Enable SPF and DMARC support
This commit is contained in:
parent
68f1d1d370
commit
d69bc63fa9
|
@ -150,6 +150,21 @@ index 83325ab..a861c7f 100644
|
||||||
|
|
||||||
# If you have content scanning you may wish to only include some of the scanner
|
# If you have content scanning you may wish to only include some of the scanner
|
||||||
# interfaces. Uncomment any of these lines to remove that code.
|
# interfaces. Uncomment any of these lines to remove that code.
|
||||||
|
@@ -592,12 +598,12 @@
|
||||||
|
|
||||||
|
# Uncomment the following line to add DMARC checking capability, implemented
|
||||||
|
# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
|
||||||
|
-# SUPPORT_DMARC=yes
|
||||||
|
+SUPPORT_DMARC=yes
|
||||||
|
# CFLAGS += -I/usr/local/include
|
||||||
|
# LDFLAGS += -lopendmarc
|
||||||
|
# Uncomment the following if you need to change the default. You can
|
||||||
|
# override it at runtime (main config option dmarc_tld_file)
|
||||||
|
-# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
|
||||||
|
+DMARC_TLD_FILE=/usr/share/publicsuffix/public_suffix_list.dat
|
||||||
|
|
||||||
|
# Uncomment the following line to add ARC (Authenticated Received Chain)
|
||||||
|
# support. You must have SPF and DKIM support enabled also.
|
||||||
@@ -707,7 +713,7 @@ FIXED_NEVER_USERS=root
|
@@ -707,7 +713,7 @@ FIXED_NEVER_USERS=root
|
||||||
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
||||||
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
||||||
|
@ -264,6 +279,15 @@ index 83325ab..a861c7f 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -1029,7 +1050,7 @@
|
||||||
|
# installed on your system (www.libspf2.org). Depending on where it is installed
|
||||||
|
# you may have to edit the CFLAGS and LDFLAGS lines.
|
||||||
|
|
||||||
|
-# SUPPORT_SPF=yes
|
||||||
|
+SUPPORT_SPF=yes
|
||||||
|
# CFLAGS += -I/usr/local/include
|
||||||
|
# LDFLAGS += -lspf2
|
||||||
|
|
||||||
@@ -1096,7 +1102,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -1096,7 +1102,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# group. Once you have installed saslauthd, you should arrange for it to be
|
# group. Once you have installed saslauthd, you should arrange for it to be
|
||||||
# started by root at boot time.
|
# started by root at boot time.
|
||||||
|
@ -465,6 +489,14 @@ index cf38305..472b801 100644
|
||||||
# This access control list is used for every RCPT command in an incoming
|
# This access control list is used for every RCPT command in an incoming
|
||||||
# SMTP message. The tests are run in order until the address is either
|
# SMTP message. The tests are run in order until the address is either
|
||||||
# accepted or denied.
|
# accepted or denied.
|
||||||
|
@@ -392,6 +435,7 @@
|
||||||
|
|
||||||
|
accept hosts = :
|
||||||
|
control = dkim_disable_verify
|
||||||
|
+ control = dmarc_disable_verify
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
# The following section of the ACL is concerned with local parts that contain
|
||||||
@@ -445,7 +488,8 @@ acl_check_rcpt:
|
@@ -445,7 +488,8 @@ acl_check_rcpt:
|
||||||
accept local_parts = postmaster
|
accept local_parts = postmaster
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
|
@ -475,6 +507,22 @@ index cf38305..472b801 100644
|
||||||
|
|
||||||
require verify = sender
|
require verify = sender
|
||||||
|
|
||||||
|
@@ -471,6 +516,7 @@
|
||||||
|
accept hosts = +relay_from_hosts
|
||||||
|
control = submission
|
||||||
|
control = dkim_disable_verify
|
||||||
|
+ control = dmarc_disable_verify
|
||||||
|
|
||||||
|
# Accept if the message arrived over an authenticated connection, from
|
||||||
|
# any host. Again, these messages are usually from MUAs, so recipient
|
||||||
|
@@ -480,6 +526,7 @@
|
||||||
|
accept authenticated = *
|
||||||
|
control = submission
|
||||||
|
control = dkim_disable_verify
|
||||||
|
+ control = dmarc_disable_verify
|
||||||
|
|
||||||
|
# Insist that a HELO/EHLO was accepted.
|
||||||
|
|
||||||
@@ -505,7 +549,8 @@ acl_check_rcpt:
|
@@ -505,7 +549,8 @@ acl_check_rcpt:
|
||||||
# There are no default checks on DNS black lists because the domains that
|
# There are no default checks on DNS black lists because the domains that
|
||||||
# contain these lists are changing all the time. However, here are two
|
# contain these lists are changing all the time. However, here are two
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
Summary: The exim mail transfer agent
|
Summary: The exim mail transfer agent
|
||||||
Name: exim
|
Name: exim
|
||||||
Version: 4.93
|
Version: 4.93
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Url: https://www.exim.org/
|
Url: https://www.exim.org/
|
||||||
|
|
||||||
|
@ -50,8 +50,10 @@ Patch3: exim-4.85-pic.patch
|
||||||
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
||||||
Requires: /etc/aliases
|
Requires: /etc/aliases
|
||||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||||
|
Recommends: publicsuffix-list
|
||||||
BuildRequires: gcc libdb-devel openssl-devel openldap-devel pam-devel
|
BuildRequires: gcc libdb-devel openssl-devel openldap-devel pam-devel
|
||||||
BuildRequires: pcre-devel sqlite-devel cyrus-sasl-devel
|
BuildRequires: pcre-devel sqlite-devel cyrus-sasl-devel
|
||||||
|
BuildRequires: libspf2-devel libopendmarc-devel
|
||||||
BuildRequires: openldap-devel openssl-devel mariadb-connector-c-devel libpq-devel
|
BuildRequires: openldap-devel openssl-devel mariadb-connector-c-devel libpq-devel
|
||||||
BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
|
BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
|
||||||
BuildRequires: perl-devel
|
BuildRequires: perl-devel
|
||||||
|
@ -172,7 +174,7 @@ cp exim_monitor/EDITME Local/eximon.conf
|
||||||
export PIE=-fPIE
|
export PIE=-fPIE
|
||||||
export PIC=-fPIC
|
export PIC=-fPIC
|
||||||
%endif
|
%endif
|
||||||
make _lib=%{_lib} FULLECHO= LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now}"
|
make _lib=%{_lib} FULLECHO= LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now} -lopendmarc -lspf2"
|
||||||
|
|
||||||
%install
|
%install
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
||||||
|
@ -466,6 +468,9 @@ fi
|
||||||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 20 2020 Tom Hughes <tom@compton.nu> - 4.93-3
|
||||||
|
- Enable SPF and DMARC support
|
||||||
|
|
||||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.93-2
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.93-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue