Enable SPF and DMARC support
This commit is contained in:
Tom Hughes
parent
68f1d1d370
commit
d69bc63fa9
|
|
@ -150,6 +150,21 @@ index 83325ab..a861c7f 100644
|
|||
|
||||
# If you have content scanning you may wish to only include some of the scanner
|
||||
# interfaces. Uncomment any of these lines to remove that code.
|
||||
@@ -592,12 +598,12 @@
|
||||
|
||||
# Uncomment the following line to add DMARC checking capability, implemented
|
||||
# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
|
||||
-# SUPPORT_DMARC=yes
|
||||
+SUPPORT_DMARC=yes
|
||||
# CFLAGS += -I/usr/local/include
|
||||
# LDFLAGS += -lopendmarc
|
||||
# Uncomment the following if you need to change the default. You can
|
||||
# override it at runtime (main config option dmarc_tld_file)
|
||||
-# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
|
||||
+DMARC_TLD_FILE=/usr/share/publicsuffix/public_suffix_list.dat
|
||||
|
||||
# Uncomment the following line to add ARC (Authenticated Received Chain)
|
||||
# support. You must have SPF and DKIM support enabled also.
|
||||
@@ -707,7 +713,7 @@ FIXED_NEVER_USERS=root
|
||||
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
||||
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
||||
|
|
@ -264,6 +279,15 @@ index 83325ab..a861c7f 100644
|
|||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -1029,7 +1050,7 @@
|
||||
# installed on your system (www.libspf2.org). Depending on where it is installed
|
||||
# you may have to edit the CFLAGS and LDFLAGS lines.
|
||||
|
||||
-# SUPPORT_SPF=yes
|
||||
+SUPPORT_SPF=yes
|
||||
# CFLAGS += -I/usr/local/include
|
||||
# LDFLAGS += -lspf2
|
||||
|
||||
@@ -1096,7 +1102,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# group. Once you have installed saslauthd, you should arrange for it to be
|
||||
# started by root at boot time.
|
||||
|
|
@ -465,6 +489,14 @@ index cf38305..472b801 100644
|
|||
# This access control list is used for every RCPT command in an incoming
|
||||
# SMTP message. The tests are run in order until the address is either
|
||||
# accepted or denied.
|
||||
@@ -392,6 +435,7 @@
|
||||
|
||||
accept hosts = :
|
||||
control = dkim_disable_verify
|
||||
+ control = dmarc_disable_verify
|
||||
|
||||
#############################################################################
|
||||
# The following section of the ACL is concerned with local parts that contain
|
||||
@@ -445,7 +488,8 @@ acl_check_rcpt:
|
||||
accept local_parts = postmaster
|
||||
domains = +local_domains
|
||||
|
|
@ -475,6 +507,22 @@ index cf38305..472b801 100644
|
|||
|
||||
require verify = sender
|
||||
|
||||
@@ -471,6 +516,7 @@
|
||||
accept hosts = +relay_from_hosts
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
+ control = dmarc_disable_verify
|
||||
|
||||
# Accept if the message arrived over an authenticated connection, from
|
||||
# any host. Again, these messages are usually from MUAs, so recipient
|
||||
@@ -480,6 +526,7 @@
|
||||
accept authenticated = *
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
+ control = dmarc_disable_verify
|
||||
|
||||
# Insist that a HELO/EHLO was accepted.
|
||||
|
||||
@@ -505,7 +549,8 @@ acl_check_rcpt:
|
||||
# There are no default checks on DNS black lists because the domains that
|
||||
# contain these lists are changing all the time. However, here are two
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
Summary: The exim mail transfer agent
|
||||
Name: exim
|
||||
Version: 4.93
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2+
|
||||
Url: https://www.exim.org/
|
||||
|
||||
|
|
@ -50,8 +50,10 @@ Patch3: exim-4.85-pic.patch
|
|||
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
||||
Requires: /etc/aliases
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
Recommends: publicsuffix-list
|
||||
BuildRequires: gcc libdb-devel openssl-devel openldap-devel pam-devel
|
||||
BuildRequires: pcre-devel sqlite-devel cyrus-sasl-devel
|
||||
BuildRequires: libspf2-devel libopendmarc-devel
|
||||
BuildRequires: openldap-devel openssl-devel mariadb-connector-c-devel libpq-devel
|
||||
BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
|
||||
BuildRequires: perl-devel
|
||||
|
|
@ -172,7 +174,7 @@ cp exim_monitor/EDITME Local/eximon.conf
|
|||
export PIE=-fPIE
|
||||
export PIC=-fPIC
|
||||
%endif
|
||||
make _lib=%{_lib} FULLECHO= LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now}"
|
||||
make _lib=%{_lib} FULLECHO= LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now} -lopendmarc -lspf2"
|
||||
|
||||
%install
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
||||
|
|
@ -466,6 +468,9 @@ fi
|
|||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||
|
||||
%changelog
|
||||
* Thu Feb 20 2020 Tom Hughes <tom@compton.nu> - 4.93-3
|
||||
- Enable SPF and DMARC support
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.93-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue