Compare commits
69 Commits
| Author | SHA1 | Date |
|---|---|---|
Fedora Release Engineering
|
59769d011a | |
Jaroslav Škarvada
|
bf1ea8ddd6 | |
Jitka Plesnikova
|
f56f5898c7 | |
|
Fedora Release Engineering
|
46a901ca46 | |
Björn Esser
|
e0d3113ee9 | |
|
Björn Esser
|
1ba4063b7c | |
|
Jaroslav Škarvada
|
b01e0970a3 | |
Sahana Prasad
|
f168279082 | |
|
Fedora Release Engineering
|
1db180949d | |
|
Jitka Plesnikova
|
e292d37441 | |
|
Jaroslav Škarvada
|
f3c8bb48f9 | |
|
Jaroslav Škarvada
|
a8bf41bfdb | |
Tom Hughes
|
96d10acf3e | |
Zbigniew Jędrzejewski-Szmek
|
7b18883e5e | |
Pavel Raiskup
|
5bee50c2a2 | |
|
Fedora Release Engineering
|
e9931bc2c9 | |
Tom Stellard
|
dd630b4908 | |
|
Fedora Release Engineering
|
1483ee071d | |
David Woodhouse
|
b707c4f2cb | |
|
Jitka Plesnikova
|
e1b0164c04 | |
|
Jaroslav Škarvada
|
9c656af5d1 | |
|
Jaroslav Škarvada
|
759ca87ef8 | |
|
Jaroslav Škarvada
|
ca3eadd65f | |
|
Jaroslav Škarvada
|
2eab8d2bc5 | |
|
Jaroslav Škarvada
|
28c7077c05 | |
Sérgio Monteiro Basto
|
3c076df6df | |
|
Jaroslav Škarvada
|
e3c82db448 | |
|
Tom Hughes
|
d69bc63fa9 | |
|
Fedora Release Engineering
|
68f1d1d370 | |
|
Jaroslav Škarvada
|
83e2d62d42 | |
|
Jaroslav Škarvada
|
fff63283f3 | |
|
Jaroslav Škarvada
|
3af61df5c8 | |
Felix Schwarz
|
2927894c86 | |
|
Jaroslav Škarvada
|
d914362b27 | |
|
Jaroslav Škarvada
|
112ed52fe5 | |
|
Jaroslav Škarvada
|
43101ade7c | |
|
Jaroslav Škarvada
|
1464ae5f2b | |
|
Jaroslav Škarvada
|
1b7d96c826 | |
|
Fedora Release Engineering
|
1135c84822 | |
|
Jitka Plesnikova
|
4e715af1d9 | |
|
Jaroslav Škarvada
|
2f8ce390ab | |
Peter Robinson
|
0174c5e926 | |
|
Jaroslav Škarvada
|
0fb4478e2e | |
|
Jaroslav Škarvada
|
2600fcec66 | |
|
Jaroslav Škarvada
|
a3db3d174c | |
Tim Landscheidt
|
e357dd311a | |
mh
|
0a42044010 | |
|
Jaroslav Škarvada
|
64667ef5f3 | |
|
Fedora Release Engineering
|
5b8c786aa6 | |
Igor Gnatenko
|
9267566171 | |
|
Igor Gnatenko
|
ef83ce7fd6 | |
|
Björn Esser
|
16cad61468 | |
|
Pavel Raiskup
|
266f71092f | |
|
Jaroslav Škarvada
|
7a1683fb83 | |
|
Fedora Release Engineering
|
4743665123 | |
Jason Tibbitts
|
0578e3d655 | |
|
Jitka Plesnikova
|
7e5e4e2f57 | |
|
Jaroslav Škarvada
|
35982dc5b8 | |
|
Jaroslav Škarvada
|
807d908882 | |
|
Jaroslav Škarvada
|
37b90b260b | |
|
Jaroslav Škarvada
|
3a3d9940d2 | |
|
Jaroslav Škarvada
|
d4b3565e85 | |
|
Jaroslav Škarvada
|
35e86f7020 | |
|
Igor Gnatenko
|
1ced0d0ed3 | |
|
Fedora Release Engineering
|
a4784415a9 | |
|
Björn Esser
|
d91e74ccfb | |
|
Jaroslav Škarvada
|
65b73757ed | |
|
Jaroslav Škarvada
|
abd09da2d4 | |
|
Jaroslav Škarvada
|
0b307bc6ad |
|
|
@ -1,2 +1,2 @@
|
|||
exim-*.tar.bz2
|
||||
/exim-4.89.tar.xz
|
||||
/exim-*.tar.xz
|
||||
/exim-*.tar.xz.asc
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -1,25 +0,0 @@
|
|||
diff --git a/src/EDITME b/src/EDITME
|
||||
index df3dcc8..de01565 100644
|
||||
--- a/src/EDITME
|
||||
+++ b/src/EDITME
|
||||
@@ -306,14 +306,16 @@ LOOKUP_DSEARCH=yes
|
||||
# LOOKUP_IBASE=yes
|
||||
LOOKUP_LDAP=yes
|
||||
LDAP_LIB_TYPE=OPENLDAP2
|
||||
-LOOKUP_INCLUDE=-I/usr/include/mysql
|
||||
-LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient -lpq
|
||||
-LOOKUP_MYSQL=yes
|
||||
+LOOKUP_LIBS=-lldap -llber -lsqlite3
|
||||
+LOOKUP_MYSQL_INCLUDE=-I/usr/include/mysql
|
||||
+LOOKUP_MYSQL_LIBS=-lmysqlclient
|
||||
+LOOKUP_PGSQL_LIBS=-lpq
|
||||
+LOOKUP_MYSQL=2
|
||||
LOOKUP_NIS=yes
|
||||
LOOKUP_NISPLUS=yes
|
||||
# LOOKUP_ORACLE=yes
|
||||
LOOKUP_PASSWD=yes
|
||||
-LOOKUP_PGSQL=yes
|
||||
+LOOKUP_PGSQL=2
|
||||
# LOOKUP_REDIS=yes
|
||||
LOOKUP_SQLITE=yes
|
||||
# LOOKUP_WHOSON=yes
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
diff --git a/src/configure.default b/src/configure.default
|
||||
index d1ce2f1..1f10008 100644
|
||||
--- a/src/configure.default
|
||||
+++ b/src/configure.default
|
||||
@@ -55,7 +55,7 @@
|
||||
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
|
||||
# are all colon-separated lists:
|
||||
|
||||
-domainlist local_domains = @
|
||||
+domainlist local_domains = @ : localhost : localhost.localdomain
|
||||
domainlist relay_to_domains =
|
||||
hostlist relay_from_hosts = localhost
|
||||
# (We rely upon hostname resolution working for localhost, because the default
|
||||
|
|
@ -1,103 +0,0 @@
|
|||
--- a/src/configure.default.spamd 2016-12-25 21:06:57.453758443 +0000
|
||||
+++ b/src/configure.default 2016-12-25 21:07:49.940188407 +0000
|
||||
@@ -109,6 +109,7 @@ hostlist relay_from_hosts = localhost
|
||||
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
acl_smtp_data = acl_check_data
|
||||
+acl_smtp_mime = acl_check_mime
|
||||
|
||||
# You should not change those settings until you understand how ACLs work.
|
||||
|
||||
@@ -121,7 +122,7 @@ acl_smtp_data = acl_check_data
|
||||
# of what to set for other virus scanners. The second modification is in the
|
||||
# acl_check_data access control list (see below).
|
||||
|
||||
-# av_scanner = clamd:/tmp/clamd
|
||||
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
|
||||
|
||||
|
||||
# For spam scanning, there is a similar option that defines the interface to
|
||||
@@ -431,7 +432,8 @@ acl_check_rcpt:
|
||||
accept local_parts = postmaster
|
||||
domains = +local_domains
|
||||
|
||||
- # Deny unless the sender address can be verified.
|
||||
+ # Deny unless the sender address can be routed. For proper verification of the
|
||||
+ # address, read the documentation on callouts and add the /callout modifier.
|
||||
|
||||
require verify = sender
|
||||
|
||||
@@ -535,27 +537,63 @@ acl_check_data:
|
||||
got $max_received_linelength
|
||||
condition = ${if > {$max_received_linelength}{998}}
|
||||
|
||||
+ # Put simple tests first. A good one is to check for the presence of a
|
||||
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
|
||||
+ # or misconfigured mailer software occasionally omits this from genuine
|
||||
+ # messages too, though -- although it's not hard for the offender to fix
|
||||
+ # after they receive a bounce because of it.
|
||||
+ #
|
||||
+ # deny condition = ${if !def:h_Message-ID: {1}}
|
||||
+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
||||
+ # Most messages without it are spam, so your mail has been rejected.
|
||||
+
|
||||
# Deny if the message contains a virus. Before enabling this check, you
|
||||
# must install a virus scanner and set the av_scanner option above.
|
||||
#
|
||||
# deny malware = *
|
||||
# message = This message contains a virus ($malware_name).
|
||||
|
||||
- # Add headers to a message if it is judged to be spam. Before enabling this,
|
||||
- # you must install SpamAssassin. You may also need to set the spamd_address
|
||||
- # option above.
|
||||
- #
|
||||
- # warn spam = nobody
|
||||
- # add_header = X-Spam_score: $spam_score\n\
|
||||
- # X-Spam_score_int: $spam_score_int\n\
|
||||
- # X-Spam_bar: $spam_bar\n\
|
||||
- # X-Spam_report: $spam_report
|
||||
+ # Bypass SpamAssassin checks if the message is too large.
|
||||
+ #
|
||||
+ # accept condition = ${if >={$message_size}{100000} {1}}
|
||||
+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
|
||||
+
|
||||
+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
|
||||
+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
|
||||
+ # score exceeds the SA system threshold.
|
||||
+ #
|
||||
+ # warn spam = nobody/defer_ok
|
||||
+ # add_header = X-Spam-Flag: YES
|
||||
+ #
|
||||
+ # accept condition = ${if !def:spam_score_int {1}}
|
||||
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
|
||||
+ #
|
||||
+
|
||||
+ # Unconditionally add score and report headers
|
||||
+ #
|
||||
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
|
||||
+ # X-Spam-Report: $spam_report
|
||||
|
||||
- # Accept the message.
|
||||
+ # And reject if the SpamAssassin score is greater than ten
|
||||
+ #
|
||||
+ # deny condition = ${if >{$spam_score_int}{100} {1}}
|
||||
+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
||||
+ # $spam_report
|
||||
|
||||
accept
|
||||
|
||||
|
||||
+acl_check_mime:
|
||||
+
|
||||
+ # File extension filtering.
|
||||
+ deny message = Blacklisted file extension detected
|
||||
+ condition = ${if match \
|
||||
+ {${lc:$mime_filename}} \
|
||||
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
|
||||
+ {1}{0}}
|
||||
+
|
||||
+ accept
|
||||
+
|
||||
|
||||
######################################################################
|
||||
# ROUTERS CONFIGURATION #
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
diff --git a/src/configure.default b/src/configure.default
|
||||
index 1e3c63f..0e7854c 100644
|
||||
--- a/src/configure.default
|
||||
+++ b/src/configure.default
|
||||
@@ -724,7 +724,7 @@ userforward:
|
||||
# local_part_suffix = +* : -*
|
||||
# local_part_suffix_optional
|
||||
file = $home/.forward
|
||||
-# allow_filter
|
||||
+ allow_filter
|
||||
no_verify
|
||||
no_expn
|
||||
check_ancestor
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
diff --git a/src/configure.default b/src/configure.default
|
||||
index 8b6162b..d588898 100644
|
||||
--- a/src/configure.default
|
||||
+++ b/src/configure.default
|
||||
@@ -765,6 +765,16 @@ address_reply:
|
||||
driver = autoreply
|
||||
|
||||
|
||||
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
|
||||
+# socket. You'll need to configure the 'localuser' router above to use it.
|
||||
+#
|
||||
+#lmtp_delivery:
|
||||
+# home_directory = /var/spool/imap
|
||||
+# driver = lmtp
|
||||
+# command = "/usr/lib/cyrus-imapd/deliver -l"
|
||||
+# batch_max = 20
|
||||
+# user = cyrus
|
||||
+
|
||||
|
||||
######################################################################
|
||||
# RETRY CONFIGURATION #
|
||||
|
|
@ -1,118 +0,0 @@
|
|||
diff --git a/src/configure.default b/src/configure.default
|
||||
index 921c53b..a92c954 100644
|
||||
--- a/src/configure.default
|
||||
+++ b/src/configure.default
|
||||
@@ -107,6 +107,7 @@ hostlist relay_from_hosts = localhost
|
||||
# manual for details. The lists above are used in the access control lists for
|
||||
# checking incoming messages. The names of these ACLs are defined here:
|
||||
|
||||
+acl_smtp_mail = acl_check_mail
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
acl_smtp_data = acl_check_data
|
||||
acl_smtp_mime = acl_check_mime
|
||||
@@ -368,6 +369,29 @@ timeout_frozen_after = 7d
|
||||
|
||||
begin acl
|
||||
|
||||
+
|
||||
+# This access control list is used for the MAIL command in an incoming
|
||||
+# SMTP message.
|
||||
+
|
||||
+acl_check_mail:
|
||||
+
|
||||
+ # Hosts are required to say HELO (or EHLO) before sending mail.
|
||||
+ # So don't allow them to use the MAIL command if they haven't
|
||||
+ # done so.
|
||||
+
|
||||
+ deny condition = ${if eq{$sender_helo_name}{} {1}}
|
||||
+ message = Nice boys say HELO first
|
||||
+
|
||||
+ # Use the lack of reverse DNS to trigger greylisting. Some people
|
||||
+ # even reject for it but that would be a little excessive.
|
||||
+
|
||||
+ warn condition = ${if eq{$sender_host_name}{} {1}}
|
||||
+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
|
||||
+
|
||||
+ accept
|
||||
+
|
||||
+
|
||||
+
|
||||
# This access control list is used for every RCPT command in an incoming
|
||||
# SMTP message. The tests are run in order until the address is either
|
||||
# accepted or denied.
|
||||
@@ -493,7 +517,8 @@ acl_check_rcpt:
|
||||
# There are no default checks on DNS black lists because the domains that
|
||||
# contain these lists are changing all the time. However, here are two
|
||||
# examples of how you can get Exim to perform a DNS black list lookup at this
|
||||
- # point. The first one denies, whereas the second just warns.
|
||||
+ # point. The first one denies, whereas the second just warns. The third
|
||||
+ # triggers greylisting for any host in the blacklist.
|
||||
#
|
||||
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
||||
# dnslists = black.list.example
|
||||
@@ -501,6 +526,10 @@ acl_check_rcpt:
|
||||
# warn dnslists = black.list.example
|
||||
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
||||
# log_message = found in $dnslist_domain
|
||||
+ #
|
||||
+ # warn dnslists = black.list.example
|
||||
+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
|
||||
+ #
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
@@ -514,6 +543,10 @@ acl_check_rcpt:
|
||||
# require verify = csa
|
||||
#############################################################################
|
||||
|
||||
+ # Alternatively, greylist for it:
|
||||
+ # warn !verify = csa
|
||||
+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
|
||||
+
|
||||
# At this point, the address has passed all the checks that have been
|
||||
# configured, so we accept it unconditionally.
|
||||
|
||||
@@ -546,6 +579,12 @@ acl_check_data:
|
||||
# deny condition = ${if !def:h_Message-ID: {1}}
|
||||
# message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
||||
# Most messages without it are spam, so your mail has been rejected.
|
||||
+ #
|
||||
+ # Alternatively if we're feeling more lenient we could just use it to
|
||||
+ # trigger greylisting instead:
|
||||
+
|
||||
+ warn condition = ${if !def:h_Message-ID: {1}}
|
||||
+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
|
||||
|
||||
# Deny if the message contains a virus. Before enabling this check, you
|
||||
# must install a virus scanner and set the av_scanner option above.
|
||||
@@ -580,8 +619,30 @@ acl_check_data:
|
||||
# message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
||||
# $spam_report
|
||||
|
||||
+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
|
||||
+ #
|
||||
+ # warn condition = ${if >{$spam_score_int}{5} {1}}
|
||||
+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
|
||||
+
|
||||
+
|
||||
+ # If you want to greylist _all_ mail rather than only mail which looks like there
|
||||
+ # might be something wrong with it, then you can do this...
|
||||
+ #
|
||||
+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
|
||||
+
|
||||
+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist
|
||||
+ # package which contains this subroutine, and you need to uncomment the bit below
|
||||
+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
|
||||
+ # greylisting will kick in and will defer the mail to check if the sender is a
|
||||
+ # proper mail which which retries, or whether it's a zombie. For more details, see
|
||||
+ # the exim-greylist.conf.inc file itself.
|
||||
+ #
|
||||
+ # require acl = greylist_mail
|
||||
+
|
||||
accept
|
||||
|
||||
+# To enable the greylisting, also uncomment this line:
|
||||
+# .include /etc/exim/exim-greylist.conf.inc
|
||||
|
||||
acl_check_mime:
|
||||
|
||||
|
|
@ -1,78 +0,0 @@
|
|||
diff --git a/src/configure.default b/src/configure.default
|
||||
index d588898..61bdae8 100644
|
||||
--- a/src/configure.default
|
||||
+++ b/src/configure.default
|
||||
@@ -142,7 +142,7 @@ acl_smtp_data = acl_check_data
|
||||
|
||||
# Allow any client to use TLS.
|
||||
|
||||
-# tls_advertise_hosts = *
|
||||
+tls_advertise_hosts = *
|
||||
|
||||
# Specify the location of the Exim server's TLS certificate and private key.
|
||||
# The private key must not be encrypted (password protected). You can put
|
||||
@@ -150,8 +150,8 @@ acl_smtp_data = acl_check_data
|
||||
# need the first setting, or in separate files, in which case you need both
|
||||
# options.
|
||||
|
||||
-# tls_certificate = /etc/ssl/exim.crt
|
||||
-# tls_privatekey = /etc/ssl/exim.pem
|
||||
+tls_certificate = /etc/pki/tls/certs/exim.pem
|
||||
+tls_privatekey = /etc/pki/tls/private/exim.pem
|
||||
|
||||
# In order to support roaming users who wish to send email from anywhere,
|
||||
# you may want to make Exim listen on other ports as well as port 25, in
|
||||
@@ -162,8 +162,8 @@ acl_smtp_data = acl_check_data
|
||||
# them you should also allow TLS-on-connect on the traditional but
|
||||
# non-standard port 465.
|
||||
|
||||
-# daemon_smtp_ports = 25 : 465 : 587
|
||||
-# tls_on_connect_ports = 465
|
||||
+daemon_smtp_ports = 25 : 465 : 587
|
||||
+tls_on_connect_ports = 465
|
||||
|
||||
|
||||
# Specify the domain you want to be added to all unqualified addresses
|
||||
@@ -221,6 +221,24 @@ never_users = root
|
||||
|
||||
host_lookup = *
|
||||
|
||||
+# This setting, if uncommented, allows users to authenticate using
|
||||
+# their system passwords against saslauthd if they connect over a
|
||||
+# secure connection. If you have network logins such as NIS or
|
||||
+# Kerberos rather than only local users, then you possibly also want
|
||||
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
|
||||
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
|
||||
+# allows them to relay through the system.
|
||||
+#
|
||||
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
|
||||
+#
|
||||
+# By default, we set this option to allow SMTP AUTH from nowhere
|
||||
+# (Exim's default would be to allow it from anywhere, even on an
|
||||
+# unencrypted connection).
|
||||
+#
|
||||
+# Comment this one out if you uncomment the above. Did you make sure
|
||||
+# saslauthd is actually running first?
