second or the third of these if you
+ # are using GnuTLS.  If you have pkg-config, then the second, else the third.
+@@ -839,7 +838,7 @@ HEADERS_CHARSET="ISO-8859-1"
+ # Once you have done this, "make install" will build the info files and
+ # install them in the directory you have defined.
+ 
+-# INFO_DIRECTORY=/usr/share/info
+INFO_DIRECTORY=/usr/share/info
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -852,7 +851,7 @@ HEADERS_CHARSET="ISO-8859-1"
+ # %s. This will be replaced by one of the strings "main", "panic", or "reject"
+ # to form the final file names. Some installations may want something like this:
+ 
+-# LOG_FILE_PATH=/var/log/exim_%slog
+LOG_FILE_PATH=/var/log/exim/%s.log
+ 
+ # which results in files with names /var/log/exim_mainlog, etc. The directory
+ # in which the log files are placed must exist; Exim does not try to create
+@@ -924,7 +923,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+ # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
+ # Perl costs quite a lot of resources. Only do this if you really need it.
+ 
+-# EXIM_PERL=perl.o
+EXIM_PERL=perl.o
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -934,7 +933,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+ # that the local_scan API is made available by the linker. You may also need
+ # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
+ 
+-# EXPAND_DLFUNC=yes
+EXPAND_DLFUNC=yes
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -944,7 +943,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+ # support, which is intended for use in conjunction with the SMTP AUTH
+ # facilities, is included only when requested by the following setting:
+ 
+-# SUPPORT_PAM=yes
+SUPPORT_PAM=yes
+ 
+ # You probably need to add -lpam to EXTRALIBS, and in some releases of
+ # GNU/Linux -ldl is also needed.
+@@ -1052,7 +1051,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+ # group. Once you have installed saslauthd, you should arrange for it to be
+ # started by root at boot time.
+ 
+-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -1066,8 +1065,8 @@ ZCAT_COMMAND=/usr/bin/zcat
+ # library for TCP wrappers, so you probably need something like this:
+ #
+ # USE_TCP_WRAPPERS=yes
+-# CFLAGS=-O -I/usr/local/include
+-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
+EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
+ #
+ # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
+ # as well.
+@@ -1119,7 +1118,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+ # is "yes", as well as supporting line editing, a history of input lines in the
+ # current run is maintained.
+ 
+-# USE_READLINE=yes
+USE_READLINE=yes
+ 
+ # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
+ # Note that this option adds to the size of the Exim binary, because the
+@@ -1136,7 +1135,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+ #------------------------------------------------------------------------------
+ # Uncomment this setting to include IPv6 support.
+ 
+-# HAVE_IPV6=yes
+HAVE_IPV6=yes
+ 
+ ###############################################################################
+ #              THINGS YOU ALMOST NEVER NEED TO MENTION                        #
+@@ -1157,13 +1156,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+ # haven't got Perl, Exim will still build and run; you just won't be able to
+ # use those utilities.
+ 
+-# CHOWN_COMMAND=/usr/bin/chown
+-# CHGRP_COMMAND=/usr/bin/chgrp
+-# CHMOD_COMMAND=/usr/bin/chmod
+-# MV_COMMAND=/bin/mv
+-# RM_COMMAND=/bin/rm
+-# TOUCH_COMMAND=/usr/bin/touch
+-# PERL_COMMAND=/usr/bin/perl
+CHOWN_COMMAND=/usr/bin/chown
+CHGRP_COMMAND=/usr/bin/chgrp
+CHMOD_COMMAND=/usr/bin/chmod
+MV_COMMAND=/usr/bin/mv
+RM_COMMAND=/usr/bin/rm
+TOUCH_COMMAND=/usr/bin/touch
+PERL_COMMAND=/usr/bin/perl
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -1365,7 +1364,7 @@ EXIM_TMPDIR="/tmp"
+ # (process id) to a file so that it can easily be identified. The path of the
+ # file can be specified here. Some installations may want something like this:
+ 
+-# PID_FILE_PATH=/var/lock/exim.pid
+PID_FILE_PATH=/var/run/exim.pid
+ 
+ # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
+ # using the name "exim-daemon.pid".
--- a/exim-4.92-cyrus.patch
+++ b/exim-4.92-cyrus.patch
@ -0,0 +1,21 @@
+diff --git a/src/configure.default b/src/configure.default
+index 69e0ed1..6db4947 100644
+--- a/src/configure.default
+++ b/src/configure.default
+@@ -901,6 +901,16 @@ address_reply:
+   driver = autoreply
+ 
+ 
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
+# socket. You'll need to configure the 'localuser' router above to use it.
+#
+#lmtp_delivery:
+#  home_directory = /var/spool/imap
+#  driver = lmtp
+#  command = "/usr/lib/cyrus-imapd/deliver -l"
+#  batch_max = 20
+#  user = cyrus
+
+ 
+ ######################################################################
+ #                      RETRY CONFIGURATION                           #
--- a/exim-4.92-dane-enable.patch
+++ b/exim-4.92-dane-enable.patch
@ -0,0 +1,13 @@
+diff --git a/src/EDITME b/src/EDITME
+index e3b98e9..d621c46 100644
+--- a/src/EDITME
+++ b/src/EDITME
+@@ -372,7 +372,7 @@ PCRE_CONFIG=yes
+ # Uncomment the following line to add DANE support
+ # Note: Enabling this unconditionally overrides DISABLE_DNSSEC
+ # For DANE under GnuTLS we need an additional library.  See TLS_LIBS below.
+-# SUPPORT_DANE=yes
+SUPPORT_DANE=yes
+ 
+ #------------------------------------------------------------------------------
+ # Additional libraries and include directories may be required for some
--- a/exim-4.92-dlopen-localscan.patch
+++ b/exim-4.92-dlopen-localscan.patch
@ -0,0 +1,267 @@
+diff --git a/src/EDITME b/src/EDITME
+index a42cd6f..0acd673 100644
+--- a/src/EDITME
+++ b/src/EDITME
+@@ -822,6 +822,20 @@ TLS_LIBS=-lssl -lcrypto
+ # specified in INCLUDE.
