Compare commits
35 Commits
Author | SHA1 | Date |
---|---|---|
|
11c2200b24 | |
|
cbbdc51775 | |
|
4845899c4e | |
|
4753ea0351 | |
|
aa3062fa1a | |
|
b08df76248 | |
|
5787faece7 | |
|
8b2730e97c | |
|
780569af31 | |
|
6783664c90 | |
|
935e9a27e4 | |
|
68f78d8d08 | |
|
3722b366f7 | |
|
9fe0f130b8 | |
|
8656a01853 | |
|
89cc74b43d | |
|
6a241632d3 | |
|
c1b340c76c | |
|
3afb1c1273 | |
|
3206e7c0eb | |
|
c4f7bb88e5 | |
|
91496a8099 | |
|
53057966f8 | |
|
62c96cdc52 | |
|
8bdd6e1817 | |
|
ea73ae82d0 | |
|
64e26a2068 | |
|
69bc0d0ccf | |
|
1332a1979d | |
|
91489a1640 | |
|
c81d281a9d | |
|
df4a02e56c | |
|
ab9aafa16a | |
|
56f8aaa827 | |
|
f8f76cd111 |
|
@ -1 +1,2 @@
|
||||||
exim-*.tar.bz2
|
/exim-*.tar.xz
|
||||||
|
/sa-exim-*.tar.gz
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
|
||||||
index df3dcc8..de01565 100644
|
|
||||||
--- a/src/EDITME
|
|
||||||
+++ b/src/EDITME
|
|
||||||
@@ -306,14 +306,16 @@ LOOKUP_DSEARCH=yes
|
|
||||||
# LOOKUP_IBASE=yes
|
|
||||||
LOOKUP_LDAP=yes
|
|
||||||
LDAP_LIB_TYPE=OPENLDAP2
|
|
||||||
-LOOKUP_INCLUDE=-I/usr/include/mysql
|
|
||||||
-LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient -lpq
|
|
||||||
-LOOKUP_MYSQL=yes
|
|
||||||
+LOOKUP_LIBS=-lldap -llber -lsqlite3
|
|
||||||
+LOOKUP_MYSQL_INCLUDE=-I/usr/include/mysql
|
|
||||||
+LOOKUP_MYSQL_LIBS=-L/usr/${_lib}/mysql -lmysqlclient
|
|
||||||
+LOOKUP_PGSQL_LIBS=-lpq
|
|
||||||
+LOOKUP_MYSQL=2
|
|
||||||
LOOKUP_NIS=yes
|
|
||||||
LOOKUP_NISPLUS=yes
|
|
||||||
# LOOKUP_ORACLE=yes
|
|
||||||
LOOKUP_PASSWD=yes
|
|
||||||
-LOOKUP_PGSQL=yes
|
|
||||||
+LOOKUP_PGSQL=2
|
|
||||||
# LOOKUP_REDIS=yes
|
|
||||||
LOOKUP_SQLITE=yes
|
|
||||||
# LOOKUP_WHOSON=yes
|
|
|
@ -1,14 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -357,8 +357,8 @@ timeout_frozen_after = 7d
|
|
||||||
# Note that TZ is handled separateley by the timezone runtime option
|
|
||||||
# and TIMEZONE_DEFAULT buildtime option.
|
|
||||||
|
|
||||||
-# keep_environment = ^LDAP
|
|
||||||
-# add_environment = PATH=/usr/bin::/bin
|
|
||||||
+keep_environment = ^LDAP
|
|
||||||
+add_environment = PATH=/usr/bin::/bin
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index d1ce2f1..1f10008 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -55,7 +55,7 @@
|
|
||||||
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
|
|
||||||
# are all colon-separated lists:
|
|
||||||
|
|
||||||
-domainlist local_domains = @
|
|
||||||
+domainlist local_domains = @ : localhost : localhost.localdomain
|
|
||||||
domainlist relay_to_domains =
|
|
||||||
hostlist relay_from_hosts = localhost
|
|
||||||
# (We rely upon hostname resolution working for localhost, because the default
|
|
|
@ -1,103 +0,0 @@
|
||||||
--- a/src/configure.default.spamd 2016-12-25 21:06:57.453758443 +0000
|
|
||||||
+++ b/src/configure.default 2016-12-25 21:07:49.940188407 +0000
|
|
||||||
@@ -109,6 +109,7 @@ hostlist relay_from_hosts = localhost
|
|
||||||
|
|
||||||
acl_smtp_rcpt = acl_check_rcpt
|
|
||||||
acl_smtp_data = acl_check_data
|
|
||||||
+acl_smtp_mime = acl_check_mime
|
|
||||||
|
|
||||||
# You should not change those settings until you understand how ACLs work.
|
|
||||||
|
|
||||||
@@ -121,7 +122,7 @@ acl_smtp_data = acl_check_data
|
|
||||||
# of what to set for other virus scanners. The second modification is in the
|
|
||||||
# acl_check_data access control list (see below).
|
|
||||||
|
|
||||||
-# av_scanner = clamd:/tmp/clamd
|
|
||||||
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
|
|
||||||
|
|
||||||
|
|
||||||
# For spam scanning, there is a similar option that defines the interface to
|
|
||||||
@@ -431,7 +432,8 @@ acl_check_rcpt:
|
|
||||||
accept local_parts = postmaster
|
|
||||||
domains = +local_domains
|
|
||||||
|
|
||||||
- # Deny unless the sender address can be verified.
|
|
||||||
+ # Deny unless the sender address can be routed. For proper verification of the
|
|
||||||
+ # address, read the documentation on callouts and add the /callout modifier.
|
|
||||||
|
|
||||||
require verify = sender
|
|
||||||
|
|
||||||
@@ -535,27 +537,63 @@ acl_check_data:
|
|
||||||
got $max_received_linelength
|
|
||||||
condition = ${if > {$max_received_linelength}{998}}
|
|
||||||
|
|
||||||
+ # Put simple tests first. A good one is to check for the presence of a
|
|
||||||
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
|
|
||||||
+ # or misconfigured mailer software occasionally omits this from genuine
|
|
||||||
+ # messages too, though -- although it's not hard for the offender to fix
|
|
||||||
+ # after they receive a bounce because of it.
|
|
||||||
+ #
|
|
||||||
+ # deny condition = ${if !def:h_Message-ID: {1}}
|
|
||||||
+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
|
||||||
+ # Most messages without it are spam, so your mail has been rejected.
|
|
||||||
+
|
|
||||||
# Deny if the message contains a virus. Before enabling this check, you
|
|
||||||
# must install a virus scanner and set the av_scanner option above.
|
|
||||||
#
|
|
||||||
# deny malware = *
|
|
||||||
# message = This message contains a virus ($malware_name).
|
|
||||||
|
|
||||||
- # Add headers to a message if it is judged to be spam. Before enabling this,
|
|
||||||
- # you must install SpamAssassin. You may also need to set the spamd_address
|
|
||||||
- # option above.
|
|
||||||
- #
|
|
||||||
- # warn spam = nobody
|
|
||||||
- # add_header = X-Spam_score: $spam_score\n\
|
|
||||||
- # X-Spam_score_int: $spam_score_int\n\
|
|
||||||
- # X-Spam_bar: $spam_bar\n\
|
|
||||||
- # X-Spam_report: $spam_report
|
|
||||||
+ # Bypass SpamAssassin checks if the message is too large.
|
|
||||||
+ #
|
|
||||||
+ # accept condition = ${if >={$message_size}{100000} {1}}
|
|
||||||
+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
|
|
||||||
+
|
|
||||||
+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
|
|
||||||
+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
|
|
||||||
+ # score exceeds the SA system threshold.
|
|
||||||
+ #
|
|
||||||
+ # warn spam = nobody/defer_ok
|
|
||||||
+ # add_header = X-Spam-Flag: YES
|
|
||||||
+ #
|
|
||||||
+ # accept condition = ${if !def:spam_score_int {1}}
|
|
||||||
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
|
|
||||||
+ #
|
|
||||||
+
|
|
||||||
+ # Unconditionally add score and report headers
|
|
||||||
+ #
|
|
||||||
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
|
|
||||||
+ # X-Spam-Report: $spam_report
|
|
||||||
|
|
||||||
- # Accept the message.
|
|
||||||
+ # And reject if the SpamAssassin score is greater than ten
|
|
||||||
+ #
|
|
||||||
+ # deny condition = ${if >{$spam_score_int}{100} {1}}
|
|
||||||
+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
|
||||||
+ # $spam_report
|
|
||||||
|
|
||||||
accept
|
|
||||||
|
|
||||||
|
|
||||||
+acl_check_mime:
|
|
||||||
+
|
|
||||||
+ # File extension filtering.
|
|
||||||
+ deny message = Blacklisted file extension detected
|
|
||||||
+ condition = ${if match \
|
|
||||||
+ {${lc:$mime_filename}} \
|
|
||||||
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
|
|
||||||
+ {1}{0}}
|
|
||||||
+
|
|
||||||
+ accept
|
|
||||||
+
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
# ROUTERS CONFIGURATION #
|
|
|
@ -1,630 +0,0 @@
|
||||||
diff --git a/src/auths/get_data.c b/src/auths/get_data.c
|
|
||||||
index f839a01..11bc581 100644
|
|
||||||
--- a/src/auths/get_data.c
|
|
||||||
+++ b/src/auths/get_data.c
|
|
||||||
@@ -31,7 +31,7 @@ auth_get_data(uschar **aptr, uschar *challenge, int challen)
|
|
||||||
int c;
|
|
||||||
int p = 0;
|
|
||||||
smtp_printf("334 %s\r\n", b64encode(challenge, challen));
|
|
||||||
-while ((c = receive_getc()) != '\n' && c != EOF)
|
|
||||||
+while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF)
|
|
||||||
{
|
|
||||||
if (p >= big_buffer_size - 1) return BAD64;
|
|
||||||
big_buffer[p++] = c;
|
|
||||||
diff --git a/src/auths/get_no64_data.c b/src/auths/get_no64_data.c
|
|
||||||
index d3ffe08..71e7139 100644
|
|
||||||
--- a/src/auths/get_no64_data.c
|
|
||||||
+++ b/src/auths/get_no64_data.c
|
|
||||||
@@ -32,7 +32,7 @@ auth_get_no64_data(uschar **aptr, uschar *challenge)
|
|
||||||
int c;
|
|
||||||
int p = 0;
|
|
||||||
smtp_printf("334 %s\r\n", challenge);
|
|
||||||
-while ((c = receive_getc()) != '\n' && c != EOF)
|
|
||||||
+while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF)
|
|
||||||
{
|
|
||||||
if (p >= big_buffer_size - 1) return BAD64;
|
|
||||||
big_buffer[p++] = c;
|
|
||||||
diff --git a/src/dkim.c b/src/dkim.c
|
|
||||||
index 70c9547..445d246 100644
|
|
||||||
--- a/src/dkim.c
|
|
||||||
+++ b/src/dkim.c
|
|
||||||
@@ -18,6 +18,7 @@ int dkim_verify_oldpool;
|
|
||||||
pdkim_ctx *dkim_verify_ctx = NULL;
|
|
||||||
pdkim_signature *dkim_signatures = NULL;
|
|
||||||
pdkim_signature *dkim_cur_sig = NULL;
|
|
||||||
+static BOOL dkim_collect_error = FALSE;
|
|
||||||
|
|
||||||
static int
|
|
||||||
dkim_exim_query_dns_txt(char *name, char *answer)
|
|
||||||
@@ -87,6 +88,7 @@ if (dkim_verify_ctx)
|
|
||||||
|
|
||||||
dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
|
|
||||||
dkim_collect_input = !!dkim_verify_ctx;
|
|
||||||
+dkim_collect_error = FALSE;
|
|
||||||
|
|
||||||
/* Start feed up with any cached data */
|
|
||||||
receive_get_cache();
|
|
||||||
@@ -106,6 +108,7 @@ if ( dkim_collect_input
|
|
||||||
{
|
|
||||||
log_write(0, LOG_MAIN,
|
|
||||||
"DKIM: validation error: %.100s", pdkim_errstr(rc));
|
|
||||||
+ dkim_collect_error = TRUE;
|
|
||||||
dkim_collect_input = FALSE;
|
|
||||||
}
|
|
||||||
store_pool = dkim_verify_oldpool;
|
|
||||||
@@ -127,11 +130,7 @@ store_pool = POOL_PERM;
|
|
||||||
|
|
||||||
dkim_signatures = NULL;
|
|
||||||
|
|
||||||
-/* If we have arrived here with dkim_collect_input == FALSE, it
|
|
||||||
-means there was a processing error somewhere along the way.
|
|
||||||
-Log the incident and disable futher verification. */
|
|
||||||
-
|
|
||||||
-if (!dkim_collect_input)
|
|
||||||
+if (dkim_collect_error)
|
|
||||||
{
|
|
||||||
log_write(0, LOG_MAIN,
|
|
||||||
"DKIM: Error while running this message through validation,"
|
|
||||||
diff --git a/src/functions.h b/src/functions.h
|
|
||||||
index 04d9410..9c60090 100644
|
|
||||||
--- a/src/functions.h
|
|
||||||
+++ b/src/functions.h
|
|
||||||
@@ -55,7 +55,7 @@ extern int tls_export_cert(uschar *, size_t, void *);
|
|
||||||
extern int tls_feof(void);
|
|
||||||
extern int tls_ferror(void);
|
|
||||||
extern void tls_free_cert(void **);
|
|
||||||
-extern int tls_getc(void);
|
|
||||||
+extern int tls_getc(unsigned);
|
|
||||||
extern void tls_get_cache(void);
|
|
||||||
extern int tls_import_cert(const uschar *, void **);
|
|
||||||
extern int tls_read(BOOL, uschar *, size_t);
|
|
||||||
@@ -101,7 +101,7 @@ extern int auth_xtextdecode(uschar *, uschar **);
|
|
||||||
|
|
||||||
extern uschar *b64encode(uschar *, int);
|
|
||||||
extern int b64decode(uschar *, uschar **);
|
|
||||||
-extern int bdat_getc(void);
|
|
||||||
+extern int bdat_getc(unsigned);
|
|
||||||
extern void bits_clear(unsigned int *, size_t, int *);
|
|
||||||
extern void bits_set(unsigned int *, size_t, int *);
|
|
||||||
|
|
||||||
@@ -395,7 +395,7 @@ extern uschar *smtp_get_connection_info(void);
|
|
||||||
extern BOOL smtp_get_interface(uschar *, int, address_item *,
|
|
||||||
uschar **, uschar *);
|
|
||||||
extern BOOL smtp_get_port(uschar *, address_item *, int *, uschar *);
|
|
||||||
-extern int smtp_getc(void);
|
|
||||||
+extern int smtp_getc(unsigned);
|
|
||||||
extern void smtp_get_cache(void);
|
|
||||||
extern int smtp_handle_acl_fail(int, int, uschar *, uschar *);
|
|
||||||
extern void smtp_log_no_mail(void);
|
|
||||||
@@ -421,7 +421,7 @@ extern int spool_open_datafile(uschar *);
|
|
||||||
extern int spool_open_temp(uschar *);
|
|
||||||
extern int spool_read_header(uschar *, BOOL, BOOL);
|
|
||||||
extern int spool_write_header(uschar *, int, uschar **);
|
|
||||||
-extern int stdin_getc(void);
|
|
||||||
+extern int stdin_getc(unsigned);
|
|
||||||
extern int stdin_feof(void);
|
|
||||||
extern int stdin_ferror(void);
|
|
||||||
extern int stdin_ungetc(int);
|
|
||||||
diff --git a/src/globals.c b/src/globals.c
|
|
||||||
index c722059..649335f 100644
|
|
||||||
--- a/src/globals.c
|
|
||||||
+++ b/src/globals.c
|
|
||||||
@@ -187,9 +187,9 @@ incoming TCP/IP. The defaults use stdin. We never need these for any
|
|
||||||
stand-alone tests. */
|
|
||||||
|
|
||||||
#ifndef STAND_ALONE
|
|
||||||
-int (*lwr_receive_getc)(void) = stdin_getc;
|
|
||||||
+int (*lwr_receive_getc)(unsigned) = stdin_getc;
|
|
||||||
int (*lwr_receive_ungetc)(int) = stdin_ungetc;
|
|
||||||
-int (*receive_getc)(void) = stdin_getc;
|
|
||||||
+int (*receive_getc)(unsigned) = stdin_getc;
|
|
||||||
void (*receive_get_cache)(void)= NULL;
|
|
||||||
int (*receive_ungetc)(int) = stdin_ungetc;
|
|
||||||
int (*receive_feof)(void) = stdin_feof;
|
|
||||||
diff --git a/src/globals.h b/src/globals.h
|
|
||||||
index e3dd507..344f8ef 100644
|
|
||||||
--- a/src/globals.h
|
|
||||||
+++ b/src/globals.h
|
|
||||||
@@ -141,9 +141,9 @@ extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */
|
|
||||||
/* Input-reading functions for messages, so we can use special ones for
|
|
||||||
incoming TCP/IP. */
|
|
||||||
|
|
||||||
-extern int (*lwr_receive_getc)(void);
|
|
||||||
+extern int (*lwr_receive_getc)(unsigned);
|
|
||||||
extern int (*lwr_receive_ungetc)(int);
|
|
||||||
-extern int (*receive_getc)(void);
|
|
||||||
+extern int (*receive_getc)(unsigned);
|
|
||||||
extern void (*receive_get_cache)(void);
|
|
||||||
extern int (*receive_ungetc)(int);
|
|
||||||
extern int (*receive_feof)(void);
|
|
||||||
diff --git a/src/macros.h b/src/macros.h
|
|
||||||
index 1b7cf4a..c8957d8 100644
|
|
||||||
--- a/src/macros.h
|
|
||||||
+++ b/src/macros.h
|
|
||||||
@@ -968,5 +968,9 @@ enum { FILTER_UNSET, FILTER_FORWARD, FILTER_EXIM, FILTER_SIEVE };
|
|
||||||
#define PEER_OFFERED_SIZE BIT(6)
|
|
||||||
#define PEER_OFFERED_CHUNKING BIT(7)
|
|
||||||
|
|
||||||
+/* Argument for *_getc */
|
|
||||||
+
|
|
||||||
+#define GETC_BUFFER_UNLIMITED UINT_MAX
|
|
||||||
+
|
|
||||||
|
|
||||||
/* End of macros.h */
|
|
||||||
diff --git a/src/pdkim/pdkim.c b/src/pdkim/pdkim.c
|
|
||||||
index 7bfcdf4..bcc3f09 100644
|
|
||||||
--- a/src/pdkim/pdkim.c
|
|
||||||
+++ b/src/pdkim/pdkim.c
|
|
||||||
@@ -962,6 +962,11 @@ if (ctx->flags & PDKIM_MODE_SIGN)
|
|
||||||
/* DKIM-Signature: headers are added to the verification list */
|
|
||||||
else
|
|
||||||
{
|
|
||||||
+ DEBUG(D_acl)
|
|
||||||
+ {
|
|
||||||
+ debug_printf("PDKIM >> raw hdr: ");
|
|
||||||
+ pdkim_quoteprint(CUS ctx->cur_header, Ustrlen(ctx->cur_header));
|
|
||||||
+ }
|
|
||||||
if (strncasecmp(CCS ctx->cur_header,
|
|
||||||
DKIM_SIGNATURE_HEADERNAME,
|
|
||||||
Ustrlen(DKIM_SIGNATURE_HEADERNAME)) == 0)
|
|
||||||
diff --git a/src/receive.c b/src/receive.c
|
|
||||||
index e535876..9155cf1 100644
|
|
||||||
--- a/src/receive.c
|
|
||||||
+++ b/src/receive.c
|
|
||||||
@@ -37,7 +37,7 @@ the file. (When SMTP input is occurring, different functions are used by
|
|
||||||
changing the pointer variables.) */
|
|
||||||
|
|
||||||
int
|
|
||||||
-stdin_getc(void)
|
|
||||||
+stdin_getc(unsigned lim)
|
|
||||||
{
|
|
||||||
return getc(stdin);
|
|
||||||
}
|
|
||||||
@@ -626,7 +626,7 @@ if (!dot_ends)
|
|
||||||
{
|
|
||||||
register int last_ch = '\n';
|
|
||||||
|
|
||||||
- for (; (ch = (receive_getc)()) != EOF; last_ch = ch)
|
|
||||||
+ for (; (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; last_ch = ch)
|
|
||||||
{
|
|
||||||
if (ch == 0) body_zerocount++;
|
|
||||||
if (last_ch == '\r' && ch != '\n')
|
|
||||||
@@ -668,7 +668,7 @@ if (!dot_ends)
|
|
||||||
|
|
||||||
ch_state = 1;
|
|
||||||
|
|
||||||
-while ((ch = (receive_getc)()) != EOF)
|
|
||||||
+while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
|
|
||||||
{
|
|
||||||
if (ch == 0) body_zerocount++;
|
|
||||||
switch (ch_state)
|
|
||||||
@@ -786,7 +786,7 @@ int ch_state = 0;
|
|
||||||
int ch;
|
|
||||||
int linelength = 0;
|
|
||||||
|
|
||||||
-while ((ch = (receive_getc)()) != EOF)
|
|
||||||
+while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
|
|
||||||
{
|
|
||||||
if (ch == 0) body_zerocount++;
|
|
||||||
switch (ch_state)
|
|
||||||
@@ -913,7 +913,7 @@ read_message_bdat_smtp(FILE *fout)
|
|
||||||
int ch;
|
|
||||||
int linelength = 0;
|
|
||||||
|
|
||||||
-for (;;) switch (ch = bdat_getc())
|
|
||||||
+for (;;) switch (ch = bdat_getc(GETC_BUFFER_UNLIMITED))
|
|
||||||
{
|
|
||||||
case EOF: return END_EOF;
|
|
||||||
case EOD: return END_DOT;
|
|
||||||
@@ -1682,7 +1682,7 @@ next->text. */
|
|
||||||
|
|
||||||
for (;;)
|
|
||||||
{
|
|
||||||
- int ch = (receive_getc)();
|
|
||||||
+ int ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
|
|
||||||
|
|
||||||
/* If we hit EOF on a SMTP connection, it's an error, since incoming
|
|
||||||
SMTP must have a correct "." terminator. */
|
|
||||||
@@ -1761,10 +1761,10 @@ for (;;)
|
|
||||||
|
|
||||||
if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
|
|
||||||
{
|
|
||||||
- ch = (receive_getc)();
|
|
||||||
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
|
|
||||||
if (ch == '\r')
|
|
||||||
{
|
|
||||||
- ch = (receive_getc)();
|
|
||||||
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
|
|
||||||
if (ch != '\n')
|
|
||||||
{
|
|
||||||
receive_ungetc(ch);
|
|
||||||
@@ -1795,7 +1795,7 @@ for (;;)
|
|
||||||
|
|
||||||
if (ch == '\r')
|
|
||||||
{
|
|
||||||
- ch = (receive_getc)();
|
|
||||||
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
|
|
||||||
if (ch == '\n')
|
|
||||||
{
|
|
||||||
if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
|
|
||||||
@@ -1890,7 +1890,7 @@ for (;;)
|
|
||||||
|
|
||||||
if (ch != EOF)
|
|
||||||
{
|
|
||||||
- int nextch = (receive_getc)();
|
|
||||||
+ int nextch = (receive_getc)(GETC_BUFFER_UNLIMITED);
|
|
||||||
if (nextch == ' ' || nextch == '\t')
|
|
||||||
{
|
|
||||||
next->text[ptr++] = nextch;
|
|
||||||
@@ -4024,7 +4024,7 @@ if (smtp_input && sender_host_address != NULL && !sender_host_notsocket &&
|
|
||||||
|
|
||||||
if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0)
|
|
||||||
{
|
|
||||||
- int c = (receive_getc)();
|
|
||||||
+ int c = (receive_getc)(GETC_BUFFER_UNLIMITED);
|
|
||||||
if (c != EOF) (receive_ungetc)(c); else
|
|
||||||
{
|
|
||||||
smtp_notquit_exit(US"connection-lost", NULL, NULL);
|
|
||||||
diff --git a/src/smtp_in.c b/src/smtp_in.c
|
|
||||||
index 1484861..82900d9 100644
|
|
||||||
--- a/src/smtp_in.c
|
|
||||||
+++ b/src/smtp_in.c
|
|
||||||
@@ -44,11 +44,11 @@ The maximum size of a Kerberos ticket under Windows 2003 is 12000 bytes, and
|
|
||||||
we need room to handle large base64-encoded AUTHs for GSSAPI.