|
||||
+#
|
||||
+auth_advertise_hosts =
|
||||
|
||||
# The settings below cause Exim to make RFC 1413 (ident) callbacks
|
||||
# for all incoming SMTP calls. You can limit the hosts to which these
|
||||
@@ -844,7 +862,7 @@ begin authenticators
|
||||
# driver = plaintext
|
||||
# server_set_id = $auth2
|
||||
# server_prompts = :
|
||||
-# server_condition = Authentication is not yet configured
|
||||
+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
|
||||
# server_advertise_condition = ${if def:tls_in_cipher }
|
||||
|
||||
# LOGIN authentication has traditional prompts and responses. There is no
|
||||
@@ -856,7 +874,7 @@ begin authenticators
|
||||
# driver = plaintext
|
||||
# server_set_id = $auth1
|
||||
# server_prompts = <| Username: | Password:
|
||||
-# server_condition = Authentication is not yet configured
|
||||
+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
|
||||
# server_advertise_condition = ${if def:tls_in_cipher }
|
||||
|
||||
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
diff --git a/src/configure.default b/src/configure.default
|
||||
index ecc3d6e..1e3c63f 100644
|
||||
--- a/src/configure.default
|
||||
+++ b/src/configure.default
|
||||
@@ -732,6 +732,12 @@ userforward:
|
||||
pipe_transport = address_pipe
|
||||
reply_transport = address_reply
|
||||
|
||||
+procmail:
|
||||
+ driver = accept
|
||||
+ check_local_user
|
||||
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
|
||||
+ transport = procmail
|
||||
+ no_verify
|
||||
|
||||
# This router matches local user mailboxes. If the router fails, the error
|
||||
# message is "Unknown user".
|
||||
@@ -773,6 +779,16 @@ remote_smtp:
|
||||
driver = smtp
|
||||
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
|
||||
|
||||
+# This transport invokes procmail to deliver mail
|
||||
+procmail:
|
||||
+ driver = pipe
|
||||
+ command = "/usr/bin/procmail -d $local_part"
|
||||
+ return_path_add
|
||||
+ delivery_date_add
|
||||
+ envelope_to_add
|
||||
+ user = $local_part
|
||||
+ initgroups
|
||||
+ return_output
|
||||
|
||||
# This transport is used for local delivery to user mailboxes in traditional
|
||||
# BSD mailbox format. By default it will be run under the uid and gid of the
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
diff --git a/src/configure.default b/src/configure.default
|
||||
index 985f1d0..8b6162b 100644
|
||||
--- a/src/configure.default
|
||||
+++ b/src/configure.default
|
||||
@@ -630,7 +630,7 @@ system_aliases:
|
||||
driver = redirect
|
||||
allow_fail
|
||||
allow_defer
|
||||
- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
|
||||
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
|
||||
# user = exim
|
||||
file_transport = address_file
|
||||
pipe_transport = address_pipe
|
||||
@@ -731,8 +731,8 @@ local_delivery:
|
||||
delivery_date_add
|
||||
envelope_to_add
|
||||
return_path_add
|
||||
-# group = mail
|
||||
-# mode = 0660
|
||||
+ group = mail
|
||||
+ mode = 0660
|
||||
|
||||
|
||||
# This transport is used for handling pipe deliveries generated by alias or
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
diff --git a/src/configure.default b/src/configure.default
|
||||
index a92c954..13599ae 100644
|
||||
--- a/src/configure.default
|
||||
+++ b/src/configure.default
|
||||
@@ -840,6 +840,15 @@ remote_smtp:
|
||||
driver = smtp
|
||||
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
|
||||
|
||||
+# This transport is used for delivering messages over SMTP using the
|
||||
+# "message submission" port (RFC4409).
|
||||
+
|
||||
+remote_msa:
|
||||
+ driver = smtp
|
||||
+ port = 587
|
||||
+ hosts_require_auth = *
|
||||
+
|
||||
+
|
||||
# This transport invokes procmail to deliver mail
|
||||
procmail:
|
||||
driver = pipe
|
||||
@@ -948,6 +957,21 @@ begin rewrite
|
||||
# AUTHENTICATION CONFIGURATION #
|
||||
######################################################################
|
||||
|
||||
+begin authenticators
|
||||
+
|
||||
+# This authenticator supports CRAM-MD5 username/password authentication
|
||||
+# with Exim acting as a _client_, as it might when sending its outgoing
|
||||
+# mail to a smarthost rather than directly to the final recipient.
|
||||
+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
|
||||
+
|
||||
+#client_auth:
|
||||
+# driver = cram_md5
|
||||
+# public_name = CRAM-MD5
|
||||
+# client_name = SMTPAUTH_USERNAME
|
||||
+# client_secret = SMTPAUTH_PASSWORD
|
||||
+
|
||||
+#
|
||||
+
|
||||
# The following authenticators support plaintext username/password
|
||||
# authentication using the standard PLAIN mechanism and the traditional
|
||||
# but non-standard LOGIN mechanism, with Exim acting as the server.
|
||||
@@ -963,7 +987,7 @@ begin rewrite
|
||||
# The default RCPT ACL checks for successful authentication, and will accept
|
||||
# messages from authenticated users from anywhere on the Internet.
|
||||
|
||||
-begin authenticators
|
||||
+#
|
||||
|
||||
# PLAIN authentication has no server prompts. The client sends its
|
||||
# credentials in one lump, containing an authorization ID (which we do not
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
diff --git a/src/exim.c b/src/exim.c
|
||||
index a6a1ea8..394bf84 100644
|
||||
--- a/src/exim.c
|
||||
+++ b/src/exim.c
|
||||
@@ -3092,7 +3092,14 @@ for (i = 1; i < argc; i++)
|
||||
|
||||
/* -oMr: Received protocol */
|
||||
|
||||
- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
|
||||
+ else if (Ustrcmp(argrest, "Mr") == 0)
|
||||
+
|
||||
+ if (received_protocol)
|
||||
+ {
|
||||
+ fprintf(stderr, "received_protocol is set already\n");
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+ else received_protocol = argv[++i];
|
||||
|
||||
/* -oMs: Set sender host name */
|
||||
|
||||
@@ -3188,7 +3195,15 @@ for (i = 1; i < argc; i++)
|
||||
|
||||
if (*argrest != 0)
|
||||
{
|
||||
- uschar *hn = Ustrchr(argrest, ':');
|
||||
+ uschar *hn;
|
||||
+
|
||||
+ if (received_protocol)
|
||||
+ {
|
||||
+ fprintf(stderr, "received_protocol is set already\n");
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+
|
||||
+ hn = Ustrchr(argrest, ':');
|
||||
if (hn == NULL)
|
||||
{
|
||||
received_protocol = argrest;
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
diff --git a/src/receive.c b/src/receive.c
|
||||
index 7980c32..3246621 100644
|
||||
--- a/src/receive.c
|
||||
+++ b/src/receive.c
|
||||
@@ -1772,8 +1772,8 @@ for (;;)
|
||||
(and sometimes lunatic messages can have ones that are 100s of K long) we
|
||||
call store_release() for strings that have been copied - if the string is at
|
||||
the start of a block (and therefore the only thing in it, because we aren't
|
||||
- doing any other gets), the block gets freed. We can only do this because we
|
||||
- know there are no other calls to store_get() going on. */
|
||||
+ doing any other gets), the block gets freed. We can only do this release if
|
||||
+ there were no allocations since the once that we want to free. */
|
||||
|
||||
if (ptr >= header_size - 4)
|
||||
{
|
||||
@@ -1782,9 +1782,10 @@ for (;;)
|
||||
header_size *= 2;
|
||||
if (!store_extend(next->text, oldsize, header_size))
|
||||
{
|
||||
+ BOOL release_ok = store_last_get[store_pool] == next->text;
|
||||
uschar *newtext = store_get(header_size);
|
||||
memcpy(newtext, next->text, ptr);
|
||||
- store_release(next->text);
|
||||
+ if (release_ok) store_release(next->text);
|
||||
next->text = newtext;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,524 +0,0 @@
|
|||
--- exim-4.89/src/exim.c.calloutsize 2017-03-04 16:21:35.000000000 -0500
|
||||
+++ exim-4.89/src/exim.c 2017-08-16 15:52:41.424866990 -0400
|
||||
@@ -2738,7 +2738,7 @@
|
||||
/* -MCD: set the smtp_use_dsn flag; this indicates that the host
|
||||
that exim is connected to supports the esmtp extension DSN */
|
||||
|
||||
- case 'D': smtp_peer_options |= PEER_OFFERED_DSN; break;
|
||||
+ case 'D': smtp_peer_options |= OPTION_DSN; break;
|
||||
|
||||
/* -MCG: set the queue name, to a non-default value */
|
||||
|
||||
@@ -2748,12 +2748,12 @@
|
||||
|
||||
/* -MCK: the peer offered CHUNKING. Must precede -MC */
|
||||
|
||||
- case 'K': smtp_peer_options |= PEER_OFFERED_CHUNKING; break;
|
||||
+ case 'K': smtp_peer_options |= OPTION_CHUNKING; break;
|
||||
|
||||
/* -MCP: set the smtp_use_pipelining flag; this is useful only when
|
||||
it preceded -MC (see above) */
|
||||
|
||||
- case 'P': smtp_peer_options |= PEER_OFFERED_PIPE; break;
|
||||
+ case 'P': smtp_peer_options |= OPTION_PIPE; break;
|
||||
|
||||
/* -MCQ: pass on the pid of the queue-running process that started
|
||||
this chain of deliveries and the fd of its synchronizing pipe; this
|
||||
@@ -2768,14 +2768,14 @@
|
||||
/* -MCS: set the smtp_use_size flag; this is useful only when it
|
||||
precedes -MC (see above) */
|
||||
|
||||
- case 'S': smtp_peer_options |= PEER_OFFERED_SIZE; break;
|
||||
+ case 'S': smtp_peer_options |= OPTION_SIZE; break;
|
||||
|
||||
#ifdef SUPPORT_TLS
|
||||
/* -MCT: set the tls_offered flag; this is useful only when it
|
||||
precedes -MC (see above). The flag indicates that the host to which
|
||||
Exim is connected has offered TLS support. */
|
||||
|
||||
- case 'T': smtp_peer_options |= PEER_OFFERED_TLS; break;
|
||||
+ case 'T': smtp_peer_options |= OPTION_TLS; break;
|
||||
#endif
|
||||
|
||||
default: badarg = TRUE; break;
|
||||
--- exim-4.89/src/macros.h.calloutsize 2017-03-04 16:21:35.000000000 -0500
|
||||
+++ exim-4.89/src/macros.h 2017-08-16 15:38:52.876969094 -0400
|
||||
@@ -959,14 +959,14 @@
|
||||
|
||||
/* Codes for ESMTP facilities offered by peer */
|
||||
|
||||
-#define PEER_OFFERED_TLS BIT(0)
|
||||
-#define PEER_OFFERED_IGNQ BIT(1)
|
||||
-#define PEER_OFFERED_PRDR BIT(2)
|
||||
-#define PEER_OFFERED_UTF8 BIT(3)
|
||||
-#define PEER_OFFERED_DSN BIT(4)
|
||||
-#define PEER_OFFERED_PIPE BIT(5)
|
||||
-#define PEER_OFFERED_SIZE BIT(6)
|
||||
-#define PEER_OFFERED_CHUNKING BIT(7)
|
||||
+#define OPTION_TLS BIT(0)
|
||||
+#define OPTION_IGNQ BIT(1)
|
||||
+#define OPTION_PRDR BIT(2)
|
||||
+#define OPTION_UTF8 BIT(3)
|
||||
+#define OPTION_DSN BIT(4)
|
||||
+#define OPTION_PIPE BIT(5)
|
||||
+#define OPTION_SIZE BIT(6)
|
||||
+#define OPTION_CHUNKING BIT(7)
|
||||
|
||||
/* Argument for *_getc */
|
||||
|
||||
--- exim-4.89/src/transport.c.calloutsize 2017-08-16 15:38:52.876969094 -0400
|
||||
+++ exim-4.89/src/transport.c 2017-08-16 15:55:23.681414193 -0400
|
||||
@@ -1976,13 +1976,12 @@
|
||||
argv = CUSS child_exec_exim(CEE_RETURN_ARGV, TRUE, &i, FALSE, 0);
|
||||
|
||||
if (smtp_authenticated) argv[i++] = US"-MCA";
|
||||
-
|
||||
- if (smtp_peer_options & PEER_OFFERED_CHUNKING) argv[i++] = US"-MCK";
|
||||
- if (smtp_peer_options & PEER_OFFERED_DSN) argv[i++] = US"-MCD";
|
||||
- if (smtp_peer_options & PEER_OFFERED_PIPE) argv[i++] = US"-MCP";
|
||||
- if (smtp_peer_options & PEER_OFFERED_SIZE) argv[i++] = US"-MCS";
|
||||
+ if (smtp_peer_options & OPTION_CHUNKING) argv[i++] = US"-MCK";
|
||||
+ if (smtp_peer_options & OPTION_DSN) argv[i++] = US"-MCD";
|
||||
+ if (smtp_peer_options & OPTION_PIPE) argv[i++] = US"-MCP";
|
||||
+ if (smtp_peer_options & OPTION_SIZE) argv[i++] = US"-MCS";
|
||||
#ifdef SUPPORT_TLS
|
||||
- if (smtp_peer_options & PEER_OFFERED_TLS) argv[i++] = US"-MCT";
|
||||
+ if (smtp_peer_options & OPTION_TLS) argv[i++] = US"-MCT";
|
||||
#endif
|
||||
|
||||
if (queue_run_pid != (pid_t)0)
|
||||
--- exim-4.89/src/transports/smtp.c.calloutsize 2017-03-04 16:21:35.000000000 -0500
|
||||
+++ exim-4.89/src/transports/smtp.c 2017-08-16 16:08:51.572126172 -0400
|
||||
@@ -1291,44 +1291,44 @@
|
||||
size_t bsize = Ustrlen(buf);
|
||||
|
||||
#ifdef SUPPORT_TLS
|
||||
-if ( checks & PEER_OFFERED_TLS
|
||||
+if ( checks & OPTION_TLS
|
||||
&& pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
|
||||
- checks &= ~PEER_OFFERED_TLS;
|
||||
+ checks &= ~OPTION_TLS;
|
||||
#endif
|
||||
|
||||
-if ( checks & PEER_OFFERED_IGNQ
|
||||
+if ( checks & OPTION_IGNQ
|
||||
&& pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0,
|
||||
PCRE_EOPT, NULL, 0) < 0)
|
||||
- checks &= ~PEER_OFFERED_IGNQ;
|
||||
+ checks &= ~OPTION_IGNQ;
|
||||
|
||||
-if ( checks & PEER_OFFERED_CHUNKING
|
||||
+if ( checks & OPTION_CHUNKING
|
||||
&& pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
|
||||
- checks &= ~PEER_OFFERED_CHUNKING;
|
||||
+ checks &= ~OPTION_CHUNKING;
|
||||
|
||||
#ifndef DISABLE_PRDR
|
||||
-if ( checks & PEER_OFFERED_PRDR
|
||||
+if ( checks & OPTION_PRDR
|
||||
&& pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
|
||||
- checks &= ~PEER_OFFERED_PRDR;
|
||||
+ checks &= ~OPTION_PRDR;
|
||||
#endif
|
||||
|
||||
#ifdef SUPPORT_I18N
|
||||
-if ( checks & PEER_OFFERED_UTF8
|
||||
+if ( checks & OPTION_UTF8
|
||||
&& pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
|
||||
- checks &= ~PEER_OFFERED_UTF8;
|
||||
+ checks &= ~OPTION_UTF8;
|
||||
#endif
|
||||
|
||||
-if ( checks & PEER_OFFERED_DSN
|
||||
+if ( checks & OPTION_DSN
|
||||
&& pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
|
||||
- checks &= ~PEER_OFFERED_DSN;
|
||||
+ checks &= ~OPTION_DSN;
|
||||
|
||||
-if ( checks & PEER_OFFERED_PIPE
|
||||
+if ( checks & OPTION_PIPE
|
||||
&& pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0,
|
||||
PCRE_EOPT, NULL, 0) < 0)
|
||||
- checks &= ~PEER_OFFERED_PIPE;
|
||||
+ checks &= ~OPTION_PIPE;
|
||||
|
||||
-if ( checks & PEER_OFFERED_SIZE
|
||||
+if ( checks & OPTION_SIZE
|
||||
&& pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
|
||||
- checks &= ~PEER_OFFERED_SIZE;
|
||||
+ checks &= ~OPTION_SIZE;
|
||||
|
||||
return checks;
|
||||
}
|
||||
@@ -1479,6 +1479,7 @@
|
||||
|
||||
if ((sx->max_rcpt = sx->tblock->max_addresses) == 0) sx->max_rcpt = 999999;
|
||||
sx->peer_offered = 0;
|
||||
+sx->avoid_option = 0;
|
||||
sx->igquotstr = US"";
|
||||
if (!sx->helo_data) sx->helo_data = sx->ob->helo_data;
|
||||
#ifdef EXPERIMENTAL_DSN_INFO
|
||||
@@ -1715,7 +1716,7 @@
|
||||
#ifdef SUPPORT_TLS
|
||||
if (sx->smtps)
|
||||
{
|
||||
- smtp_peer_options |= PEER_OFFERED_TLS;
|
||||
+ smtp_peer_options |= OPTION_TLS;
|
||||
suppress_tls = FALSE;
|
||||
sx->ob->tls_tempfail_tryclear = FALSE;
|
||||
smtp_command = US"SSL-on-connect";
|
||||
@@ -1780,18 +1781,18 @@
|
||||
}
|
||||
}
|
||||
|
||||
- sx->peer_offered = smtp_peer_options = 0;
|
||||
+ sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;
|
||||
|
||||
if (sx->esmtp || sx->lmtp)
|
||||
{
|
||||
sx->peer_offered = ehlo_response(sx->buffer,
|
||||
- PEER_OFFERED_TLS /* others checked later */
|
||||
+ OPTION_TLS /* others checked later */
|
||||
);
|
||||
|
||||
/* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
|
||||
|
||||
#ifdef SUPPORT_TLS
|
||||
- smtp_peer_options |= sx->peer_offered & PEER_OFFERED_TLS;
|
||||
+ smtp_peer_options |= sx->peer_offered & OPTION_TLS;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
@@ -1825,7 +1826,7 @@
|
||||
for error analysis. */
|
||||
|
||||
#ifdef SUPPORT_TLS
|
||||
-if ( smtp_peer_options & PEER_OFFERED_TLS
|
||||
+if ( smtp_peer_options & OPTION_TLS
|
||||
&& !suppress_tls
|
||||
&& verify_check_given_host(&sx->ob->hosts_avoid_tls, sx->host) != OK
|
||||
&& ( !sx->verify
|
||||
@@ -1970,7 +1971,7 @@
|
||||
{
|
||||
errno = ERRNO_TLSREQUIRED;
|
||||
message = string_sprintf("a TLS session is required, but %s",
|
||||
- smtp_peer_options & PEER_OFFERED_TLS
|
||||
+ smtp_peer_options & OPTION_TLS
|
||||
? "an attempt to start TLS failed" : "the server did not offer TLS support");
|
||||
goto TLS_FAILED;
|
||||
}
|
||||
@@ -1991,60 +1992,60 @@
|
||||
{
|
||||
sx->peer_offered = ehlo_response(sx->buffer,
|
||||
0 /* no TLS */
|
||||
- | (sx->lmtp && sx->ob->lmtp_ignore_quota ? PEER_OFFERED_IGNQ : 0)
|
||||
- | PEER_OFFERED_CHUNKING
|
||||
- | PEER_OFFERED_PRDR
|
||||
+ | (sx->lmtp && sx->ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
|
||||
+ | OPTION_CHUNKING
|
||||
+ | OPTION_PRDR
|
||||
#ifdef SUPPORT_I18N
|
||||
- | (sx->addrlist->prop.utf8_msg ? PEER_OFFERED_UTF8 : 0)
|
||||
+ | (sx->addrlist->prop.utf8_msg ? OPTION_UTF8 : 0)
|
||||
/*XXX if we hand peercaps on to continued-conn processes,
|
||||
must not depend on this addr */
|
||||
#endif
|
||||
- | PEER_OFFERED_DSN
|
||||
- | PEER_OFFERED_PIPE
|
||||
- | (sx->ob->size_addition >= 0 ? PEER_OFFERED_SIZE : 0)
|
||||
+ | OPTION_DSN
|
||||
+ | OPTION_PIPE
|
||||
+ | (sx->ob->size_addition >= 0 ? OPTION_SIZE : 0)
|
||||
);
|
||||
|
||||
/* Set for IGNOREQUOTA if the response to LHLO specifies support and the
|
||||
lmtp_ignore_quota option was set. */
|
||||
|
||||
- sx->igquotstr = sx->peer_offered & PEER_OFFERED_IGNQ ? US" IGNOREQUOTA" : US"";
|
||||
+ sx->igquotstr = sx->peer_offered & OPTION_IGNQ ? US" IGNOREQUOTA" : US"";
|
||||
|
||||
/* If the response to EHLO specified support for the SIZE parameter, note
|
||||
this, provided size_addition is non-negative. */
|
||||
|
||||
- smtp_peer_options |= sx->peer_offered & PEER_OFFERED_SIZE;
|
||||
+ smtp_peer_options |= sx->peer_offered & OPTION_SIZE;
|
||||
|
||||
/* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
|
||||
the current host, esmtp will be false, so PIPELINING can never be used. If
|
||||
the current host matches hosts_avoid_pipelining, don't do it. */
|
||||
|
||||
- if ( sx->peer_offered & PEER_OFFERED_PIPE
|
||||
+ if ( sx->peer_offered & OPTION_PIPE
|
||||
&& verify_check_given_host(&sx->ob->hosts_avoid_pipelining, sx->host) != OK)
|
||||
- smtp_peer_options |= PEER_OFFERED_PIPE;
|
||||
+ smtp_peer_options |= OPTION_PIPE;
|
||||
|
||||
DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
|
||||
- smtp_peer_options & PEER_OFFERED_PIPE ? "" : "not ");
|
||||
+ smtp_peer_options & OPTION_PIPE ? "" : "not ");
|
||||
|
||||
- if ( sx->peer_offered & PEER_OFFERED_CHUNKING
|
||||
+ if ( sx->peer_offered & OPTION_CHUNKING
|
||||
&& verify_check_given_host(&sx->ob->hosts_try_chunking, sx->host) != OK)
|
||||
- sx->peer_offered &= ~PEER_OFFERED_CHUNKING;
|
||||
+ sx->peer_offered &= ~OPTION_CHUNKING;
|
||||
|
||||
- if (sx->peer_offered & PEER_OFFERED_CHUNKING)
|
||||
+ if (sx->peer_offered & OPTION_CHUNKING)
|
||||
{DEBUG(D_transport) debug_printf("CHUNKING usable\n");}
|
||||
|
||||
#ifndef DISABLE_PRDR
|
||||
- if ( sx->peer_offered & PEER_OFFERED_PRDR
|
||||
+ if ( sx->peer_offered & OPTION_PRDR
|
||||
&& verify_check_given_host(&sx->ob->hosts_try_prdr, sx->host) != OK)
|
||||
- sx->peer_offered &= ~PEER_OFFERED_PRDR;
|
||||
+ sx->peer_offered &= ~OPTION_PRDR;
|
||||
|
||||
- if (sx->peer_offered & PEER_OFFERED_PRDR)
|
||||
+ if (sx->peer_offered & OPTION_PRDR)
|
||||
{DEBUG(D_transport) debug_printf("PRDR usable\n");}
|
||||
#endif
|
||||
|
||||
/* Note if the server supports DSN */
|
||||
- smtp_peer_options |= sx->peer_offered & PEER_OFFERED_DSN;
|
||||
+ smtp_peer_options |= sx->peer_offered & OPTION_DSN;
|
||||
DEBUG(D_transport) debug_printf("%susing DSN\n",
|
||||
- sx->peer_offered & PEER_OFFERED_DSN ? "" : "not ");
|
||||
+ sx->peer_offered & OPTION_DSN ? "" : "not ");
|
||||
|
||||
/* Note if the response to EHLO specifies support for the AUTH extension.