+ 
+ 
+#------------------------------------------------------------------------------
+# On systems which support dynamic loading of shared libraries, Exim can
+# load a local_scan function specified in its config file instead of having
+# to be recompiled with the desired local_scan function. For a full
+# description of the API to this function, see the Exim specification.
+
+DLOPEN_LOCAL_SCAN=yes
+
+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
+# linker flags.  Without it, the loaded .so won't be able to access any
+# functions from exim.
+
+LFLAGS=-rdynamic -ldl -pie
+
+ #------------------------------------------------------------------------------
+ # The default distribution of Exim contains only the plain text form of the
+ # documentation. Other forms are available separately. If you want to install
+diff --git a/src/config.h.defaults b/src/config.h.defaults
+index 7c2e534..3fafe61 100644
+--- a/src/config.h.defaults
+++ b/src/config.h.defaults
+@@ -32,6 +32,8 @@ Do not put spaces between # and the 'define'.
+ 
+ #define AUTH_VARS                     3
+ 
+#define DLOPEN_LOCAL_SCAN
+
+ #define BIN_DIRECTORY
+ 
+ #define CONFIGURE_FILE
+diff --git a/src/globals.c b/src/globals.c
+index b3362a3..0884fe5 100644
+--- a/src/globals.c
+++ b/src/globals.c
+@@ -173,6 +173,10 @@ uschar *tls_verify_hosts       = NULL;
+ uschar *tls_advertise_hosts    = NULL;
+ #endif
+ 
+#ifdef DLOPEN_LOCAL_SCAN
+uschar *local_scan_path        = NULL;
+#endif
+
+ #ifndef DISABLE_PRDR
+ /* Per Recipient Data Response variables */
+ BOOL    prdr_enable            = FALSE;
+diff --git a/src/globals.h b/src/globals.h
+index f71f104..3faf176 100644
+--- a/src/globals.h
+++ b/src/globals.h
+@@ -131,6 +131,11 @@ extern uschar *tls_try_verify_hosts;   /* Optional client verification */
+ extern uschar *tls_verify_certificates;/* Path for certificates to check */
+ extern uschar *tls_verify_hosts;       /* Mandatory client verification */
+ #endif
+
+#ifdef DLOPEN_LOCAL_SCAN
+extern uschar *local_scan_path;        /* Path to local_scan() library */
+#endif
+
+ extern uschar *tls_advertise_hosts;    /* host for which TLS is advertised */
+ 
+ extern uschar  *dsn_envid;             /* DSN envid string */
+diff --git a/src/local_scan.c b/src/local_scan.c
+index 4dd0b2b..8599172 100644
+--- a/src/local_scan.c
+++ b/src/local_scan.c
+@@ -5,61 +5,131 @@
+ /* Copyright (c) University of Cambridge 1995 - 2009 */
+ /* See the file NOTICE for conditions of use and distribution. */
+ 
+#include "exim.h"
+ 
+-/******************************************************************************
+-This file contains a template local_scan() function that just returns ACCEPT.
+-If you want to implement your own version, you should copy this file to, say
+-Local/local_scan.c, and edit the copy. To use your version instead of the
+-default, you must set
+-
+-HAVE_LOCAL_SCAN=yes
+-LOCAL_SCAN_SOURCE=Local/local_scan.c
+-
+-in your Local/Makefile. This makes it easy to copy your version for use with
+-subsequent Exim releases.
+-
+-For a full description of the API to this function, see the Exim specification.
+-******************************************************************************/
+-
+-
+-/* This is the only Exim header that you should include. The effect of
+-including any other Exim header is not defined, and may change from release to
+-release. Use only the documented interface! */
+-
+-#include "local_scan.h"
+-
+-
+-/* This is a "do-nothing" version of a local_scan() function. The arguments
+-are:
+-
+-  fd             The file descriptor of the open -D file, which contains the
+-                   body of the message. The file is open for reading and
+-                   writing, but modifying it is dangerous and not recommended.
+-
+-  return_text    A pointer to an unsigned char* variable which you can set in
+-                   order to return a text string. It is initialized to NULL.
+-
+-The return values of this function are:
+-
+-  LOCAL_SCAN_ACCEPT
+-                 The message is to be accepted. The return_text argument is
+-                   saved in $local_scan_data.
+-
+-  LOCAL_SCAN_REJECT
+-                 The message is to be rejected. The returned text is used
+-                   in the rejection message.
+-
+-  LOCAL_SCAN_TEMPREJECT
+-                 This specifies a temporary rejection. The returned text
+-                   is used in the rejection message.