|
|
||||||
*/
|
|
||||||
|
|
||||||
-#define smtp_cmd_buffer_size 16384
|
|
||||||
+#define SMTP_CMD_BUFFER_SIZE 16384
|
|
||||||
|
|
||||||
/* Size of buffer for reading SMTP incoming packets */
|
|
||||||
|
|
||||||
-#define in_buffer_size 8192
|
|
||||||
+#define IN_BUFFER_SIZE 8192
|
|
||||||
|
|
||||||
/* Structure for SMTP command list */
|
|
||||||
|
|
||||||
@@ -301,7 +301,7 @@ static int smtp_had_error;
|
|
||||||
|
|
||||||
/* forward declarations */
|
|
||||||
int bdat_ungetc(int ch);
|
|
||||||
-static int smtp_read_command(BOOL check_sync);
|
|
||||||
+static int smtp_read_command(BOOL check_sync, unsigned buffer_lim);
|
|
||||||
static int synprot_error(int type, int code, uschar *data, uschar *errmess);
|
|
||||||
static void smtp_quit_handler(uschar **, uschar **);
|
|
||||||
static void smtp_rset_handler(void);
|
|
||||||
@@ -315,12 +315,12 @@ it flushes the output, and refills the buffer, with a timeout. The signal
|
|
||||||
handler is set appropriately by the calling function. This function is not used
|
|
||||||
after a connection has negotated itself into an TLS/SSL state.
|
|
||||||
|
|
||||||
-Arguments: none
|
|
||||||
+Arguments: lim Maximum amount to read/buffer
|
|
||||||
Returns: the next character or EOF
|
|
||||||
*/
|
|
||||||
|
|
||||||
int
|
|
||||||
-smtp_getc(void)
|
|
||||||
+smtp_getc(unsigned lim)
|
|
||||||
{
|
|
||||||
if (smtp_inptr >= smtp_inend)
|
|
||||||
{
|
|
||||||
@@ -328,7 +328,10 @@ if (smtp_inptr >= smtp_inend)
|
|
||||||
if (!smtp_out) return EOF;
|
|
||||||
fflush(smtp_out);
|
|
||||||
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
|
|
||||||
- rc = read(fileno(smtp_in), smtp_inbuffer, in_buffer_size);
|
|
||||||
+
|
|
||||||
+ /* Limit amount read, so non-message data is not fed to DKIM */
|
|
||||||
+
|
|
||||||
+ rc = read(fileno(smtp_in), smtp_inbuffer, MIN(IN_BUFFER_SIZE, lim));
|
|
||||||
save_errno = errno;
|
|
||||||
alarm(0);
|
|
||||||
if (rc <= 0)
|
|
||||||
@@ -376,23 +379,26 @@ to handle the BDAT command/response.
|
|
||||||
Placed here due to the correlation with the above smtp_getc(), which it wraps,
|
|
||||||
and also by the need to do smtp command/response handling.
|
|
||||||
|
|
||||||
-Arguments: none
|
|
||||||
+Arguments: lim (ignored)
|
|
||||||
Returns: the next character or ERR, EOD or EOF
|
|
||||||
*/
|
|
||||||
|
|
||||||
int
|
|
||||||
-bdat_getc(void)
|
|
||||||
+bdat_getc(unsigned lim)
|
|
||||||
{
|
|
||||||
uschar * user_msg = NULL;
|
|
||||||
uschar * log_msg;
|
|
||||||
|
|
||||||
for(;;)
|
|
||||||
{
|
|
||||||
- if (chunking_data_left-- > 0)
|
|
||||||
- return lwr_receive_getc();
|
|
||||||
+ if (chunking_data_left > 0)
|
|
||||||
+ return lwr_receive_getc(chunking_data_left--);
|
|
||||||
|
|
||||||
receive_getc = lwr_receive_getc;
|
|
||||||
receive_ungetc = lwr_receive_ungetc;
|
|
||||||
+#ifndef DISABLE_DKIM
|
|
||||||
+ dkim_collect_input = FALSE;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* If not the last, ack the received chunk. The last response is delayed
|
|
||||||
until after the data ACL decides on it */
|
|
||||||
@@ -405,21 +411,22 @@ for(;;)
|
|
||||||
return EOD;
|
|
||||||
}
|
|
||||||
|
|
||||||
- chunking_state = CHUNKING_OFFERED;
|
|
||||||
smtp_printf("250 %u byte chunk received\r\n", chunking_datasize);
|
|
||||||
+ chunking_state = CHUNKING_OFFERED;
|
|
||||||
+ DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
|
|
||||||
|
|
||||||
/* Expect another BDAT cmd from input. RFC 3030 says nothing about
|
|
||||||
QUIT, RSET or NOOP but handling them seems obvious */
|
|
||||||
|
|
||||||
next_cmd:
|
|
||||||
- switch(smtp_read_command(TRUE))
|
|
||||||
+ switch(smtp_read_command(TRUE, 1))
|
|
||||||
{
|
|
||||||
default:
|
|
||||||
(void) synprot_error(L_smtp_protocol_error, 503, NULL,
|
|
||||||
US"only BDAT permissible after non-LAST BDAT");
|
|
||||||
|
|
||||||
repeat_until_rset:
|
|
||||||
- switch(smtp_read_command(TRUE))
|
|
||||||
+ switch(smtp_read_command(TRUE, 1))
|
|
||||||
{
|
|
||||||
case QUIT_CMD: smtp_quit_handler(&user_msg, &log_msg); /*FALLTHROUGH */
|
|
||||||
case EOF_CMD: return EOF;
|
|
||||||
@@ -458,6 +465,8 @@ next_cmd:
|
|
||||||
chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0
|
|
||||||
? CHUNKING_LAST : CHUNKING_ACTIVE;
|
|
||||||
chunking_data_left = chunking_datasize;
|
|
||||||
+ DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
|
|
||||||
+ (int)chunking_state, chunking_data_left);
|
|
||||||
|
|
||||||
if (chunking_datasize == 0)
|
|
||||||
if (chunking_state == CHUNKING_LAST)
|
|
||||||
@@ -471,6 +480,9 @@ next_cmd:
|
|
||||||
|
|
||||||
receive_getc = bdat_getc;
|
|
||||||
receive_ungetc = bdat_ungetc;
|
|
||||||
+#ifndef DISABLE_DKIM
|
|
||||||
+ dkim_collect_input = TRUE;
|
|
||||||
+#endif
|
|
||||||
break; /* to top of main loop */
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -480,15 +492,18 @@ next_cmd:
|
|
||||||
static void
|
|
||||||
bdat_flush_data(void)
|
|
||||||
{
|
|
||||||
-while (chunking_data_left-- > 0)
|
|
||||||
- if (lwr_receive_getc() < 0)
|
|
||||||
+while (chunking_data_left > 0)
|
|
||||||
+ if (lwr_receive_getc(chunking_data_left--) < 0)
|
|
||||||
break;
|
|
||||||
|
|
||||||
receive_getc = lwr_receive_getc;
|
|
||||||
receive_ungetc = lwr_receive_ungetc;
|
|
||||||
|
|
||||||
if (chunking_state != CHUNKING_LAST)
|
|
||||||
+ {
|
|
||||||
chunking_state = CHUNKING_OFFERED;
|
|
||||||
+ DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1126,13 +1141,14 @@ signal handler that closes down the session on a timeout. Control does not
|
|
||||||
return when it runs.
|
|
||||||
|
|
||||||
Arguments:
|
|
||||||
- check_sync if TRUE, check synchronization rules if global option is TRUE
|
|
||||||
+ check_sync if TRUE, check synchronization rules if global option is TRUE
|
|
||||||
+ buffer_lim maximum to buffer in lower layer
|
|
||||||
|
|
||||||
Returns: a code identifying the command (enumerated above)
|
|
||||||
*/
|
|
||||||
|
|
||||||
static int
|
|
||||||
-smtp_read_command(BOOL check_sync)
|
|
||||||
+smtp_read_command(BOOL check_sync, unsigned buffer_lim)
|
|
||||||
{
|
|
||||||
int c;
|
|
||||||
int ptr = 0;
|
|
||||||
@@ -1141,9 +1157,9 @@ BOOL hadnull = FALSE;
|
|
||||||
|
|
||||||
os_non_restarting_signal(SIGALRM, command_timeout_handler);
|
|
||||||
|
|
||||||
-while ((c = (receive_getc)()) != '\n' && c != EOF)
|
|
||||||
+while ((c = (receive_getc)(buffer_lim)) != '\n' && c != EOF)
|
|
||||||
{
|
|
||||||
- if (ptr >= smtp_cmd_buffer_size)
|
|
||||||
+ if (ptr >= SMTP_CMD_BUFFER_SIZE)
|
|
||||||
{
|
|
||||||
os_non_restarting_signal(SIGALRM, sigalrm_handler);
|
|
||||||
return OTHER_CMD;
|
|
||||||
@@ -1301,7 +1317,7 @@ tzero.tv_usec = 0;
|
|
||||||
rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero);
|
|
||||||
|
|
||||||
if (rc <= 0) return TRUE; /* Not ready to read */
|
|
||||||
-rc = smtp_getc();
|
|
||||||
+rc = smtp_getc(GETC_BUFFER_UNLIMITED);
|
|
||||||
if (rc < 0) return TRUE; /* End of file or error */
|
|
||||||
|
|
||||||
smtp_ungetc(rc);
|
|
||||||
@@ -1337,7 +1353,7 @@ if (smtp_in == NULL || smtp_batched_input) return;
|
|
||||||
receive_swallow_smtp();
|
|
||||||
smtp_printf("421 %s\r\n", message);
|
|
||||||
|
|
||||||
-for (;;) switch(smtp_read_command(FALSE))
|
|
||||||
+for (;;) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
|
|
||||||
{
|
|
||||||
case EOF_CMD:
|
|
||||||
return;
|
|
||||||
@@ -1781,7 +1797,7 @@ while (done <= 0)
|
|
||||||
uschar *recipient = NULL;
|
|
||||||
int start, end, sender_domain, recipient_domain;
|
|
||||||
|
|
||||||
- switch(smtp_read_command(FALSE))
|
|
||||||
+ switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
|
|
||||||
{
|
|
||||||
/* The HELO/EHLO commands set sender_address_helo if they have
|
|
||||||
valid data; otherwise they are ignored, except that they do
|
|
||||||
@@ -2040,12 +2056,12 @@ acl_var_c = NULL;
|
|
||||||
|
|
||||||
/* Allow for trailing 0 in the command and data buffers. */
|
|
||||||
|
|
||||||
-if (!(smtp_cmd_buffer = US malloc(2*smtp_cmd_buffer_size + 2)))
|
|
||||||
+if (!(smtp_cmd_buffer = US malloc(2*SMTP_CMD_BUFFER_SIZE + 2)))
|
|
||||||
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
|
|
||||||
"malloc() failed for SMTP command buffer");
|
|
||||||
|
|
||||||
smtp_cmd_buffer[0] = 0;
|
|
||||||
-smtp_data_buffer = smtp_cmd_buffer + smtp_cmd_buffer_size + 1;
|
|
||||||
+smtp_data_buffer = smtp_cmd_buffer + SMTP_CMD_BUFFER_SIZE + 1;
|
|
||||||
|
|
||||||
/* For batched input, the protocol setting can be overridden from the
|
|
||||||
command line by a trusted caller. */
|
|
||||||
@@ -2065,7 +2081,7 @@ else
|
|
||||||
/* Set up the buffer for inputting using direct read() calls, and arrange to
|
|
||||||
call the local functions instead of the standard C ones. */
|
|
||||||
|
|
||||||
-if (!(smtp_inbuffer = (uschar *)malloc(in_buffer_size)))
|
|
||||||
+if (!(smtp_inbuffer = (uschar *)malloc(IN_BUFFER_SIZE)))
|
|
||||||
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP input buffer");
|
|
||||||
|
|
||||||
receive_getc = smtp_getc;
|
|
||||||
@@ -3550,7 +3566,7 @@ while (done <= 0)
|
|
||||||
US &off, sizeof(off));
|
|
||||||
#endif
|
|
||||||
|
|
||||||
- switch(smtp_read_command(TRUE))
|
|
||||||
+ switch(smtp_read_command(TRUE, GETC_BUFFER_UNLIMITED))
|
|
||||||
{
|
|
||||||
/* The AUTH command is not permitted to occur inside a transaction, and may
|
|
||||||
occur successfully only once per connection. Actually, that isn't quite
|
|
||||||
@@ -4750,14 +4766,14 @@ while (done <= 0)
|
|
||||||
chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0
|
|
||||||
? CHUNKING_LAST : CHUNKING_ACTIVE;
|
|
||||||
chunking_data_left = chunking_datasize;
|
|
||||||
+ DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
|
|
||||||
+ (int)chunking_state, chunking_data_left);
|
|
||||||
|
|
||||||
lwr_receive_getc = receive_getc;
|
|
||||||
lwr_receive_ungetc = receive_ungetc;
|
|
||||||
receive_getc = bdat_getc;
|
|
||||||
receive_ungetc = bdat_ungetc;
|
|
||||||
|
|
||||||
- DEBUG(D_any)
|
|
||||||
- debug_printf("chunking state %d\n", (int)chunking_state);
|
|
||||||
goto DATA_BDAT;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -4973,7 +4989,7 @@ while (done <= 0)
|
|
||||||
It seems safest to just wipe away the content rather than leave it as a
|
|
||||||
target to jump to. */
|
|
||||||
|
|
||||||
- memset(smtp_inbuffer, 0, in_buffer_size);
|
|
||||||
+ memset(smtp_inbuffer, 0, IN_BUFFER_SIZE);
|
|
||||||
|
|
||||||
/* Attempt to start up a TLS session, and if successful, discard all
|
|
||||||
knowledge that was obtained previously. At least, that's what the RFC says,
|
|
||||||
@@ -5027,7 +5043,7 @@ while (done <= 0)
|
|
||||||
set, but we must still reject all incoming commands. */
|
|
||||||
|
|
||||||
DEBUG(D_tls) debug_printf("TLS failed to start\n");
|
|
||||||
- while (done <= 0) switch(smtp_read_command(FALSE))
|
|
||||||
+ while (done <= 0) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
|
|
||||||
{
|
|
||||||
case EOF_CMD:
|
|
||||||
log_write(L_smtp_connection, LOG_MAIN, "%s closed by EOF",
|
|
||||||
@@ -5315,8 +5331,8 @@ while (done <= 0)
|
|
||||||
|
|
||||||
case BADSYN_CMD:
|
|
||||||
SYNC_FAILURE:
|
|
||||||
- if (smtp_inend >= smtp_inbuffer + in_buffer_size)
|
|
||||||
- smtp_inend = smtp_inbuffer + in_buffer_size - 1;
|
|
||||||
+ if (smtp_inend >= smtp_inbuffer + IN_BUFFER_SIZE)
|
|
||||||
+ smtp_inend = smtp_inbuffer + IN_BUFFER_SIZE - 1;
|
|
||||||
c = smtp_inend - smtp_inptr;
|
|
||||||
if (c > 150) c = 150;
|
|
||||||
smtp_inptr[c] = 0;
|
|
||||||
diff --git a/src/tls-gnu.c b/src/tls-gnu.c
|
|
||||||
index 10bfaca..181dde4 100644
|
|
||||||
--- a/src/tls-gnu.c
|
|
||||||
+++ b/src/tls-gnu.c
|
|
||||||
@@ -2158,12 +2158,12 @@ Only used by the server-side TLS.
|
|
||||||
|
|
||||||
This feeds DKIM and should be used for all message-body reads.
|
|
||||||
|
|
||||||
-Arguments: none
|
|
||||||
+Arguments: lim Maximum amount to read/bufffer
|
|
||||||
Returns: the next character or EOF
|
|
||||||
*/
|
|
||||||
|
|
||||||
int
|
|
||||||
-tls_getc(void)
|
|
||||||
+tls_getc(unsigned lim)
|
|
||||||
{
|
|
||||||
exim_gnutls_state_st *state = &state_server;
|
|
||||||
if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
|
|
||||||
@@ -2175,7 +2175,7 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
|
|
||||||
|
|
||||||
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
|
|
||||||
inbytes = gnutls_record_recv(state->session, state->xfer_buffer,
|
|
||||||
- ssl_xfer_buffer_size);
|
|
||||||
+ MIN(ssl_xfer_buffer_size, lim));
|
|
||||||
alarm(0);
|
|
||||||
|
|
||||||
/* Timeouts do not get this far; see command_timeout_handler().
|
|
||||||
@@ -2213,7 +2213,7 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
|
|
||||||
state->tlsp->peercert = NULL;
|
|
||||||
state->tlsp->peerdn = NULL;
|
|
||||||
|
|
||||||
- return smtp_getc();
|
|
||||||
+ return smtp_getc(lim);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Handle genuine errors */
|
|
||||||
diff --git a/src/tls-openssl.c b/src/tls-openssl.c
|
|
||||||
index d9426ac..0ac7d03 100644
|
|
||||||
--- a/src/tls-openssl.c
|
|
||||||
+++ b/src/tls-openssl.c
|
|
||||||
@@ -2360,14 +2360,14 @@ return OK;
|
|
||||||
/* This gets the next byte from the TLS input buffer. If the buffer is empty,
|
|
||||||
it refills the buffer via the SSL reading function.
|
|
||||||
|
|
||||||
-Arguments: none
|
|
||||||
+Arguments: lim Maximum amount to read/buffer
|
|
||||||
Returns: the next character or EOF
|
|
||||||
|
|
||||||
Only used by the server-side TLS.
|
|
||||||
*/
|
|
||||||
|
|
||||||
int
|
|
||||||
-tls_getc(void)
|
|
||||||
+tls_getc(unsigned lim)
|
|
||||||
{
|
|
||||||
if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
|
|
||||||
{
|
|
||||||
@@ -2378,7 +2378,8 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
|
|
||||||
ssl_xfer_buffer, ssl_xfer_buffer_size);
|
|
||||||
|
|
||||||
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
|
|
||||||
- inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size);
|
|
||||||
+ inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer,
|
|
||||||
+ MIN(ssl_xfer_buffer_size, lim));
|
|
||||||
error = SSL_get_error(server_ssl, inbytes);
|
|
||||||
alarm(0);
|
|
||||||
|
|
||||||
@@ -2405,7 +2406,7 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
|
|
||||||
tls_in.peerdn = NULL;
|
|
||||||
tls_in.sni = NULL;
|
|
||||||
|
|
||||||
- return smtp_getc();
|
|
||||||
+ return smtp_getc(lim);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Handle genuine errors */
|
|
|
@ -1,13 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 1e3c63f..0e7854c 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -724,7 +724,7 @@ userforward:
|
|
||||||
# local_part_suffix = +* : -*
|
|
||||||
# local_part_suffix_optional
|
|
||||||
file = $home/.forward
|
|
||||||
-# allow_filter
|
|
||||||
+ allow_filter
|
|
||||||
no_verify
|
|
||||||
no_expn
|
|
||||||
check_ancestor
|
|
|
@ -1,298 +0,0 @@
|
||||||
diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile
|
|
||||||
index 3e486a6..6c4afec 100755
|
|
||||||
--- a/scripts/Configure-Makefile
|
|
||||||
+++ b/scripts/Configure-Makefile
|
|
||||||
@@ -269,7 +269,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
|
||||||
|
|
||||||
mv $mft $mftt
|
|
||||||
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
|
|
||||||
- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
|
|
||||||
+ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
|
|
||||||
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
|
|
||||||
echo "" >>$mft
|
|
||||||
cat $mftt >> $mft
|
|
||||||
diff --git a/src/src/EDITME b/src/src/EDITME
|
|
||||||
index 6929346..5a08197 100644
|
|
||||||
--- a/src/EDITME
|
|
||||||
+++ b/src/EDITME
|
|
||||||
@@ -98,7 +98,7 @@
|
|
||||||
# /usr/local/sbin. The installation script will try to create this directory,
|
|
||||||
# and any superior directories, if they do not exist.
|
|
||||||
|
|
||||||
-BIN_DIRECTORY=/usr/exim/bin
|
|
||||||
+BIN_DIRECTORY=/usr/sbin
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -114,7 +114,7 @@ BIN_DIRECTORY=/usr/exim/bin
|
|
||||||
# don't exist. It will also install a default runtime configuration if this
|
|
||||||
# file does not exist.
|
|
||||||
|
|
||||||
-CONFIGURE_FILE=/usr/exim/configure
|
|
||||||
+CONFIGURE_FILE=/etc/exim/exim.conf
|
|
||||||
|
|
||||||
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
|
|
||||||
# In this case, Exim will use the first of them that exists when it is run.
|
|
||||||
@@ -131,7 +131,7 @@ CONFIGURE_FILE=/usr/exim/configure
|
|
||||||
# deliveries. (Local deliveries run as various non-root users, typically as the
|
|
||||||
# owner of a local mailbox.) Specifying these values as root is not supported.
|
|
||||||
|
|
||||||
-EXIM_USER=
|
|
||||||
+EXIM_USER=93
|
|
||||||
|
|
||||||
# If you specify EXIM_USER as a name, this is looked up at build time, and the
|
|
||||||
# uid number is built into the binary. However, you can specify that this
|
|
||||||
@@ -152,7 +152,7 @@ EXIM_USER=
|
|
||||||
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
|
|
||||||
# you want to use a group other than the default group for the given user.
|
|
||||||
|
|
||||||
-# EXIM_GROUP=
|
|
||||||
+EXIM_GROUP=93
|
|
||||||
|
|
||||||
# Many sites define a user called "exim", with an appropriate default group,
|
|
||||||
# and use
|
|
||||||
@@ -232,7 +232,7 @@ TRANSPORT_SMTP=yes
|
|
||||||
# This one is special-purpose, and commonly not required, so it is not
|
|
||||||
# included by default.
|
|
||||||
|
|
||||||
-# TRANSPORT_LMTP=yes
|
|
||||||
+TRANSPORT_LMTP=yes
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -241,9 +241,9 @@ TRANSPORT_SMTP=yes
|
|
||||||
# MBX, is included only when requested. If you do not know what this is about,
|
|
||||||
# leave these settings commented out.
|
|
||||||
|
|
||||||
-# SUPPORT_MAILDIR=yes
|
|
||||||
-# SUPPORT_MAILSTORE=yes
|
|
||||||
-# SUPPORT_MBX=yes
|
|
||||||
+SUPPORT_MAILDIR=yes
|
|
||||||
+SUPPORT_MAILSTORE=yes
|
|
||||||
+SUPPORT_MBX=yes
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -301,19 +301,21 @@ LOOKUP_DBM=yes
|
|
||||||
LOOKUP_LSEARCH=yes
|
|
||||||
LOOKUP_DNSDB=yes
|
|
||||||
|
|
||||||
-# LOOKUP_CDB=yes
|
|
||||||
-# LOOKUP_DSEARCH=yes
|
|
||||||
+LOOKUP_CDB=yes
|
|
||||||
+LOOKUP_DSEARCH=yes
|
|
||||||
# LOOKUP_IBASE=yes
|
|
||||||
-# LOOKUP_LDAP=yes
|
|
||||||
-# LOOKUP_MYSQL=yes
|
|
||||||
-# LOOKUP_NIS=yes
|
|
||||||
-# LOOKUP_NISPLUS=yes
|
|
||||||
+LOOKUP_LDAP=yes
|
|
||||||
+LDAP_LIB_TYPE=OPENLDAP2
|
|
||||||
+LOOKUP_INCLUDE=-I/usr/include/mysql
|
|
||||||
+LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient -lpq
|
|
||||||
+LOOKUP_MYSQL=yes
|
|
||||||
+LOOKUP_NIS=yes
|
|
||||||
+LOOKUP_NISPLUS=yes
|
|
||||||
# LOOKUP_ORACLE=yes
|
|
||||||
-# LOOKUP_PASSWD=yes
|
|
||||||
-# LOOKUP_PGSQL=yes
|
|
||||||
+LOOKUP_PASSWD=yes
|
|
||||||
+LOOKUP_PGSQL=yes
|
|
||||||
# LOOKUP_REDIS=yes
|
|
||||||
-# LOOKUP_SQLITE=yes
|
|
||||||
-# LOOKUP_SQLITE_PC=sqlite3
|
|
||||||
+LOOKUP_SQLITE=yes
|
|
||||||
# LOOKUP_WHOSON=yes
|
|
||||||
|
|
||||||
# These two settings are obsolete; all three lookups are compiled when
|
|
||||||
@@ -390,7 +392,7 @@ EXIM_MONITOR=eximon.bin
|
|
||||||
# and the MIME ACL. Please read the documentation to learn more about these
|
|
||||||
# features.
|
|
||||||
|
|
||||||
-# WITH_CONTENT_SCAN=yes
|
|
||||||
+WITH_CONTENT_SCAN=yes
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
# If you're using ClamAV and are backporting fixes to an old version, instead
|
|
||||||
@@ -577,7 +579,7 @@ FIXED_NEVER_USERS=root
|
|
||||||
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
|
||||||
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
|
||||||
|
|
||||||
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
|
|
||||||
+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -622,16 +624,14 @@ FIXED_NEVER_USERS=root
|
|
||||||
# included in the Exim binary. You will then need to set up the run time
|
|
||||||
# configuration to make use of the mechanism(s) selected.
|
|
||||||
|
|
||||||
-# AUTH_CRAM_MD5=yes
|
|
||||||
-# AUTH_CYRUS_SASL=yes
|
|
||||||
-# AUTH_DOVECOT=yes
|
|
||||||
-# AUTH_GSASL=yes
|
|
||||||
-# AUTH_GSASL_PC=libgsasl
|
|
||||||
-# AUTH_HEIMDAL_GSSAPI=yes
|
|
||||||
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
|
|
||||||
-# AUTH_PLAINTEXT=yes
|
|
||||||
-# AUTH_SPA=yes
|
|
||||||
-# AUTH_TLS=yes
|
|
||||||
+AUTH_CRAM_MD5=yes
|
|
||||||
+AUTH_CYRUS_SASL=yes
|
|
||||||
+AUTH_DOVECOT=yes
|
|
||||||
+AUTH_GSASL=yes
|
|
||||||
+AUTH_GSASL_PC=libgsasl
|
|
||||||
+AUTH_PLAINTEXT=yes
|
|
||||||
+AUTH_SPA=yes
|
|
||||||
+AUTH_TLS=yes
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -652,7 +652,7 @@ FIXED_NEVER_USERS=root
|
|
||||||
# one that is set in the headers_charset option. The default setting is
|
|
||||||
# defined by this setting:
|
|
||||||
|
|
||||||
-HEADERS_CHARSET="ISO-8859-1"
|
|
||||||
+HEADERS_CHARSET="UTF-8"
|
|
||||||
|
|
||||||
# If you are going to make use of $header_xxx expansions in your configuration
|
|
||||||
# file, or if your users are going to use them in filter files, and the normal
|
|
||||||
@@ -672,7 +672,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
|
||||||
# the Sieve filter support. For those OS where iconv() is known to be installed
|
|
||||||
# as standard, the file in OS/Makefile-xxxx contains
|
|
||||||
#
|
|
||||||
-# HAVE_ICONV=yes
|
|
||||||
+HAVE_ICONV=yes
|
|
||||||
#
|
|
||||||
# If you are not using one of those systems, but have installed iconv(), you
|
|
||||||
# need to uncomment that line above. In some cases, you may find that iconv()
|
|
||||||
@@ -734,11 +734,11 @@ HEADERS_CHARSET="ISO-8859-1"
|
|
||||||
# leave these settings commented out.
|
|
||||||
|
|
||||||
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
|
|
||||||
-# SUPPORT_TLS=yes
|
|
||||||
+SUPPORT_TLS=yes
|
|
||||||
|
|
||||||
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
|
|
||||||
-# USE_OPENSSL_PC=openssl
|
|
||||||
-# TLS_LIBS=-lssl -lcrypto
|
|
||||||
+TLS_INCLUDE=-I/usr/kerberos/include
|
|
||||||
+TLS_LIBS=-lssl -lcrypto
|
|
||||||
|
|
||||||
# Uncomment the first and either the second or the third of these if you
|
|
||||||
# are using GnuTLS. If you have pkg-config, then the second, else the third.
|
|
||||||
@@ -807,7 +807,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
|
||||||
# Once you have done this, "make install" will build the info files and
|
|
||||||
# install them in the directory you have defined.
|
|
||||||
|
|
||||||
-# INFO_DIRECTORY=/usr/share/info
|
|
||||||
+INFO_DIRECTORY=/usr/share/info
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -820,7 +820,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
|
||||||
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
|
||||||
# to form the final file names. Some installations may want something like this:
|
|
||||||
|
|
||||||
-# LOG_FILE_PATH=/var/log/exim_%slog
|
|
||||||
+LOG_FILE_PATH=/var/log/exim/%s.log
|
|
||||||
|
|
||||||
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
|
||||||
# in which the log files are placed must exist; Exim does not try to create
|
|
||||||
@@ -892,7 +892,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
|
||||||
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
|
||||||
# Perl costs quite a lot of resources. Only do this if you really need it.
|
|
||||||
|
|
||||||
-# EXIM_PERL=perl.o
|
|
||||||
+EXIM_PERL=perl.o
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -902,7 +902,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
|
||||||
# that the local_scan API is made available by the linker. You may also need
|
|
||||||
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
|
||||||
|
|
||||||
-# EXPAND_DLFUNC=yes
|
|
||||||
+EXPAND_DLFUNC=yes
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -912,7 +912,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
|
||||||
# support, which is intended for use in conjunction with the SMTP AUTH
|
|
||||||
# facilities, is included only when requested by the following setting:
|
|
||||||
|
|
||||||
-# SUPPORT_PAM=yes
|
|
||||||
+SUPPORT_PAM=yes
|
|
||||||
|
|
||||||
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
|
||||||
# GNU/Linux -ldl is also needed.
|
|
||||||
@@ -1006,7 +1006,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
|
||||||
# group. Once you have installed saslauthd, you should arrange for it to be
|
|
||||||
# started by root at boot time.
|
|
||||||
|
|
||||||
-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
|
|
||||||
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -1019,9 +1019,9 @@ ZCAT_COMMAND=/usr/bin/zcat
|
|
||||||
# You may well also have to specify a local "include" file and an additional
|
|
||||||
# library for TCP wrappers, so you probably need something like this:
|
|
||||||
#
|
|
||||||
-# USE_TCP_WRAPPERS=yes
|
|
||||||
-# CFLAGS=-O -I/usr/local/include
|
|
||||||
-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
|
|
||||||
+USE_TCP_WRAPPERS=yes
|
|
||||||
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
|
|
||||||
+EXTRALIBS_EXIM=-lwrap -lpam -ldl -export-dynamic -rdynamic
|
|
||||||
#
|
|
||||||
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
|
||||||
# as well.
|
|
||||||
@@ -1073,7 +1073,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
|
||||||
# is "yes", as well as supporting line editing, a history of input lines in the
|
|
||||||
# current run is maintained.
|
|
||||||
|
|
||||||
-# USE_READLINE=yes
|
|
||||||
+USE_READLINE=yes
|
|
||||||
|
|
||||||
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
|
||||||
# Note that this option adds to the size of the Exim binary, because the
|
|
||||||
@@ -1083,7 +1083,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
# Uncomment this setting to include IPv6 support.
|
|
||||||
|
|
||||||
-# HAVE_IPV6=yes
|
|
||||||
+HAVE_IPV6=yes
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
|
||||||
@@ -1104,13 +1104,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
|
||||||
# haven't got Perl, Exim will still build and run; you just won't be able to
|
|
||||||
# use those utilities.
|
|
||||||
|
|
||||||
-# CHOWN_COMMAND=/usr/bin/chown
|
|
||||||
-# CHGRP_COMMAND=/usr/bin/chgrp
|
|
||||||
-# CHMOD_COMMAND=/usr/bin/chmod
|
|
||||||
-# MV_COMMAND=/bin/mv
|
|
||||||
-# RM_COMMAND=/bin/rm
|
|
||||||
-# TOUCH_COMMAND=/usr/bin/touch
|
|
||||||
-# PERL_COMMAND=/usr/bin/perl
|
|
||||||
+CHOWN_COMMAND=/usr/bin/chown
|
|
||||||
+CHGRP_COMMAND=/usr/bin/chgrp
|
|
||||||
+CHMOD_COMMAND=/usr/bin/chmod
|
|
||||||
+MV_COMMAND=/usr/bin/mv
|
|
||||||
+RM_COMMAND=/usr/bin/rm
|
|
||||||
+TOUCH_COMMAND=/usr/bin/touch
|
|
||||||
+PERL_COMMAND=/usr/bin/perl
|
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
@@ -1312,7 +1312,7 @@ EXIM_TMPDIR="/tmp"
|
|
||||||
# (process id) to a file so that it can easily be identified. The path of the
|
|
||||||
# file can be specified here. Some installations may want something like this:
|
|
||||||
|
|
||||||
-# PID_FILE_PATH=/var/lock/exim.pid
|
|
||||||
+PID_FILE_PATH=/var/run/exim.pid
|
|
||||||
|
|
||||||
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
|
|
||||||
# using the name "exim-daemon.pid".
|
|
|
@ -1,21 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 8b6162b..d588898 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -765,6 +765,16 @@ address_reply:
|
|
||||||
driver = autoreply
|
|
||||||
|
|
||||||
|
|
||||||
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
|
|
||||||
+# socket. You'll need to configure the 'localuser' router above to use it.
|
|
||||||
+#
|
|
||||||
+#lmtp_delivery:
|
|
||||||
+# home_directory = /var/spool/imap
|
|
||||||
+# driver = lmtp
|
|
||||||
+# command = "/usr/lib/cyrus-imapd/deliver -l"
|
|
||||||
+# batch_max = 20
|
|
||||||
+# user = cyrus
|
|
||||||
+
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
# RETRY CONFIGURATION #
|
|
|
@ -1,118 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 921c53b..a92c954 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -107,6 +107,7 @@ hostlist relay_from_hosts = localhost
|
|
||||||
# manual for details. The lists above are used in the access control lists for
|
|
||||||
# checking incoming messages. The names of these ACLs are defined here:
|
|
||||||
|
|
||||||
+acl_smtp_mail = acl_check_mail
|
|
||||||
acl_smtp_rcpt = acl_check_rcpt
|
|
||||||
acl_smtp_data = acl_check_data
|
|
||||||
acl_smtp_mime = acl_check_mime
|
|
||||||
@@ -368,6 +369,29 @@ timeout_frozen_after = 7d
|
|
||||||
|
|
||||||
begin acl
|
|
||||||
|
|
||||||
+
|
|
||||||
+# This access control list is used for the MAIL command in an incoming
|
|
||||||
+# SMTP message.
|
|
||||||
+
|
|
||||||
+acl_check_mail:
|
|
||||||
+
|
|
||||||
+ # Hosts are required to say HELO (or EHLO) before sending mail.
|
|
||||||
+ # So don't allow them to use the MAIL command if they haven't
|
|
||||||
+ # done so.
|
|
||||||
+
|
|
||||||
+ deny condition = ${if eq{$sender_helo_name}{} {1}}
|
|
||||||
+ message = Nice boys say HELO first
|
|
||||||
+
|
|
||||||
+ # Use the lack of reverse DNS to trigger greylisting. Some people
|
|
||||||
+ # even reject for it but that would be a little excessive.
|
|
||||||
+
|
|
||||||
+ warn condition = ${if eq{$sender_host_name}{} {1}}
|
|
||||||
+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
|
|
||||||
+
|
|
||||||
+ accept
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
# This access control list is used for every RCPT command in an incoming
|
|
||||||
# SMTP message. The tests are run in order until the address is either
|
|
||||||
# accepted or denied.
|
|
||||||
@@ -493,7 +517,8 @@ acl_check_rcpt:
|
|
||||||
# There are no default checks on DNS black lists because the domains that
|
|
||||||
# contain these lists are changing all the time. However, here are two
|
|
||||||
# examples of how you can get Exim to perform a DNS black list lookup at this
|
|
||||||
- # point. The first one denies, whereas the second just warns.
|
|
||||||
+ # point. The first one denies, whereas the second just warns. The third
|
|
||||||
+ # triggers greylisting for any host in the blacklist.
|
|
||||||
#
|
|
||||||
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
|
||||||
# dnslists = black.list.example
|
|
||||||
@@ -501,6 +526,10 @@ acl_check_rcpt:
|
|
||||||
# warn dnslists = black.list.example
|
|
||||||
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
|
||||||
# log_message = found in $dnslist_domain
|
|
||||||
+ #
|
|
||||||
+ # warn dnslists = black.list.example
|
|
||||||
+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
|
|
||||||
+ #
|
|
||||||
#############################################################################
|
|
||||||
|
|
||||||
#############################################################################
|
|
||||||
@@ -514,6 +543,10 @@ acl_check_rcpt:
|
|
||||||
# require verify = csa
|
|
||||||
#############################################################################
|
|
||||||
|
|
||||||
+ # Alternatively, greylist for it:
|
|
||||||
+ # warn !verify = csa
|
|
||||||
+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
|
|
||||||
+
|
|
||||||
# At this point, the address has passed all the checks that have been
|
|
||||||
# configured, so we accept it unconditionally.
|
|
||||||
|
|
||||||
@@ -546,6 +579,12 @@ acl_check_data:
|
|
||||||
# deny condition = ${if !def:h_Message-ID: {1}}
|
|
||||||
# message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
|
||||||
# Most messages without it are spam, so your mail has been rejected.
|
|
||||||
+ #
|
|
||||||
+ # Alternatively if we're feeling more lenient we could just use it to
|
|
||||||
+ # trigger greylisting instead:
|
|
||||||
+
|
|
||||||
+ warn condition = ${if !def:h_Message-ID: {1}}
|
|
||||||
+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
|
|
||||||
|
|
||||||
# Deny if the message contains a virus. Before enabling this check, you
|
|
||||||
# must install a virus scanner and set the av_scanner option above.
|
|
||||||
@@ -580,8 +619,30 @@ acl_check_data:
|
|
||||||
# message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
|
||||||
# $spam_report
|
|
||||||
|
|
||||||
+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
|
|
||||||
+ #
|
|
||||||
+ # warn condition = ${if >{$spam_score_int}{5} {1}}
|
|
||||||
+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+ # If you want to greylist _all_ mail rather than only mail which looks like there
|
|
||||||
+ # might be something wrong with it, then you can do this...
|
|
||||||
+ #
|
|
||||||
+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
|
|
||||||
+
|
|
||||||
+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist
|
|
||||||
+ # package which contains this subroutine, and you need to uncomment the bit below
|
|
||||||
+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
|
|
||||||
+ # greylisting will kick in and will defer the mail to check if the sender is a
|
|
||||||
+ # proper mail which which retries, or whether it's a zombie. For more details, see
|
|
||||||
+ # the exim-greylist.conf.inc file itself.
|
|
||||||
+ #
|
|
||||||
+ # require acl = greylist_mail
|
|
||||||
+
|
|
||||||
accept
|
|
||||||
|
|
||||||
+# To enable the greylisting, also uncomment this line:
|
|
||||||
+# .include /etc/exim/exim-greylist.conf.inc
|
|
||||||
|
|
||||||
acl_check_mime:
|
|
||||||
|
|
|
@ -1,78 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index d588898..61bdae8 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -142,7 +142,7 @@ acl_smtp_data = acl_check_data
|
|
||||||
|
|
||||||
# Allow any client to use TLS.
|
|
||||||
|
|
||||||
-# tls_advertise_hosts = *
|
|
||||||
+tls_advertise_hosts = *
|
|
||||||
|
|
||||||
# Specify the location of the Exim server's TLS certificate and private key.
|
|
||||||
# The private key must not be encrypted (password protected). You can put
|
|
||||||
@@ -150,8 +150,8 @@ acl_smtp_data = acl_check_data
|
|
||||||
# need the first setting, or in separate files, in which case you need both
|
|
||||||
# options.
|
|
||||||
|
|
||||||
-# tls_certificate = /etc/ssl/exim.crt
|
|
||||||
-# tls_privatekey = /etc/ssl/exim.pem
|
|
||||||
+tls_certificate = /etc/pki/tls/certs/exim.pem
|
|
||||||
+tls_privatekey = /etc/pki/tls/private/exim.pem
|
|
||||||
|
|
||||||
# In order to support roaming users who wish to send email from anywhere,
|
|
||||||
# you may want to make Exim listen on other ports as well as port 25, in
|
|
||||||
@@ -162,8 +162,8 @@ acl_smtp_data = acl_check_data
|
|
||||||
# them you should also allow TLS-on-connect on the traditional but
|
|
||||||
# non-standard port 465.
|
|
||||||
|
|
||||||
-# daemon_smtp_ports = 25 : 465 : 587
|
|
||||||
-# tls_on_connect_ports = 465
|
|
||||||
+daemon_smtp_ports = 25 : 465 : 587
|
|
||||||
+tls_on_connect_ports = 465
|
|
||||||
|
|
||||||
|
|
||||||
# Specify the domain you want to be added to all unqualified addresses
|
|
||||||
@@ -221,6 +221,24 @@ never_users = root
|
|
||||||
|
|
||||||
host_lookup = *
|
|
||||||
|
|
||||||
+# This setting, if uncommented, allows users to authenticate using
|
|
||||||
+# their system passwords against saslauthd if they connect over a
|
|
||||||
+# secure connection. If you have network logins such as NIS or
|
|
||||||
+# Kerberos rather than only local users, then you possibly also want
|
|
||||||
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
|
|
||||||
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
|
|
||||||
+# allows them to relay through the system.
|
|
||||||
+#
|
|
||||||
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
|
|
||||||
+#
|
|
||||||
+# By default, we set this option to allow SMTP AUTH from nowhere
|
|
||||||
+# (Exim's default would be to allow it from anywhere, even on an
|
|
||||||
+# unencrypted connection).
|
|
||||||
+#
|
|
||||||
+# Comment this one out if you uncomment the above. Did you make sure
|
|
||||||
+# saslauthd is actually running first?
|
|
||||||
+#
|
|
||||||
+auth_advertise_hosts =
|
|
||||||
|
|
||||||
# The settings below cause Exim to make RFC 1413 (ident) callbacks
|
|
||||||
# for all incoming SMTP calls. You can limit the hosts to which these
|
|
||||||
@@ -844,7 +862,7 @@ begin authenticators
|
|
||||||
# driver = plaintext
|
|
||||||
# server_set_id = $auth2
|
|
||||||
# server_prompts = :
|
|
||||||
-# server_condition = Authentication is not yet configured
|
|
||||||
+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
|
|
||||||
# server_advertise_condition = ${if def:tls_in_cipher }
|
|
||||||
|
|
||||||
# LOGIN authentication has traditional prompts and responses. There is no
|
|
||||||
@@ -856,7 +874,7 @@ begin authenticators
|
|
||||||
# driver = plaintext
|
|
||||||
# server_set_id = $auth1
|
|
||||||
# server_prompts = <| Username: | Password:
|
|
||||||
-# server_condition = Authentication is not yet configured
|
|
||||||
+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
|
|
||||||
# server_advertise_condition = ${if def:tls_in_cipher }
|
|
||||||
|
|
||||||
|
|
|
@ -1,34 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index ecc3d6e..1e3c63f 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -732,6 +732,12 @@ userforward:
|
|
||||||
pipe_transport = address_pipe
|
|
||||||
reply_transport = address_reply
|
|
||||||
|
|
||||||
+procmail:
|
|
||||||
+ driver = accept
|
|
||||||
+ check_local_user
|
|
||||||
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
|
|
||||||
+ transport = procmail
|
|
||||||
+ no_verify
|
|
||||||
|
|
||||||
# This router matches local user mailboxes. If the router fails, the error
|
|
||||||
# message is "Unknown user".
|
|
||||||
@@ -773,6 +779,16 @@ remote_smtp:
|
|
||||||
driver = smtp
|
|
||||||
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
|
|
||||||
|
|
||||||
+# This transport invokes procmail to deliver mail
|
|
||||||
+procmail:
|
|
||||||
+ driver = pipe
|
|
||||||
+ command = "/usr/bin/procmail -d $local_part"
|
|
||||||
+ return_path_add
|
|
||||||
+ delivery_date_add
|
|
||||||
+ envelope_to_add
|
|
||||||
+ user = $local_part
|
|
||||||
+ initgroups
|
|
||||||
+ return_output
|
|
||||||
|
|
||||||
# This transport is used for local delivery to user mailboxes in traditional
|
|
||||||
# BSD mailbox format. By default it will be run under the uid and gid of the
|
|
|
@ -1,24 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index 985f1d0..8b6162b 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -630,7 +630,7 @@ system_aliases:
|
|
||||||
driver = redirect
|
|
||||||
allow_fail
|
|
||||||
allow_defer
|
|
||||||
- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
|
|
||||||
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
|
|
||||||
# user = exim
|
|
||||||
file_transport = address_file
|
|
||||||
pipe_transport = address_pipe
|
|
||||||
@@ -731,8 +731,8 @@ local_delivery:
|
|
||||||
delivery_date_add
|
|
||||||
envelope_to_add
|
|
||||||
return_path_add
|
|
||||||
-# group = mail
|
|
||||||
-# mode = 0660
|
|
||||||
+ group = mail
|
|
||||||
+ mode = 0660
|
|
||||||
|
|
||||||
|
|
||||||
# This transport is used for handling pipe deliveries generated by alias or
|
|
|
@ -1,51 +0,0 @@
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
|
||||||
index a92c954..13599ae 100644
|
|
||||||
--- a/src/configure.default
|
|
||||||
+++ b/src/configure.default
|
|
||||||
@@ -840,6 +840,15 @@ remote_smtp:
|
|
||||||
driver = smtp
|
|
||||||
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
|
|
||||||
|
|
||||||
+# This transport is used for delivering messages over SMTP using the
|
|
||||||
+# "message submission" port (RFC4409).
|
|
||||||
+
|
|
||||||
+remote_msa:
|
|
||||||
+ driver = smtp
|
|
||||||
+ port = 587
|
|
||||||
+ hosts_require_auth = *
|
|
||||||
+
|
|
||||||
+
|
|
||||||
# This transport invokes procmail to deliver mail
|
|
||||||
procmail:
|
|
||||||
driver = pipe
|
|
||||||
@@ -948,6 +957,21 @@ begin rewrite
|
|
||||||
# AUTHENTICATION CONFIGURATION #
|
|
||||||
######################################################################
|
|
||||||
|
|
||||||
+begin authenticators
|
|
||||||
+
|
|
||||||
+# This authenticator supports CRAM-MD5 username/password authentication
|
|
||||||
+# with Exim acting as a _client_, as it might when sending its outgoing
|
|
||||||
+# mail to a smarthost rather than directly to the final recipient.
|
|
||||||
+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
|
|
||||||
+
|
|
||||||
+#client_auth:
|
|
||||||
+# driver = cram_md5
|
|
||||||
+# public_name = CRAM-MD5
|
|
||||||
+# client_name = SMTPAUTH_USERNAME
|
|
||||||
+# client_secret = SMTPAUTH_PASSWORD
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
# The following authenticators support plaintext username/password
|
|
||||||
# authentication using the standard PLAIN mechanism and the traditional
|
|
||||||
# but non-standard LOGIN mechanism, with Exim acting as the server.
|
|
||||||
@@ -963,7 +987,7 @@ begin rewrite
|
|
||||||
# The default RCPT ACL checks for successful authentication, and will accept
|
|
||||||
# messages from authenticated users from anywhere on the Internet.
|
|
||||||
|
|
||||||
-begin authenticators
|
|
||||||
+#
|
|
||||||
|
|
||||||
# PLAIN authentication has no server prompts. The client sends its
|
|
||||||
# credentials in one lump, containing an authorization ID (which we do not
|
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
|
diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
|
||||||
index 990f884..d1ef114 100644
|
index dfb2fa8..58c30f7 100644
|
||||||
--- a/OS/Makefile-Linux
|
--- a/OS/Makefile-Linux
|
||||||
+++ b/OS/Makefile-Linux
|
+++ b/OS/Makefile-Linux
|
||||||
@@ -24,8 +24,8 @@ LIBRESOLV = -lresolv
|
@@ -27,8 +27,8 @@ LIBRESOLV = -lresolv
|
||||||
|
|
||||||
X11=/usr/X11R6
|
X11=/usr/X11R6
|
||||||
XINCLUDE=-I$(X11)/include
|
XINCLUDE=-I$(X11)/include
|
|
@ -0,0 +1,13 @@
|
||||||
|
diff --git a/src/drtables.c b/src/drtables.c
|
||||||
|
index 513ef6c..3fa5c92 100644
|
||||||
|
--- a/src/drtables.c
|
||||||
|
+++ b/src/drtables.c
|
||||||
|
@@ -736,7 +736,7 @@ else
|
||||||
|
{
|
||||||
|
char * name = ent->d_name;
|
||||||
|
int len = (int)strlen(name);
|
||||||
|
- if (regex_match(regex_islookupmod, US name, len, NUL))
|
||||||
|
+ if (regex_match(regex_islookupmod, US name, len, NULL))
|
||||||
|
{
|
||||||
|
int pathnamelen = len + (int)strlen(LOOKUP_MODULE_DIR) + 2;
|
||||||
|
void *dl;
|
|
@ -0,0 +1,814 @@
|
||||||
|
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
|
||||||
|
index ed77b6a..b9eb64d 100755
|
||||||
|
--- a/scripts/Configure-Makefile
|
||||||
|
+++ b/scripts/Configure-Makefile
|
||||||
|
@@ -317,7 +317,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
||||||
|
|
||||||
|
mv $mft $mftt
|
||||||
|
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
|
||||||
|
- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
|
||||||
|
+ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
|
||||||
|
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
|
||||||
|
echo "" >>$mft
|
||||||
|
cat $mftt >> $mft
|
||||||
|
diff --git a/src/EDITME b/src/EDITME
|
||||||
|
index 53022e5..b7ae2cc 100644
|
||||||
|
--- a/src/EDITME
|
||||||
|
+++ b/src/EDITME
|
||||||
|
@@ -99,7 +99,7 @@
|
||||||
|
# /usr/local/sbin. The installation script will try to create this directory,
|
||||||
|
# and any superior directories, if they do not exist.
|
||||||
|
|
||||||
|
-BIN_DIRECTORY=/usr/exim/bin
|
||||||
|
+BIN_DIRECTORY=/usr/sbin
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -115,7 +115,7 @@ BIN_DIRECTORY=/usr/exim/bin
|
||||||
|
# don't exist. It will also install a default runtime configuration if this
|
||||||
|
# file does not exist.
|
||||||
|
|
||||||
|
-CONFIGURE_FILE=/usr/exim/configure
|
||||||
|
+CONFIGURE_FILE=/etc/exim/exim.conf
|
||||||
|
|
||||||
|
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
|
||||||
|
# In this case, Exim will use the first of them that exists when it is run.
|
||||||
|
@@ -132,7 +132,7 @@ CONFIGURE_FILE=/usr/exim/configure
|
||||||
|
# deliveries. (Local deliveries run as various non-root users, typically as the
|
||||||
|
# owner of a local mailbox.) Specifying these values as root is not supported.
|
||||||
|
|
||||||
|
-EXIM_USER=
|
||||||
|
+EXIM_USER=93
|
||||||
|
|
||||||
|
# If you specify EXIM_USER as a name, this is looked up at build time, and the
|
||||||
|
# uid number is built into the binary. However, you can specify that this
|
||||||
|
@@ -153,7 +153,7 @@ EXIM_USER=
|
||||||
|
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
|
||||||
|
# you want to use a group other than the default group for the given user.
|
||||||
|
|
||||||
|
-# EXIM_GROUP=
|
||||||
|
+EXIM_GROUP=93
|
||||||
|
|
||||||
|
# Many sites define a user called "exim", with an appropriate default group,
|
||||||
|
# and use
|
||||||
|
@@ -210,10 +210,10 @@ SPOOL_DIRECTORY=/var/spool/exim
|
||||||
|
# If you are building with TLS, the library configuration must be done:
|
||||||
|
|
||||||
|
# Uncomment this if you are using OpenSSL
|
||||||
|
-# USE_OPENSSL=yes
|
||||||
|
+USE_OPENSSL=yes
|
||||||
|
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
|
||||||
|
# and an optional location.
|
||||||
|
-# USE_OPENSSL_PC=openssl
|
||||||
|
+USE_OPENSSL_PC=openssl
|
||||||
|
# TLS_LIBS=-lssl -lcrypto
|
||||||
|
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
|
||||||
|
|
||||||
|
@@ -340,7 +340,7 @@ TRANSPORT_SMTP=yes
|
||||||
|
# This one is special-purpose, and commonly not required, so it is not
|
||||||
|
# included by default.
|
||||||
|
|
||||||
|
-# TRANSPORT_LMTP=yes
|
||||||
|
+TRANSPORT_LMTP=yes
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -349,9 +349,9 @@ TRANSPORT_SMTP=yes
|
||||||
|
# MBX, is included only when requested. If you do not know what this is about,
|
||||||
|
# leave these settings commented out.
|
||||||
|
|
||||||
|
-# SUPPORT_MAILDIR=yes
|
||||||
|
-# SUPPORT_MAILSTORE=yes
|
||||||
|
-# SUPPORT_MBX=yes
|
||||||
|
+SUPPORT_MAILDIR=yes
|
||||||
|
+SUPPORT_MAILSTORE=yes
|
||||||
|
+SUPPORT_MBX=yes
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -409,22 +409,27 @@ LOOKUP_DBM=yes
|
||||||
|
LOOKUP_LSEARCH=yes
|
||||||
|
LOOKUP_DNSDB=yes
|
||||||
|
|
||||||
|
-# LOOKUP_CDB=yes
|
||||||
|
-# LOOKUP_DSEARCH=yes
|
||||||
|
+LOOKUP_CDB=yes
|
||||||
|
+LOOKUP_DSEARCH=yes
|
||||||
|
# LOOKUP_IBASE=yes
|
||||||
|
# LOOKUP_JSON=yes
|
||||||
|
-# LOOKUP_LDAP=yes
|
||||||
|
+LOOKUP_LDAP=yes
|
||||||
|
+LDAP_LIB_TYPE=OPENLDAP2
|
||||||
|
+LOOKUP_INCLUDE=-I/usr/include/mysql
|
||||||
|
+LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient
|
||||||
|
# LOOKUP_LMDB=yes
|
||||||
|
|
||||||
|
-# LOOKUP_MYSQL=yes
|
||||||
|
+LOOKUP_MYSQL=2
|
||||||
|
# LOOKUP_MYSQL_PC=mariadb
|
||||||
|
-# LOOKUP_NIS=yes
|
||||||
|
-# LOOKUP_NISPLUS=yes
|
||||||
|
+LOOKUP_NIS=yes
|
||||||
|
+LOOKUP_NISPLUS=yes
|
||||||
|
+
|
||||||
|
# LOOKUP_ORACLE=yes
|
||||||
|
-# LOOKUP_PASSWD=yes
|
||||||
|
-# LOOKUP_PGSQL=yes
|
||||||
|
+LOOKUP_PASSWD=yes
|
||||||
|
+LOOKUP_PGSQL=2
|
||||||
|
+LOOKUP_PGSQL_LIBS=-lpq
|
||||||
|
# LOOKUP_REDIS=yes
|
||||||
|
-# LOOKUP_SQLITE=yes
|
||||||
|
+LOOKUP_SQLITE=yes
|
||||||
|
# LOOKUP_SQLITE_PC=sqlite3
|
||||||
|
# LOOKUP_WHOSON=yes
|
||||||
|
|
||||||
|
@@ -437,7 +442,7 @@ LOOKUP_DNSDB=yes
|
||||||
|
|
||||||
|
|
||||||
|
# Some platforms may need this for LOOKUP_NIS:
|
||||||
|
-# LIBS += -lnsl
|
||||||
|
+LIBS += -lnsl
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
|
||||||
|
@@ -511,7 +516,7 @@ SUPPORT_DANE=yes
|
||||||
|
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
|
||||||
|
# local OS-specific make files.
|
||||||
|
|
||||||
|
-# EXIM_MONITOR=eximon.bin
|
||||||
|
+EXIM_MONITOR=eximon.bin
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -521,7 +526,7 @@ SUPPORT_DANE=yes
|
||||||
|
# and the MIME ACL. Please read the documentation to learn more about these
|
||||||
|
# features.
|
||||||
|
|
||||||
|
-# WITH_CONTENT_SCAN=yes
|
||||||
|
+WITH_CONTENT_SCAN=yes
|
||||||
|
|
||||||
|
# If you have content scanning you may wish to only include some of the scanner
|
||||||
|
# interfaces. Uncomment any of these lines to remove that code.
|
||||||
|
@@ -604,12 +609,12 @@ DISABLE_MAL_MKS=yes
|
||||||
|
# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
|
||||||
|
# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken;
|
||||||
|
# 1.3.2-3 works. I seems that the OpenDMARC project broke their API.
|
||||||
|
-# SUPPORT_DMARC=yes
|
||||||
|
+SUPPORT_DMARC=yes
|
||||||
|
# CFLAGS += -I/usr/local/include
|
||||||
|
-# LDFLAGS += -lopendmarc
|
||||||
|
+LDFLAGS += -lopendmarc
|
||||||
|
# Uncomment the following if you need to change the default. You can
|
||||||
|
# override it at runtime (main config option dmarc_tld_file)
|
||||||
|
-# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
|
||||||
|
+DMARC_TLD_FILE=/usr/share/publicsuffix/public_suffix_list.dat
|
||||||
|
|
||||||
|
# Uncomment the following line to add ARC (Authenticated Received Chain)
|
||||||
|
# support. You must have SPF and DKIM support enabled also.
|
||||||
|
@@ -709,7 +714,7 @@ FIXED_NEVER_USERS=root
|
||||||
|
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
||||||
|
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
||||||
|
|
||||||
|
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
|
||||||
|
+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -754,18 +759,18 @@ FIXED_NEVER_USERS=root
|
||||||
|
# included in the Exim binary. You will then need to set up the run time
|
||||||
|
# configuration to make use of the mechanism(s) selected.
|
||||||
|
|
||||||
|
-# AUTH_CRAM_MD5=yes
|
||||||
|
-# AUTH_CYRUS_SASL=yes
|
||||||
|
-# AUTH_DOVECOT=yes
|
||||||
|
+AUTH_CRAM_MD5=yes
|
||||||
|
+AUTH_CYRUS_SASL=yes
|
||||||
|
+AUTH_DOVECOT=yes
|
||||||
|
# AUTH_EXTERNAL=yes
|
||||||
|
-# AUTH_GSASL=yes
|
||||||
|
-# AUTH_GSASL_PC=libgsasl
|
||||||
|
+AUTH_GSASL=yes
|
||||||
|
+AUTH_GSASL_PC=libgsasl
|
||||||
|
# AUTH_HEIMDAL_GSSAPI=yes
|
||||||
|
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
|
||||||
|
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
|
||||||
|
-# AUTH_PLAINTEXT=yes
|
||||||
|
-# AUTH_SPA=yes
|
||||||
|
-# AUTH_TLS=yes
|
||||||
|
+AUTH_PLAINTEXT=yes
|
||||||
|
+AUTH_SPA=yes
|
||||||
|
+AUTH_TLS=yes
|
||||||
|
|
||||||
|
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
|
||||||
|
# requires multiple pkg-config files to work with Exim, so the second example
|
||||||
|
@@ -792,7 +797,7 @@ FIXED_NEVER_USERS=root
|
||||||
|
# one that is set in the headers_charset option. The default setting is
|
||||||
|
# defined by this setting:
|
||||||
|
|
||||||
|
-HEADERS_CHARSET="ISO-8859-1"
|
||||||
|
+HEADERS_CHARSET="UTF-8"
|
||||||
|
|
||||||
|
# If you are going to make use of $header_xxx expansions in your configuration
|
||||||
|
# file, or if your users are going to use them in filter files, and the normal
|
||||||
|
@@ -812,7 +817,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
|
# the Sieve filter support. For those OS where iconv() is known to be installed
|
||||||
|
# as standard, the file in OS/Makefile-xxxx contains
|
||||||
|
#
|
||||||
|
-# HAVE_ICONV=yes
|
||||||
|
+HAVE_ICONV=yes
|
||||||
|
#
|
||||||
|
# If you are not using one of those systems, but have installed iconv(), you
|
||||||
|
# need to uncomment that line above. In some cases, you may find that iconv()
|
||||||
|
@@ -888,7 +893,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
|
# Once you have done this, "make install" will build the info files and
|
||||||
|
# install them in the directory you have defined.
|
||||||
|
|
||||||
|
-# INFO_DIRECTORY=/usr/share/info
|
||||||
|
+INFO_DIRECTORY=/usr/share/info
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -901,7 +906,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
|
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
||||||
|
# to form the final file names. Some installations may want something like this:
|
||||||
|
|
||||||
|
-# LOG_FILE_PATH=/var/log/exim_%slog
|
||||||
|
+LOG_FILE_PATH=/var/log/exim/%s.log
|
||||||
|
|
||||||
|
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
||||||
|
# in which the log files are placed must exist; Exim does not try to create
|
||||||
|
@@ -973,7 +978,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
||||||
|
# Perl costs quite a lot of resources. Only do this if you really need it.
|
||||||
|
|
||||||
|
-# EXIM_PERL=perl.o
|
||||||
|
+EXIM_PERL=perl.o
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -983,7 +988,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# that the local_scan API is made available by the linker. You may also need
|
||||||
|
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
||||||
|
|
||||||
|
-# EXPAND_DLFUNC=yes
|
||||||
|
+EXPAND_DLFUNC=yes
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -993,7 +998,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# support, which is intended for use in conjunction with the SMTP AUTH
|
||||||
|
# facilities, is included only when requested by the following setting:
|
||||||
|
|
||||||
|
-# SUPPORT_PAM=yes
|
||||||
|
+SUPPORT_PAM=yes
|
||||||
|
|
||||||
|
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
||||||
|
# GNU/Linux -ldl is also needed.
|
||||||
|
@@ -1005,12 +1010,12 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# If you may want to use outbound (client-side) proxying, using Socks5,
|
||||||
|
# uncomment the line below.
|
||||||
|
|
||||||
|
-# SUPPORT_SOCKS=yes
|
||||||
|
+SUPPORT_SOCKS=yes
|
||||||
|
|
||||||
|
# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
|
||||||
|
# uncomment the line below.
|
||||||
|
|
||||||
|
-# SUPPORT_PROXY=yes
|
||||||
|
+SUPPORT_PROXY=yes
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -1034,9 +1039,9 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# installed on your system (www.libspf2.org). Depending on where it is installed
|
||||||
|
# you may have to edit the CFLAGS and LDFLAGS lines.
|
||||||
|
|
||||||
|
-# SUPPORT_SPF=yes
|
||||||
|
+SUPPORT_SPF=yes
|
||||||
|
# CFLAGS += -I/usr/local/include
|
||||||
|
-# LDFLAGS += -lspf2
|
||||||
|
+LDFLAGS += -lspf2
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -1101,7 +1106,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# group. Once you have installed saslauthd, you should arrange for it to be
|
||||||
|
# started by root at boot time.
|
||||||
|
|
||||||
|
-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
|
||||||
|
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -1115,8 +1120,8 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
|
# library for TCP wrappers, so you probably need something like this:
|
||||||
|
#
|
||||||
|
# USE_TCP_WRAPPERS=yes
|
||||||
|
-# CFLAGS=-O -I/usr/local/include
|
||||||
|
-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
|
||||||
|
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE) -std=gnu99
|
||||||
|
+EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
|
||||||
|
#
|
||||||
|
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
||||||
|
# as well.
|
||||||
|
@@ -1168,7 +1173,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
|
# is "yes", as well as supporting line editing, a history of input lines in the
|
||||||
|
# current run is maintained.
|
||||||
|
|
||||||
|
-# USE_READLINE=yes
|
||||||
|
+USE_READLINE=yes
|
||||||
|
|
||||||
|
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
||||||
|
# Note that this option adds to the size of the Exim binary, because the
|
||||||
|
@@ -1185,7 +1190,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# Uncomment this setting to include IPv6 support.
|
||||||
|
|
||||||
|
-# HAVE_IPV6=yes
|
||||||
|
+HAVE_IPV6=yes
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
||||||
|
@@ -1206,13 +1211,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
|
# haven't got Perl, Exim will still build and run; you just won't be able to
|
||||||
|
# use those utilities.
|
||||||
|
|
||||||
|
-# CHOWN_COMMAND=/usr/bin/chown
|
||||||
|
-# CHGRP_COMMAND=/usr/bin/chgrp
|
||||||
|
-# CHMOD_COMMAND=/usr/bin/chmod
|
||||||
|
-# MV_COMMAND=/bin/mv
|
||||||
|
-# RM_COMMAND=/bin/rm
|
||||||
|
-# TOUCH_COMMAND=/usr/bin/touch
|
||||||
|
-# PERL_COMMAND=/usr/bin/perl
|
||||||
|
+CHOWN_COMMAND=/usr/bin/chown
|
||||||
|
+CHGRP_COMMAND=/usr/bin/chgrp
|
||||||
|
+CHMOD_COMMAND=/usr/bin/chmod
|
||||||
|
+MV_COMMAND=/usr/bin/mv
|
||||||
|
+RM_COMMAND=/usr/bin/rm
|
||||||
|
+TOUCH_COMMAND=/usr/bin/touch
|
||||||
|
+PERL_COMMAND=/usr/bin/perl
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
@@ -1414,7 +1419,7 @@ EXIM_TMPDIR="/tmp"
|
||||||
|
# (process id) to a file so that it can easily be identified. The path of the
|
||||||
|
# file can be specified here. Some installations may want something like this:
|
||||||
|
|
||||||
|
-# PID_FILE_PATH=/var/lock/exim.pid
|
||||||
|
+PID_FILE_PATH=/var/run/exim.pid
|
||||||
|
|
||||||
|
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
|
||||||
|
# using the name "exim-daemon.pid".
|
||||||
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
|
index 3761daf..a5d3718 100644
|
||||||
|
--- a/src/configure.default
|
||||||
|
+++ b/src/configure.default
|
||||||
|
@@ -67,7 +67,7 @@
|
||||||
|
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
|
||||||
|
# are all colon-separated lists:
|
||||||
|
|
||||||
|
-domainlist local_domains = @
|
||||||
|
+domainlist local_domains = @ : localhost : localhost.localdomain
|
||||||
|
domainlist relay_to_domains =
|
||||||
|
hostlist relay_from_hosts = localhost
|
||||||
|
# (We rely upon hostname resolution working for localhost, because the default
|
||||||
|
@@ -119,11 +119,13 @@ hostlist relay_from_hosts = localhost
|
||||||
|
# manual for details. The lists above are used in the access control lists for
|
||||||
|
# checking incoming messages. The names of these ACLs are defined here:
|
||||||
|
|
||||||
|
+acl_smtp_mail = acl_check_mail
|
||||||
|
acl_smtp_rcpt = acl_check_rcpt
|
||||||
|
.ifdef _HAVE_PRDR
|
||||||
|
acl_smtp_data_prdr = acl_check_prdr
|
||||||
|
.endif
|
||||||
|
acl_smtp_data = acl_check_data
|
||||||
|
+acl_smtp_mime = acl_check_mime
|
||||||
|
|
||||||
|
# You should not change those settings until you understand how ACLs work.
|
||||||
|
|
||||||
|
@@ -136,7 +138,7 @@ acl_smtp_data = acl_check_data
|
||||||
|
# of what to set for other virus scanners. The second modification is in the
|
||||||
|
# acl_check_data access control list (see below).
|
||||||
|
|
||||||
|
-# av_scanner = clamd:/tmp/clamd
|
||||||
|
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
|
||||||
|
|
||||||
|
|
||||||
|
# For spam scanning, there is a similar option that defines the interface to
|
||||||
|
@@ -147,6 +149,12 @@ acl_smtp_data = acl_check_data
|
||||||
|
# spamd_address = 127.0.0.1 783
|
||||||
|
|
||||||
|
|
||||||
|
+# Set the default sqlite database file for greylisting. Uncomment this
|
||||||
|
+# if you use the greylisting ACLs defined below.
|
||||||
|
+
|
||||||
|
+# sqlite_dbfile = /var/spool/exim/db/greylist.db
|
||||||
|
+
|
||||||
|
+
|
||||||
|
# If Exim is compiled with support for TLS, you may want to change the
|
||||||
|
# following option so that Exim disallows certain clients from makeing encrypted
|
||||||
|
# connections. The default is to allow all.
|
||||||
|
@@ -157,7 +165,7 @@ acl_smtp_data = acl_check_data
|
||||||
|
|
||||||
|
# This is equivalent to the default.
|
||||||
|
|
||||||
|
-# tls_advertise_hosts = *
|
||||||
|
+tls_advertise_hosts = *
|
||||||
|
|
||||||
|
# Specify the location of the Exim server's TLS certificate and private key.
|
||||||
|
# The private key must not be encrypted (password protected). You can put
|
||||||
|
@@ -165,8 +173,8 @@ acl_smtp_data = acl_check_data
|
||||||
|
# need the first setting, or in separate files, in which case you need both
|
||||||
|
# options.
|
||||||
|
|
||||||
|
-# tls_certificate = /etc/ssl/exim.crt
|
||||||
|
-# tls_privatekey = /etc/ssl/exim.pem
|
||||||
|
+tls_certificate = /etc/pki/tls/certs/exim.pem
|
||||||
|
+tls_privatekey = /etc/pki/tls/private/exim.pem
|
||||||
|
|
||||||
|
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
|
||||||
|
.ifdef _HAVE_OPENSSL
|
||||||
|
@@ -189,8 +197,8 @@ tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
|
||||||
|
# them you should also allow TLS-on-connect on the traditional but
|
||||||
|
# non-standard port 465.
|
||||||
|
|
||||||
|
-# daemon_smtp_ports = 25 : 465 : 587
|
||||||
|
-# tls_on_connect_ports = 465
|
||||||
|
+daemon_smtp_ports = 25 : 465 : 587
|
||||||
|
+tls_on_connect_ports = 465
|
||||||
|
|
||||||
|
|
||||||
|
# Specify the domain you want to be added to all unqualified addresses
|
||||||
|
@@ -248,6 +256,24 @@ never_users = root
|
||||||
|
|
||||||
|
host_lookup = *
|
||||||
|
|
||||||
|
+# This setting, if uncommented, allows users to authenticate using
|
||||||
|
+# their system passwords against saslauthd if they connect over a
|
||||||
|
+# secure connection. If you have network logins such as NIS or
|
||||||
|
+# Kerberos rather than only local users, then you possibly also want
|
||||||
|
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
|
||||||
|
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
|
||||||
|
+# allows them to relay through the system.
|
||||||
|
+#
|
||||||
|
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
|
||||||
|
+#
|
||||||
|
+# By default, we set this option to allow SMTP AUTH from nowhere
|
||||||
|
+# (Exim's default would be to allow it from anywhere, even on an
|
||||||
|
+# unencrypted connection).
|
||||||
|
+#
|
||||||
|
+# Comment this one out if you uncomment the above. Did you make sure
|
||||||
|
+# saslauthd is actually running first?
|
||||||
|
+#
|
||||||
|
+auth_advertise_hosts =
|
||||||
|
|
||||||
|
# The setting below causes Exim to try to initialize the system resolver
|
||||||
|
# library with DNSSEC support. It has no effect if your library lacks
|
||||||
|
@@ -378,8 +404,8 @@ timeout_frozen_after = 7d
|
||||||
|
# Note that TZ is handled separately by the timezone runtime option
|
||||||
|
# and TIMEZONE_DEFAULT buildtime option.
|
||||||
|
|
||||||
|
-# keep_environment = ^LDAP
|
||||||
|
-# add_environment = PATH=/usr/bin::/bin
|
||||||
|
+keep_environment = ^LDAP
|
||||||
|
+add_environment = PATH=/usr/bin::/bin
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@@ -390,6 +416,29 @@ timeout_frozen_after = 7d
|
||||||
|
|
||||||
|
begin acl
|
||||||
|
|
||||||
|
+
|
||||||
|
+# This access control list is used for the MAIL command in an incoming
|
||||||
|
+# SMTP message.
|
||||||
|
+
|
||||||
|
+acl_check_mail:
|
||||||
|
+
|
||||||
|
+ # Hosts are required to say HELO (or EHLO) before sending mail.
|
||||||
|
+ # So don't allow them to use the MAIL command if they haven't
|
||||||
|
+ # done so.
|
||||||
|
+
|
||||||
|
+ deny condition = ${if eq{$sender_helo_name}{} {1}}
|
||||||
|
+ message = Nice boys say HELO first
|
||||||
|
+
|
||||||
|
+ # Use the lack of reverse DNS to trigger greylisting. Some people
|
||||||
|
+ # even reject for it but that would be a little excessive.
|
||||||
|
+
|
||||||
|
+ warn condition = ${if eq{$sender_host_name}{} {1}}
|
||||||
|
+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
|
||||||
|
+
|
||||||
|
+ accept
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+
|
||||||
|
# This access control list is used for every RCPT command in an incoming
|
||||||
|
# SMTP message. The tests are run in order until the address is either
|
||||||
|
# accepted or denied.
|
||||||
|
@@ -401,6 +450,7 @@ acl_check_rcpt:
|
||||||
|
|
||||||
|
accept hosts = :
|
||||||
|
control = dkim_disable_verify
|
||||||
|
+ control = dmarc_disable_verify
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
# The following section of the ACL is concerned with local parts that contain
|
||||||
|
@@ -454,7 +504,8 @@ acl_check_rcpt:
|
||||||
|
accept local_parts = postmaster
|
||||||
|
domains = +local_domains
|
||||||
|
|
||||||
|
- # Deny unless the sender address can be verified.
|
||||||
|
+ # Deny unless the sender address can be routed. For proper verification of the
|
||||||
|
+ # address, read the documentation on callouts and add the /callout modifier.
|
||||||
|
|
||||||
|
require verify = sender
|
||||||
|
|
||||||
|
@@ -494,6 +545,7 @@ acl_check_rcpt:
|
||||||
|
accept hosts = +relay_from_hosts
|
||||||
|
control = submission
|
||||||
|
control = dkim_disable_verify
|
||||||
|
+ control = dmarc_disable_verify
|
||||||
|
|
||||||
|
# Accept if the message arrived over an authenticated connection, from
|
||||||
|
# any host. Again, these messages are usually from MUAs, so recipient
|
||||||
|
@@ -503,6 +555,7 @@ acl_check_rcpt:
|
||||||
|
accept authenticated = *
|
||||||
|
control = submission
|
||||||
|
control = dkim_disable_verify
|
||||||
|
+ control = dmarc_disable_verify
|
||||||
|
|
||||||
|
# Insist that any other recipient address that we accept is either in one of
|
||||||
|
# our local domains, or is in a domain for which we explicitly allow
|
||||||
|
@@ -523,7 +576,8 @@ acl_check_rcpt:
|
||||||
|
# There are no default checks on DNS black lists because the domains that
|
||||||
|
# contain these lists are changing all the time. However, here are two
|
||||||
|
# examples of how you can get Exim to perform a DNS black list lookup at this
|
||||||
|
- # point. The first one denies, whereas the second just warns.
|
||||||
|
+ # point. The first one denies, whereas the second just warns. The third
|
||||||
|
+ # triggers greylisting for any host in the blacklist.
|
||||||
|
#
|
||||||
|
# deny dnslists = black.list.example
|
||||||
|
# message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
||||||
|
@@ -531,6 +585,10 @@ acl_check_rcpt:
|
||||||
|
# warn dnslists = black.list.example
|
||||||
|
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
||||||
|
# log_message = found in $dnslist_domain
|
||||||
|
+ #
|
||||||
|
+ # warn dnslists = black.list.example
|
||||||
|
+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
|
||||||
|
+ #
|
||||||
|
#############################################################################
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
@@ -557,6 +615,10 @@ acl_check_rcpt:
|
||||||
|
# set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
|
||||||
|
#############################################################################
|
||||||
|
|
||||||
|
+ # Alternatively, greylist for it:
|
||||||
|
+ # warn !verify = csa
|
||||||
|
+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
|
||||||
|
+
|
||||||
|
# At this point, the address has passed all the checks that have been
|
||||||
|
# configured, so we accept it unconditionally.
|
||||||
|
|
||||||
|
@@ -606,21 +668,32 @@ acl_check_data:
|
||||||
|
message = header syntax
|
||||||
|
log_message = header syntax ($acl_verify_message)
|
||||||
|
|
||||||
|
+ # Put simple tests first. A good one is to check for the presence of a
|
||||||
|
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
|
||||||
|
+ # or misconfigured mailer software occasionally omits this from genuine
|
||||||
|
+ # messages too, though -- although it's not hard for the offender to fix
|
||||||
|
+ # after they receive a bounce because of it.
|
||||||
|
+ #
|
||||||
|
+ # deny condition = ${if !def:h_Message-ID: {1}}
|
||||||
|
+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
||||||
|
+ # Most messages without it are spam, so your mail has been rejected.
|
||||||
|
+ #
|
||||||
|
+ # Alternatively if we're feeling more lenient we could just use it to
|
||||||
|
+ # trigger greylisting instead:
|
||||||
|
+
|
||||||
|
+ warn condition = ${if !def:h_Message-ID: {1}}
|
||||||
|
+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
|
||||||
|
+
|
||||||
|
# Deny if the message contains a virus. Before enabling this check, you
|
||||||
|
# must install a virus scanner and set the av_scanner option above.
|
||||||
|
#
|
||||||
|
# deny malware = *
|
||||||
|
# message = This message contains a virus ($malware_name).
|
||||||
|
|
||||||
|
- # Add headers to a message if it is judged to be spam. Before enabling this,
|
||||||
|
- # you must install SpamAssassin. You may also need to set the spamd_address
|
||||||
|
- # option above.
|
||||||
|
+ # Bypass SpamAssassin checks if the message is too large.
|
||||||
|
#
|
||||||
|
- # warn spam = nobody
|
||||||
|
- # add_header = X-Spam_score: $spam_score\n\
|
||||||
|
- # X-Spam_score_int: $spam_score_int\n\
|
||||||
|
- # X-Spam_bar: $spam_bar\n\
|
||||||
|
- # X-Spam_report: $spam_report
|
||||||
|
+ # accept condition = ${if >={$message_size}{100000} {1}}
|
||||||
|
+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
# No more tests if PRDR was actively used.
|
||||||
|
@@ -634,11 +707,63 @@ acl_check_data:
|
||||||
|
# condition = ...
|
||||||
|
#############################################################################
|
||||||
|
|
||||||
|
+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
|
||||||
|
+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
|
||||||
|
+ # score exceeds the SA system threshold.
|
||||||
|
+ #
|
||||||
|
+ # warn spam = nobody/defer_ok
|
||||||
|
+ # add_header = X-Spam-Flag: YES
|
||||||
|
+ #
|
||||||
|
+ # accept condition = ${if !def:spam_score_int {1}}
|
||||||
|
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
|
||||||
|
+ #
|
||||||
|
+
|
||||||
|
+ # Unconditionally add score and report headers
|
||||||
|
+ #
|
||||||
|
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
|
||||||
|
+ # X-Spam-Report: $spam_report
|
||||||
|
+
|
||||||
|
+ # And reject if the SpamAssassin score is greater than ten
|
||||||
|
+ #
|
||||||
|
+ # deny condition = ${if >{$spam_score_int}{100} {1}}
|
||||||
|
+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
||||||
|
+ # $spam_report
|
||||||
|
+
|
||||||
|
+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
|
||||||
|
+ #
|
||||||
|
+ # warn condition = ${if >{$spam_score_int}{5} {1}}
|
||||||
|
+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
|
||||||
|
+
|
||||||
|
|
||||||
|
- # Accept the message.
|
||||||
|
+ # If you want to greylist _all_ mail rather than only mail which looks like there
|
||||||
|
+ # might be something wrong with it, then you can do this...
|
||||||
|
+ #
|
||||||
|
+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
|
||||||
|
+
|
||||||
|
+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist
|
||||||
|
+ # package which contains this subroutine, and you need to uncomment the bit below
|
||||||
|
+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
|
||||||
|
+ # greylisting will kick in and will defer the mail to check if the sender is a
|
||||||
|
+ # proper mail which which retries, or whether it's a zombie. For more details, see
|
||||||
|
+ # the exim-greylist.conf.inc file itself.
|
||||||
|
+ #
|
||||||
|
+ # require acl = greylist_mail
|
||||||
|
|
||||||
|
accept
|
||||||
|
|
||||||
|
+# To enable the greylisting, also uncomment this line:
|
||||||
|
+# .include /etc/exim/exim-greylist.conf.inc
|
||||||
|
+
|
||||||
|
+acl_check_mime:
|
||||||
|
+
|
||||||
|
+ # File extension filtering.
|
||||||
|
+ deny message = Blacklisted file extension detected
|
||||||
|
+ condition = ${if match \
|
||||||
|
+ {${lc:$mime_filename}} \
|
||||||
|
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
|
||||||
|
+ {1}{0}}
|
||||||
|
+
|
||||||
|
+ accept
|
||||||
|
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
@@ -740,7 +865,7 @@ system_aliases:
|
||||||
|
driver = redirect
|
||||||
|
allow_fail
|
||||||
|
allow_defer
|
||||||
|
- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
|
||||||
|
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
|
||||||
|
# user = exim
|
||||||
|
file_transport = address_file
|
||||||
|
pipe_transport = address_pipe
|
||||||
|
@@ -778,7 +903,7 @@ userforward:
|
||||||
|
# local_part_suffix = +* : -*
|
||||||
|
# local_part_suffix_optional
|
||||||
|
file = $home/.forward
|
||||||
|
-# allow_filter
|
||||||
|
+ allow_filter
|
||||||
|
no_verify
|
||||||
|
no_expn
|
||||||
|
check_ancestor
|
||||||
|
@@ -786,6 +911,12 @@ userforward:
|
||||||
|
pipe_transport = address_pipe
|
||||||
|
reply_transport = address_reply
|
||||||
|
|
||||||
|
+procmail:
|
||||||
|
+ driver = accept
|
||||||
|
+ check_local_user
|
||||||
|
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
|
||||||
|
+ transport = procmail
|
||||||
|
+ no_verify
|
||||||
|
|
||||||
|
# This router matches local user mailboxes. If the router fails, the error
|
||||||
|
# message is "Unknown user".
|
||||||
|
@@ -826,6 +957,25 @@ remote_smtp:
|
||||||
|
tls_resumption_hosts = *
|
||||||
|
.endif
|
||||||
|
|
||||||
|
+# This transport is used for delivering messages over SMTP using the
|
||||||
|
+# "message submission" port (RFC4409).
|
||||||
|
+
|
||||||
|
+remote_msa:
|
||||||
|
+ driver = smtp
|
||||||
|
+ port = 587
|
||||||
|
+ hosts_require_auth = *
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+# This transport invokes procmail to deliver mail
|
||||||
|
+procmail:
|
||||||
|
+ driver = pipe
|
||||||
|
+ command = "/usr/bin/procmail -d $local_part"
|
||||||
|
+ return_path_add
|
||||||
|
+ delivery_date_add
|
||||||
|
+ envelope_to_add
|
||||||
|
+ user = $local_part
|
||||||
|
+ initgroups
|
||||||
|
+ return_output
|
||||||
|
|
||||||
|
# This transport is used for delivering messages to a smarthost, if the
|
||||||
|
# smarthost router is enabled. This starts from the same basis as
|
||||||
|
@@ -880,8 +1030,8 @@ local_delivery:
|
||||||
|
delivery_date_add
|
||||||
|
envelope_to_add
|
||||||
|
return_path_add
|
||||||
|
-# group = mail
|
||||||
|
-# mode = 0660
|
||||||
|
+ group = mail
|
||||||
|
+ mode = 0660
|
||||||
|
|
||||||
|
|
||||||
|
# This transport is used for handling pipe deliveries generated by alias or
|
||||||
|
@@ -914,6 +1064,16 @@ address_reply:
|
||||||
|
driver = autoreply
|
||||||
|
|
||||||
|
|
||||||
|
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
|
||||||
|
+# socket. You'll need to configure the 'localuser' router above to use it.
|
||||||
|
+#
|
||||||
|
+#lmtp_delivery:
|
||||||
|
+# home_directory = /var/spool/imap
|
||||||
|
+# driver = lmtp
|
||||||
|
+# command = "/usr/lib/cyrus-imapd/deliver -l"
|
||||||
|
+# batch_max = 20
|
||||||
|
+# user = cyrus
|
||||||
|
+
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
# RETRY CONFIGURATION #
|
||||||
|
@@ -954,6 +1114,21 @@ begin rewrite
|
||||||
|
# AUTHENTICATION CONFIGURATION #
|
||||||
|
######################################################################
|
||||||
|
|
||||||
|
+begin authenticators
|
||||||
|
+
|
||||||
|
+# This authenticator supports CRAM-MD5 username/password authentication
|
||||||
|
+# with Exim acting as a _client_, as it might when sending its outgoing
|
||||||
|
+# mail to a smarthost rather than directly to the final recipient.
|
||||||
|
+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
|
||||||
|
+
|
||||||
|
+#client_auth:
|
||||||
|
+# driver = cram_md5
|
||||||
|
+# public_name = CRAM-MD5
|
||||||
|
+# client_name = SMTPAUTH_USERNAME
|
||||||
|
+# client_secret = SMTPAUTH_PASSWORD
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+
|
||||||
|
# The following authenticators support plaintext username/password
|
||||||
|
# authentication using the standard PLAIN mechanism and the traditional
|
||||||
|
# but non-standard LOGIN mechanism, with Exim acting as the server.
|
||||||
|
@@ -969,7 +1144,7 @@ begin rewrite
|
||||||
|
# The default RCPT ACL checks for successful authentication, and will accept
|
||||||
|
# messages from authenticated users from anywhere on the Internet.
|
||||||
|
|
||||||
|
-begin authenticators
|
||||||
|
+#
|
||||||
|
|
||||||
|
# PLAIN authentication has no server prompts. The client sends its
|
||||||
|
# credentials in one lump, containing an authorization ID (which we do not
|
||||||
|
@@ -983,7 +1158,7 @@ begin authenticators
|
||||||
|
# driver = plaintext
|
||||||
|
# server_set_id = $auth2
|
||||||
|
# server_prompts = :
|
||||||
|
-# server_condition = Authentication is not yet configured
|
||||||
|
+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
|
||||||
|
# server_advertise_condition = ${if def:tls_in_cipher }
|
||||||
|
|
||||||
|
# LOGIN authentication has traditional prompts and responses. There is no
|
||||||
|
@@ -995,7 +1170,7 @@ begin authenticators
|
||||||
|
# driver = plaintext
|
||||||
|
# server_set_id = $auth1
|
||||||
|
# server_prompts = <| Username: | Password:
|
||||||
|
-# server_condition = Authentication is not yet configured
|
||||||
|
+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
|
||||||
|
# server_advertise_condition = ${if def:tls_in_cipher }
|
||||||
|
|
||||||
|
|
|
@ -1,17 +1,19 @@
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
diff --git a/src/EDITME b/src/EDITME
|
||||||
index 5a08197..3921db6 100644
|
index cf0b33e..7d4cbf3 100644
|
||||||
--- a/src/EDITME
|
--- a/src/EDITME
|
||||||
+++ b/src/EDITME
|
+++ b/src/EDITME
|
||||||
@@ -792,6 +792,20 @@ TLS_LIBS=-lssl -lcrypto
|
@@ -878,6 +878,21 @@ HAVE_ICONV=yes
|
||||||
|
# *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
+#------------------------------------------------------------------------------
|
||||||
+# On systems which support dynamic loading of shared libraries, Exim can
|
+# On systems which support dynamic loading of shared libraries, Exim can
|
||||||
+# load a local_scan function specified in its config file instead of having
|
+# load a local_scan function specified in its config file instead of having
|
||||||
+# to be recompiled with the desired local_scan function. For a full
|
+# to be recompiled with the desired local_scan function. For a full
|
||||||
+# description of the API to this function, see the Exim specification.
|
+# description of the API to this function, see the Exim specification.
|
||||||
+
|
+
|
||||||
+DLOPEN_LOCAL_SCAN=yes
|
+DLOPEN_LOCAL_SCAN=yes
|
||||||
|
+HAVE_LOCAL_SCAN=yes
|
||||||
+
|
+
|
||||||
+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
|
+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
|
||||||
+# linker flags. Without it, the loaded .so won't be able to access any
|
+# linker flags. Without it, the loaded .so won't be able to access any
|
||||||
|
@ -19,17 +21,16 @@ index 5a08197..3921db6 100644
|
||||||
+
|
+
|
||||||
+LFLAGS=-rdynamic -ldl -pie
|
+LFLAGS=-rdynamic -ldl -pie
|
||||||
+
|
+
|
||||||
+#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
# The default distribution of Exim contains only the plain text form of the
|
# The default distribution of Exim contains only the plain text form of the
|
||||||
# documentation. Other forms are available separately. If you want to install
|
# documentation. Other forms are available separately. If you want to install
|
||||||
# the documentation in "info" format, first fetch the Texinfo documentation
|
|
||||||
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
||||||
index bafdc1b..c6ba256 100644
|
index 25ab755..e27a51d 100644
|
||||||
--- a/src/config.h.defaults
|
--- a/src/config.h.defaults
|
||||||
+++ b/src/config.h.defaults
|
+++ b/src/config.h.defaults
|
||||||
@@ -28,6 +28,8 @@ it's a default value. */
|
@@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'.
|
||||||
|
|
||||||
#define AUTH_VARS 3
|
#define AUTH_VARS 4
|
||||||
|
|
||||||
+#define DLOPEN_LOCAL_SCAN
|
+#define DLOPEN_LOCAL_SCAN
|
||||||
+
|
+
|
||||||
|
@ -37,10 +38,10 @@ index bafdc1b..c6ba256 100644
|
||||||
|
|
||||||
#define CONFIGURE_FILE
|
#define CONFIGURE_FILE
|
||||||
diff --git a/src/globals.c b/src/globals.c
|
diff --git a/src/globals.c b/src/globals.c
|
||||||
index f83d850..c722059 100644
|
index ff246fe..b9dfbbb 100644
|
||||||
--- a/src/globals.c
|
--- a/src/globals.c
|
||||||
+++ b/src/globals.c
|
+++ b/src/globals.c
|
||||||
@@ -167,6 +167,10 @@ uschar *tls_verify_hosts = NULL;
|
@@ -151,6 +151,10 @@ time_t tls_watch_trigger_time = (time_t)0;
|
||||||
uschar *tls_advertise_hosts = NULL;
|
uschar *tls_advertise_hosts = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -52,12 +53,12 @@ index f83d850..c722059 100644
|
||||||
/* Per Recipient Data Response variables */
|
/* Per Recipient Data Response variables */
|
||||||
BOOL prdr_enable = FALSE;
|
BOOL prdr_enable = FALSE;
|
||||||
diff --git a/src/globals.h b/src/globals.h
|
diff --git a/src/globals.h b/src/globals.h
|
||||||
index b3747a8..e3dd507 100644
|
index fe099e4..7530a76 100644
|
||||||
--- a/src/globals.h
|
--- a/src/globals.h
|
||||||
+++ b/src/globals.h
|
+++ b/src/globals.h
|
||||||
@@ -126,6 +126,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */
|
@@ -148,6 +148,11 @@ extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
||||||
extern uschar *tls_verify_certificates;/* Path for certificates to check */
|
extern int tls_watch_fd; /* for inotify of creds files */
|
||||||
extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
extern time_t tls_watch_trigger_time; /* non-0: triggered */
|
||||||
#endif
|
#endif
|
||||||
+
|
+
|
||||||
+#ifdef DLOPEN_LOCAL_SCAN
|
+#ifdef DLOPEN_LOCAL_SCAN
|
||||||
|
@ -68,21 +69,25 @@ index b3747a8..e3dd507 100644
|
||||||
|
|
||||||
extern uschar *dsn_envid; /* DSN envid string */
|
extern uschar *dsn_envid; /* DSN envid string */
|
||||||
diff --git a/src/local_scan.c b/src/local_scan.c
|
diff --git a/src/local_scan.c b/src/local_scan.c
|
||||||
index 3500047..8599172 100644
|
index 7a3bae7..6ea5d2d 100644
|
||||||
--- a/src/local_scan.c
|
--- a/src/local_scan.c
|
||||||
+++ b/src/local_scan.c
|
+++ b/src/local_scan.c
|
||||||
@@ -5,60 +5,131 @@
|
@@ -6,59 +6,133 @@
|
||||||
/* Copyright (c) University of Cambridge 1995 - 2009 */
|
/* Copyright (c) The Exim Maintainers 2021 */
|
||||||
/* See the file NOTICE for conditions of use and distribution. */
|
/* See the file NOTICE for conditions of use and distribution. */
|
||||||
|
|
||||||
+#include "exim.h"
|
+#include <local_scan.h>
|
||||||
|
|
||||||
-/******************************************************************************
|
-/******************************************************************************
|
||||||
-This file contains a template local_scan() function that just returns ACCEPT.
|
-This file contains a template local_scan() function that just returns ACCEPT.