|
||||
If it has, check that this host is one we want to authenticate to, and do
|
||||
@@ -2061,7 +2062,7 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
-pipelining_active = !!(smtp_peer_options & PEER_OFFERED_PIPE);
|
||||
+pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
|
||||
|
||||
/* The setting up of the SMTP call is now complete. Any subsequent errors are
|
||||
message-specific. */
|
||||
@@ -2079,7 +2080,7 @@
|
||||
}
|
||||
|
||||
/* If this is an international message we need the host to speak SMTPUTF8 */
|
||||
-if (sx->utf8_needed && !(sx->peer_offered & PEER_OFFERED_UTF8))
|
||||
+if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8))
|
||||
{
|
||||
errno = ERRNO_UTF8_FWD;
|
||||
goto RESPONSE_FAILED;
|
||||
@@ -2202,14 +2203,15 @@
|
||||
|
||||
*p = 0;
|
||||
|
||||
-/* If we know the receiving MTA supports the SIZE qualification,
|
||||
+/* If we know the receiving MTA supports the SIZE qualification, and we know it,
|
||||
send it, adding something to the message size to allow for imprecision
|
||||
and things that get added en route. Exim keeps the number of lines
|
||||
in a message, so we can give an accurate value for the original message, but we
|
||||
need some additional to handle added headers. (Double "." characters don't get
|
||||
included in the count.) */
|
||||
|
||||
-if (sx->peer_offered & PEER_OFFERED_SIZE)
|
||||
+if ( message_size > 0
|
||||
+ && sx->peer_offered & OPTION_SIZE && !(sx->avoid_option & OPTION_SIZE))
|
||||
{
|
||||
sprintf(CS p, " SIZE=%d", message_size+message_linecount+sx->ob->size_addition);
|
||||
while (*p) p++;
|
||||
@@ -2220,7 +2222,7 @@
|
||||
request that */
|
||||
|
||||
sx->prdr_active = FALSE;
|
||||
-if (sx->peer_offered & PEER_OFFERED_PRDR)
|
||||
+if (sx->peer_offered & OPTION_PRDR)
|
||||
for (addr = addrlist; addr; addr = addr->next)
|
||||
if (addr->transport_return == PENDING_DEFER)
|
||||
{
|
||||
@@ -2239,7 +2241,7 @@
|
||||
/* If it supports internationalised messages, and this meesage need that,
|
||||
request it */
|
||||
|
||||
-if ( sx->peer_offered & PEER_OFFERED_UTF8
|
||||
+if ( sx->peer_offered & OPTION_UTF8
|
||||
&& addrlist->prop.utf8_msg
|
||||
&& !addrlist->prop.utf8_downcvt
|
||||
)
|
||||
@@ -2261,7 +2263,7 @@
|
||||
|
||||
/* Add any DSN flags to the mail command */
|
||||
|
||||
-if (sx->peer_offered & PEER_OFFERED_DSN && !sx->dsn_all_lasthop)
|
||||
+if (sx->peer_offered & OPTION_DSN && !sx->dsn_all_lasthop)
|
||||
{
|
||||
if (dsn_ret == dsn_ret_hdrs)
|
||||
{ Ustrcpy(p, " RET=HDRS"); p += 9; }
|
||||
@@ -2297,7 +2299,7 @@
|
||||
|
||||
/* Add any DSN flags to the rcpt command */
|
||||
|
||||
-if (sx->peer_offered & PEER_OFFERED_DSN && !(addr->dsn_flags & rf_dsnlasthop))
|
||||
+if (sx->peer_offered & OPTION_DSN && !(addr->dsn_flags & rf_dsnlasthop))
|
||||
{
|
||||
if (addr->dsn_flags & rf_dsnflags)
|
||||
{
|
||||
@@ -2367,7 +2369,7 @@
|
||||
the delivery log line. */
|
||||
|
||||
if ( sx->addrlist->prop.utf8_msg
|
||||
- && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & PEER_OFFERED_UTF8))
|
||||
+ && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & OPTION_UTF8))
|
||||
)
|
||||
{
|
||||
if (s = string_address_utf8_to_alabel(s, &errstr), errstr)
|
||||
@@ -2431,7 +2433,7 @@
|
||||
BOOL no_flush;
|
||||
uschar * rcpt_addr;
|
||||
|
||||
- addr->dsn_aware = sx->peer_offered & PEER_OFFERED_DSN
|
||||
+ addr->dsn_aware = sx->peer_offered & OPTION_DSN
|
||||
? dsn_support_yes : dsn_support_no;
|
||||
|
||||
address_count++;
|
||||
@@ -2594,10 +2596,10 @@
|
||||
if ( transport_filter_argv
|
||||
&& *transport_filter_argv
|
||||
&& **transport_filter_argv
|
||||
- && sx.peer_offered & PEER_OFFERED_CHUNKING
|
||||
+ && sx.peer_offered & OPTION_CHUNKING
|
||||
)
|
||||
{
|
||||
- sx.peer_offered &= ~PEER_OFFERED_CHUNKING;
|
||||
+ sx.peer_offered &= ~OPTION_CHUNKING;
|
||||
DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
|
||||
}
|
||||
}
|
||||
@@ -2656,7 +2658,7 @@
|
||||
If using CHUNKING, do not send a BDAT until we know how big a chunk we want
|
||||
to send is. */
|
||||
|
||||
-if ( !(sx.peer_offered & PEER_OFFERED_CHUNKING)
|
||||
+if ( !(sx.peer_offered & OPTION_CHUNKING)
|
||||
&& (sx.ok || (pipelining_active && !mua_wrapper)))
|
||||
{
|
||||
int count = smtp_write_command(&sx.outblock, FALSE, "DATA\r\n");
|
||||
@@ -2686,7 +2688,7 @@
|
||||
well as body. Set the appropriate timeout value to be used for each chunk.
|
||||
(Haven't been able to make it work using select() for writing yet.) */
|
||||
|
||||
-if (!(sx.peer_offered & PEER_OFFERED_CHUNKING) && !sx.ok)
|
||||
+if (!(sx.peer_offered & OPTION_CHUNKING) && !sx.ok)
|
||||
{
|
||||
/* Save the first address of the next batch. */
|
||||
sx.first_addr = sx.next_addr;
|
||||
@@ -2712,7 +2714,7 @@
|
||||
of responses. The callback needs a whole bunch of state so set up
|
||||
a transport-context structure to be passed around. */
|
||||
|
||||
- if (sx.peer_offered & PEER_OFFERED_CHUNKING)
|
||||
+ if (sx.peer_offered & OPTION_CHUNKING)
|
||||
{
|
||||
tctx.check_string = tctx.escape_string = NULL;
|
||||
tctx.options |= topt_use_bdat;
|
||||
@@ -2737,7 +2739,7 @@
|
||||
transport_write_timeout = sx.ob->data_timeout;
|
||||
smtp_command = US"sending data block"; /* For error messages */
|
||||
DEBUG(D_transport|D_v)
|
||||
- if (sx.peer_offered & PEER_OFFERED_CHUNKING)
|
||||
+ if (sx.peer_offered & OPTION_CHUNKING)
|
||||
debug_printf(" will write message using CHUNKING\n");
|
||||
else
|
||||
debug_printf(" SMTP>> writing message and terminating \".\"\n");
|
||||
@@ -2771,7 +2773,7 @@
|
||||
|
||||
smtp_command = US"end of data";
|
||||
|
||||
- if (sx.peer_offered & PEER_OFFERED_CHUNKING && sx.cmd_count > 1)
|
||||
+ if (sx.peer_offered & OPTION_CHUNKING && sx.cmd_count > 1)
|
||||
{
|
||||
/* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */
|
||||
switch(sync_responses(&sx, sx.cmd_count-1, 0))
|
||||
@@ -2926,7 +2928,7 @@
|
||||
#ifndef DISABLE_PRDR
|
||||
if (sx.prdr_active) addr->flags |= af_prdr_used;
|
||||
#endif
|
||||
- if (sx.peer_offered & PEER_OFFERED_CHUNKING) addr->flags |= af_chunking_used;
|
||||
+ if (sx.peer_offered & OPTION_CHUNKING) addr->flags |= af_chunking_used;
|
||||
flag = '-';
|
||||
|
||||
#ifndef DISABLE_PRDR
|
||||
--- exim-4.89/src/transports/smtp.h.calloutsize 2017-03-04 16:21:35.000000000 -0500
|
||||
+++ exim-4.89/src/transports/smtp.h 2017-08-16 15:38:52.877969104 -0400
|
||||
@@ -127,6 +127,7 @@
|
||||
int cmd_count;
|
||||
|
||||
uschar peer_offered;
|
||||
+ uschar avoid_option;
|
||||
uschar * igquotstr;
|
||||
uschar * helo_data;
|
||||
#ifdef EXPERIMENTAL_DSN_INFO
|
||||
--- exim-4.89/src/verify.c.calloutsize 2017-03-04 16:21:35.000000000 -0500
|
||||
+++ exim-4.89/src/verify.c 2017-08-16 15:51:37.913261370 -0400
|
||||
@@ -779,8 +779,12 @@
|
||||
postmaster-verify.
|
||||
The sync_responses() would need to be taught about it and we'd
|
||||
need another return code filtering out to here.
|
||||
+
|
||||
+ Avoid using a SIZE option on the MAIL for all randon-rcpt checks.
|
||||
*/
|
||||
|
||||
+ sx.avoid_option = OPTION_SIZE;
|
||||
+
|
||||
/* Remember when we last did a random test */
|
||||
new_domain_record.random_stamp = time(NULL);
|
||||
|
||||
@@ -790,8 +794,9 @@
|
||||
case PENDING_OK:
|
||||
new_domain_record.random_result = ccache_accept;
|
||||
break;
|
||||
- case FAIL:
|
||||
+ case FAIL: /* the preferred result */
|
||||
new_domain_record.random_result = ccache_reject;
|
||||
+ sx.avoid_option = 0;
|
||||
|
||||
/* Between each check, issue RSET, because some servers accept only
|
||||
one recipient after MAIL FROM:<>.
|
||||
@@ -836,12 +841,14 @@
|
||||
else
|
||||
done = TRUE;
|
||||
|
||||
- /* Main verify. If the host is accepting all local parts, as determined
|
||||
- by the "random" check, we don't need to waste time doing any further
|
||||
- checking. */
|
||||
+ /* Main verify. For rcpt-verify use SIZE if we know it and we're not cacheing;
|
||||
+ for sndr-verify never use it. */
|
||||
|
||||
if (done)
|
||||
{
|
||||
+ if (!(options & vopt_is_recipient && options & vopt_callout_no_cache))
|
||||
+ sx.avoid_option = OPTION_SIZE;
|
||||
+
|
||||
done = FALSE;
|
||||
switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield))
|
||||
{
|
||||
@@ -850,12 +857,12 @@
|
||||
case PENDING_OK: done = TRUE;
|
||||
new_address_record.result = ccache_accept;
|
||||
break;
|
||||
- case FAIL: done = TRUE;
|
||||
+ case FAIL: done = TRUE;
|
||||
yield = FAIL;
|
||||
*failure_ptr = US"recipient";
|
||||
new_address_record.result = ccache_reject;
|
||||
break;
|
||||
- default: break;
|
||||
+ default: break;
|
||||
}
|
||||
break;
|
||||
|
||||
@@ -908,6 +915,7 @@
|
||||
sx.ok = FALSE;
|
||||
sx.send_rset = TRUE;
|
||||
sx.completed_addr = FALSE;
|
||||
+ sx.avoid_option = OPTION_SIZE;
|
||||
|
||||
if( smtp_write_mail_and_rcpt_cmds(&sx, &yield) == 0
|
||||
&& addr->transport_return == PENDING_OK
|
||||
|
|
@ -1,299 +0,0 @@
|
|||
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
|
||||
index 3e486a6..6c4afec 100755
|
||||
--- a/scripts/Configure-Makefile
|
||||
+++ b/scripts/Configure-Makefile
|
||||
@@ -269,7 +269,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
||||
|
||||
mv $mft $mftt
|
||||
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
|
||||
- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
|
||||
+ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
|
||||
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
|
||||
echo "" >>$mft
|
||||
cat $mftt >> $mft
|
||||
diff --git a/src/EDITME b/src/EDITME
|
||||
index df74aac..0caf02d 100644
|
||||
--- a/src/EDITME
|
||||
+++ b/src/EDITME
|
||||
@@ -98,7 +98,7 @@
|
||||
# /usr/local/sbin. The installation script will try to create this directory,
|
||||
# and any superior directories, if they do not exist.
|
||||
|
||||
-BIN_DIRECTORY=/usr/exim/bin
|
||||
+BIN_DIRECTORY=/usr/sbin
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -114,7 +114,7 @@ BIN_DIRECTORY=/usr/exim/bin
|
||||
# don't exist. It will also install a default runtime configuration if this
|
||||
# file does not exist.
|
||||
|
||||
-CONFIGURE_FILE=/usr/exim/configure
|
||||
+CONFIGURE_FILE=/etc/exim/exim.conf
|
||||
|
||||
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
|
||||
# In this case, Exim will use the first of them that exists when it is run.
|
||||
@@ -131,7 +131,7 @@ CONFIGURE_FILE=/usr/exim/configure
|
||||
# deliveries. (Local deliveries run as various non-root users, typically as the
|
||||
# owner of a local mailbox.) Specifying these values as root is not supported.
|
||||
|
||||
-EXIM_USER=
|
||||
+EXIM_USER=93
|
||||
|
||||
# If you specify EXIM_USER as a name, this is looked up at build time, and the
|
||||
# uid number is built into the binary. However, you can specify that this
|
||||
@@ -152,7 +152,7 @@ EXIM_USER=
|
||||
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
|
||||
# you want to use a group other than the default group for the given user.
|
||||
|
||||
-# EXIM_GROUP=
|
||||
+EXIM_GROUP=93
|
||||
|
||||
# Many sites define a user called "exim", with an appropriate default group,
|
||||
# and use
|
||||
@@ -232,7 +232,7 @@ TRANSPORT_SMTP=yes
|
||||
# This one is special-purpose, and commonly not required, so it is not
|
||||
# included by default.
|
||||
|
||||
-# TRANSPORT_LMTP=yes
|
||||
+TRANSPORT_LMTP=yes
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -241,9 +241,9 @@ TRANSPORT_SMTP=yes
|
||||
# MBX, is included only when requested. If you do not know what this is about,
|
||||
# leave these settings commented out.
|
||||
|
||||
-# SUPPORT_MAILDIR=yes
|
||||
-# SUPPORT_MAILSTORE=yes
|
||||
-# SUPPORT_MBX=yes
|
||||
+SUPPORT_MAILDIR=yes
|
||||
+SUPPORT_MAILSTORE=yes
|
||||
+SUPPORT_MBX=yes
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -301,19 +301,21 @@ LOOKUP_DBM=yes
|
||||
LOOKUP_LSEARCH=yes
|
||||
LOOKUP_DNSDB=yes
|
||||
|
||||
-# LOOKUP_CDB=yes
|
||||
-# LOOKUP_DSEARCH=yes
|
||||
+LOOKUP_CDB=yes
|
||||
+LOOKUP_DSEARCH=yes
|
||||
# LOOKUP_IBASE=yes
|
||||
-# LOOKUP_LDAP=yes
|
||||
-# LOOKUP_MYSQL=yes
|
||||
-# LOOKUP_NIS=yes
|
||||
-# LOOKUP_NISPLUS=yes
|
||||
+LOOKUP_LDAP=yes
|
||||
+LDAP_LIB_TYPE=OPENLDAP2
|
||||
+LOOKUP_INCLUDE=-I/usr/include/mysql
|
||||
+LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient -lpq
|
||||
+LOOKUP_MYSQL=yes
|
||||
+LOOKUP_NIS=yes
|
||||
+LOOKUP_NISPLUS=yes
|
||||
# LOOKUP_ORACLE=yes
|
||||
-# LOOKUP_PASSWD=yes
|
||||
-# LOOKUP_PGSQL=yes
|
||||
+LOOKUP_PASSWD=yes
|
||||
+LOOKUP_PGSQL=yes
|
||||
# LOOKUP_REDIS=yes
|
||||
-# LOOKUP_SQLITE=yes
|
||||
-# LOOKUP_SQLITE_PC=sqlite3
|
||||
+LOOKUP_SQLITE=yes
|
||||
# LOOKUP_WHOSON=yes
|
||||
|
||||
# These two settings are obsolete; all three lookups are compiled when
|
||||
@@ -390,7 +392,7 @@ EXIM_MONITOR=eximon.bin
|
||||
# and the MIME ACL. Please read the documentation to learn more about these
|
||||
# features.
|
||||
|
||||
-# WITH_CONTENT_SCAN=yes
|
||||
+WITH_CONTENT_SCAN=yes
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# If you're using ClamAV and are backporting fixes to an old version, instead
|
||||
@@ -577,7 +579,7 @@ FIXED_NEVER_USERS=root
|
||||
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
||||
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
||||
|
||||
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
|
||||
+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -622,17 +624,14 @@ FIXED_NEVER_USERS=root
|
||||
# included in the Exim binary. You will then need to set up the run time
|
||||
# configuration to make use of the mechanism(s) selected.
|
||||
|
||||
-# AUTH_CRAM_MD5=yes
|
||||
-# AUTH_CYRUS_SASL=yes
|
||||
-# AUTH_DOVECOT=yes
|
||||
-# AUTH_GSASL=yes
|
||||
-# AUTH_GSASL_PC=libgsasl
|
||||
-# AUTH_HEIMDAL_GSSAPI=yes
|
||||
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
|
||||
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
|
||||
-# AUTH_PLAINTEXT=yes
|
||||
-# AUTH_SPA=yes
|
||||
-# AUTH_TLS=yes
|
||||
+AUTH_CRAM_MD5=yes
|
||||
+AUTH_CYRUS_SASL=yes
|
||||
+AUTH_DOVECOT=yes
|
||||
+AUTH_GSASL=yes
|
||||
+AUTH_GSASL_PC=libgsasl
|
||||
+AUTH_PLAINTEXT=yes
|
||||
+AUTH_SPA=yes
|
||||
+AUTH_TLS=yes
|
||||
|
||||
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
|
||||
# requires multiple pkg-config files to work with Exim, so the second example
|
||||
@@ -656,7 +655,7 @@ FIXED_NEVER_USERS=root
|
||||
# one that is set in the headers_charset option. The default setting is
|
||||
# defined by this setting:
|
||||
|
||||
-HEADERS_CHARSET="ISO-8859-1"
|
||||
+HEADERS_CHARSET="UTF-8"
|
||||
|
||||
# If you are going to make use of $header_xxx expansions in your configuration
|
||||
# file, or if your users are going to use them in filter files, and the normal
|
||||
@@ -676,7 +675,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||
# the Sieve filter support. For those OS where iconv() is known to be installed
|
||||
# as standard, the file in OS/Makefile-xxxx contains
|
||||
#
|
||||
-# HAVE_ICONV=yes
|
||||
+HAVE_ICONV=yes
|
||||
#
|
||||
# If you are not using one of those systems, but have installed iconv(), you
|
||||
# need to uncomment that line above. In some cases, you may find that iconv()
|
||||
@@ -745,11 +744,11 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||
# leave these settings commented out.
|
||||
|
||||
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
|
||||
-# SUPPORT_TLS=yes
|
||||
+SUPPORT_TLS=yes
|
||||
|
||||
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
|
||||
-# USE_OPENSSL_PC=openssl
|
||||
-# TLS_LIBS=-lssl -lcrypto
|
||||
+TLS_INCLUDE=-I/usr/kerberos/include
|
||||
+TLS_LIBS=-lssl -lcrypto
|
||||
|
||||
# Uncomment the first and either the second or the third of these if you
|
||||
# are using GnuTLS. If you have pkg-config, then the second, else the third.
|
||||
@@ -818,7 +817,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||
# Once you have done this, "make install" will build the info files and
|
||||
# install them in the directory you have defined.
|
||||
|
||||
-# INFO_DIRECTORY=/usr/share/info
|
||||
+INFO_DIRECTORY=/usr/share/info
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -831,7 +830,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
||||
# to form the final file names. Some installations may want something like this:
|
||||
|
||||
-# LOG_FILE_PATH=/var/log/exim_%slog
|
||||
+LOG_FILE_PATH=/var/log/exim/%s.log
|
||||
|
||||
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
||||
# in which the log files are placed must exist; Exim does not try to create
|
||||
@@ -903,7 +902,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
||||
# Perl costs quite a lot of resources. Only do this if you really need it.
|
||||
|
||||
-# EXIM_PERL=perl.o
|
||||
+EXIM_PERL=perl.o
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -913,7 +912,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# that the local_scan API is made available by the linker. You may also need
|
||||
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
||||
|
||||
-# EXPAND_DLFUNC=yes
|
||||
+EXPAND_DLFUNC=yes
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -923,7 +922,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# support, which is intended for use in conjunction with the SMTP AUTH
|
||||
# facilities, is included only when requested by the following setting:
|
||||
|
||||
-# SUPPORT_PAM=yes
|
||||
+SUPPORT_PAM=yes
|
||||
|
||||
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
||||
# GNU/Linux -ldl is also needed.
|
||||
@@ -1021,7 +1020,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# group. Once you have installed saslauthd, you should arrange for it to be
|
||||
# started by root at boot time.
|
||||
|
||||
-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
|
||||
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -1034,9 +1033,9 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# You may well also have to specify a local "include" file and an additional
|
||||
# library for TCP wrappers, so you probably need something like this:
|
||||
#
|
||||
-# USE_TCP_WRAPPERS=yes
|
||||
-# CFLAGS=-O -I/usr/local/include
|
||||
-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
|
||||
+USE_TCP_WRAPPERS=yes
|
||||
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
|
||||
+EXTRALIBS_EXIM=-lwrap -lpam -ldl -export-dynamic -rdynamic
|
||||
#
|
||||
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
||||
# as well.
|
||||
@@ -1088,7 +1087,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||
# is "yes", as well as supporting line editing, a history of input lines in the
|
||||
# current run is maintained.
|
||||
|
||||
-# USE_READLINE=yes
|
||||
+USE_READLINE=yes
|
||||
|
||||
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
||||
# Note that this option adds to the size of the Exim binary, because the
|
||||
@@ -1098,7 +1097,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||
#------------------------------------------------------------------------------
|
||||
# Uncomment this setting to include IPv6 support.
|
||||
|
||||
-# HAVE_IPV6=yes
|
||||
+HAVE_IPV6=yes
|
||||
|
||||
###############################################################################
|
||||
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
||||
@@ -1119,13 +1118,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||
# haven't got Perl, Exim will still build and run; you just won't be able to
|
||||
# use those utilities.
|
||||
|
||||
-# CHOWN_COMMAND=/usr/bin/chown
|
||||
-# CHGRP_COMMAND=/usr/bin/chgrp
|
||||
-# CHMOD_COMMAND=/usr/bin/chmod
|
||||
-# MV_COMMAND=/bin/mv
|
||||
-# RM_COMMAND=/bin/rm
|
||||
-# TOUCH_COMMAND=/usr/bin/touch
|
||||
-# PERL_COMMAND=/usr/bin/perl
|
||||
+CHOWN_COMMAND=/usr/bin/chown
|
||||
+CHGRP_COMMAND=/usr/bin/chgrp
|
||||
+CHMOD_COMMAND=/usr/bin/chmod
|
||||
+MV_COMMAND=/usr/bin/mv
|
||||
+RM_COMMAND=/usr/bin/rm
|
||||
+TOUCH_COMMAND=/usr/bin/touch
|
||||
+PERL_COMMAND=/usr/bin/perl
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -1327,7 +1326,7 @@ EXIM_TMPDIR="/tmp"
|
||||
# (process id) to a file so that it can easily be identified. The path of the
|
||||
# file can be specified here. Some installations may want something like this:
|
||||
|
||||
-# PID_FILE_PATH=/var/lock/exim.pid
|
||||
+PID_FILE_PATH=/var/run/exim.pid
|
||||
|
||||
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
|
||||
# using the name "exim-daemon.pid".
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
diff --git a/src/configure.default b/src/configure.default
|
||||
--- a/src/configure.default
|
||||
+++ b/src/configure.default
|
||||
@@ -357,8 +357,8 @@ timeout_frozen_after = 7d
|
||||
# Note that TZ is handled separately by the timezone runtime option
|
||||
# and TIMEZONE_DEFAULT buildtime option.
|
||||
|
||||
-# keep_environment = ^LDAP
|
||||
-# add_environment = PATH=/usr/bin::/bin
|
||||
+keep_environment = ^LDAP
|
||||
+add_environment = PATH=/usr/bin::/bin
|
||||
|
||||
|
||||
|
||||
|
|
@ -1,73 +0,0 @@
|
|||
diff --git a/src/lookups/mysql.c b/src/lookups/mysql.c
|
||||
index 5cf15af..b5133bc 100644
|
||||
--- a/src/lookups/mysql.c
|
||||
+++ b/src/lookups/mysql.c
|
||||
@@ -14,6 +14,53 @@ functions. */
|
||||
|
||||
#include <mysql.h> /* The system header */
|
||||
|
||||
+/* We define symbols for *_VERSION_ID (numeric), *_VERSION_STR (char*)
|
||||
+and *_BASE_STR (char*). It's a bit of guesswork. Especially for mariadb
|
||||
+with versions before 10.2, as they do not define there there specific symbols.
|
||||
+*/
|
||||
+
|
||||
+// Newer (>= 10.2) MariaDB
|
||||
+#if defined MARIADB_VERSION_ID
|
||||
+#define EXIM_MxSQL_VERSION_ID MARIADB_VERSION_ID
|
||||
+
|
||||
+// MySQL defines MYSQL_VERSION_ID, and MariaDB does so
|
||||
+// https://dev.mysql.com/doc/refman/5.7/en/c-api-server-client-versions.html
|
||||
+#elif defined LIBMYSQL_VERSION_ID
|
||||
+#define EXIM_MxSQL_VERSION_ID LIBMYSQL_VERSION_ID
|
||||
+#elif defined MYSQL_VERSION_ID
|
||||
+#define EXIM_MxSQL_VERSION_ID MYSQL_VERSION_ID
|
||||
+
|
||||
+#else
|
||||
+#define EXIM_MYSQL_VERSION_ID 0
|
||||
+#endif
|
||||
+
|
||||
+// Newer (>= 10.2) MariaDB
|
||||
+#ifdef MARIADB_CLIENT_VERSION_STR
|
||||
+#define EXIM_MxSQL_VERSION_STR MARIADB_CLIENT_VERSION_STR
|
||||
+
|
||||
+// Mysql uses MYSQL_SERVER_VERSION
|
||||
+#elif defined LIBMYSQL_VERSION
|
||||
+#define EXIM_MxSQL_VERSION_STR LIBMYSQL_VERSION
|
||||
+#elif defined MYSQL_SERVER_VERSION
|
||||
+#define EXIM_MxSQL_VERSION_STR MYSQL_SERVER_VERSION
|
||||
+
|
||||
+#else
|
||||
+#define EXIM_MxSQL_VERSION_STR "N.A."
|
||||
+#endif
|
||||
+
|
||||
+#if defined MARIADB_BASE_VERSION
|
||||
+#define EXIM_MxSQL_BASE_STR MARIADB_BASE_VERSION
|
||||
+
|
||||
+#elif defined MARIADB_PACKAGE_VERSION
|
||||
+#define EXIM_MxSQL_BASE_STR "mariadb"
|
||||
+
|
||||
+#elif defined MYSQL_BASE_VERSION
|
||||
+#define EXIM_MxSQL_BASE_STR MYSQL_BASE_VERSION
|
||||
+
|
||||
+#else
|
||||
+#define EXIM_MxSQL_BASE_STR "n.A."
|
||||
+#endif
|
||||
+
|
||||
|
||||
/* Structure and anchor for caching connections. */
|
||||
|
||||
@@ -432,10 +479,10 @@ return quoted;
|
||||
void
|
||||
mysql_version_report(FILE *f)
|
||||
{
|
||||
-fprintf(f, "Library version: MySQL: Compile: %s [%s]\n"
|
||||
- " Runtime: %s\n",
|
||||
- MYSQL_SERVER_VERSION, MYSQL_COMPILATION_COMMENT,
|
||||
- mysql_get_client_info());
|
||||
+fprintf(f, "Library version: MySQL: Compile: %lu %s [%s]\n"
|
||||
+ " Runtime: %lu %s\n",
|
||||
+ (long)EXIM_MxSQL_VERSION_ID, EXIM_MxSQL_VERSION_STR, EXIM_MxSQL_BASE_STR,
|
||||
+ mysql_get_client_version(), mysql_get_client_info());
|
||||
#ifdef DYNLOOKUP
|
||||
fprintf(f, " Exim version %s\n", EXIM_VERSION_STR);
|
||||
#endif
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
|
||||
index 990f884..d1ef114 100644
|
||||
index dfb2fa8..58c30f7 100644
|
||||
--- a/OS/Makefile-Linux
|
||||
+++ b/OS/Makefile-Linux
|
||||
@@ -24,8 +24,8 @@ LIBRESOLV = -lresolv
|
||||
@@ -27,8 +27,8 @@ LIBRESOLV = -lresolv
|
||||
|
||||
X11=/usr/X11R6
|
||||
XINCLUDE=-I$(X11)/include
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
diff --git a/src/drtables.c b/src/drtables.c
|
||||
index 513ef6c..3fa5c92 100644
|
||||
--- a/src/drtables.c
|
||||
+++ b/src/drtables.c
|
||||
@@ -736,7 +736,7 @@ else
|
||||
{
|
||||
char * name = ent->d_name;
|
||||
int len = (int)strlen(name);
|
||||
- if (regex_match(regex_islookupmod, US name, len, NUL))
|
||||
+ if (regex_match(regex_islookupmod, US name, len, NULL))
|
||||
{
|
||||
int pathnamelen = len + (int)strlen(LOOKUP_MODULE_DIR) + 2;
|
||||
void *dl;
|
||||
|
|
@ -0,0 +1,815 @@
|
|||
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
|
||||
index ed77b6a..b9eb64d 100755
|
||||
--- a/scripts/Configure-Makefile
|
||||
+++ b/scripts/Configure-Makefile
|
||||
@@ -317,7 +317,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
||||
|
||||
mv $mft $mftt
|
||||
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
|
||||
- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
|
||||
+ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
|
||||
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
|
||||
echo "" >>$mft
|
||||
cat $mftt >> $mft
|
||||
diff --git a/src/EDITME b/src/EDITME
|
||||
index 53022e5..cf0b33e 100644
|
||||
--- a/src/EDITME
|
||||
+++ b/src/EDITME
|
||||
@@ -99,7 +99,7 @@
|
||||
# /usr/local/sbin. The installation script will try to create this directory,
|
||||
# and any superior directories, if they do not exist.
|
||||
|
||||
-BIN_DIRECTORY=/usr/exim/bin
|
||||
+BIN_DIRECTORY=/usr/sbin
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -115,7 +115,7 @@ BIN_DIRECTORY=/usr/exim/bin
|
||||
# don't exist. It will also install a default runtime configuration if this
|
||||
# file does not exist.
|
||||
|
||||
-CONFIGURE_FILE=/usr/exim/configure
|
||||
+CONFIGURE_FILE=/etc/exim/exim.conf
|
||||
|
||||
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
|
||||
# In this case, Exim will use the first of them that exists when it is run.
|
||||
@@ -132,7 +132,7 @@ CONFIGURE_FILE=/usr/exim/configure
|
||||
# deliveries. (Local deliveries run as various non-root users, typically as the
|
||||
# owner of a local mailbox.) Specifying these values as root is not supported.
|
||||
|
||||
-EXIM_USER=
|
||||
+EXIM_USER=93
|
||||
|
||||
# If you specify EXIM_USER as a name, this is looked up at build time, and the
|
||||
# uid number is built into the binary. However, you can specify that this
|
||||
@@ -153,7 +153,7 @@ EXIM_USER=
|
||||
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
|
||||
# you want to use a group other than the default group for the given user.
|
||||
|
||||
-# EXIM_GROUP=
|
||||
+EXIM_GROUP=93
|
||||
|
||||
# Many sites define a user called "exim", with an appropriate default group,
|
||||
# and use
|
||||
@@ -210,10 +210,10 @@ SPOOL_DIRECTORY=/var/spool/exim
|
||||
# If you are building with TLS, the library configuration must be done:
|
||||
|
||||
# Uncomment this if you are using OpenSSL
|
||||
-# USE_OPENSSL=yes
|
||||
+USE_OPENSSL=yes
|
||||
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
|
||||
# and an optional location.
|
||||
-# USE_OPENSSL_PC=openssl
|
||||
+USE_OPENSSL_PC=openssl
|
||||
# TLS_LIBS=-lssl -lcrypto
|
||||
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
|
||||
|
||||
@@ -340,7 +340,7 @@ TRANSPORT_SMTP=yes
|
||||
# This one is special-purpose, and commonly not required, so it is not
|
||||
# included by default.
|
||||
|
||||
-# TRANSPORT_LMTP=yes
|
||||
+TRANSPORT_LMTP=yes
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -349,9 +349,9 @@ TRANSPORT_SMTP=yes
|
||||
# MBX, is included only when requested. If you do not know what this is about,
|
||||
# leave these settings commented out.
|
||||
|
||||
-# SUPPORT_MAILDIR=yes
|
||||
-# SUPPORT_MAILSTORE=yes
|
||||
-# SUPPORT_MBX=yes
|
||||
+SUPPORT_MAILDIR=yes
|
||||
+SUPPORT_MAILSTORE=yes
|
||||
+SUPPORT_MBX=yes
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -409,22 +409,28 @@ LOOKUP_DBM=yes