+-*/
+#ifdef DLOPEN_LOCAL_SCAN
+#include <dlfcn.h>
+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
+static int load_local_scan_library(void);
+#endif
+ 
+ int
+ local_scan(int fd, uschar **return_text)
+ {
+ fd = fd;                      /* Keep picky compilers happy */
+ return_text = return_text;
+-return LOCAL_SCAN_ACCEPT;
+#ifdef DLOPEN_LOCAL_SCAN
+/* local_scan_path is defined AND not the empty string */
+if (local_scan_path && *local_scan_path)
+  {
+  if (!local_scan_fn)
+    {
+    if (!load_local_scan_library())
+      {
+        char *base_msg , *error_msg , *final_msg ;
+        int final_length = -1 ;
+
+        base_msg=US"Local configuration error - local_scan() library failure\n";
+        error_msg = dlerror() ;
+
+        final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
+        final_msg = (char*)malloc( final_length*sizeof(char) ) ;
+        *final_msg = '\0' ;
+
+        strcat( final_msg , base_msg ) ;
+        strcat( final_msg , error_msg ) ;
+
+        *return_text = final_msg ;
+      return LOCAL_SCAN_TEMPREJECT;
+      }
+    }
+    return local_scan_fn(fd, return_text);
+  }
+else
+#endif
+  return LOCAL_SCAN_ACCEPT;
+ }
+ 
+#ifdef DLOPEN_LOCAL_SCAN
+
+static int load_local_scan_library(void)
+{
+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
+void *local_scan_lib = NULL;
+int (*local_scan_version_fn)(void);
+int vers_maj;
+int vers_min;
+
+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
+if (!local_scan_lib)
+  {
+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
+    "message temporarily rejected");
+  return FALSE;
+  }
+
+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
+if (!local_scan_version_fn)
+  {
+  dlclose(local_scan_lib);
+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+    "local_scan_version_major() function - message temporarily rejected");
+  return FALSE;
+  }
+
+/* The major number is increased when the ABI is changed in a non
+   backward compatible way. */
+vers_maj = local_scan_version_fn();
+
+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
+if (!local_scan_version_fn)
+  {
+  dlclose(local_scan_lib);
+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+    "local_scan_version_minor() function - message temporarily rejected");
+  return FALSE;
+  }
+
+/* The minor number is increased each time a new feature is added (in a
+   way that doesn't break backward compatibility) -- Marc */
+vers_min = local_scan_version_fn();
+
+
+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
+  {
+  dlclose(local_scan_lib);
+  local_scan_lib = NULL;
+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
+    "version number, you need to recompile your module for this version"
+    "of exim (The module was compiled for version %d.%d and this exim provides"
+    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
+    LOCAL_SCAN_ABI_VERSION_MINOR);
+  return FALSE;
+  }
+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
+  {
+  dlclose(local_scan_lib);
+  local_scan_lib = NULL;
+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
+    "version number, you need to recompile your module for this version"
+    "of exim (The module was compiled for version %d.%d and this exim provides"
+    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
+    LOCAL_SCAN_ABI_VERSION_MINOR);
+  return FALSE;
+  }
+
+local_scan_fn = dlsym(local_scan_lib, "local_scan");
+if (!local_scan_fn)
+  {
+  dlclose(local_scan_lib);
+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+    "local_scan() function - message temporarily rejected");
+  return FALSE;
+  }
+
+return TRUE;
+}
+
+#endif /* DLOPEN_LOCAL_SCAN */
+
+ /* End of local_scan.c */
+diff --git a/src/readconf.c b/src/readconf.c
+index 5742d10..3f1d9c1 100644
+--- a/src/readconf.c
+++ b/src/readconf.c
+@@ -199,6 +199,9 @@ static optionlist optionlist_config[] = {
+   { "local_from_prefix",        opt_stringptr,   &local_from_prefix },
+   { "local_from_suffix",        opt_stringptr,   &local_from_suffix },
+   { "local_interfaces",         opt_stringptr,   &local_interfaces },
+#ifdef DLOPEN_LOCAL_SCAN
+  { "local_scan_path",          opt_stringptr,   &local_scan_path },
+#endif
+ #ifdef HAVE_LOCAL_SCAN
+   { "local_scan_timeout",       opt_time,        &local_scan_timeout },
+ #endif
--- a/exim-4.92-environment.patch
+++ b/exim-4.92-environment.patch
@ -0,0 +1,15 @@
+diff --git a/src/configure.default b/src/configure.default
+index 241a961..1403d4a 100644
+--- a/src/configure.default
+++ b/src/configure.default
+@@ -384,8 +384,8 @@ timeout_frozen_after = 7d
+ # Note that TZ is handled separately by the timezone runtime option
+ # and TIMEZONE_DEFAULT buildtime option.
+ 
+-# keep_environment = ^LDAP
+-# add_environment = PATH=/usr/bin::/bin
+keep_environment = ^LDAP
+add_environment = PATH=/usr/bin::/bin
+ 
+ 
+ 
--- a/exim-4.92-greylist-conf.patch
+++ b/exim-4.92-greylist-conf.patch
@ -0,0 +1,119 @@
+diff --git a/src/configure.default b/src/configure.default
+index 9242bac..eabf102 100644
+--- a/src/configure.default
+++ b/src/configure.default
+@@ -119,6 +119,7 @@ hostlist   relay_from_hosts = localhost
+ # manual for details. The lists above are used in the access control lists for
+ # checking incoming messages. The names of these ACLs are defined here:
+ 
+acl_smtp_mail =         acl_check_mail
+ acl_smtp_rcpt =         acl_check_rcpt
+ .ifdef _HAVE_PRDR
+ acl_smtp_data_prdr =    acl_check_prdr
+@@ -395,6 +396,29 @@ timeout_frozen_after = 7d
+ 
+ begin acl
+ 
+
+# This access control list is used for the MAIL command in an incoming
+# SMTP message.
+
+acl_check_mail:
+
+  # Hosts are required to say HELO (or EHLO) before sending mail.
+  # So don't allow them to use the MAIL command if they haven't
+  # done so.
+
+  deny condition = ${if eq{$sender_helo_name}{} {1}}
+       message = Nice boys say HELO first
+
+  # Use the lack of reverse DNS to trigger greylisting. Some people
+  # even reject for it but that would be a little excessive.
+
+  warn condition = ${if eq{$sender_host_name}{} {1}}
+       set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
+
+  accept
+
+
+
+ # This access control list is used for every RCPT command in an incoming
+ # SMTP message. The tests are run in order until the address is either
+ # accepted or denied.
+@@ -520,7 +544,8 @@ acl_check_rcpt:
+   # There are no default checks on DNS black lists because the domains that
+   # contain these lists are changing all the time. However, here are two
+   # examples of how you can get Exim to perform a DNS black list lookup at this
+-  # point. The first one denies, whereas the second just warns.
+  # point. The first one denies, whereas the second just warns. The third
+  # triggers greylisting for any host in the blacklist.
+   #
+   # deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
+   #         dnslists      = black.list.example
+@@ -528,6 +553,10 @@ acl_check_rcpt:
+   # warn    dnslists      = black.list.example
+   #         add_header    = X-Warning: $sender_host_address is in a black list at $dnslist_domain
+   #         log_message   = found in $dnslist_domain
+  #
+  # warn    dnslists      = black.list.example
+  #         set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
+  #
+   #############################################################################
+ 
+   #############################################################################
+@@ -554,6 +583,10 @@ acl_check_rcpt:
+   #        set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+   #############################################################################
+ 
+  # Alternatively, greylist for it:
+  # warn !verify = csa
+  #      set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
+
+   # At this point, the address has passed all the checks that have been
+   # configured, so we accept it unconditionally.
+ 
+@@ -612,6 +645,12 @@ acl_check_data:
+   # deny    condition  = ${if !def:h_Message-ID: {1}}
+   #         message    = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
+   #                      Most messages without it are spam, so your mail has been rejected.
+  #
+  # Alternatively if we're feeling more lenient we could just use it to
+  # trigger greylisting instead:
+
+  warn    condition  = ${if !def:h_Message-ID: {1}}
+          set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
+ 
+   # Deny if the message contains a virus. Before enabling this check, you
+   # must install a virus scanner and set the av_scanner option above.
+@@ -658,8 +697,31 @@ acl_check_data:
+   #         message   = Your message scored $spam_score SpamAssassin point. Report follows:\n\
+   #  	    	        $spam_report
+ 
+  # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
+  #
+  # warn    condition = ${if >{$spam_score_int}{5} {1}}
+  #         set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
+
+
+  # If you want to greylist _all_ mail rather than only mail which looks like there
+  # might be something wrong with it, then you can do this...
+  #
+  # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
+
+  # Now, invoke the greylisting. For this you need to have installed the exim-greylist
+  # package which contains this subroutine, and you need to uncomment the bit below
+  # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
+  # greylisting will kick in and will defer the mail to check if the sender is a
+  # proper mail which which retries, or whether it's a zombie. For more details, see
+  # the exim-greylist.conf.inc file itself.
+  #
+  # require acl = greylist_mail
+
+   accept
+ 
+# To enable the greylisting, also uncomment this line:
+# .include /etc/exim/exim-greylist.conf.inc
+
+ acl_check_mime:
+ 
+   # File extension filtering.
--- a/exim-4.92-localhost-is-local.patch
+++ b/exim-4.92-localhost-is-local.patch
@ -0,0 +1,13 @@
+diff --git a/src/configure.default b/src/configure.default
+index 09f0b36..9242bac 100644
+--- a/src/configure.default
+++ b/src/configure.default
+@@ -67,7 +67,7 @@
+ # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
+ # are all colon-separated lists:
+ 
+-domainlist local_domains = @
+domainlist local_domains = @ : localhost : localhost.localdomain
+ domainlist relay_to_domains =
+ hostlist   relay_from_hosts = localhost
+ # (We rely upon hostname resolution working for localhost, because the default
--- a/exim-4.92-pamconfig.patch
+++ b/exim-4.92-pamconfig.patch
@ -0,0 +1,78 @@
+diff --git a/src/configure.default b/src/configure.default
+index 6db4947..f1198b1 100644
+--- a/src/configure.default
+++ b/src/configure.default
+@@ -157,7 +157,7 @@ acl_smtp_data =         acl_check_data
+ 
+ # Allow any client to use TLS.
+ 
+-# tls_advertise_hosts = *
+tls_advertise_hosts = *
+ 
+ # Specify the location of the Exim server's TLS certificate and private key.
+ # The private key must not be encrypted (password protected). You can put
+@@ -165,8 +165,8 @@ acl_smtp_data =         acl_check_data
+ # need the first setting, or in separate files, in which case you need both
+ # options.
+ 
+-# tls_certificate = /etc/ssl/exim.crt
+-# tls_privatekey = /etc/ssl/exim.pem
+tls_certificate = /etc/pki/tls/certs/exim.pem
+tls_privatekey = /etc/pki/tls/private/exim.pem
+ 
+ # For OpenSSL, prefer EC- over RSA-authenticated ciphers
+ # tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+@@ -180,8 +180,8 @@ acl_smtp_data =         acl_check_data
+ # them you should also allow TLS-on-connect on the traditional but
+ # non-standard port 465.
+ 
+-# daemon_smtp_ports = 25 : 465 : 587
+-# tls_on_connect_ports = 465
+daemon_smtp_ports = 25 : 465 : 587
+tls_on_connect_ports = 465
+ 
+ 
+ # Specify the domain you want to be added to all unqualified addresses
+@@ -239,6 +239,24 @@ never_users = root
+ 
+ host_lookup = *
+ 
+# This setting, if uncommented, allows users to authenticate using
+# their system passwords against saslauthd if they connect over a
+# secure connection. If you have network logins such as NIS or
+# Kerberos rather than only local users, then you possibly also want
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
+# allows them to relay through the system.
+#
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
+#
+# By default, we set this option to allow SMTP AUTH from nowhere
+# (Exim's default would be to allow it from anywhere, even on an
+# unencrypted connection).
+#
+# Comment this one out if you uncomment the above. Did you make sure
+# saslauthd is actually running first?
+#
+auth_advertise_hosts =
+ 
+ # The setting below causes Exim to try to initialize the system resolver
+ # library with DNSSEC support.  It has no effect if your library lacks
+@@ -980,7 +998,7 @@ begin authenticators
+ #  driver                     = plaintext
+ #  server_set_id              = $auth2
+ #  server_prompts             = :
+-#  server_condition           = Authentication is not yet configured
+#  server_condition           = ${if saslauthd{{$2}{$3}{smtp}} {1}}
+ #  server_advertise_condition = ${if def:tls_in_cipher }
+ 
+ # LOGIN authentication has traditional prompts and responses. There is no
+@@ -992,7 +1010,7 @@ begin authenticators
+ #  driver                     = plaintext
+ #  server_set_id              = $auth1
+ #  server_prompts             = <| Username: | Password:
+-#  server_condition           = Authentication is not yet configured
+#  server_condition           = ${if saslauthd{{$1}{$2}{smtp}} {1}}
+ #  server_advertise_condition = ${if def:tls_in_cipher }
+ 
+ 
--- a/exim-4.92-procmail.patch
+++ b/exim-4.92-procmail.patch
@ -0,0 +1,34 @@
+diff --git a/src/configure.default b/src/configure.default
+index 8f88a3b..cef3779 100644
+--- a/src/configure.default
+++ b/src/configure.default
+@@ -818,6 +818,12 @@ userforward:
+   pipe_transport = address_pipe
+   reply_transport = address_reply
+ 
+procmail:
+  driver = accept
+  check_local_user
+  require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+  transport = procmail
+  no_verify
+ 
+ # This router matches local user mailboxes. If the router fails, the error
+ # message is "Unknown user".