|
||||||
-If you want to implement your own version, you should copy this file to, say
|
-If you want to implement your own version, you should copy this file to, say
|
||||||
-Local/local_scan.c, and edit the copy. To use your version instead of the
|
-Local/local_scan.c, and edit the copy. To use your version instead of the
|
||||||
-default, you must set
|
-default, you must set
|
||||||
-
|
+#ifdef DLOPEN_LOCAL_SCAN
|
||||||
|
+extern uschar *local_scan_path; /* Path to local_scan() library */
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
-HAVE_LOCAL_SCAN=yes
|
||||||
-LOCAL_SCAN_SOURCE=Local/local_scan.c
|
-LOCAL_SCAN_SOURCE=Local/local_scan.c
|
||||||
-
|
-
|
||||||
-in your Local/Makefile. This makes it easy to copy your version for use with
|
-in your Local/Makefile. This makes it easy to copy your version for use with
|
||||||
|
@ -132,8 +137,6 @@ index 3500047..8599172 100644
|
||||||
int
|
int
|
||||||
local_scan(int fd, uschar **return_text)
|
local_scan(int fd, uschar **return_text)
|
||||||
{
|
{
|
||||||
fd = fd; /* Keep picky compilers happy */
|
|
||||||
return_text = return_text;
|
|
||||||
-return LOCAL_SCAN_ACCEPT;
|
-return LOCAL_SCAN_ACCEPT;
|
||||||
+#ifdef DLOPEN_LOCAL_SCAN
|
+#ifdef DLOPEN_LOCAL_SCAN
|
||||||
+/* local_scan_path is defined AND not the empty string */
|
+/* local_scan_path is defined AND not the empty string */
|
||||||
|
@ -165,8 +168,8 @@ index 3500047..8599172 100644
|
||||||
+else
|
+else
|
||||||
+#endif
|
+#endif
|
||||||
+ return LOCAL_SCAN_ACCEPT;
|
+ return LOCAL_SCAN_ACCEPT;
|
||||||
}
|
+ }
|
||||||
|
+
|
||||||
+#ifdef DLOPEN_LOCAL_SCAN
|
+#ifdef DLOPEN_LOCAL_SCAN
|
||||||
+
|
+
|
||||||
+static int load_local_scan_library(void)
|
+static int load_local_scan_library(void)
|
||||||
|
@ -245,22 +248,22 @@ index 3500047..8599172 100644
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+return TRUE;
|
+return TRUE;
|
||||||
+}
|
}
|
||||||
+
|
|
||||||
+#endif /* DLOPEN_LOCAL_SCAN */
|
+#endif /* DLOPEN_LOCAL_SCAN */
|
||||||
+
|
+
|
||||||
/* End of local_scan.c */
|
/* End of local_scan.c */
|
||||||
diff --git a/src/readconf.c b/src/readconf.c
|
diff --git a/src/readconf.c b/src/readconf.c
|
||||||
index b2a3c73..6f2efa0 100644
|
index 06bc50f..6ecb0af 100644
|
||||||
--- a/src/readconf.c
|
--- a/src/readconf.c
|
||||||
+++ b/src/readconf.c
|
+++ b/src/readconf.c
|
||||||
@@ -314,6 +314,9 @@ static optionlist optionlist_config[] = {
|
@@ -212,6 +212,9 @@ static optionlist optionlist_config[] = {
|
||||||
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
|
{ "local_from_prefix", opt_stringptr, {&local_from_prefix} },
|
||||||
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
|
{ "local_from_suffix", opt_stringptr, {&local_from_suffix} },
|
||||||
{ "local_interfaces", opt_stringptr, &local_interfaces },
|
{ "local_interfaces", opt_stringptr, {&local_interfaces} },
|
||||||
+#ifdef DLOPEN_LOCAL_SCAN
|
+#ifdef DLOPEN_LOCAL_SCAN
|
||||||
+ { "local_scan_path", opt_stringptr, &local_scan_path },
|
+ { "local_scan_path", opt_stringptr, &local_scan_path },
|
||||||
+#endif
|
+#endif
|
||||||
{ "local_scan_timeout", opt_time, &local_scan_timeout },
|
#ifdef HAVE_LOCAL_SCAN
|
||||||
{ "local_sender_retain", opt_bool, &local_sender_retain },
|
{ "local_scan_timeout", opt_time, {&local_scan_timeout} },
|
||||||
{ "localhost_number", opt_stringptr, &host_number_string },
|
#endif
|
|
@ -0,0 +1,13 @@
|
||||||
|
diff --git a/src/dmarc.c b/src/dmarc.c
|
||||||
|
index 17bba9d..a218380 100644
|
||||||
|
--- a/src/dmarc.c
|
||||||
|
+++ b/src/dmarc.c
|
||||||
|
@@ -459,7 +459,7 @@ if (!dmarc_abort && !sender_host_authenticated)
|
||||||
|
vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
|
||||||
|
DMARC_POLICY_DKIM_OUTCOME_NONE;
|
||||||
|
libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain,
|
||||||
|
- dkim_result, US"");
|
||||||
|
+ sig->selector, dkim_result, US"");
|
||||||
|
DEBUG(D_receive)
|
||||||
|
debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
|
||||||
|
if (libdm_status != DMARC_PARSE_OKAY)
|
|
@ -1,13 +1,13 @@
|
||||||
diff --git a/src/lookups/Makefile b/src/lookups/Makefile
|
diff --git a/src/lookups/Makefile b/src/lookups/Makefile
|
||||||
index 6ba0cb1..21a7ad7 100644
|
index 19585bf..a0d355f 100644
|
||||||
--- a/src/lookups/Makefile
|
--- a/src/lookups/Makefile
|
||||||
+++ b/src/lookups/Makefile
|
+++ b/src/lookups/Makefile
|
||||||
@@ -22,7 +22,7 @@ lookups.a: $(OBJ)
|
@@ -24,7 +24,7 @@ lookups.a: $(OBJ)
|
||||||
$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) $*.c
|
$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) $*.c
|
||||||
|
|
||||||
.c.so:; @echo "$(CC) -shared $*.c"
|
.c.so:; @echo "$(CC) -shared $*.c"
|
||||||
- $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@
|
- $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@
|
||||||
+ $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@
|
+ $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@
|
||||||
|
|
||||||
lf_check_file.o: $(PHDRS) lf_check_file.c lf_functions.h
|
lf_check_file.o: $(HDRS) lf_check_file.c lf_functions.h
|
||||||
lf_quote.o: $(PHDRS) lf_quote.c lf_functions.h
|
lf_quote.o: $(HDRS) lf_quote.c lf_functions.h
|
|
@ -1,11 +1,44 @@
|
||||||
# $Id: acl-greylist-sqlite,v 1.3 2007/11/25 19:17:28 dwmw2 Exp $
|
#
|
||||||
|
# Exim ACL for greylisting. David Woodhouse <dwmw2@infradead.org>
|
||||||
|
#
|
||||||
|
# For full background on the logic behind greylisting and how this
|
||||||
|
# ACL works, see https://github.com/Exim/exim/wiki/SimpleGreylisting
|
||||||
|
#
|
||||||
|
|
||||||
GREYDB=/var/spool/exim/db/greylist.db
|
# UPDATING TO EXIM 4.94+
|
||||||
|
# ======================
|
||||||
|
#
|
||||||
|
# Previous versions of this ACL specified the sqlite database filename
|
||||||
|
# in the sqlite lookup strings directly, but since Exim 4.94 is it no
|
||||||
|
# longer permitted to mix "tainted" text which comes from the message
|
||||||
|
# itself, with the filename. Thus, you now have to set
|
||||||
|
#
|
||||||
|
# sqlite_dbfile = /var/spool/exim/db/greylist.db
|
||||||
|
#
|
||||||
|
# ... in the main configuration because it can't be specified within
|
||||||
|
# the ACL in this file any more.
|
||||||
|
|
||||||
# ACL for greylisting. Place reason(s) for greylisting into a variable named
|
# USING THIS ACL
|
||||||
# $acl_m_greylistreasons before invoking with 'require acl = greylist_mail'.
|
# ==============
|
||||||
# The reasons should be separate lines of text, and will be reported in
|
#
|
||||||
# the SMTP rejection message as well as the log message.
|
# First set sqlite_dbfile in the main configuration file to point to
|
||||||
|
# the greylist sqlite database, as described above.
|
||||||
|
#
|
||||||
|
# In your main ACLs, gather reason(s) for greylisting into a variable
|
||||||
|
# named $acl_m_greylistreasons before invoking this ACL with
|
||||||
|
# 'require acl = greylist_mail'. The reasons should be separate lines
|
||||||
|
# of text, and will be reported in the SMTP rejection message as well
|
||||||
|
# as the log message. Anything "suspicious" about the email can be
|
||||||
|
# used as criteria here — being HTML, having even a few SpamAssassin
|
||||||
|
# points, even lacking SPF authorisation (which is OK for greylisting
|
||||||
|
# although you should never reject outright for an SPF "failure"
|
||||||
|
# because of the flaws in SPF).
|
||||||
|
#
|
||||||
|
# Obviously you need to .include this file too in order to be able
|
||||||
|
# to invoke this greylist_mail ACL.
|
||||||
|
|
||||||
|
# HOW IT WORKS
|
||||||
|
# ============
|
||||||
#
|
#
|
||||||
# When a suspicious mail is seen, we temporarily reject it and wait to see
|
# When a suspicious mail is seen, we temporarily reject it and wait to see
|
||||||
# if the sender tries again. Most spam robots won't bother. Real mail hosts
|
# if the sender tries again. Most spam robots won't bother. Real mail hosts
|
||||||
|
@ -44,15 +77,13 @@ GREYDB=/var/spool/exim/db/greylist.db
|
||||||
#
|
#
|
||||||
|
|
||||||
greylist_mail:
|
greylist_mail:
|
||||||
# First, accept if it there's absolutely nothing suspicious about it...
|
# Firstly, accept if it was generated locally or by authenticated clients.
|
||||||
accept condition = ${if eq{$acl_m_greylistreasons}{} {1}}
|
|
||||||
# ... or if it was generated locally or by authenticated clients.
|
|
||||||
accept hosts = :
|
accept hosts = :
|
||||||
accept authenticated = *
|
accept authenticated = *
|
||||||
|
|
||||||
# Secondly, there's _absolutely_ no point in greylisting mail from
|
# Secondly, there's _absolutely_ no point in greylisting mail from
|
||||||
# hosts which are known to resend their mail. Just accept it.
|
# hosts which are known to resend their mail. Just accept it.
|
||||||
accept condition = ${lookup sqlite {GREYDB SELECT host from resenders \
|
accept condition = ${lookup sqlite {SELECT host from resenders \
|
||||||
WHERE helo='${quote_sqlite:$sender_helo_name}' \
|
WHERE helo='${quote_sqlite:$sender_helo_name}' \
|
||||||
AND host='$sender_host_address';} {1}}
|
AND host='$sender_host_address';} {1}}
|
||||||
|
|
||||||
|
@ -62,15 +93,28 @@ greylist_mail:
|
||||||
# Attempt to look up this mail in the greylist database. If it's there,
|
# Attempt to look up this mail in the greylist database. If it's there,
|
||||||
# remember the expiry time for it; we need to make sure they've waited
|
# remember the expiry time for it; we need to make sure they've waited
|
||||||
# long enough.
|
# long enough.
|
||||||
warn set acl_m_greyexpiry = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
|
warn set acl_m_greyexpiry = ${lookup sqlite {SELECT expire FROM greylist \
|
||||||
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
|
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
|
||||||
|
|
||||||
|
|
||||||
|
# If there's absolutely nothing suspicious about the email, accept it. BUT...
|
||||||
|
accept condition = ${if eq {$acl_m_greylistreasons}{} {1}}
|
||||||
|
condition = ${if eq {$acl_m_greyexpiry}{} {1}}
|
||||||
|
|
||||||
|
# ..if this same mail was greylisted before (perhaps because it came from a
|
||||||
|
# host which *was* suspicious), then we still want to mark that original host
|
||||||
|
# as a "known resender". If we don't, then hosts which attempt to deliver from
|
||||||
|
# a dodgy Legacy IP address but then fall back to using IPv6 after greylisting
|
||||||
|
# will *never* see their Legacy IP address added to the 'known resenders' list.
|
||||||
|
accept condition = ${if eq {$acl_m_greylistreasons}{} {1}}
|
||||||
|
acl = write_known_resenders
|
||||||
|
|
||||||
# If the mail isn't already the database -- i.e. if the $acl_m_greyexpiry
|
# If the mail isn't already the database -- i.e. if the $acl_m_greyexpiry
|
||||||
# variable we just looked up is empty -- then try to add it now. This is
|
# variable we just looked up is empty -- then try to add it now. This is
|
||||||
# where the 5 minute timeout is set ($tod_epoch + 300), should you wish
|
# where the 5 minute timeout is set ($tod_epoch + 300), should you wish
|
||||||
# to change it.
|
# to change it.
|
||||||
warn condition = ${if eq {$acl_m_greyexpiry}{} {1}}
|
warn condition = ${if eq {$acl_m_greyexpiry}{} {1}}
|
||||||
set acl_m_dontcare = ${lookup sqlite {GREYDB INSERT INTO greylist \
|
set acl_m_dontcare = ${lookup sqlite {INSERT INTO greylist \
|
||||||
VALUES ( '$acl_m_greyident', \
|
VALUES ( '$acl_m_greyident', \
|
||||||
'${eval10:$tod_epoch+300}', \
|
'${eval10:$tod_epoch+300}', \
|
||||||
'$sender_host_address', \
|
'$sender_host_address', \
|
||||||
|
@ -79,7 +123,7 @@ greylist_mail:
|
||||||
# Be paranoid, and check if the insertion succeeded (by doing another lookup).
|
# Be paranoid, and check if the insertion succeeded (by doing another lookup).
|
||||||
# Otherwise, if there's a database error we might end up deferring for ever.
|
# Otherwise, if there's a database error we might end up deferring for ever.
|
||||||
defer condition = ${if eq {$acl_m_greyexpiry}{} {1}}
|
defer condition = ${if eq {$acl_m_greyexpiry}{} {1}}
|
||||||
condition = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
|
condition = ${lookup sqlite {SELECT expire FROM greylist \
|
||||||
WHERE id='${quote_sqlite:$acl_m_greyident}';} {1}}
|
WHERE id='${quote_sqlite:$acl_m_greyident}';} {1}}
|
||||||
message = Your mail was considered suspicious for the following reason(s):\n$acl_m_greylistreasons \
|
message = Your mail was considered suspicious for the following reason(s):\n$acl_m_greylistreasons \
|
||||||
The mail has been greylisted for 5 minutes, after which it should be accepted. \
|
The mail has been greylisted for 5 minutes, after which it should be accepted. \
|
||||||
|
@ -105,13 +149,16 @@ greylist_mail:
|
||||||
You should wait another ${eval10:$acl_m_greyexpiry-$tod_epoch} seconds.\n\
|
You should wait another ${eval10:$acl_m_greyexpiry-$tod_epoch} seconds.\n\
|
||||||
Reason(s) for greylisting: \n$acl_m_greylistreasons
|
Reason(s) for greylisting: \n$acl_m_greylistreasons
|
||||||
|
|
||||||
|
accept acl = write_known_resenders
|
||||||
|
|
||||||
|
write_known_resenders:
|
||||||
# The message was listed but it's been more than five minutes. Accept it now and whitelist
|
# The message was listed but it's been more than five minutes. Accept it now and whitelist
|
||||||
# the _original_ sending host by its { IP, HELO } so that we don't delay its mail again.
|
# the _original_ sending host by its { IP, HELO } so that we don't delay its mail again.
|
||||||
warn set acl_m_orighost = ${lookup sqlite {GREYDB SELECT host FROM greylist \
|
warn set acl_m_orighost = ${lookup sqlite {SELECT host FROM greylist \
|
||||||
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
|
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
|
||||||
set acl_m_orighelo = ${lookup sqlite {GREYDB SELECT helo FROM greylist \
|
set acl_m_orighelo = ${lookup sqlite {SELECT helo FROM greylist \
|
||||||
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
|
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
|
||||||
set acl_m_dontcare = ${lookup sqlite {GREYDB INSERT INTO resenders \
|
set acl_m_dontcare = ${lookup sqlite {INSERT INTO resenders \
|
||||||
VALUES ( '$acl_m_orighost', \
|
VALUES ( '$acl_m_orighost', \
|
||||||
'${quote_sqlite:$acl_m_orighelo}', \
|
'${quote_sqlite:$acl_m_orighelo}', \
|
||||||
'$tod_epoch' ); }}
|
'$tod_epoch' ); }}
|
||||||
|
|
342
exim.spec
342
exim.spec
|
@ -1,3 +1,7 @@
|
||||||
|
# SA-Exim has long since been obsoleted by the proper built-in ACL support
|
||||||
|
# from exiscan. Disable it by default
|
||||||
|
%bcond_with sa
|
||||||
|
|
||||||
# By default build clamav subpackage on Fedora,
|
# By default build clamav subpackage on Fedora,
|
||||||
# do not build on RHEL
|
# do not build on RHEL
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
|
@ -8,15 +12,12 @@
|
||||||
|
|
||||||
%global sysv2systemdnvr 4.76-6
|
%global sysv2systemdnvr 4.76-6
|
||||||
|
|
||||||
# hardened build if not overridden
|
|
||||||
%{!?_hardened_build:%global _hardened_build 1}
|
|
||||||
|
|
||||||
Summary: The exim mail transfer agent
|
Summary: The exim mail transfer agent
|
||||||
Name: exim
|
Name: exim
|
||||||
Version: 4.88
|
Version: 4.96
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Url: http://www.exim.org/
|
Url: https://www.exim.org/
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
Provides: MTA smtpd smtpdaemon server(smtp)
|
Provides: MTA smtpd smtpdaemon server(smtp)
|
||||||
|
@ -25,58 +26,54 @@ Requires(preun): %{_sbindir}/alternatives systemd
|
||||||
Requires(postun): %{_sbindir}/alternatives systemd
|
Requires(postun): %{_sbindir}/alternatives systemd
|
||||||
Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
|
Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
|
||||||
%if %{with clamav}
|
%if %{with clamav}
|
||||||
%if 0%{?fedora} < 23
|
|
||||||
Requires: initscripts
|
Requires: initscripts
|
||||||
%endif
|
|
||||||
BuildRequires: clamav-devel
|
BuildRequires: clamav-devel
|
||||||
%endif
|
%endif
|
||||||
Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
|
Source: https://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz
|
||||||
Source2: exim.init
|
Source2: exim.init
|
||||||
Source3: exim.sysconfig
|
Source3: exim.sysconfig
|
||||||
Source4: exim.logrotate
|
Source4: exim.logrotate
|
||||||
Source5: exim-tidydb.sh
|
Source5: exim-tidydb.sh
|
||||||
Source11: exim.pam
|
Source11: exim.pam
|
||||||
|
%if %{with clamav}
|
||||||
Source12: exim-clamav-tmpfiles.conf
|
Source12: exim-clamav-tmpfiles.conf
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with sa}
|
||||||
|
Source13: http://marc.merlins.org/linux/exim/files/sa-exim-4.2.tar.gz
|
||||||
|
%endif
|
||||||
Source20: exim-greylist.conf.inc
|
Source20: exim-greylist.conf.inc
|
||||||
Source21: mk-greylist-db.sql
|
Source21: mk-greylist-db.sql
|
||||||
Source22: greylist-tidy.sh
|
Source22: greylist-tidy.sh
|
||||||
Source23: trusted-configs
|
Source23: trusted-configs
|
||||||
Source24: exim.service
|
Source24: exim.service
|
||||||
Source25: exim-gen-cert
|
Source25: exim-gen-cert
|
||||||
|
%if %{with clamav}
|
||||||
Source26: clamd.exim.service
|
Source26: clamd.exim.service
|
||||||
|
%endif
|
||||||
|
|
||||||
Patch4: exim-4.88-rhl.patch
|
Patch0: exim-4.96-config.patch
|
||||||
Patch6: exim-4.88-config.patch
|
Patch1: exim-4.94-libdir.patch
|
||||||
Patch8: exim-4.82-libdir.patch
|
Patch2: exim-4.96-dlopen-localscan.patch
|
||||||
Patch12: exim-4.88-cyrus.patch
|
Patch3: exim-4.96-pic.patch
|
||||||
Patch13: exim-4.88-pamconfig.patch
|
# https://bugs.exim.org/show_bug.cgi?id=2728
|
||||||
Patch14: exim-4.87-spamdconf.patch
|
Patch4: exim-4.96-opendmarc-1.4-build-fix.patch
|
||||||
Patch18: exim-4.88-dlopen-localscan.patch
|
# https://bugs.exim.org/show_bug.cgi?id=2899
|
||||||
Patch19: exim-4.88-procmail.patch
|
Patch5: exim-4.96-build-fix.patch
|
||||||
Patch20: exim-4.88-allow-filter.patch
|
|
||||||
Patch21: exim-4.87-localhost-is-local.patch
|
|
||||||
Patch22: exim-4.88-greylist-conf.patch
|
|
||||||
Patch23: exim-4.88-smarthost-config.patch
|
|
||||||
Patch25: exim-4.87-dynlookup-config.patch
|
|
||||||
# Upstream ticket: http://bugs.exim.org/show_bug.cgi?id=1584
|
|
||||||
Patch26: exim-4.85-pic.patch
|
|
||||||
Patch27: exim-4.87-environment.patch
|
|
||||||
# Upstream ticket: https://bugs.exim.org/show_bug.cgi?id=2016
|
|
||||||
# Upsream patch: https://git.exim.org/exim.git/patch/bd8fbe3606d80e5a3fc02fe71b521146c6938448
|
|
||||||
Patch28: exim-4.88-DKIM-fix.patch
|
|
||||||
|
|
||||||
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
||||||
Requires: /etc/aliases
|
Requires: /etc/aliases
|
||||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||||
BuildRequires: libdb-devel openssl-devel openldap-devel pam-devel
|
BuildRequires: libdb-devel openssl-devel openldap-devel pam-devel
|
||||||
BuildRequires: pcre-devel sqlite-devel tcp_wrappers-devel cyrus-sasl-devel
|
%if %{with sa}
|
||||||
|
BuildRequires: lynx
|
||||||
|
%endif
|
||||||
|
BuildRequires: pcre2-devel sqlite-devel tcp_wrappers-devel cyrus-sasl-devel
|
||||||
|
BuildRequires: libspf2-devel libopendmarc-devel
|
||||||
BuildRequires: openldap-devel openssl-devel mysql-devel postgresql-devel
|
BuildRequires: openldap-devel openssl-devel mysql-devel postgresql-devel
|
||||||
BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
|
BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
|
||||||
BuildRequires: perl-devel
|
|
||||||
BuildRequires: perl-generators
|
|
||||||
BuildRequires: libICE-devel libXpm-devel libXt-devel perl(ExtUtils::Embed)
|
BuildRequires: libICE-devel libXpm-devel libXt-devel perl(ExtUtils::Embed)
|
||||||
BuildRequires: systemd-units libgsasl-devel
|
BuildRequires: systemd-units libgsasl-devel grep
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Exim is a message transfer agent (MTA) developed at the University of
|
Exim is a message transfer agent (MTA) developed at the University of
|
||||||
|
@ -88,7 +85,6 @@ routed, and there are extensive facilities for checking incoming
|
||||||
mail. Exim can be installed in place of sendmail, although the
|
mail. Exim can be installed in place of sendmail, although the
|
||||||
configuration of exim is quite different to that of sendmail.
|
configuration of exim is quite different to that of sendmail.
|
||||||
|
|
||||||
%if 0%{?fedora} < 23
|
|
||||||
%package sysvinit
|
%package sysvinit
|
||||||
Summary: SysV initscript for Exim
|
Summary: SysV initscript for Exim
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
|
@ -99,7 +95,6 @@ Requires(post): chkconfig
|
||||||
|
|
||||||
%description sysvinit
|
%description sysvinit
|
||||||
This package contains the SysV initscript for Exim.
|
This package contains the SysV initscript for Exim.
|
||||||
%endif
|
|
||||||
|
|
||||||
%package mysql
|
%package mysql
|
||||||
Summary: MySQL lookup support for Exim
|
Summary: MySQL lookup support for Exim
|
||||||
|
@ -127,6 +122,18 @@ displays information about Exim's processing in an X window, and an
|
||||||
administrator can perform a number of control actions from the window
|
administrator can perform a number of control actions from the window
|
||||||
interface.
|
interface.
|
||||||
|
|
||||||
|
%if %{with sa}
|
||||||
|
%package sa
|
||||||
|
Summary: Exim SpamAssassin at SMTP time - d/l plugin
|
||||||
|
Group: System Environment/Daemons
|
||||||
|
Requires: exim = %{version}-%{release}
|
||||||
|
|
||||||
|
%description sa
|
||||||
|
The exim-sa package is an old method for allowing SpamAssassin to be run on
|
||||||
|
incoming mail at SMTP time. It is deprecated in favour of the built-in ACL
|
||||||
|
support for content scanning.