|
||||
LOOKUP_LSEARCH=yes
|
||||
LOOKUP_DNSDB=yes
|
||||
|
||||
-# LOOKUP_CDB=yes
|
||||
-# LOOKUP_DSEARCH=yes
|
||||
+LOOKUP_CDB=yes
|
||||
+LOOKUP_DSEARCH=yes
|
||||
# LOOKUP_IBASE=yes
|
||||
# LOOKUP_JSON=yes
|
||||
-# LOOKUP_LDAP=yes
|
||||
+LOOKUP_LDAP=yes
|
||||
+LDAP_LIB_TYPE=OPENLDAP2
|
||||
+LOOKUP_LIBS=-lldap -llber -lsqlite3
|
||||
# LOOKUP_LMDB=yes
|
||||
|
||||
-# LOOKUP_MYSQL=yes
|
||||
-# LOOKUP_MYSQL_PC=mariadb
|
||||
-# LOOKUP_NIS=yes
|
||||
+LOOKUP_MYSQL=2
|
||||
+LOOKUP_MYSQL_PC=mariadb
|
||||
+LOOKUP_NIS=yes
|
||||
# LOOKUP_NISPLUS=yes
|
||||
+CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc
|
||||
+LIBS+=-L/usr/$(_lib)/nsl
|
||||
+
|
||||
# LOOKUP_ORACLE=yes
|
||||
-# LOOKUP_PASSWD=yes
|
||||
-# LOOKUP_PGSQL=yes
|
||||
+LOOKUP_PASSWD=yes
|
||||
+LOOKUP_PGSQL=2
|
||||
+LOOKUP_PGSQL_LIBS=-lpq
|
||||
# LOOKUP_REDIS=yes
|
||||
-# LOOKUP_SQLITE=yes
|
||||
+LOOKUP_SQLITE=yes
|
||||
# LOOKUP_SQLITE_PC=sqlite3
|
||||
# LOOKUP_WHOSON=yes
|
||||
|
||||
@@ -437,7 +443,7 @@ LOOKUP_DNSDB=yes
|
||||
|
||||
|
||||
# Some platforms may need this for LOOKUP_NIS:
|
||||
-# LIBS += -lnsl
|
||||
+LIBS += -lnsl
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
|
||||
@@ -511,7 +517,7 @@ SUPPORT_DANE=yes
|
||||
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
|
||||
# local OS-specific make files.
|
||||
|
||||
-# EXIM_MONITOR=eximon.bin
|
||||
+EXIM_MONITOR=eximon.bin
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -521,7 +527,7 @@ SUPPORT_DANE=yes
|
||||
# and the MIME ACL. Please read the documentation to learn more about these
|
||||
# features.
|
||||
|
||||
-# WITH_CONTENT_SCAN=yes
|
||||
+WITH_CONTENT_SCAN=yes
|
||||
|
||||
# If you have content scanning you may wish to only include some of the scanner
|
||||
# interfaces. Uncomment any of these lines to remove that code.
|
||||
@@ -604,12 +610,12 @@ DISABLE_MAL_MKS=yes
|
||||
# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
|
||||
# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken;
|
||||
# 1.3.2-3 works. I seems that the OpenDMARC project broke their API.
|
||||
-# SUPPORT_DMARC=yes
|
||||
+SUPPORT_DMARC=yes
|
||||
# CFLAGS += -I/usr/local/include
|
||||
-# LDFLAGS += -lopendmarc
|
||||
+LDFLAGS += -lopendmarc
|
||||
# Uncomment the following if you need to change the default. You can
|
||||
# override it at runtime (main config option dmarc_tld_file)
|
||||
-# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
|
||||
+DMARC_TLD_FILE=/usr/share/publicsuffix/public_suffix_list.dat
|
||||
|
||||
# Uncomment the following line to add ARC (Authenticated Received Chain)
|
||||
# support. You must have SPF and DKIM support enabled also.
|
||||
@@ -709,7 +715,7 @@ FIXED_NEVER_USERS=root
|
||||
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
||||
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
||||
|
||||
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
|
||||
+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -754,18 +760,18 @@ FIXED_NEVER_USERS=root
|
||||
# included in the Exim binary. You will then need to set up the run time
|
||||
# configuration to make use of the mechanism(s) selected.
|
||||
|
||||
-# AUTH_CRAM_MD5=yes
|
||||
-# AUTH_CYRUS_SASL=yes
|
||||
-# AUTH_DOVECOT=yes
|
||||
+AUTH_CRAM_MD5=yes
|
||||
+AUTH_CYRUS_SASL=yes
|
||||
+AUTH_DOVECOT=yes
|
||||
# AUTH_EXTERNAL=yes
|
||||
-# AUTH_GSASL=yes
|
||||
-# AUTH_GSASL_PC=libgsasl
|
||||
+AUTH_GSASL=yes
|
||||
+AUTH_GSASL_PC=libgsasl
|
||||
# AUTH_HEIMDAL_GSSAPI=yes
|
||||
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
|
||||
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
|
||||
-# AUTH_PLAINTEXT=yes
|
||||
-# AUTH_SPA=yes
|
||||
-# AUTH_TLS=yes
|
||||
+AUTH_PLAINTEXT=yes
|
||||
+AUTH_SPA=yes
|
||||
+AUTH_TLS=yes
|
||||
|
||||
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
|
||||
# requires multiple pkg-config files to work with Exim, so the second example
|
||||
@@ -792,7 +798,7 @@ FIXED_NEVER_USERS=root
|
||||
# one that is set in the headers_charset option. The default setting is
|
||||
# defined by this setting:
|
||||
|
||||
-HEADERS_CHARSET="ISO-8859-1"
|
||||
+HEADERS_CHARSET="UTF-8"
|
||||
|
||||
# If you are going to make use of $header_xxx expansions in your configuration
|
||||
# file, or if your users are going to use them in filter files, and the normal
|
||||
@@ -812,7 +818,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||
# the Sieve filter support. For those OS where iconv() is known to be installed
|
||||
# as standard, the file in OS/Makefile-xxxx contains
|
||||
#
|
||||
-# HAVE_ICONV=yes
|
||||
+HAVE_ICONV=yes
|
||||
#
|
||||
# If you are not using one of those systems, but have installed iconv(), you
|
||||
# need to uncomment that line above. In some cases, you may find that iconv()
|
||||
@@ -888,7 +894,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||
# Once you have done this, "make install" will build the info files and
|
||||
# install them in the directory you have defined.
|
||||
|
||||
-# INFO_DIRECTORY=/usr/share/info
|
||||
+INFO_DIRECTORY=/usr/share/info
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -901,7 +907,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
||||
# to form the final file names. Some installations may want something like this:
|
||||
|
||||
-# LOG_FILE_PATH=/var/log/exim_%slog
|
||||
+LOG_FILE_PATH=/var/log/exim/%s.log
|
||||
|
||||
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
||||
# in which the log files are placed must exist; Exim does not try to create
|
||||
@@ -973,7 +979,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
||||
# Perl costs quite a lot of resources. Only do this if you really need it.
|
||||
|
||||
-# EXIM_PERL=perl.o
|
||||
+EXIM_PERL=perl.o
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -983,7 +989,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# that the local_scan API is made available by the linker. You may also need
|
||||
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
||||
|
||||
-# EXPAND_DLFUNC=yes
|
||||
+EXPAND_DLFUNC=yes
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -993,7 +999,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# support, which is intended for use in conjunction with the SMTP AUTH
|
||||
# facilities, is included only when requested by the following setting:
|
||||
|
||||
-# SUPPORT_PAM=yes
|
||||
+SUPPORT_PAM=yes
|
||||
|
||||
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
||||
# GNU/Linux -ldl is also needed.
|
||||
@@ -1005,12 +1011,12 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# If you may want to use outbound (client-side) proxying, using Socks5,
|
||||
# uncomment the line below.
|
||||
|
||||
-# SUPPORT_SOCKS=yes
|
||||
+SUPPORT_SOCKS=yes
|
||||
|
||||
# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
|
||||
# uncomment the line below.
|
||||
|
||||
-# SUPPORT_PROXY=yes
|
||||
+SUPPORT_PROXY=yes
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -1034,9 +1040,9 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# installed on your system (www.libspf2.org). Depending on where it is installed
|
||||
# you may have to edit the CFLAGS and LDFLAGS lines.
|
||||
|
||||
-# SUPPORT_SPF=yes
|
||||
+SUPPORT_SPF=yes
|
||||
# CFLAGS += -I/usr/local/include
|
||||
-# LDFLAGS += -lspf2
|
||||
+LDFLAGS += -lspf2
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -1101,7 +1107,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# group. Once you have installed saslauthd, you should arrange for it to be
|
||||
# started by root at boot time.
|
||||
|
||||
-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
|
||||
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -1115,8 +1121,8 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||
# library for TCP wrappers, so you probably need something like this:
|
||||
#
|
||||
# USE_TCP_WRAPPERS=yes
|
||||
-# CFLAGS=-O -I/usr/local/include
|
||||
-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
|
||||
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
|
||||
+EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
|
||||
#
|
||||
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
||||
# as well.
|
||||
@@ -1168,7 +1174,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||
# is "yes", as well as supporting line editing, a history of input lines in the
|
||||
# current run is maintained.
|
||||
|
||||
-# USE_READLINE=yes
|
||||
+USE_READLINE=yes
|
||||
|
||||
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
||||
# Note that this option adds to the size of the Exim binary, because the
|
||||
@@ -1185,7 +1191,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||
#------------------------------------------------------------------------------
|
||||
# Uncomment this setting to include IPv6 support.
|
||||
|
||||
-# HAVE_IPV6=yes
|
||||
+HAVE_IPV6=yes
|
||||
|
||||
###############################################################################
|
||||
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
||||
@@ -1206,13 +1212,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||
# haven't got Perl, Exim will still build and run; you just won't be able to
|
||||
# use those utilities.
|
||||
|
||||
-# CHOWN_COMMAND=/usr/bin/chown
|
||||
-# CHGRP_COMMAND=/usr/bin/chgrp
|
||||
-# CHMOD_COMMAND=/usr/bin/chmod
|
||||
-# MV_COMMAND=/bin/mv
|
||||
-# RM_COMMAND=/bin/rm
|
||||
-# TOUCH_COMMAND=/usr/bin/touch
|
||||
-# PERL_COMMAND=/usr/bin/perl
|
||||
+CHOWN_COMMAND=/usr/bin/chown
|
||||
+CHGRP_COMMAND=/usr/bin/chgrp
|
||||
+CHMOD_COMMAND=/usr/bin/chmod
|
||||
+MV_COMMAND=/usr/bin/mv
|
||||
+RM_COMMAND=/usr/bin/rm
|
||||
+TOUCH_COMMAND=/usr/bin/touch
|
||||
+PERL_COMMAND=/usr/bin/perl
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@@ -1414,7 +1420,7 @@ EXIM_TMPDIR="/tmp"
|
||||
# (process id) to a file so that it can easily be identified. The path of the
|
||||
# file can be specified here. Some installations may want something like this:
|
||||
|
||||
-# PID_FILE_PATH=/var/lock/exim.pid
|
||||
+PID_FILE_PATH=/var/run/exim.pid
|
||||
|
||||
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
|
||||
# using the name "exim-daemon.pid".
|
||||
diff --git a/src/configure.default b/src/configure.default
|
||||
index 3761daf..a5d3718 100644
|
||||
--- a/src/configure.default
|
||||
+++ b/src/configure.default
|
||||
@@ -67,7 +67,7 @@
|
||||
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
|
||||
# are all colon-separated lists:
|
||||
|
||||
-domainlist local_domains = @
|
||||
+domainlist local_domains = @ : localhost : localhost.localdomain
|
||||
domainlist relay_to_domains =
|
||||
hostlist relay_from_hosts = localhost
|
||||
# (We rely upon hostname resolution working for localhost, because the default
|
||||
@@ -119,11 +119,13 @@ hostlist relay_from_hosts = localhost
|
||||
# manual for details. The lists above are used in the access control lists for
|
||||
# checking incoming messages. The names of these ACLs are defined here:
|
||||
|
||||
+acl_smtp_mail = acl_check_mail
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
.ifdef _HAVE_PRDR
|
||||
acl_smtp_data_prdr = acl_check_prdr
|
||||
.endif
|
||||
acl_smtp_data = acl_check_data
|
||||
+acl_smtp_mime = acl_check_mime
|
||||
|
||||
# You should not change those settings until you understand how ACLs work.
|
||||
|
||||
@@ -136,7 +138,7 @@ acl_smtp_data = acl_check_data
|
||||
# of what to set for other virus scanners. The second modification is in the
|
||||
# acl_check_data access control list (see below).
|
||||
|
||||
-# av_scanner = clamd:/tmp/clamd
|
||||
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
|
||||
|
||||
|
||||
# For spam scanning, there is a similar option that defines the interface to
|
||||
@@ -147,6 +149,12 @@ acl_smtp_data = acl_check_data
|
||||
# spamd_address = 127.0.0.1 783
|
||||
|
||||
|
||||
+# Set the default sqlite database file for greylisting. Uncomment this
|
||||
+# if you use the greylisting ACLs defined below.
|
||||
+
|
||||
+# sqlite_dbfile = /var/spool/exim/db/greylist.db
|
||||
+
|
||||
+
|
||||
# If Exim is compiled with support for TLS, you may want to change the
|
||||
# following option so that Exim disallows certain clients from makeing encrypted
|
||||
# connections. The default is to allow all.
|
||||
@@ -157,7 +165,7 @@ acl_smtp_data = acl_check_data
|
||||
|
||||
# This is equivalent to the default.
|
||||
|
||||
-# tls_advertise_hosts = *
|
||||
+tls_advertise_hosts = *
|
||||
|
||||
# Specify the location of the Exim server's TLS certificate and private key.
|
||||
# The private key must not be encrypted (password protected). You can put
|
||||
@@ -165,8 +173,8 @@ acl_smtp_data = acl_check_data
|
||||
# need the first setting, or in separate files, in which case you need both
|
||||
# options.
|
||||
|
||||
-# tls_certificate = /etc/ssl/exim.crt
|
||||
-# tls_privatekey = /etc/ssl/exim.pem
|
||||
+tls_certificate = /etc/pki/tls/certs/exim.pem
|
||||
+tls_privatekey = /etc/pki/tls/private/exim.pem
|
||||
|
||||
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
|
||||
.ifdef _HAVE_OPENSSL
|
||||
@@ -189,8 +197,8 @@ tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
|
||||
# them you should also allow TLS-on-connect on the traditional but
|
||||
# non-standard port 465.
|
||||
|
||||
-# daemon_smtp_ports = 25 : 465 : 587
|
||||
-# tls_on_connect_ports = 465
|
||||
+daemon_smtp_ports = 25 : 465 : 587
|
||||
+tls_on_connect_ports = 465
|
||||
|
||||
|
||||
# Specify the domain you want to be added to all unqualified addresses
|
||||
@@ -248,6 +256,24 @@ never_users = root
|
||||
|
||||
host_lookup = *
|
||||
|
||||
+# This setting, if uncommented, allows users to authenticate using
|
||||
+# their system passwords against saslauthd if they connect over a
|
||||
+# secure connection. If you have network logins such as NIS or
|
||||
+# Kerberos rather than only local users, then you possibly also want
|
||||
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
|
||||
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
|
||||
+# allows them to relay through the system.
|
||||
+#
|
||||
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
|
||||
+#
|
||||
+# By default, we set this option to allow SMTP AUTH from nowhere
|
||||
+# (Exim's default would be to allow it from anywhere, even on an
|
||||
+# unencrypted connection).
|
||||
+#
|
||||
+# Comment this one out if you uncomment the above. Did you make sure
|
||||
+# saslauthd is actually running first?
|
||||
+#
|
||||
+auth_advertise_hosts =
|
||||
|
||||
# The setting below causes Exim to try to initialize the system resolver
|
||||
# library with DNSSEC support. It has no effect if your library lacks
|
||||
@@ -378,8 +404,8 @@ timeout_frozen_after = 7d
|
||||
# Note that TZ is handled separately by the timezone runtime option
|
||||
# and TIMEZONE_DEFAULT buildtime option.
|
||||
|
||||
-# keep_environment = ^LDAP
|
||||
-# add_environment = PATH=/usr/bin::/bin
|
||||
+keep_environment = ^LDAP
|
||||
+add_environment = PATH=/usr/bin::/bin
|
||||
|
||||
|
||||
|
||||
@@ -390,6 +416,29 @@ timeout_frozen_after = 7d
|
||||
|
||||
begin acl
|
||||
|
||||
+
|
||||
+# This access control list is used for the MAIL command in an incoming
|
||||
+# SMTP message.
|
||||
+
|
||||
+acl_check_mail:
|
||||
+
|
||||
+ # Hosts are required to say HELO (or EHLO) before sending mail.
|
||||
+ # So don't allow them to use the MAIL command if they haven't
|
||||
+ # done so.
|
||||
+
|
||||
+ deny condition = ${if eq{$sender_helo_name}{} {1}}
|
||||
+ message = Nice boys say HELO first
|
||||
+
|
||||
+ # Use the lack of reverse DNS to trigger greylisting. Some people
|
||||
+ # even reject for it but that would be a little excessive.
|
||||
+
|
||||
+ warn condition = ${if eq{$sender_host_name}{} {1}}
|
||||
+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
|
||||
+
|
||||
+ accept
|
||||
+
|
||||
+
|
||||
+
|
||||
# This access control list is used for every RCPT command in an incoming
|
||||
# SMTP message. The tests are run in order until the address is either
|
||||
# accepted or denied.
|
||||
@@ -401,6 +450,7 @@ acl_check_rcpt:
|
||||
|
||||
accept hosts = :
|
||||
control = dkim_disable_verify
|
||||
+ control = dmarc_disable_verify
|
||||
|
||||
#############################################################################
|
||||
# The following section of the ACL is concerned with local parts that contain
|
||||
@@ -454,7 +504,8 @@ acl_check_rcpt:
|
||||
accept local_parts = postmaster
|
||||
domains = +local_domains
|
||||
|
||||
- # Deny unless the sender address can be verified.
|
||||
+ # Deny unless the sender address can be routed. For proper verification of the
|
||||
+ # address, read the documentation on callouts and add the /callout modifier.
|
||||
|
||||
require verify = sender
|
||||
|
||||
@@ -494,6 +545,7 @@ acl_check_rcpt:
|
||||
accept hosts = +relay_from_hosts
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
+ control = dmarc_disable_verify
|
||||
|
||||
# Accept if the message arrived over an authenticated connection, from
|
||||
# any host. Again, these messages are usually from MUAs, so recipient
|
||||
@@ -503,6 +555,7 @@ acl_check_rcpt:
|
||||
accept authenticated = *
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
+ control = dmarc_disable_verify
|
||||
|
||||
# Insist that any other recipient address that we accept is either in one of
|
||||
# our local domains, or is in a domain for which we explicitly allow
|
||||
@@ -523,7 +576,8 @@ acl_check_rcpt:
|
||||
# There are no default checks on DNS black lists because the domains that
|
||||
# contain these lists are changing all the time. However, here are two
|
||||
# examples of how you can get Exim to perform a DNS black list lookup at this
|
||||
- # point. The first one denies, whereas the second just warns.
|
||||
+ # point. The first one denies, whereas the second just warns. The third
|
||||
+ # triggers greylisting for any host in the blacklist.
|
||||
#
|
||||
# deny dnslists = black.list.example
|
||||
# message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
||||
@@ -531,6 +585,10 @@ acl_check_rcpt:
|
||||
# warn dnslists = black.list.example
|
||||
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
||||
# log_message = found in $dnslist_domain
|
||||
+ #
|
||||
+ # warn dnslists = black.list.example
|
||||
+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
|
||||
+ #
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
@@ -557,6 +615,10 @@ acl_check_rcpt:
|
||||
# set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
|
||||
#############################################################################
|
||||
|
||||
+ # Alternatively, greylist for it:
|
||||
+ # warn !verify = csa
|
||||
+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
|
||||
+
|
||||
# At this point, the address has passed all the checks that have been
|
||||
# configured, so we accept it unconditionally.
|
||||
|
||||
@@ -606,21 +668,32 @@ acl_check_data:
|
||||
message = header syntax
|
||||
log_message = header syntax ($acl_verify_message)
|
||||
|
||||
+ # Put simple tests first. A good one is to check for the presence of a
|
||||
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
|
||||
+ # or misconfigured mailer software occasionally omits this from genuine
|
||||
+ # messages too, though -- although it's not hard for the offender to fix
|
||||
+ # after they receive a bounce because of it.
|
||||
+ #
|
||||
+ # deny condition = ${if !def:h_Message-ID: {1}}
|
||||
+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
||||
+ # Most messages without it are spam, so your mail has been rejected.
|
||||
+ #
|
||||
+ # Alternatively if we're feeling more lenient we could just use it to
|
||||
+ # trigger greylisting instead:
|
||||
+
|
||||
+ warn condition = ${if !def:h_Message-ID: {1}}
|
||||
+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
|
||||
+
|
||||
# Deny if the message contains a virus. Before enabling this check, you
|
||||
# must install a virus scanner and set the av_scanner option above.
|
||||
#
|
||||
# deny malware = *
|
||||
# message = This message contains a virus ($malware_name).
|
||||
|
||||
- # Add headers to a message if it is judged to be spam. Before enabling this,
|
||||
- # you must install SpamAssassin. You may also need to set the spamd_address
|
||||
- # option above.