+@@ -866,6 +872,16 @@ remote_smtp:
+   hosts_try_prdr = *
+ .endif
+ 
+# This transport invokes procmail to deliver mail
+procmail:
+  driver = pipe
+  command = "/usr/bin/procmail -d $local_part"
+  return_path_add
+  delivery_date_add
+  envelope_to_add
+  user = $local_part
+  initgroups
+  return_output
+ 
+ # This transport is used for delivering messages to a smarthost, if the
+ # smarthost router is enabled.  This starts from the same basis as
--- a/exim-4.92-rhl.patch
+++ b/exim-4.92-rhl.patch
@ -0,0 +1,24 @@
+diff --git a/src/configure.default b/src/configure.default
+index 555dec3..69e0ed1 100644
+--- a/src/configure.default
+++ b/src/configure.default
+@@ -718,7 +718,7 @@ system_aliases:
+   driver = redirect
+   allow_fail
+   allow_defer
+-  data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
+  data = ${lookup{$local_part}lsearch{/etc/aliases}}
+ # user = exim
+   file_transport = address_file
+   pipe_transport = address_pipe
+@@ -867,8 +867,8 @@ local_delivery:
+   delivery_date_add
+   envelope_to_add
+   return_path_add
+-# group = mail
+-# mode = 0660
+  group = mail
+  mode = 0660
+ 
+ 
+ # This transport is used for handling pipe deliveries generated by alias or
--- a/exim-4.92-smarthost-config.patch
+++ b/exim-4.92-smarthost-config.patch
@ -0,0 +1,51 @@
+diff --git a/src/configure.default b/src/configure.default
+index eabf102..db2d98a 100644
+--- a/src/configure.default
+++ b/src/configure.default
+@@ -934,6 +934,15 @@ remote_smtp:
+   hosts_try_prdr = *
+ .endif
+ 
+# This transport is used for delivering messages over SMTP using the
+# "message submission" port (RFC4409).
+
+remote_msa:
+  driver = smtp
+  port = 587
+  hosts_require_auth = *
+
+
+ # This transport invokes procmail to deliver mail
+ procmail:
+   driver = pipe
+@@ -1083,6 +1092,21 @@ begin rewrite
+ #                   AUTHENTICATION CONFIGURATION                     #
+ ######################################################################
+ 
+begin authenticators
+
+# This authenticator supports CRAM-MD5 username/password authentication
+# with Exim acting as a _client_, as it might when sending its outgoing
+# mail to a smarthost rather than directly to the final recipient.
+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
+
+#client_auth:
+#  driver = cram_md5
+#  public_name = CRAM-MD5
+#  client_name = SMTPAUTH_USERNAME
+#  client_secret = SMTPAUTH_PASSWORD
+
+#
+
+ # The following authenticators support plaintext username/password
+ # authentication using the standard PLAIN mechanism and the traditional
+ # but non-standard LOGIN mechanism, with Exim acting as the server.
+@@ -1098,7 +1122,7 @@ begin rewrite
+ # The default RCPT ACL checks for successful authentication, and will accept
+ # messages from authenticated users from anywhere on the Internet.
+ 
+-begin authenticators
+#
+ 
+ # PLAIN authentication has no server prompts. The client sends its
+ # credentials in one lump, containing an authorization ID (which we do not
--- a/exim-4.92-spamdconf.patch
+++ b/exim-4.92-spamdconf.patch
@ -0,0 +1,108 @@
+diff --git a/src/configure.default b/src/configure.default
+index f1198b1..8f88a3b 100644
+--- a/src/configure.default
+++ b/src/configure.default
+@@ -124,6 +124,7 @@ acl_smtp_rcpt =         acl_check_rcpt
+ acl_smtp_data_prdr =    acl_check_prdr
+ .endif
+ acl_smtp_data =         acl_check_data
+acl_smtp_mime =         acl_check_mime
+ 
+ # You should not change those settings until you understand how ACLs work.
+ 
+@@ -136,7 +137,7 @@ acl_smtp_data =         acl_check_data
+ # of what to set for other virus scanners. The second modification is in the
+ # acl_check_data access control list (see below).
+ 
+-# av_scanner = clamd:/tmp/clamd
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
+ 
+ 
+ # For spam scanning, there is a similar option that defines the interface to
+@@ -458,7 +459,8 @@ acl_check_rcpt:
+   accept  local_parts   = postmaster
+           domains       = +local_domains
+ 
+-  # Deny unless the sender address can be verified.
+  # Deny unless the sender address can be routed. For proper verification of the
+  # address, read the documentation on callouts and add the /callout modifier.
+ 
+   require verify        = sender
+ 
+@@ -601,21 +603,26 @@ acl_check_data:
+           message =     header syntax
+           log_message = header syntax ($acl_verify_message)
+ 
+  # Put simple tests first. A good one is to check for the presence of a
+  # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
+  # or misconfigured mailer software occasionally omits this from genuine
+  # messages too, though -- although it's not hard for the offender to fix
+  # after they receive a bounce because of it.
+  #
+  # deny    condition  = ${if !def:h_Message-ID: {1}}
+  #         message    = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
+  #                      Most messages without it are spam, so your mail has been rejected.
+
+   # Deny if the message contains a virus. Before enabling this check, you
+   # must install a virus scanner and set the av_scanner option above.
+   #
+   # deny    malware    = *
+   #         message    = This message contains a virus ($malware_name).
+ 
+-  # Add headers to a message if it is judged to be spam. Before enabling this,
+-  # you must install SpamAssassin. You may also need to set the spamd_address
+-  # option above.
+  # Bypass SpamAssassin checks if the message is too large.
+   #
+-  # warn    spam       = nobody
+-  #         add_header = X-Spam_score: $spam_score\n\
+-  #                      X-Spam_score_int: $spam_score_int\n\
+-  #                      X-Spam_bar: $spam_bar\n\
+-  #                      X-Spam_report: $spam_report
+  # accept  condition  = ${if >={$message_size}{100000} {1}}
+  #         add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
+ 
+   #############################################################################
+   # No more tests if PRDR was actively used.
+@@ -629,11 +636,40 @@ acl_check_data:
+   #           condition    = ...
+   #############################################################################
+ 
+  # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
+  # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
+  # score exceeds the SA system threshold.
+  #
+  # warn    spam       = nobody/defer_ok
+  #         add_header = X-Spam-Flag: YES
+  #
+  # accept  condition  = ${if !def:spam_score_int {1}}
+  #         add_header = X-Spam-Note: SpamAssassin invocation failed
+  #
+ 
+-  # Accept the message.
+  # Unconditionally add score and report headers
+  #
+  # warn    add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
+  #                      X-Spam-Report: $spam_report
+
+  # And reject if the SpamAssassin score is greater than ten
+  #
+  # deny    condition = ${if >{$spam_score_int}{100} {1}}
+  #         message   = Your message scored $spam_score SpamAssassin point. Report follows:\n\
+  #  	    	        $spam_report
+ 
+   accept
+ 
+acl_check_mime:
+
+  # File extension filtering.
+  deny message = Blacklisted file extension detected
+       condition = ${if match \
+                        {${lc:$mime_filename}} \
+                        {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
+                     {1}{0}}
+
+  accept
+ 
+ 
+ ######################################################################
--- a/exim-4.92-support-proxies.patch
+++ b/exim-4.92-support-proxies.patch
@ -0,0 +1,19 @@
+diff --git a/src/EDITME b/src/EDITME
+index 4e3a9a3..e3b98e9 100644
+--- a/src/EDITME
+++ b/src/EDITME
+@@ -972,12 +972,12 @@ SUPPORT_PAM=yes
+ # If you may want to use outbound (client-side) proxying, using Socks5,
+ # uncomment the line below.
+ 
+-# SUPPORT_SOCKS=yes
+SUPPORT_SOCKS=yes
+ 
+ # If you may want to use inbound (server-side) proxying, using Proxy Protocol,
+ # uncomment the line below.
+ 
+-# SUPPORT_PROXY=yes
+SUPPORT_PROXY=yes
+ 
+ 
+ #------------------------------------------------------------------------------
--- a/exim-clamav-tmpfiles.conf
+++ b/exim-clamav-tmpfiles.conf
@ -0,0 +1 @@
+D /var/run/clamd.exim 0750 exim exim -
--- a/45
+++ b/45
@ -0,0 +1,45 @@
+#!/bin/bash
+
+. /etc/sysconfig/network
+
+# Source exim configureation.
+if [ -f /etc/sysconfig/exim ] ; then
+        . /etc/sysconfig/exim
+fi
+
+USER=${USER:=exim}
+GROUP=${GROUP:=exim}
+
+gen_cert() {
+        if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
+                umask 077
+                FQDN=`hostname`
+                if [ "x${FQDN}" = "x" ]; then
+                        FQDN=localhost.localdomain
+                fi
+                echo -n $"Generating exim certificate: "
+                cat << EOF | openssl req -new -x509 -days 365 -nodes \
+                        -out /etc/pki/tls/certs/exim.pem \
+                        -keyout /etc/pki/tls/private/exim.pem &>/dev/null
+--
+SomeState
+SomeCity
+SomeOrganization
+SomeOrganizationalUnit
+${FQDN}
+root@${FQDN}
+EOF
+                if [ $? -eq 0 ]; then
+                        echo success
+                        chown $USER:$GROUP /etc/pki/tls/{private,certs}/exim.pem
+                        chmod 600 /etc/pki/tls/{private,certs}/exim.pem
+                else
+                        echo failure
+                fi
+                echo
+        fi
+}
+
+gen_cert
+
+exit 0
--- a/exim-greylist.conf.inc
+++ b/exim-greylist.conf.inc
@ -0,0 +1,120 @@
+# $Id: acl-greylist-sqlite,v 1.3 2007/11/25 19:17:28 dwmw2 Exp $
+
+GREYDB=/var/spool/exim/db/greylist.db
+
+# ACL for greylisting. Place reason(s) for greylisting into a variable named
+# $acl_m_greylistreasons before invoking with 'require acl = greylist_mail'.
+# The reasons should be separate lines of text, and will be reported in
+# the SMTP rejection message as well as the log message.
+#
+# When a suspicious mail is seen, we temporarily reject it and wait to see
+# if the sender tries again. Most spam robots won't bother. Real mail hosts
+# _will_ retry, and we'll accept it the second time. For hosts which are
+# observed to retry, we don't bother greylisting again in the future --
+# it's obviously pointless. We remember such hosts, or 'known resenders',
+# by a tuple of their IP address and the name they used in HELO.
+#
+# We also include the time of listing for 'known resenders', just in case
+# someone wants to expire them after a certain amount of time. So the 
+# database table for these 'known resenders' looks like this:
+#
+# CREATE TABLE resenders (
+#        host            TEXT,
+#        helo            TEXT,
+#        time            INTEGER,
+#    PRIMARY KEY (host, helo) );
+#
+# To remember mail we've rejected, we create an 'identity' from its sender
+# and recipient addresses and its Message-ID: header. We don't include the
+# sending IP address in the identity, because sometimes the second and 
+# subsequent attempts may come from a different IP address to the original.