|
||||
+ # Bypass SpamAssassin checks if the message is too large.
|
||||
#
|
||||
- # warn spam = nobody
|
||||
- # add_header = X-Spam_score: $spam_score\n\
|
||||
- # X-Spam_score_int: $spam_score_int\n\
|
||||
- # X-Spam_bar: $spam_bar\n\
|
||||
- # X-Spam_report: $spam_report
|
||||
+ # accept condition = ${if >={$message_size}{100000} {1}}
|
||||
+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
|
||||
|
||||
#############################################################################
|
||||
# No more tests if PRDR was actively used.
|
||||
@@ -634,11 +707,63 @@ acl_check_data:
|
||||
# condition = ...
|
||||
#############################################################################
|
||||
|
||||
+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
|
||||
+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
|
||||
+ # score exceeds the SA system threshold.
|
||||
+ #
|
||||
+ # warn spam = nobody/defer_ok
|
||||
+ # add_header = X-Spam-Flag: YES
|
||||
+ #
|
||||
+ # accept condition = ${if !def:spam_score_int {1}}
|
||||
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
|
||||
+ #
|
||||
+
|
||||
+ # Unconditionally add score and report headers
|
||||
+ #
|
||||
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
|
||||
+ # X-Spam-Report: $spam_report
|
||||
+
|
||||
+ # And reject if the SpamAssassin score is greater than ten
|
||||
+ #
|
||||
+ # deny condition = ${if >{$spam_score_int}{100} {1}}
|
||||
+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
||||
+ # $spam_report
|
||||
+
|
||||
+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
|
||||
+ #
|
||||
+ # warn condition = ${if >{$spam_score_int}{5} {1}}
|
||||
+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
|
||||
+
|
||||
|
||||
- # Accept the message.
|
||||
+ # If you want to greylist _all_ mail rather than only mail which looks like there
|
||||
+ # might be something wrong with it, then you can do this...
|
||||
+ #
|
||||
+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
|
||||
+
|
||||
+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist
|
||||
+ # package which contains this subroutine, and you need to uncomment the bit below
|
||||
+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
|
||||
+ # greylisting will kick in and will defer the mail to check if the sender is a
|
||||
+ # proper mail which which retries, or whether it's a zombie. For more details, see
|
||||
+ # the exim-greylist.conf.inc file itself.
|
||||
+ #
|
||||
+ # require acl = greylist_mail
|
||||
|
||||
accept
|
||||
|
||||
+# To enable the greylisting, also uncomment this line:
|
||||
+# .include /etc/exim/exim-greylist.conf.inc
|
||||
+
|
||||
+acl_check_mime:
|
||||
+
|
||||
+ # File extension filtering.
|
||||
+ deny message = Blacklisted file extension detected
|
||||
+ condition = ${if match \
|
||||
+ {${lc:$mime_filename}} \
|
||||
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
|
||||
+ {1}{0}}
|
||||
+
|
||||
+ accept
|
||||
|
||||
|
||||
######################################################################
|
||||
@@ -740,7 +865,7 @@ system_aliases:
|
||||
driver = redirect
|
||||
allow_fail
|
||||
allow_defer
|
||||
- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
|
||||
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
|
||||
# user = exim
|
||||
file_transport = address_file
|
||||
pipe_transport = address_pipe
|
||||
@@ -778,7 +903,7 @@ userforward:
|
||||
# local_part_suffix = +* : -*
|
||||
# local_part_suffix_optional
|
||||
file = $home/.forward
|
||||
-# allow_filter
|
||||
+ allow_filter
|
||||
no_verify
|
||||
no_expn
|
||||
check_ancestor
|
||||
@@ -786,6 +911,12 @@ userforward:
|
||||
pipe_transport = address_pipe
|
||||
reply_transport = address_reply
|
||||
|
||||
+procmail:
|
||||
+ driver = accept
|
||||
+ check_local_user
|
||||
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
|
||||
+ transport = procmail
|
||||
+ no_verify
|
||||
|
||||
# This router matches local user mailboxes. If the router fails, the error
|
||||
# message is "Unknown user".
|
||||
@@ -826,6 +957,25 @@ remote_smtp:
|
||||
tls_resumption_hosts = *
|
||||
.endif
|
||||
|
||||
+# This transport is used for delivering messages over SMTP using the
|
||||
+# "message submission" port (RFC4409).
|
||||
+
|
||||
+remote_msa:
|
||||
+ driver = smtp
|
||||
+ port = 587
|
||||
+ hosts_require_auth = *
|
||||
+
|
||||
+
|
||||
+# This transport invokes procmail to deliver mail
|
||||
+procmail:
|
||||
+ driver = pipe
|
||||
+ command = "/usr/bin/procmail -d $local_part"
|
||||
+ return_path_add
|
||||
+ delivery_date_add
|
||||
+ envelope_to_add
|
||||
+ user = $local_part
|
||||
+ initgroups
|
||||
+ return_output
|
||||
|
||||
# This transport is used for delivering messages to a smarthost, if the
|
||||
# smarthost router is enabled. This starts from the same basis as
|
||||
@@ -880,8 +1030,8 @@ local_delivery:
|
||||
delivery_date_add
|
||||
envelope_to_add
|
||||
return_path_add
|
||||
-# group = mail
|
||||
-# mode = 0660
|
||||
+ group = mail
|
||||
+ mode = 0660
|
||||
|
||||
|
||||
# This transport is used for handling pipe deliveries generated by alias or
|
||||
@@ -914,6 +1064,16 @@ address_reply:
|
||||
driver = autoreply
|
||||
|
||||
|
||||
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
|
||||
+# socket. You'll need to configure the 'localuser' router above to use it.
|
||||
+#
|
||||
+#lmtp_delivery:
|
||||
+# home_directory = /var/spool/imap
|
||||
+# driver = lmtp
|
||||
+# command = "/usr/lib/cyrus-imapd/deliver -l"
|
||||
+# batch_max = 20
|
||||
+# user = cyrus
|
||||
+
|
||||
|
||||
######################################################################
|
||||
# RETRY CONFIGURATION #
|
||||
@@ -954,6 +1114,21 @@ begin rewrite
|
||||
# AUTHENTICATION CONFIGURATION #
|
||||
######################################################################
|
||||
|
||||
+begin authenticators
|
||||
+
|
||||
+# This authenticator supports CRAM-MD5 username/password authentication
|
||||
+# with Exim acting as a _client_, as it might when sending its outgoing
|
||||
+# mail to a smarthost rather than directly to the final recipient.
|
||||
+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
|
||||
+
|
||||
+#client_auth:
|
||||
+# driver = cram_md5
|
||||
+# public_name = CRAM-MD5
|
||||
+# client_name = SMTPAUTH_USERNAME
|
||||
+# client_secret = SMTPAUTH_PASSWORD
|
||||
+
|
||||
+#
|
||||
+
|
||||
# The following authenticators support plaintext username/password
|
||||
# authentication using the standard PLAIN mechanism and the traditional
|
||||
# but non-standard LOGIN mechanism, with Exim acting as the server.
|
||||
@@ -969,7 +1144,7 @@ begin rewrite
|
||||
# The default RCPT ACL checks for successful authentication, and will accept
|
||||
# messages from authenticated users from anywhere on the Internet.
|
||||
|
||||
-begin authenticators
|
||||
+#
|
||||
|
||||
# PLAIN authentication has no server prompts. The client sends its
|
||||
# credentials in one lump, containing an authorization ID (which we do not
|
||||
@@ -983,7 +1158,7 @@ begin authenticators
|
||||
# driver = plaintext
|
||||
# server_set_id = $auth2
|
||||
# server_prompts = :
|
||||
-# server_condition = Authentication is not yet configured
|
||||
+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
|
||||
# server_advertise_condition = ${if def:tls_in_cipher }
|
||||
|
||||
# LOGIN authentication has traditional prompts and responses. There is no
|
||||
@@ -995,7 +1170,7 @@ begin authenticators
|
||||
# driver = plaintext
|
||||
# server_set_id = $auth1
|
||||
# server_prompts = <| Username: | Password:
|
||||
-# server_condition = Authentication is not yet configured
|
||||
+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
|
||||
# server_advertise_condition = ${if def:tls_in_cipher }
|
||||
|
||||
|
||||
|
|
@ -1,17 +1,19 @@
|
|||
diff --git a/src/EDITME b/src/EDITME
|
||||
index 0caf02d..6957546 100644
|
||||
index cf0b33e..7d4cbf3 100644
|
||||
--- a/src/EDITME
|
||||
+++ b/src/EDITME
|
||||
@@ -802,6 +802,20 @@ TLS_LIBS=-lssl -lcrypto
|
||||
@@ -878,6 +878,21 @@ HAVE_ICONV=yes
|
||||
# *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
+#------------------------------------------------------------------------------
|
||||
+# On systems which support dynamic loading of shared libraries, Exim can
|
||||
+# load a local_scan function specified in its config file instead of having
|
||||
+# to be recompiled with the desired local_scan function. For a full
|
||||
+# description of the API to this function, see the Exim specification.
|
||||
+
|
||||
+DLOPEN_LOCAL_SCAN=yes
|
||||
+HAVE_LOCAL_SCAN=yes
|
||||
+
|
||||
+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
|
||||
+# linker flags. Without it, the loaded .so won't be able to access any
|
||||
|
|
@ -19,17 +21,16 @@ index 0caf02d..6957546 100644
|
|||
+
|
||||
+LFLAGS=-rdynamic -ldl -pie
|
||||
+
|
||||
+#------------------------------------------------------------------------------
|
||||
#------------------------------------------------------------------------------
|
||||
# The default distribution of Exim contains only the plain text form of the
|
||||
# documentation. Other forms are available separately. If you want to install
|
||||
# the documentation in "info" format, first fetch the Texinfo documentation
|
||||
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
||||
index 58e1813..9b18f98 100644
|
||||
index 25ab755..e27a51d 100644
|
||||
--- a/src/config.h.defaults
|
||||
+++ b/src/config.h.defaults
|
||||
@@ -28,6 +28,8 @@ it's a default value. */
|
||||
@@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'.
|
||||
|
||||
#define AUTH_VARS 3
|
||||
#define AUTH_VARS 4
|
||||
|
||||
+#define DLOPEN_LOCAL_SCAN
|
||||
+
|
||||
|
|
@ -37,10 +38,10 @@ index 58e1813..9b18f98 100644
|
|||
|
||||
#define CONFIGURE_FILE
|
||||
diff --git a/src/globals.c b/src/globals.c
|
||||
index 79ac37f..b7d690f 100644
|
||||
index ff246fe..b9dfbbb 100644
|
||||
--- a/src/globals.c
|
||||
+++ b/src/globals.c
|
||||
@@ -167,6 +167,10 @@ uschar *tls_verify_hosts = NULL;
|
||||
@@ -151,6 +151,10 @@ time_t tls_watch_trigger_time = (time_t)0;
|
||||
uschar *tls_advertise_hosts = NULL;
|
||||
#endif
|
||||
|
||||
|
|
@ -52,12 +53,12 @@ index 79ac37f..b7d690f 100644
|
|||
/* Per Recipient Data Response variables */
|
||||
BOOL prdr_enable = FALSE;
|
||||
diff --git a/src/globals.h b/src/globals.h
|
||||
index 340f1ae..4b65781 100644
|
||||
index fe099e4..7530a76 100644
|
||||
--- a/src/globals.h
|
||||
+++ b/src/globals.h
|
||||
@@ -126,6 +126,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */
|
||||
extern uschar *tls_verify_certificates;/* Path for certificates to check */
|
||||
extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
||||
@@ -148,6 +148,11 @@ extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
||||
extern int tls_watch_fd; /* for inotify of creds files */
|
||||
extern time_t tls_watch_trigger_time; /* non-0: triggered */
|
||||
#endif
|
||||
+
|
||||
+#ifdef DLOPEN_LOCAL_SCAN
|
||||
|
|
@ -68,21 +69,25 @@ index 340f1ae..4b65781 100644
|
|||
|
||||
extern uschar *dsn_envid; /* DSN envid string */
|
||||
diff --git a/src/local_scan.c b/src/local_scan.c
|
||||
index 3500047..8599172 100644
|
||||
index 7a3bae7..6ea5d2d 100644
|
||||
--- a/src/local_scan.c
|
||||
+++ b/src/local_scan.c
|
||||
@@ -5,60 +5,131 @@
|
||||
/* Copyright (c) University of Cambridge 1995 - 2009 */
|
||||
@@ -6,59 +6,133 @@
|
||||
/* Copyright (c) The Exim Maintainers 2021 */
|
||||
/* See the file NOTICE for conditions of use and distribution. */
|
||||
|
||||
+#include "exim.h"
|
||||
+#include <local_scan.h>
|
||||
|
||||
-/******************************************************************************
|
||||
-This file contains a template local_scan() function that just returns ACCEPT.
|
||||
-If you want to implement your own version, you should copy this file to, say
|
||||
-Local/local_scan.c, and edit the copy. To use your version instead of the
|
||||
-default, you must set
|
||||
-
|
||||
+#ifdef DLOPEN_LOCAL_SCAN
|
||||
+extern uschar *local_scan_path; /* Path to local_scan() library */
|
||||
+#endif
|
||||
|
||||
-HAVE_LOCAL_SCAN=yes
|
||||
-LOCAL_SCAN_SOURCE=Local/local_scan.c
|
||||
-
|
||||
-in your Local/Makefile. This makes it easy to copy your version for use with
|
||||
|
|
@ -132,8 +137,6 @@ index 3500047..8599172 100644
|
|||
int
|
||||
local_scan(int fd, uschar **return_text)
|
||||
{
|
||||
fd = fd; /* Keep picky compilers happy */
|
||||
return_text = return_text;
|
||||
-return LOCAL_SCAN_ACCEPT;
|
||||
+#ifdef DLOPEN_LOCAL_SCAN
|
||||
+/* local_scan_path is defined AND not the empty string */
|
||||
|
|
@ -165,8 +168,8 @@ index 3500047..8599172 100644
|
|||
+else
|
||||
+#endif
|
||||
+ return LOCAL_SCAN_ACCEPT;
|
||||
}
|
||||
|
||||
+ }
|
||||
+
|
||||
+#ifdef DLOPEN_LOCAL_SCAN
|
||||
+
|
||||
+static int load_local_scan_library(void)
|
||||
|
|
@ -245,22 +248,22 @@ index 3500047..8599172 100644
|
|||
+ }
|
||||
+
|
||||
+return TRUE;
|
||||
+}
|
||||
+
|
||||
}
|
||||
|
||||
+#endif /* DLOPEN_LOCAL_SCAN */
|
||||
+
|
||||
/* End of local_scan.c */
|
||||
diff --git a/src/readconf.c b/src/readconf.c
|
||||
index 790f073..6e88bcd 100644
|
||||
index 06bc50f..6ecb0af 100644
|
||||
--- a/src/readconf.c
|
||||
+++ b/src/readconf.c
|
||||
@@ -318,6 +318,9 @@ static optionlist optionlist_config[] = {
|
||||
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
|
||||
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
|
||||
{ "local_interfaces", opt_stringptr, &local_interfaces },
|
||||
@@ -212,6 +212,9 @@ static optionlist optionlist_config[] = {
|
||||
{ "local_from_prefix", opt_stringptr, {&local_from_prefix} },
|
||||
{ "local_from_suffix", opt_stringptr, {&local_from_suffix} },
|
||||
{ "local_interfaces", opt_stringptr, {&local_interfaces} },
|
||||
+#ifdef DLOPEN_LOCAL_SCAN
|
||||
+ { "local_scan_path", opt_stringptr, &local_scan_path },
|
||||
+#endif
|
||||
{ "local_scan_timeout", opt_time, &local_scan_timeout },
|
||||
{ "local_sender_retain", opt_bool, &local_sender_retain },
|
||||
{ "localhost_number", opt_stringptr, &host_number_string },
|
||||
#ifdef HAVE_LOCAL_SCAN
|
||||
{ "local_scan_timeout", opt_time, {&local_scan_timeout} },
|
||||
#endif
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
diff --git a/src/dmarc.c b/src/dmarc.c
|
||||
index 17bba9d..a218380 100644
|
||||
--- a/src/dmarc.c
|
||||
+++ b/src/dmarc.c
|
||||
@@ -459,7 +459,7 @@ if (!dmarc_abort && !sender_host_authenticated)
|
||||
vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
|
||||
DMARC_POLICY_DKIM_OUTCOME_NONE;
|
||||
libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain,
|
||||
- dkim_result, US"");
|
||||
+ sig->selector, dkim_result, US"");
|
||||
DEBUG(D_receive)
|
||||
debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
|
||||
if (libdm_status != DMARC_PARSE_OKAY)
|
||||
|
|
@ -1,13 +1,13 @@
|
|||
diff --git a/src/lookups/Makefile b/src/lookups/Makefile
|
||||
index 6ba0cb1..21a7ad7 100644
|
||||
index 19585bf..a0d355f 100644
|
||||
--- a/src/lookups/Makefile
|
||||
+++ b/src/lookups/Makefile
|
||||
@@ -22,7 +22,7 @@ lookups.a: $(OBJ)
|
||||
@@ -24,7 +24,7 @@ lookups.a: $(OBJ)
|
||||
$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) $*.c
|
||||
|
||||
.c.so:; @echo "$(CC) -shared $*.c"