+#
+# We do record the original IP address and HELO name though, because if
+# the message _is_ retried from another machine, it's the _first_ one we
+# want to record as a 'known resender'; not just its backup path.
+#
+# Obviously we record the time too, so the main table of greylisted mail
+# looks like this:
+#
+# CREATE TABLE greylist (
+#        id              TEXT,
+#        expire          INTEGER,
+#        host            TEXT,
+#        helo            TEXT);
+#
+
+greylist_mail:
+  # First, accept if it there's absolutely nothing suspicious about it...
+  accept condition = ${if eq{$acl_m_greylistreasons}{} {1}}
+  # ... or if it was generated locally or by authenticated clients.
+  accept hosts = :
+  accept authenticated = *
+
+  # Secondly, there's _absolutely_ no point in greylisting mail from
+  # hosts which are known to resend their mail. Just accept it.
+  accept condition = ${lookup sqlite {GREYDB SELECT host from resenders \
+			       WHERE helo='${quote_sqlite:$sender_helo_name}' \
+			       AND host='$sender_host_address';} {1}}
+
+  # Generate a hashed 'identity' for the mail, as described above.
+  warn set acl_m_greyident = ${hash{20}{62}{$sender_address$recipients$h_message-id:}}
+
+  # Attempt to look up this mail in the greylist database. If it's there,
+  # remember the expiry time for it; we need to make sure they've waited
+  # long enough.
+  warn set acl_m_greyexpiry = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
+				WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
+
+  # If the mail isn't already the database -- i.e. if the $acl_m_greyexpiry
+  # variable we just looked up is empty -- then try to add it now. This is 
+  # where the 5 minute timeout is set ($tod_epoch + 300), should you wish
+  # to change it.
+  warn  condition = ${if eq {$acl_m_greyexpiry}{} {1}}
+	set acl_m_dontcare = ${lookup sqlite {GREYDB INSERT INTO greylist \
+					VALUES ( '$acl_m_greyident', \
+						 '${eval10:$tod_epoch+300}', \
+						 '$sender_host_address', \
+						 '${quote_sqlite:$sender_helo_name}' );}}
+
+  # Be paranoid, and check if the insertion succeeded (by doing another lookup).
+  # Otherwise, if there's a database error we might end up deferring for ever.
+  defer condition = ${if eq {$acl_m_greyexpiry}{} {1}}
+        condition = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
+				WHERE id='${quote_sqlite:$acl_m_greyident}';} {1}}
+        message = Your mail was considered suspicious for the following reason(s):\n$acl_m_greylistreasons \
+		  The mail has been greylisted for 5 minutes, after which it should be accepted. \
+		  We apologise for the inconvenience. Your mail system should keep the mail on \
+		  its queue and retry. When that happens, your system will be added to the list \
+		  genuine mail systems, and mail from it should not be greylisted any more. \
+		  In the event of problems, please contact postmaster@$qualify_domain
+	log_message = Greylisted <$h_message-id:> from <$sender_address> for offences: ${sg {$acl_m_greylistreasons}{\n}{,}}
+
+  # Handle the error case (which should never happen, but would be bad if it did).
+  # First by whining about it in the logs, so the admin can deal with it...
+  warn   condition = ${if eq {$acl_m_greyexpiry}{} {1}}
+         log_message = Greylist insertion failed. Bypassing greylist.
+  # ... and then by just accepting the message.
+  accept condition = ${if eq {$acl_m_greyexpiry}{} {1}}
+
+  # OK, we've dealt with the "new" messages. Now we deal with messages which
+  # _were_ already in the database...
+
+  # If the message was already listed but its time hasn't yet expired, keep rejecting it
+  defer condition = ${if > {$acl_m_greyexpiry}{$tod_epoch}}
+	message = Your mail was previously greylisted and the time has not yet expired.\n\
+		  You should wait another ${eval10:$acl_m_greyexpiry-$tod_epoch} seconds.\n\
+		  Reason(s) for greylisting: \n$acl_m_greylistreasons
+
+  # The message was listed but it's been more than five minutes. Accept it now and whitelist
+  # the _original_ sending host by its { IP, HELO } so that we don't delay its mail again.
+  warn set acl_m_orighost = ${lookup sqlite {GREYDB SELECT host FROM greylist \
+				WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
+       set acl_m_orighelo = ${lookup sqlite {GREYDB SELECT helo FROM greylist \
+				WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
+       set acl_m_dontcare = ${lookup sqlite {GREYDB INSERT INTO resenders \
+				VALUES ( '$acl_m_orighost', \
+					 '${quote_sqlite:$acl_m_orighelo}', \
+					 '$tod_epoch' ); }}
+       logwrite = Added host $acl_m_orighost with HELO '$acl_m_orighelo' to known resenders
+
+  accept
--- a/exim-tidydb.sh
+++ b/exim-tidydb.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+
+SPOOLDIR=/var/spool/exim
+
+cd $SPOOLDIR/db
+for a in retry misc wait-* callout ratelimit; do
+    [ -r "$a" ] || continue
+    [ "${a%%.lockfile}" = "$a" ] || continue
+    /usr/sbin/exim_tidydb $SPOOLDIR $a >/dev/null
+done
--- a/exim.init
+++ b/exim.init
@ -0,0 +1,132 @@
+#!/bin/bash
+#
+# exim    This shell script takes care of starting and stopping exim
+#
+# chkconfig: 2345 80 30
+# description: Exim is a Mail Transport Agent, which is the program \
+#              that moves mail from one machine to another.
+# processname: exim
+# config: /etc/exim/exim.conf
+# pidfile: /var/run/exim.pid
+
+# Source function library.
+. /etc/init.d/functions
+
+# Source networking configuration.
+[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
+
+# Source exim configureation.