|
||||
- $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@
|
||||
+ $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@
|
||||
|
||||
lf_check_file.o: $(PHDRS) lf_check_file.c lf_functions.h
|
||||
lf_quote.o: $(PHDRS) lf_quote.c lf_functions.h
|
||||
lf_check_file.o: $(HDRS) lf_check_file.c lf_functions.h
|
||||
lf_quote.o: $(HDRS) lf_quote.c lf_functions.h
|
||||
|
|
@ -1 +1 @@
|
|||
D /var/run/clamd.exim 0750 exim exim -
|
||||
D /run/clamd.exim 0750 exim exim -
|
||||
|
|
|
|||
|
|
@ -1,11 +1,44 @@
|
|||
# $Id: acl-greylist-sqlite,v 1.3 2007/11/25 19:17:28 dwmw2 Exp $
|
||||
#
|
||||
# Exim ACL for greylisting. David Woodhouse <dwmw2@infradead.org>
|
||||
#
|
||||
# For full background on the logic behind greylisting and how this
|
||||
# ACL works, see https://github.com/Exim/exim/wiki/SimpleGreylisting
|
||||
#
|
||||
|
||||
GREYDB=/var/spool/exim/db/greylist.db
|
||||
# UPDATING TO EXIM 4.94+
|
||||
# ======================
|
||||
#
|
||||
# Previous versions of this ACL specified the sqlite database filename
|
||||
# in the sqlite lookup strings directly, but since Exim 4.94 is it no
|
||||
# longer permitted to mix "tainted" text which comes from the message
|
||||
# itself, with the filename. Thus, you now have to set
|
||||
#
|
||||
# sqlite_dbfile = /var/spool/exim/db/greylist.db
|
||||
#
|
||||
# ... in the main configuration because it can't be specified within
|
||||
# the ACL in this file any more.
|
||||
|
||||
# ACL for greylisting. Place reason(s) for greylisting into a variable named
|
||||
# $acl_m_greylistreasons before invoking with 'require acl = greylist_mail'.
|
||||
# The reasons should be separate lines of text, and will be reported in
|
||||
# the SMTP rejection message as well as the log message.
|
||||
# USING THIS ACL
|
||||
# ==============
|
||||
#
|
||||
# First set sqlite_dbfile in the main configuration file to point to
|
||||
# the greylist sqlite database, as described above.
|
||||
#
|
||||
# In your main ACLs, gather reason(s) for greylisting into a variable
|
||||
# named $acl_m_greylistreasons before invoking this ACL with
|
||||
# 'require acl = greylist_mail'. The reasons should be separate lines
|
||||
# of text, and will be reported in the SMTP rejection message as well
|
||||
# as the log message. Anything "suspicious" about the email can be
|
||||
# used as criteria here — being HTML, having even a few SpamAssassin
|
||||
# points, even lacking SPF authorisation (which is OK for greylisting
|
||||
# although you should never reject outright for an SPF "failure"
|
||||
# because of the flaws in SPF).
|
||||
#
|
||||
# Obviously you need to .include this file too in order to be able
|
||||
# to invoke this greylist_mail ACL.
|
||||
|
||||
# HOW IT WORKS
|
||||
# ============
|
||||
#
|
||||
# When a suspicious mail is seen, we temporarily reject it and wait to see
|
||||
# if the sender tries again. Most spam robots won't bother. Real mail hosts
|
||||
|
|
@ -44,15 +77,13 @@ GREYDB=/var/spool/exim/db/greylist.db
|
|||
#
|
||||
|
||||
greylist_mail:
|
||||
# First, accept if it there's absolutely nothing suspicious about it...
|
||||
accept condition = ${if eq{$acl_m_greylistreasons}{} {1}}
|
||||
# ... or if it was generated locally or by authenticated clients.
|
||||
# Firstly, accept if it was generated locally or by authenticated clients.
|
||||
accept hosts = :
|
||||
accept authenticated = *
|
||||
|
||||
# Secondly, there's _absolutely_ no point in greylisting mail from
|
||||
# hosts which are known to resend their mail. Just accept it.
|
||||
accept condition = ${lookup sqlite {GREYDB SELECT host from resenders \
|
||||
accept condition = ${lookup sqlite {SELECT host from resenders \
|
||||
WHERE helo='${quote_sqlite:$sender_helo_name}' \
|
||||
AND host='$sender_host_address';} {1}}
|
||||
|
||||
|
|
@ -62,15 +93,28 @@ greylist_mail:
|
|||
# Attempt to look up this mail in the greylist database. If it's there,
|
||||
# remember the expiry time for it; we need to make sure they've waited
|
||||
# long enough.
|
||||
warn set acl_m_greyexpiry = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
|
||||
warn set acl_m_greyexpiry = ${lookup sqlite {SELECT expire FROM greylist \
|
||||
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
|
||||
|
||||
|
||||
# If there's absolutely nothing suspicious about the email, accept it. BUT...
|
||||
accept condition = ${if eq {$acl_m_greylistreasons}{} {1}}
|
||||
condition = ${if eq {$acl_m_greyexpiry}{} {1}}
|
||||
|
||||
# ..if this same mail was greylisted before (perhaps because it came from a
|
||||
# host which *was* suspicious), then we still want to mark that original host
|
||||
# as a "known resender". If we don't, then hosts which attempt to deliver from
|
||||
# a dodgy Legacy IP address but then fall back to using IPv6 after greylisting
|
||||
# will *never* see their Legacy IP address added to the 'known resenders' list.
|
||||
accept condition = ${if eq {$acl_m_greylistreasons}{} {1}}
|
||||
acl = write_known_resenders
|
||||
|
||||
# If the mail isn't already the database -- i.e. if the $acl_m_greyexpiry
|
||||
# variable we just looked up is empty -- then try to add it now. This is
|
||||
# where the 5 minute timeout is set ($tod_epoch + 300), should you wish
|
||||
# to change it.
|
||||
warn condition = ${if eq {$acl_m_greyexpiry}{} {1}}
|
||||
set acl_m_dontcare = ${lookup sqlite {GREYDB INSERT INTO greylist \
|
||||
set acl_m_dontcare = ${lookup sqlite {INSERT INTO greylist \
|
||||
VALUES ( '$acl_m_greyident', \
|
||||
'${eval10:$tod_epoch+300}', \
|
||||
'$sender_host_address', \
|
||||
|
|
@ -79,7 +123,7 @@ greylist_mail:
|
|||
# Be paranoid, and check if the insertion succeeded (by doing another lookup).
|
||||
# Otherwise, if there's a database error we might end up deferring for ever.
|
||||
defer condition = ${if eq {$acl_m_greyexpiry}{} {1}}
|
||||
condition = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
|
||||
condition = ${lookup sqlite {SELECT expire FROM greylist \
|
||||
WHERE id='${quote_sqlite:$acl_m_greyident}';} {1}}
|
||||
message = Your mail was considered suspicious for the following reason(s):\n$acl_m_greylistreasons \
|
||||
The mail has been greylisted for 5 minutes, after which it should be accepted. \
|
||||
|
|
@ -105,13 +149,16 @@ greylist_mail:
|
|||
You should wait another ${eval10:$acl_m_greyexpiry-$tod_epoch} seconds.\n\
|
||||
Reason(s) for greylisting: \n$acl_m_greylistreasons
|
||||
|
||||
accept acl = write_known_resenders
|
||||
|
||||
write_known_resenders:
|
||||
# The message was listed but it's been more than five minutes. Accept it now and whitelist
|
||||
# the _original_ sending host by its { IP, HELO } so that we don't delay its mail again.
|
||||
warn set acl_m_orighost = ${lookup sqlite {GREYDB SELECT host FROM greylist \
|
||||
warn set acl_m_orighost = ${lookup sqlite {SELECT host FROM greylist \
|
||||
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
|
||||
set acl_m_orighelo = ${lookup sqlite {GREYDB SELECT helo FROM greylist \
|
||||
set acl_m_orighelo = ${lookup sqlite {SELECT helo FROM greylist \
|
||||
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
|
||||
set acl_m_dontcare = ${lookup sqlite {GREYDB INSERT INTO resenders \
|
||||
set acl_m_dontcare = ${lookup sqlite {INSERT INTO resenders \
|
||||
VALUES ( '$acl_m_orighost', \
|
||||
'${quote_sqlite:$acl_m_orighelo}', \
|
||||
'$tod_epoch' ); }}
|
||||
|
|
|
|||
132
exim.init
132
exim.init
|
|
@ -1,132 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# exim This shell script takes care of starting and stopping exim
|
||||
#
|
||||
# chkconfig: 2345 80 30
|
||||
# description: Exim is a Mail Transport Agent, which is the program \
|
||||
# that moves mail from one machine to another.
|
||||
# processname: exim
|
||||
# config: /etc/exim/exim.conf
|
||||
# pidfile: /var/run/exim.pid
|
||||
|
||||
# Source function library.
|
||||
. /etc/init.d/functions
|
||||
|
||||
# Source networking configuration.
|
||||
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
|
||||
|
||||
# Source exim configureation.
|
||||
if [ -f /etc/sysconfig/exim ] ; then
|
||||
. /etc/sysconfig/exim
|
||||
else
|
||||
DAEMON=yes
|
||||
QUEUE=1h
|
||||
fi
|
||||
|
||||
USER=${USER:=exim}
|
||||
GROUP=${GROUP:=exim}
|
||||
|
||||
gen_cert() {
|
||||
if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
|
||||
umask 077
|
||||
FQDN=`hostname`
|
||||
if [ "x${FQDN}" = "x" ]; then
|
||||
FQDN=localhost.localdomain
|
||||
fi
|
||||
echo -n $"Generating exim certificate: "
|
||||
cat << EOF | openssl req -new -x509 -days 365 -nodes \
|
||||
-out /etc/pki/tls/certs/exim.pem \
|
||||
-keyout /etc/pki/tls/private/exim.pem &>/dev/null
|
||||
--
|
||||
SomeState
|
||||
SomeCity
|
||||
SomeOrganization
|
||||
SomeOrganizationalUnit
|
||||
${FQDN}
|
||||
root@${FQDN}
|
||||
EOF
|
||||
if [ $? -eq 0 ]; then
|
||||
success
|
||||
chown $USER:$GROUP /etc/pki/tls/{private,certs}/exim.pem
|
||||
chmod 600 /etc/pki/tls/{private,certs}/exim.pem
|
||||
else
|
||||
failure
|
||||
fi
|
||||
echo
|
||||
fi
|
||||
}
|
||||
|
||||
start() {
|
||||
[ "$EUID" != "0" ] && exit 4
|
||||
[ "${NETWORKING}" = "no" ] && exit 1
|
||||
[ -f /usr/sbin/exim ] || exit 5
|
||||
|
||||
# check ownerships
|
||||
# do this by seeing if /var/log/exim/main.log exists and is
|
||||
# owned by exim - if owned by someone else we fix it up
|
||||
if [ -f /var/log/exim/main.log ]
|
||||
then
|
||||
if [ "exim" != "`ls -l /var/log/exim/main.log | awk '{print $4}'`" ]
|
||||
then
|
||||
chown -R $USER:$GROUP /var/log/exim /var/spool/exim
|
||||
fi
|
||||
fi
|
||||
|
||||
# generate certificate if doesn't exist
|
||||
gen_cert
|
||||
|
||||
# Start daemons.
|
||||
echo -n $"Starting exim: "
|
||||
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
|
||||
$([ -n "$QUEUE" ] && echo -q$QUEUE)
|
||||
RETVAL=$?
|
||||
echo
|
||||
[ $RETVAL = 0 ] && touch /var/lock/subsys/exim
|
||||
}
|
||||
|
||||
stop() {
|
||||
[ "$EUID" != "0" ] && exit 4
|
||||
# Stop daemons.
|
||||
echo -n $"Shutting down exim: "
|
||||
killproc exim
|
||||
RETVAL=$?
|
||||
echo
|
||||
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/exim
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
# See how we were called.
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
;;
|
||||
stop)
|
||||
stop
|
||||
;;
|
||||
restart)
|
||||
restart
|
||||
;;
|
||||
reload|force-reload)
|
||||
status exim > /dev/null || exit 7
|
||||
echo -n $"Reloading exim:"
|
||||
killproc exim -HUP
|
||||
echo
|
||||
;;
|
||||
condrestart|try-restart)
|
||||
status exim > /dev/null || exit 0
|
||||
restart
|
||||
;;
|
||||
status)
|
||||
status exim
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|restart|reload|force-reload|status|condrestart|try-restart}"
|
||||
exit 2
|
||||
esac
|
||||
|
||||
exit $RETVAL
|
||||
|
||||
459
exim.spec
459
exim.spec
|
|
@ -6,32 +6,28 @@
|
|||
%bcond_without clamav
|
||||
%endif
|
||||
|
||||
%global sysv2systemdnvr 4.76-6
|
||||
|
||||
# hardened build if not overridden
|
||||
%{!?_hardened_build:%global _hardened_build 1}
|
||||
|
||||
Summary: The exim mail transfer agent
|
||||
Name: exim
|
||||
Version: 4.89
|
||||
Release: 7%{?dist}
|
||||
Version: 4.96
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2+
|
||||
Url: http://www.exim.org/
|
||||
Group: System Environment/Daemons
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Url: https://www.exim.org/
|
||||
|
||||
Provides: MTA smtpd smtpdaemon server(smtp)
|
||||
Requires(post): /sbin/chkconfig /sbin/service /sbin/restorecon %{_sbindir}/alternatives systemd systemd-sysv
|
||||
Requires(post): /sbin/restorecon %{_sbindir}/alternatives systemd
|
||||
Requires(preun): %{_sbindir}/alternatives systemd
|
||||
Requires(postun): %{_sbindir}/alternatives systemd
|
||||
Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
|
||||
%if %{with clamav}
|
||||
%if 0%{?fedora} < 23
|
||||
Requires: initscripts
|
||||
BuildRequires: clamd
|
||||
%endif
|
||||
BuildRequires: clamav-devel
|
||||
%endif
|
||||
Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz
|
||||
Source2: exim.init
|
||||
Source: https://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz
|
||||
Source1: https://ftp.exim.org/pub/exim/exim4/%{name}-%{version}.tar.xz.asc
|
||||
Source2: https://downloads.exim.org/Exim-Maintainers-Keyring.asc
|
||||
|
||||
Source3: exim.sysconfig
|
||||
Source4: exim.logrotate
|
||||
Source5: exim-tidydb.sh
|
||||
|
|
@ -46,42 +42,57 @@ Source24: exim.service
|
|||
Source25: exim-gen-cert
|
||||
Source26: clamd.exim.service
|
||||
|
||||
Patch4: exim-4.88-rhl.patch
|
||||
Patch6: exim-4.89-config.patch
|
||||
Patch8: exim-4.82-libdir.patch
|
||||
Patch12: exim-4.88-cyrus.patch
|
||||
Patch13: exim-4.88-pamconfig.patch
|
||||
Patch14: exim-4.87-spamdconf.patch
|
||||
Patch18: exim-4.89-dlopen-localscan.patch
|
||||
Patch19: exim-4.88-procmail.patch
|
||||
Patch20: exim-4.88-allow-filter.patch
|
||||
Patch21: exim-4.87-localhost-is-local.patch
|
||||
Patch22: exim-4.88-greylist-conf.patch
|
||||
Patch23: exim-4.88-smarthost-config.patch
|
||||
Patch25: exim-4.87-dynlookup-config.patch
|
||||
# Upstream ticket: http://bugs.exim.org/show_bug.cgi?id=1584
|
||||
Patch26: exim-4.85-pic.patch
|
||||
Patch27: exim-4.89-environment.patch
|
||||
# Backported from upstream:
|
||||
# https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
|
||||
Patch28: exim-4.89-CVE-2017-1000369.patch
|
||||
# Backported from upstream:
|
||||
# https://git.exim.org/exim.git/commitdiff/14de8063d82edc5bf003ed50abdea55ac542679b
|
||||
Patch29: exim-4.89-calloutsize.patch
|
||||
Patch30: exim-4.89-mariadb-macro-fix.patch
|
||||
Patch31: exim-4.89-CVE-2017-16943.patch
|
||||
Patch0: exim-4.96-config.patch
|
||||
Patch1: exim-4.94-libdir.patch
|
||||
Patch2: exim-4.96-dlopen-localscan.patch
|
||||
Patch3: exim-4.96-pic.patch
|
||||
# https://bugs.exim.org/show_bug.cgi?id=2728
|
||||
Patch4: exim-4.96-opendmarc-1.4-build-fix.patch
|
||||
# https://bugs.exim.org/show_bug.cgi?id=2899
|
||||
Patch5: exim-4.96-build-fix.patch
|
||||
|
||||
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
||||
Requires: /etc/aliases
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
BuildRequires: libdb-devel openssl-devel openldap-devel pam-devel
|
||||
BuildRequires: pcre-devel sqlite-devel tcp_wrappers-devel cyrus-sasl-devel
|
||||
BuildRequires: openldap-devel openssl-devel mariadb-connector-c-devel postgresql-devel
|
||||
BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
|
||||
Recommends: publicsuffix-list
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libdb-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: openldap-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: pcre2-devel
|
||||
BuildRequires: sqlite-devel
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: libspf2-devel
|
||||
BuildRequires: libopendmarc-devel
|
||||
BuildRequires: openldap-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: mariadb-connector-c-devel
|
||||
BuildRequires: libpq-devel
|
||||
BuildRequires: libXaw-devel
|
||||
BuildRequires: libXmu-devel
|
||||
BuildRequires: libXext-devel
|
||||
BuildRequires: libX11-devel
|
||||
BuildRequires: libSM-devel
|
||||
BuildRequires: perl-devel
|
||||
BuildRequires: perl-generators
|
||||
BuildRequires: libICE-devel libXpm-devel libXt-devel perl(ExtUtils::Embed)
|
||||
BuildRequires: systemd-units libgsasl-devel
|
||||
BuildRequires: libICE-devel
|
||||
BuildRequires: libXpm-devel
|
||||
BuildRequires: libXt-devel
|
||||
BuildRequires: perl(ExtUtils::Embed)
|
||||
# mariadb-devel for mariadb pkgconfig
|
||||
BuildRequires: systemd-units
|
||||
BuildRequires: libgsasl-devel
|
||||
BuildRequires: mariadb-devel
|
||||
# Workaround for NIS removal from glibc, bug 1534920
|
||||
BuildRequires: libnsl2-devel
|
||||
BuildRequires: libtirpc-devel
|
||||
BuildRequires: gnupg2
|
||||
BuildRequires: grep
|
||||
%if 0%{?rhel} == 8
|
||||
BuildRequires: epel-rpm-macros >= 8-5
|
||||
%endif
|
||||
BuildRequires: make
|
||||
|
||||
%description
|
||||
Exim is a message transfer agent (MTA) developed at the University of
|
||||
|
|
@ -93,22 +104,8 @@ routed, and there are extensive facilities for checking incoming
|
|||
mail. Exim can be installed in place of sendmail, although the
|
||||
configuration of exim is quite different to that of sendmail.
|
||||
|
||||
%if 0%{?fedora} < 23
|
||||
%package sysvinit
|
||||
Summary: SysV initscript for Exim
|
||||
Group: System Environment/Daemons
|
||||
BuildArch: noarch
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires(preun): chkconfig
|
||||
Requires(post): chkconfig
|
||||
|
||||
%description sysvinit
|
||||
This package contains the SysV initscript for Exim.
|
||||
%endif
|
||||
|
||||
%package mysql
|
||||
Summary: MySQL lookup support for Exim
|
||||
Group: System Environment/Daemons
|
||||
Requires: exim = %{version}-%{release}
|
||||
|
||||
%description mysql
|
||||
|
|
@ -116,7 +113,6 @@ This package contains the MySQL lookup module for Exim
|
|||
|
||||
%package pgsql
|
||||
Summary: PostgreSQL lookup support for Exim
|
||||
Group: System Environment/Daemons
|
||||
Requires: exim = %{version}-%{release}
|
||||
|
||||
%description pgsql
|
||||
|
|
@ -124,7 +120,6 @@ This package contains the PostgreSQL lookup module for Exim
|
|||
|
||||
%package mon
|
||||
Summary: X11 monitor application for Exim
|
||||
Group: Applications/System
|
||||
|
||||
%description mon
|
||||
The Exim Monitor is an optional supplement to the Exim package. It
|
||||
|
|
@ -135,11 +130,8 @@ interface.
|
|||
%if %{with clamav}
|
||||
%package clamav
|
||||
Summary: Clam Antivirus scanner dæmon configuration for use with Exim
|
||||
Group: System Environment/Daemons
|
||||
Requires: clamav-server exim
|
||||
Requires: clamd exim
|
||||
Obsoletes: clamav-exim <= 0.86.2
|
||||
Requires(post): /sbin/chkconfig /sbin/service
|
||||
Requires(preun): /sbin/chkconfig /sbin/service
|
||||
|
||||
%description clamav
|
||||
This package contains configuration files which invoke a copy of the
|
||||
|
|
@ -158,23 +150,10 @@ For further details of Exim content scanning, see chapter 41 of the Exim
|
|||
specification:
|
||||
http://www.exim.org/exim-html-%{version}/doc/html/spec_html/ch41.html
|
||||
|
||||
%if 0%{?fedora} < 23
|
||||
%package clamav-sysvinit
|
||||
Summary: SysV initscript for Clam Antivirus scanner for Exim
|
||||
Group: System Environment/Daemons
|
||||
BuildArch: noarch
|
||||
Requires: exim-clamav = %{version}-%{release}
|
||||
Requires(preun): chkconfig
|
||||
Requires(post): chkconfig
|
||||
|
||||
%description clamav-sysvinit
|
||||
This package contains the SysV initscript.
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%package greylist
|
||||
Summary: Example configuration for greylisting using Exim
|
||||
Group: System Environment/Daemons
|
||||
Requires: sqlite exim
|
||||
Requires: crontabs
|
||||
|
||||
|
|
@ -199,33 +178,20 @@ greylisting for whatever 'offences' you can dream of, or even to make
|
|||
greylisting unconditional.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%patch4 -p1 -b .rhl
|
||||
%patch6 -p1 -b .config
|
||||
%patch8 -p1 -b .libdir
|
||||
%patch12 -p1 -b .cyrus
|
||||
%patch13 -p1 -b .pam
|
||||
%patch14 -p1 -b .spamd
|
||||
%patch18 -p1 -b .dl
|
||||
%patch19 -p1 -b .procmail
|
||||
%patch20 -p1 -b .filter
|
||||
%patch21 -p1 -b .localhost
|
||||
%patch22 -p1 -b .grey
|
||||
%patch23 -p1 -b .smarthost
|
||||
%patch25 -p1 -b .dynconfig
|
||||
%patch26 -p1 -b .fpic
|
||||
%patch27 -p1 -b .environment
|
||||
%patch28 -p1 -b .CVE-2017-1000369
|
||||
%patch29 -p1 -b .calloutsize
|
||||
%patch30 -p1 -b .mariadb-macro-fix
|
||||
%patch31 -p1 -b .CVE-2017-16943
|
||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||
%autosetup -p1
|
||||
|
||||
cp src/EDITME Local/Makefile
|
||||
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
||||
sed -i 's@^# AUTH_LIBS=-lsasl2@AUTH_LIBS=-lsasl2@' Local/Makefile
|
||||
cp exim_monitor/EDITME Local/eximon.conf
|
||||
|
||||
# Workaround for rhbz#1791878
|
||||
pushd doc
|
||||
for f in $(ls -dp cve-* | grep -v '/\|\(\.txt\)$'); do
|
||||
mv "$f" "$f.txt"
|
||||
done
|
||||
popd
|
||||
|
||||
%build
|
||||
%ifnarch s390 s390x sparc sparcv9 sparcv9v sparc64 sparc64v
|
||||
|
|
@ -235,11 +201,11 @@ cp exim_monitor/EDITME Local/eximon.conf
|
|||
export PIE=-fPIE
|
||||
export PIC=-fPIC
|
||||
%endif
|
||||
make _lib=%{_lib} FULLECHO= LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now}"
|
||||
|
||||
export LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now}"
|
||||
make _lib=%{_lib} FULLECHO=
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
||||
mkdir -p $RPM_BUILD_ROOT%{_bindir}
|
||||
mkdir -p $RPM_BUILD_ROOT%{_libdir}
|
||||
|
|
@ -301,11 +267,6 @@ pod2man --center=EXIM --section=8 \
|
|||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
|
||||
install -m 644 %SOURCE3 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/exim
|
||||
|
||||
%if 0%{?fedora} < 23
|
||||
mkdir -p $RPM_BUILD_ROOT%{_initrddir}
|
||||
install %SOURCE2 $RPM_BUILD_ROOT%{_initrddir}/exim
|
||||
%endif
|
||||
|
||||
# Systemd
|
||||
mkdir -p %{buildroot}%{_unitdir}
|
||||
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
|
||||
|
|
@ -330,25 +291,23 @@ chmod 600 $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
|
|||
# generate alternatives ghosts
|
||||
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
|
||||
for i in %{_sbindir}/sendmail %{_bindir}/{mailq,runq,rsmtp,rmail,newaliases} \
|
||||
/usr/lib/sendmail %{_sysconfdir}/pam.d/smtp %{_mandir}/man1/mailq.1.gz
|
||||
/usr/lib/sendmail %{_sysconfdir}/pam.d/smtp
|
||||
do
|
||||
touch $RPM_BUILD_ROOT$i
|
||||
done
|
||||
gzip < /dev/null > $RPM_BUILD_ROOT%{_mandir}/man1/mailq.1.gz
|
||||
|
||||
%if %{with clamav}
|
||||
# Munge the clamav init and config files from clamav-devel. This really ought
|
||||
# to be a subpackage of clamav, but this hack will have to do for now.
|
||||
function clamsubst() {
|
||||
sed -e "s!<SERVICE>!$3!g;s!<USER>!$4!g;""$5" %{_datadir}/clamav/template/"$1" >"$RPM_BUILD_ROOT$2"
|
||||
sed -e "s!<SERVICE>!$3!g;s!<USER>!$4!g;""$5" %{_docdir}/clamd/"$1" >"$RPM_BUILD_ROOT$2"
|
||||
}
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/clamd.d
|
||||
clamsubst clamd.conf %{_sysconfdir}/clamd.d/exim.conf exim exim \
|
||||
's!^##*\(\(LogFile\|LocalSocket\|PidFile\|User\)\s\|\(StreamSaveToDisk\|ScanMail\|LogTime\|ScanArchive\)$\)!\1!;s!^Example!#Example!;'
|
||||
|
||||
%if 0%{?fedora} < 23
|
||||
clamsubst clamd.init %{_initrddir}/clamd.exim exim exim ''
|
||||
%endif
|
||||
clamsubst clamd.logrotate %{_sysconfdir}/logrotate.d/clamd.exim exim exim ''
|
||||
cat <<EOF > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/clamd.exim
|
||||
CLAMD_CONFIG='%_sysconfdir/clamd.d/exim.conf'
|
||||
|
|
@ -372,8 +331,8 @@ install -m755 %{SOURCE22} $RPM_BUILD_ROOT/%_sysconfdir/cron.daily/greylist-tidy.
|
|||
install -m644 %{SOURCE23} $RPM_BUILD_ROOT/%_sysconfdir/exim/trusted-configs
|
||||
touch $RPM_BUILD_ROOT/%_var/spool/exim/db/greylist.db
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
%check
|
||||
build-`scripts/os-type`-`scripts/arch-type`/exim -C src/configure.default -bV
|
||||
|
||||
%pre
|
||||
%{_sbindir}/groupadd -g 93 exim 2>/dev/null
|
||||
|
|
@ -416,29 +375,6 @@ if [ $1 -ge 1 ]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
%triggerun -- exim < %{sysv2systemdnvr}
|
||||
%{_bindir}/systemd-sysv-convert --save exim >/dev/null 2>&1 ||:
|
||||
/bin/systemctl enable exim.service >/dev/null 2>&1
|
||||
/sbin/chkconfig --del exim >/dev/null 2>&1 || :
|
||||
/bin/systemctl try-restart exim.service >/dev/null 2>&1 || :
|
||||
|
||||
%if 0%{?fedora} < 23
|
||||
%triggerpostun -n exim-sysvinit -- exim < %{sysv2systemdnvr}
|
||||
/sbin/chkconfig --add exim >/dev/null 2>&1 || :
|
||||
|
||||
%post sysvinit
|
||||
/sbin/chkconfig --add exim >/dev/null 2>&1 ||:
|
||||
|
||||
%preun sysvinit
|
||||
if [ "$1" = 0 ]; then
|
||||
%{_initrddir}/exim stop >/dev/null 2>&1 ||:
|
||||
/sbin/chkconfig --del exim >/dev/null 2>&1 ||:
|
||||
fi
|
||||
|
||||
%postun sysvinit
|
||||
[ "$1" -ge "1" ] && %{_initrddir}/exim condrestart >/dev/null 2>&1 ||:
|
||||
%endif
|
||||
|
||||
%post greylist
|
||||
if [ ! -r %{_var}/spool/exim/db/greylist.db ]; then
|
||||
sqlite3 %{_var}/spool/exim/db/greylist.db < %{_sysconfdir}/exim/mk-greylist-db.sql
|
||||
|
|
@ -447,7 +383,6 @@ if [ ! -r %{_var}/spool/exim/db/greylist.db ]; then
|
|||
fi
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%attr(4755,root,root) %{_sbindir}/exim
|
||||
%{_sbindir}/exim_dumpdb
|
||||
%{_sbindir}/exim_fixdb
|
||||
|
|
@ -511,22 +446,13 @@ fi
|
|||
%ghost %{_sysconfdir}/pam.d/smtp
|
||||
%ghost %{_mandir}/man1/mailq.1.gz
|
||||
|
||||
%if 0%{?fedora} < 23
|
||||
%files sysvinit
|
||||
%defattr(-,root,root,-)
|
||||
%{_initrddir}/exim
|
||||
%endif
|
||||
|
||||
%files mysql
|
||||
%defattr(-,root,root,-)
|
||||
%{_libdir}/exim/%{version}-%{release}/lookups/mysql.so
|
||||
|
||||
%files pgsql
|
||||
%defattr(-,root,root,-)
|
||||
%{_libdir}/exim/%{version}-%{release}/lookups/pgsql.so
|
||||
|
||||
%files mon
|
||||
%defattr(-,root,root)
|
||||
%{_sbindir}/eximon
|
||||
%{_sbindir}/eximon.bin
|
||||
|
||||
|
|
@ -553,29 +479,7 @@ if [ $1 -ge 1 ] ; then
|
|||
/bin/systemctl try-restart clamd.exim.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%triggerun -- clamav < %{sysv2systemdnvr}
|
||||
%{_bindir}/systemd-sysv-convert --save clamd.exim >/dev/null 2>&1 ||:
|
||||
/bin/systemctl enable clamd.exim.service >/dev/null 2>&1
|
||||
/sbin/chkconfig --del clamd.exim >/dev/null 2>&1 || :
|
||||
/bin/systemctl try-restart clamd.exim.service >/dev/null 2>&1 || :
|
||||
|
||||
%if 0%{?fedora} < 23
|
||||
%triggerpostun -n exim-clamav-sysvinit -- exim < %{sysv2systemdnvr}
|
||||
/sbin/chkconfig --add clamd.exim >/dev/null 2>&1 ||:
|
||||
|
||||
%post clamav-sysvinit
|
||||
/sbin/chkconfig --add clamd.exim >/dev/null 2>&1 ||:
|
||||
|
||||
%preun clamav-sysvinit
|
||||
test "$1" != 0 || %{_initrddir}/clamd.exim stop >/dev/null 2>&1 || :
|
||||
test "$1" != 0 || /sbin/chkconfig --del clamd.exim >/dev/null 2>&1 || :
|
||||
|
||||
%postun clamav-sysvinit
|
||||
test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
||||
%endif
|
||||
|
||||
%files clamav
|
||||
%defattr(-,root,root,-)
|
||||
%{_sbindir}/clamd.exim
|
||||
%{_unitdir}/clamd.exim.service
|
||||
%config(noreplace) %verify(not mtime) %{_sysconfdir}/clamd.d/exim.conf
|
||||
|
|
@ -584,22 +488,227 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
|||
%{_tmpfilesdir}/exim-clamav.conf
|
||||
%ghost %attr(0750,exim,exim) %dir %{_var}/run/clamd.exim
|
||||
%ghost %attr(0644,exim,exim) %{_var}/log/clamd.exim
|
||||
|
||||
%if 0%{?fedora} < 23
|
||||
%files clamav-sysvinit
|
||||
%defattr(-,root,root,-)
|
||||
%attr(0755,root,root) %config %{_initrddir}/clamd.exim
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%files greylist
|
||||
%defattr(-,root,root,-)
|
||||
%config %{_sysconfdir}/exim/exim-greylist.conf.inc
|
||||
%ghost %{_var}/spool/exim/db/greylist.db
|
||||
%{_sysconfdir}/exim/mk-greylist-db.sql
|
||||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||
|
||||
%changelog
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.96-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Tue Jun 28 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 4.96-1
|
||||
- New version
|
||||
Resolves: rhbz#2101104
|
||||
|
||||
* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 4.95-4
|
||||
- Perl 5.36 rebuild
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.95-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Fri Nov 12 2021 Björn Esser <besser82@fedoraproject.org> - 4.95-2
|
||||
- Rebuild(libnsl2)
|
||||
- Drop support for NISPLUS, as libnsl2 >= 2.0.0 does not support it anymore
|
||||
|
||||
* Mon Oct 4 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.95-1
|
||||
- New version
|
||||
Resolves: rhbz#2008452
|
||||
|
||||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 4.94.2-4
|
||||
- Rebuilt with OpenSSL 3.0.0
|
||||
|
||||
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.94.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4.94.2-2
|
||||
- Perl 5.34 rebuild
|
||||
|
||||
* Tue May 4 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94.2-1
|
||||
- New version
|
||||
Resolves: rhbz#1956859
|
||||
|
||||
* Thu Mar 25 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-7
|
||||
- Fixed cname handling in TLS certificate verification
|
||||
Resolves: rhbz#1942582
|
||||
|
||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.94-6
|
||||
- Rebuilt for updated systemd-rpm-macros
|
||||
See https://pagure.io/fesco/issue/2583.
|
||||
|
||||
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 4.94-5
|
||||
- rebuild for libpq ABI fix rhbz#1908268
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.94-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.94-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 4.94-2
|
||||
- Perl 5.32 rebuild
|
||||
|
||||
* Mon Jun 1 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-1
|
||||
- New version
|
||||
Resolves: rhbz#1842590
|
||||
- Used Exim maintainers keyring for GPG verification
|
||||
- Dropped CVE-2020-12783 patch (upstreamed)
|
||||
- Used better workaround for rhbz#1791878
|
||||
Resolves: rhbz#1842633
|
||||
|
||||
* Fri May 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-8
|
||||
- Fixed out-of-bounds read in the SPA authenticator
|
||||
Resolves: CVE-2020-12783
|
||||
|
||||
* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-7
|
||||
- Improved the spec file not to override LDFLAGS
|
||||
|
||||
* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-6
|
||||
- Updated config to explictly link with spf2 and opendmarc
|
||||
- Fixed bogus date in changelog
|
||||
|
||||
* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-5
|
||||
- Bump for rebuild with the fixed clamd requirement
|
||||
Resolves: rhbz#1801329
|
||||
|
||||
* Fri Mar 20 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-4
|
||||
- Workaround for upgrade conflict
|
||||
Resolves: rhbz#1791878
|
||||
|
||||
* Thu Feb 20 2020 Tom Hughes <tom@compton.nu> - 4.93-3
|
||||
- Enable SPF and DMARC support
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.93-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Sun Jan 12 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-1
|
||||
- New version
|
||||
Resolves: rhbz#1782320
|
||||
- Consolidated and simplified patches
|
||||
- Dropped dane-enable patch (not needed)
|
||||
|
||||
* Thu Jan 2 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-5
|
||||
- Fixed FTBFS due to changes in clamav package
|
||||
Resolves: rhbz#1787285
|
||||
|
||||
* Fri Nov 22 2019 Felix Schwarz <fschwarz@fedoraproject.org> - 4.92.3-4
|
||||
- enable GPG-based source file verification
|
||||
|
||||
* Thu Oct 10 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-3
|
||||
- Enabled local_scan
|
||||
|
||||
* Thu Oct 10 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-2
|
||||
- Dropped sysvinit artifacts
|
||||
|
||||
* Mon Sep 30 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-1
|
||||
- New version
|
||||
Resolves: rhbz#1756656
|
||||
Resolves: CVE-2019-16928
|
||||
|
||||
* Fri Sep 6 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.2-1
|
||||
- New version
|
||||
Resolves: CVE-2019-15846
|
||||
|
||||
* Tue Aug 20 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.1-1
|
||||
- New version
|
||||
Resolves: rhbz#1742312
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.92-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4.92-8
|
||||
- Perl 5.30 rebuild
|
||||
|
||||
* Wed Mar 27 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-7
|
||||
- Enabled DANE support
|
||||
Resolves: rhbz#1693202
|
||||
|
||||
* Wed Mar 20 2019 Peter Robinson <pbrobinson@fedoraproject.org> 4.92-6
|
||||
- Drop F-23 conditionals, and related obsolete bits
|
||||
|
||||
* Tue Mar 19 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-5
|
||||
- Processed greylist.db by cron job only if it has non zero size
|
||||
Resolves: rhbz#1689211
|
||||
|
||||
* Mon Mar 4 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-4
|
||||
- Fixed greylist-conf patch
|
||||
Related: rhbz#1679274
|
||||
|
||||
* Sat Mar 2 2019 Tim Landscheidt <tim@tim-landscheidt.de> - 4.92-3
|
||||
- Fix syntax error in exim.conf (#1679274)
|
||||
- Use properly compressed empty mailq.1.gz as ghost file
|
||||
- Add basic check that configuration file is valid
|
||||
|
||||
* Wed Feb 20 2019 Marcel Härry <mh+fedora@scrit.ch> - 4.92-2
|
||||
- Enable proxy and socks support
|
||||
Resolves: rhbz#1542870
|
||||
|
||||
* Mon Feb 11 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-1
|
||||
- New version
|
||||
Resolves: rhbz#1674282
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.91-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 4.91-5
|
||||
- Rebuilt for libcrypt.so.2 (#1666033)
|
||||
|
||||
* Fri Jul 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.91-4
|
||||
- Fixed FTBFS by adding gcc requirement
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.91-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 4.91-2
|
||||
- Perl 5.28 rebuild
|
||||
|
||||
* Thu Apr 19 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.91-1
|
||||
- New version
|
||||
Resolves: rhbz#1567670
|
||||
- Dropped dec64table-read-fix patch (already upstream)
|
||||
- De-fuzzified patches
|
||||
|
||||
* Wed Mar 14 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-4
|
||||
- Fixed dec64table OOB read in b64decode
|
||||
- De-fuzzified nsl-fix patch
|
||||
|
||||
* Fri Feb 16 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-3
|
||||
- Dropped dynlookup-config patch (merged into config patch)
|
||||
|
||||
* Fri Feb 16 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-2
|
||||
- Fixed mysql module
|
||||
|
||||
* Tue Feb 13 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-1
|
||||
- New version
|
||||
Resolves: rhbz#1527710
|
||||
- Fixed buffer overflow in utility function
|
||||
Resolves: CVE-2018-6789
|
||||
- Updated and defuzzified patches
|
||||
- Dropped mariadb-macro-fix patch (not needed)
|
||||
- Dropped CVE-2017-1000369, calloutsize, CVE-2017-16943,
|
||||
CVE-2017-16944 patches (all upstreamed)
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.89-12
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.89-11
|
||||
- Rebuilt for switch to libxcrypt
|
||||
|
||||
* Wed Jan 17 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-10
|
||||
- Fixed FTBFS due to NIS removal from glibc
|
||||
Resolves: rhbz#1534920
|
||||
|
||||
* Fri Dec 1 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-9
|
||||
- Fixed denial of service
|
||||
Resolves: CVE-2017-16944
|
||||
|
||||
* Thu Nov 30 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-8
|
||||
- Dropped tcp_wrappers support
|
||||
Resolves: rhbz#1518763
|
||||
|
||||
* Mon Nov 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-7
|
||||
- Fixed use-after-free
|
||||
Resolves: CVE-2017-16943
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ -r /var/spool/exim/db/greylist.db ]; then
|
||||
if [ -s /var/spool/exim/db/greylist.db ]; then
|
||||
sqlite3 /var/spool/exim/db/greylist.db <<EOF
|
||||
.timeout 5000
|
||||
DELETE FROM greylist WHERE expire < $((`date +%s` - 604800));
|
||||
|
|
|
|||
3
sources
3
sources
|
|
@ -1 +1,2 @@
|
|||
SHA512 (exim-4.89.tar.xz) = ce5faef3847a5baf1b4fec1ffe46ce7efaafb24e63bcc52a61f38e8312a88eccaa816c3947ba428bef3eed38b1e91e606f6ed07bc0a3e14c6a6ed0ecb41eb9fa
|
||||
SHA512 (exim-4.96.tar.xz) = 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
|
||||
SHA512 (exim-4.96.tar.xz.asc) = a231c97e44a7365ac5961f2827b89d8cdf6ad94964633814f31e44d94ada9900f76664c45c2f55e378245e44739a0ef323786ca29b4093e44ce2b008eca4ad64
|
||||
|
|
|
|||
Loading…
Reference in New Issue