+if [ -f /etc/sysconfig/exim ] ; then
+	. /etc/sysconfig/exim
+else
+	DAEMON=yes
+	QUEUE=1h
+fi
+
+USER=${USER:=exim}
+GROUP=${GROUP:=exim}
+
+gen_cert() {
+	if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
+		umask 077
+		FQDN=`hostname`
+		if [ "x${FQDN}" = "x" ]; then
+			FQDN=localhost.localdomain
+		fi
+		echo -n $"Generating exim certificate: "
+		cat << EOF | openssl req -new -x509 -days 365 -nodes \
+			-out /etc/pki/tls/certs/exim.pem \
+			-keyout /etc/pki/tls/private/exim.pem &>/dev/null
+--
+SomeState
+SomeCity
+SomeOrganization
+SomeOrganizationalUnit
+${FQDN}
+root@${FQDN}
+EOF
+		if [ $? -eq 0 ]; then
+			success
+			chown $USER:$GROUP /etc/pki/tls/{private,certs}/exim.pem
+			chmod 600 /etc/pki/tls/{private,certs}/exim.pem
+		else
+			failure
+		fi
+		echo
+	fi
+}
+
+start() {
+	[ "$EUID" != "0" ] && exit 4
+	[ "${NETWORKING}" = "no" ] && exit 1
+	[ -f /usr/sbin/exim ] || exit 5
+
+	# check ownerships
+	# do this by seeing if /var/log/exim/main.log exists and is
+	# owned by exim - if owned by someone else we fix it up
+	if [ -f /var/log/exim/main.log ]
+	then
+	    if [ "exim" != "`ls -l /var/log/exim/main.log | awk '{print $4}'`" ]
+	    then
+		chown -R $USER:$GROUP /var/log/exim /var/spool/exim
+	    fi
+	fi
+
+	# generate certificate if doesn't exist
+	gen_cert
+
+        # Start daemons.
+        echo -n $"Starting exim: "
+        daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
+                              $([ -n "$QUEUE" ] && echo -q$QUEUE)
+        RETVAL=$?
+        echo
+        [ $RETVAL = 0 ] && touch /var/lock/subsys/exim
+}
+
+stop() {
+	[ "$EUID" != "0" ] && exit 4
+        # Stop daemons.
+        echo -n $"Shutting down exim: "
+        killproc exim
+	RETVAL=$?
+        echo
+        [ $RETVAL = 0 ] && rm -f /var/lock/subsys/exim
+}
+
+restart() {
+	stop
+	start
+}
+
+# See how we were called.
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  restart)
+	restart
+	;;
+  reload|force-reload)
+	status exim > /dev/null || exit 7
+	echo -n $"Reloading exim:"
+	killproc exim -HUP
+	echo
+	;;
+  condrestart|try-restart)
+	status exim > /dev/null || exit 0
+	restart
+	;;
+  status)
+	status exim
+	;;
+  *)
+	echo $"Usage: $0 {start|stop|restart|reload|force-reload|status|condrestart|try-restart}"
+	exit 2
+esac
+
+exit $RETVAL
+
--- a/exim.logrotate
+++ b/exim.logrotate
@ -0,0 +1,7 @@
+# daemon does not need restarting after log rotate
+# so we do not prod it any more
+/var/log/exim/*log {
+  missingok
+  notifempty
+  delaycompress
+}
--- a/exim.pam
+++ b/exim.pam
@ -0,0 +1,3 @@
+#%PAM-1.0
+auth		include		password-auth
+account		include		password-auth
--- a/exim.service
+++ b/exim.service
@ -0,0 +1,14 @@
+[Unit]
+Description=Exim Mail Transport Agent
+After=network.target
+Conflicts=sendmail.service postfix.service
+
+[Service]
+PrivateTmp=true
+Environment=QUEUE=1h
+EnvironmentFile=-/etc/sysconfig/exim
+ExecStartPre=-/usr/libexec/exim-gen-cert
+ExecStart=/usr/sbin/exim -bd -q${QUEUE}
+
+[Install]
+WantedBy=multi-user.target
--- a/exim.spec
+++ b/exim.spec
--- a/exim.sysconfig
+++ b/exim.sysconfig
@ -0,0 +1,4 @@
+DAEMON=yes
+QUEUE=1h
+USER=exim
+GROUP=exim
--- a/greylist-tidy.sh
+++ b/greylist-tidy.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+
+if [ -s /var/spool/exim/db/greylist.db ]; then
+    sqlite3 /var/spool/exim/db/greylist.db <<EOF
+.timeout 5000
+DELETE FROM greylist WHERE expire < $((`date +%s` - 604800));
+EOF
+fi
--- a/mk-greylist-db.sql
+++ b/mk-greylist-db.sql
@ -0,0 +1,13 @@
+CREATE TABLE resenders (
+	host		TEXT,
+	helo		TEXT,
+	time		INTEGER,
+    PRIMARY KEY (host, helo)
+);
+
+CREATE TABLE greylist (
+	id		TEXT PRIMARY KEY,
+	expire		INTEGER,
+	host		TEXT,
+	helo		TEXT
+);
--- a/1
+++ b/1
@ -0,0 +1 @@
+SHA512 (exim-4.92.2.tar.xz) = d27aca4d4e9df267b0afcbe7b3f74c9ca6e96e7e6eb4d2f86ff00b0e2234eaec90271405eb387a36a2e0d4ec5597b2920753f85318a5618ddbc8af475a7d81cd
--- a/6
+++ b/6
@ -0,0 +1,6 @@
+# This file contains a list, one per line, of the files which are permitted
+# to be used as Exim configuration files with root privileges. If you want
+# to be able to run Exim with the -C option, and have it re-execute itself
+# for local delivery, then you'll need to add your configuration file here.
+/etc/exim/exim4.conf
+/etc/exim/exim.conf
				`@ -0,0 +1 @@`
				`SHA512 (exim-4.92.2.tar.xz) = d27aca4d4e9df267b0afcbe7b3f74c9ca6e96e7e6eb4d2f86ff00b0e2234eaec90271405eb387a36a2e0d4ec5597b2920753f85318a5618ddbc8af475a7d81cd`