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{with clamav}
|
%if %{with clamav}
|
||||||
%package clamav
|
%package clamav
|
||||||
Summary: Clam Antivirus scanner dæmon configuration for use with Exim
|
Summary: Clam Antivirus scanner dæmon configuration for use with Exim
|
||||||
|
@ -153,7 +160,6 @@ For further details of Exim content scanning, see chapter 41 of the Exim
|
||||||
specification:
|
specification:
|
||||||
http://www.exim.org/exim-html-%{version}/doc/html/spec_html/ch41.html
|
http://www.exim.org/exim-html-%{version}/doc/html/spec_html/ch41.html
|
||||||
|
|
||||||
%if 0%{?fedora} < 23
|
|
||||||
%package clamav-sysvinit
|
%package clamav-sysvinit
|
||||||
Summary: SysV initscript for Clam Antivirus scanner for Exim
|
Summary: SysV initscript for Clam Antivirus scanner for Exim
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
|
@ -165,7 +171,6 @@ Requires(post): chkconfig
|
||||||
%description clamav-sysvinit
|
%description clamav-sysvinit
|
||||||
This package contains the SysV initscript.
|
This package contains the SysV initscript.
|
||||||
%endif
|
%endif
|
||||||
%endif
|
|
||||||
|
|
||||||
%package greylist
|
%package greylist
|
||||||
Summary: Example configuration for greylisting using Exim
|
Summary: Example configuration for greylisting using Exim
|
||||||
|
@ -195,29 +200,28 @@ greylisting unconditional.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%if %{with sa}
|
||||||
|
%setup -q -T -D -a 13
|
||||||
|
%endif
|
||||||
|
|
||||||
%patch4 -p1 -b .rhl
|
%patch0 -p1 -b .config
|
||||||
%patch6 -p1 -b .config
|
%patch1 -p1 -b .libdir
|
||||||
%patch8 -p1 -b .libdir
|
%patch2 -p1 -b .dl
|
||||||
%patch12 -p1 -b .cyrus
|
%patch3 -p1 -b .fpic
|
||||||
%patch13 -p1 -b .pam
|
%patch4 -p1 -b .opendmarc-1.4-build-fix
|
||||||
%patch14 -p1 -b .spamd
|
%patch5 -p1 -b .build-fix
|
||||||
%patch18 -p1 -b .dl
|
|
||||||
%patch19 -p1 -b .procmail
|
|
||||||
%patch20 -p1 -b .filter
|
|
||||||
%patch21 -p1 -b .localhost
|
|
||||||
%patch22 -p1 -b .grey
|
|
||||||
%patch23 -p1 -b .smarthost
|
|
||||||
%patch25 -p1 -b .dynconfig
|
|
||||||
%patch26 -p1 -b .fpic
|
|
||||||
%patch27 -p1 -b .environment
|
|
||||||
%patch28 -p1 -b .DKIM-fix
|
|
||||||
|
|
||||||
cp src/EDITME Local/Makefile
|
cp src/EDITME Local/Makefile
|
||||||
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
||||||
sed -i 's@^# AUTH_LIBS=-lsasl2@AUTH_LIBS=-lsasl2@' Local/Makefile
|
sed -i 's@^# AUTH_LIBS=-lsasl2@AUTH_LIBS=-lsasl2@' Local/Makefile
|
||||||
cp exim_monitor/EDITME Local/eximon.conf
|
cp exim_monitor/EDITME Local/eximon.conf
|
||||||
|
|
||||||
|
# Workaround for rhbz#1791878
|
||||||
|
pushd doc
|
||||||
|
for f in $(ls -dp cve-* | grep -v '/\|\(\.txt\)$'); do
|
||||||
|
mv "$f" "$f.txt"
|
||||||
|
done
|
||||||
|
popd
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%ifnarch s390 s390x sparc sparcv9 sparcv9v sparc64 sparc64v
|
%ifnarch s390 s390x sparc sparcv9 sparcv9v sparc64 sparc64v
|
||||||
|
@ -227,7 +231,14 @@ cp exim_monitor/EDITME Local/eximon.conf
|
||||||
export PIE=-fPIE
|
export PIE=-fPIE
|
||||||
export PIC=-fPIC
|
export PIC=-fPIC
|
||||||
%endif
|
%endif
|
||||||
make _lib=%{_lib} FULLECHO= LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now}"
|
make _lib=%{_lib} FULLECHO=
|
||||||
|
|
||||||
|
%if %{with sa}
|
||||||
|
# build sa-exim
|
||||||
|
cd sa-exim*
|
||||||
|
perl -pi -e 's|\@lynx|HOME=/ /usr/bin/lynx|g;' Makefile
|
||||||
|
make SACONF=%{_sysconfdir}/exim/sa-exim.conf CFLAGS="$RPM_OPT_FLAGS -fPIC"
|
||||||
|
%endif
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
@ -293,10 +304,8 @@ pod2man --center=EXIM --section=8 \
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
|
||||||
install -m 644 %SOURCE3 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/exim
|
install -m 644 %SOURCE3 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/exim
|
||||||
|
|
||||||
%if 0%{?fedora} < 23
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_initrddir}
|
mkdir -p $RPM_BUILD_ROOT%{_initrddir}
|
||||||
install %SOURCE2 $RPM_BUILD_ROOT%{_initrddir}/exim
|
install %SOURCE2 $RPM_BUILD_ROOT%{_initrddir}/exim
|
||||||
%endif
|
|
||||||
|
|
||||||
# Systemd
|
# Systemd
|
||||||
mkdir -p %{buildroot}%{_unitdir}
|
mkdir -p %{buildroot}%{_unitdir}
|
||||||
|
@ -314,6 +323,15 @@ install -m 0644 %SOURCE4 $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/exim
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily
|
||||||
install -m 0755 %SOURCE5 $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/exim-tidydb
|
install -m 0755 %SOURCE5 $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/exim-tidydb
|
||||||
|
|
||||||
|
%if %{with sa}
|
||||||
|
# install sa
|
||||||
|
cd sa-exim*
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/exim
|
||||||
|
install *.so $RPM_BUILD_ROOT%{_libexecdir}/exim
|
||||||
|
install -m 644 *.conf $RPM_BUILD_ROOT%{_sysconfdir}/exim
|
||||||
|
ln -s sa-exim*.so $RPM_BUILD_ROOT%{_libexecdir}/exim/sa-exim.so
|
||||||
|
%endif
|
||||||
|
|
||||||
# generate ghost .pem file
|
# generate ghost .pem file
|
||||||
mkdir -p $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}
|
mkdir -p $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}
|
||||||
touch $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
|
touch $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
|
||||||
|
@ -338,9 +356,7 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/clamd.d
|
||||||
clamsubst clamd.conf %{_sysconfdir}/clamd.d/exim.conf exim exim \
|
clamsubst clamd.conf %{_sysconfdir}/clamd.d/exim.conf exim exim \
|
||||||
's!^##*\(\(LogFile\|LocalSocket\|PidFile\|User\)\s\|\(StreamSaveToDisk\|ScanMail\|LogTime\|ScanArchive\)$\)!\1!;s!^Example!#Example!;'
|
's!^##*\(\(LogFile\|LocalSocket\|PidFile\|User\)\s\|\(StreamSaveToDisk\|ScanMail\|LogTime\|ScanArchive\)$\)!\1!;s!^Example!#Example!;'
|
||||||
|
|
||||||
%if 0%{?fedora} < 23
|
|
||||||
clamsubst clamd.init %{_initrddir}/clamd.exim exim exim ''
|
clamsubst clamd.init %{_initrddir}/clamd.exim exim exim ''
|
||||||
%endif
|
|
||||||
clamsubst clamd.logrotate %{_sysconfdir}/logrotate.d/clamd.exim exim exim ''
|
clamsubst clamd.logrotate %{_sysconfdir}/logrotate.d/clamd.exim exim exim ''
|
||||||
cat <<EOF > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/clamd.exim
|
cat <<EOF > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/clamd.exim
|
||||||
CLAMD_CONFIG='%_sysconfdir/clamd.d/exim.conf'
|
CLAMD_CONFIG='%_sysconfdir/clamd.d/exim.conf'
|
||||||
|
@ -348,8 +364,8 @@ CLAMD_SOCKET=%{_var}/run/clamd.exim/clamd.sock
|
||||||
EOF
|
EOF
|
||||||
ln -sf clamd $RPM_BUILD_ROOT/usr/sbin/clamd.exim
|
ln -sf clamd $RPM_BUILD_ROOT/usr/sbin/clamd.exim
|
||||||
|
|
||||||
mkdir -p %{buildroot}%{_tmpfilesdir}
|
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
|
||||||
install -m 0644 %{SOURCE12} %{buildroot}%{_tmpfilesdir}/exim-clamav.conf
|
install -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/tmpfiles.d/exim-clamav.conf
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_var}/run/clamd.exim
|
mkdir -p $RPM_BUILD_ROOT%{_var}/run/clamd.exim
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_var}/log
|
mkdir -p $RPM_BUILD_ROOT%{_var}/log
|
||||||
touch $RPM_BUILD_ROOT%{_var}/log/clamd.exim
|
touch $RPM_BUILD_ROOT%{_var}/log/clamd.exim
|
||||||
|
@ -367,6 +383,9 @@ touch $RPM_BUILD_ROOT/%_var/spool/exim/db/greylist.db
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%check
|
||||||
|
build-`scripts/os-type`-`scripts/arch-type`/exim -C src/configure.default -bV
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
%{_sbindir}/groupadd -g 93 exim 2>/dev/null
|
%{_sbindir}/groupadd -g 93 exim 2>/dev/null
|
||||||
%{_sbindir}/useradd -d %{_var}/spool/exim -s /sbin/nologin -G mail -M -r -u 93 -g exim exim 2>/dev/null
|
%{_sbindir}/useradd -d %{_var}/spool/exim -s /sbin/nologin -G mail -M -r -u 93 -g exim exim 2>/dev/null
|
||||||
|
@ -414,7 +433,6 @@ fi
|
||||||
/sbin/chkconfig --del exim >/dev/null 2>&1 || :
|
/sbin/chkconfig --del exim >/dev/null 2>&1 || :
|
||||||
/bin/systemctl try-restart exim.service >/dev/null 2>&1 || :
|
/bin/systemctl try-restart exim.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%if 0%{?fedora} < 23
|
|
||||||
%triggerpostun -n exim-sysvinit -- exim < %{sysv2systemdnvr}
|
%triggerpostun -n exim-sysvinit -- exim < %{sysv2systemdnvr}
|
||||||
/sbin/chkconfig --add exim >/dev/null 2>&1 || :
|
/sbin/chkconfig --add exim >/dev/null 2>&1 || :
|
||||||
|
|
||||||
|
@ -429,7 +447,6 @@ fi
|
||||||
|
|
||||||
%postun sysvinit
|
%postun sysvinit
|
||||||
[ "$1" -ge "1" ] && %{_initrddir}/exim condrestart >/dev/null 2>&1 ||:
|
[ "$1" -ge "1" ] && %{_initrddir}/exim condrestart >/dev/null 2>&1 ||:
|
||||||
%endif
|
|
||||||
|
|
||||||
%post greylist
|
%post greylist
|
||||||
if [ ! -r %{_var}/spool/exim/db/greylist.db ]; then
|
if [ ! -r %{_var}/spool/exim/db/greylist.db ]; then
|
||||||
|
@ -486,8 +503,7 @@ fi
|
||||||
%config(noreplace) %{_sysconfdir}/pam.d/exim
|
%config(noreplace) %{_sysconfdir}/pam.d/exim
|
||||||
%{_sysconfdir}/cron.daily/exim-tidydb
|
%{_sysconfdir}/cron.daily/exim-tidydb
|
||||||
|
|
||||||
%license LICENCE NOTICE
|
%doc ACKNOWLEDGMENTS LICENCE NOTICE README.UPDATING README
|
||||||
%doc ACKNOWLEDGMENTS README.UPDATING README
|
|
||||||
%doc doc util/unknownuser.sh
|
%doc doc util/unknownuser.sh
|
||||||
|
|
||||||
%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) /etc/pki/tls/certs/exim.pem
|
%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) /etc/pki/tls/certs/exim.pem
|
||||||
|
@ -503,11 +519,9 @@ fi
|
||||||
%ghost %{_sysconfdir}/pam.d/smtp
|
%ghost %{_sysconfdir}/pam.d/smtp
|
||||||
%ghost %{_mandir}/man1/mailq.1.gz
|
%ghost %{_mandir}/man1/mailq.1.gz
|
||||||
|
|
||||||
%if 0%{?fedora} < 23
|
|
||||||
%files sysvinit
|
%files sysvinit
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%{_initrddir}/exim
|
%{_initrddir}/exim
|
||||||
%endif
|
|
||||||
|
|
||||||
%files mysql
|
%files mysql
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
|
@ -522,9 +536,18 @@ fi
|
||||||
%{_sbindir}/eximon
|
%{_sbindir}/eximon
|
||||||
%{_sbindir}/eximon.bin
|
%{_sbindir}/eximon.bin
|
||||||
|
|
||||||
|
%if %{with sa}
|
||||||
|
%files sa
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%{_libexecdir}/exim
|
||||||
|
%config(noreplace) %{_sysconfdir}/exim/sa-*.conf
|
||||||
|
%doc sa-exim*/*.html
|
||||||
|
%doc sa-exim*/{ACKNOWLEDGEMENTS,INSTALL,LICENSE,TODO}
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{with clamav}
|
%if %{with clamav}
|
||||||
%post clamav
|
%post clamav
|
||||||
/bin/mkdir -p 0750 %{_var}/run/clamd.exim
|
/bin/mkdir -pm 0750 %{_var}/run/clamd.exim
|
||||||
/bin/chown exim:exim %{_var}/run/clamd.exim
|
/bin/chown exim:exim %{_var}/run/clamd.exim
|
||||||
/bin/touch %{_var}/log/clamd.exim
|
/bin/touch %{_var}/log/clamd.exim
|
||||||
/bin/chown exim.exim %{_var}/log/clamd.exim
|
/bin/chown exim.exim %{_var}/log/clamd.exim
|
||||||
|
@ -551,7 +574,6 @@ fi
|
||||||
/sbin/chkconfig --del clamd.exim >/dev/null 2>&1 || :
|
/sbin/chkconfig --del clamd.exim >/dev/null 2>&1 || :
|
||||||
/bin/systemctl try-restart clamd.exim.service >/dev/null 2>&1 || :
|
/bin/systemctl try-restart clamd.exim.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%if 0%{?fedora} < 23
|
|
||||||
%triggerpostun -n exim-clamav-sysvinit -- exim < %{sysv2systemdnvr}
|
%triggerpostun -n exim-clamav-sysvinit -- exim < %{sysv2systemdnvr}
|
||||||
/sbin/chkconfig --add clamd.exim >/dev/null 2>&1 ||:
|
/sbin/chkconfig --add clamd.exim >/dev/null 2>&1 ||:
|
||||||
|
|
||||||
|
@ -564,7 +586,6 @@ test "$1" != 0 || /sbin/chkconfig --del clamd.exim >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%postun clamav-sysvinit
|
%postun clamav-sysvinit
|
||||||
test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
||||||
%endif
|
|
||||||
|
|
||||||
%files clamav
|
%files clamav
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
|
@ -573,16 +594,14 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
||||||
%config(noreplace) %verify(not mtime) %{_sysconfdir}/clamd.d/exim.conf
|
%config(noreplace) %verify(not mtime) %{_sysconfdir}/clamd.d/exim.conf
|
||||||
%config(noreplace) %verify(not mtime) %{_sysconfdir}/sysconfig/clamd.exim
|
%config(noreplace) %verify(not mtime) %{_sysconfdir}/sysconfig/clamd.exim
|
||||||
%config(noreplace) %verify(not mtime) %{_sysconfdir}/logrotate.d/clamd.exim
|
%config(noreplace) %verify(not mtime) %{_sysconfdir}/logrotate.d/clamd.exim
|
||||||
%{_tmpfilesdir}/exim-clamav.conf
|
%config(noreplace) %{_sysconfdir}/tmpfiles.d/exim-clamav.conf
|
||||||
%ghost %attr(0750,exim,exim) %dir %{_var}/run/clamd.exim
|
%ghost %attr(0750,exim,exim) %dir %{_var}/run/clamd.exim
|
||||||
%ghost %attr(0644,exim,exim) %{_var}/log/clamd.exim
|
%ghost %attr(0644,exim,exim) %{_var}/log/clamd.exim
|
||||||
|
|
||||||
%if 0%{?fedora} < 23
|
|
||||||
%files clamav-sysvinit
|
%files clamav-sysvinit
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%attr(0755,root,root) %config %{_initrddir}/clamd.exim
|
%attr(0755,root,root) %config %{_initrddir}/clamd.exim
|
||||||
%endif
|
%endif
|
||||||
%endif
|
|
||||||
|
|
||||||
%files greylist
|
%files greylist
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
|
@ -592,77 +611,144 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
||||||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Aug 19 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 4.96-1
|
||||||
|
- New version
|
||||||
|
Resolves: rhbz#2119687
|
||||||
|
|
||||||
|
* Thu Jun 23 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 4.95-1
|
||||||
|
- New version
|
||||||
|
Resolves: rhbz#2100385
|
||||||
|
|
||||||
|
* Tue May 4 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94.2-1
|
||||||
|
- New version
|
||||||
|
|
||||||
|
* Mon Apr 12 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-3
|
||||||
|
- Release bump to fix greylisting
|
||||||
|
|
||||||
|
* Thu Mar 25 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-2
|
||||||
|
- Fixed cname handling in TLS certificate verification
|
||||||
|
Resolves: rhbz#1942583
|
||||||
|
|
||||||
|
* Mon Jun 1 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-1
|
||||||
|
- New version
|
||||||
|
Resolves: rhbz#1842590
|
||||||
|
- Used Exim maintainers keyring for GPG verification
|
||||||
|
- Dropped CVE-2020-12783 patch (upstreamed)
|
||||||
|
- Used better workaround for rhbz#1791878
|
||||||
|
Resolves: rhbz#1842633
|
||||||
|
|
||||||
|
* Fri May 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-3
|
||||||
|
- Fixed out-of-bounds read in the SPA authenticator
|
||||||
|
Resolves: CVE-2020-12783
|
||||||
|
|
||||||
|
* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-2
|
||||||
|
- Enabled spf2 and opendmarc support
|
||||||
|
Resolves: rhbz#1829076
|
||||||
|
|
||||||
|
* Fri Mar 20 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-1
|
||||||
|
- Rebased to 4.93
|
||||||
|
Resolves: rhbz#1827425
|
||||||
|
|
||||||
|
* Mon Sep 30 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-1
|
||||||
|
- New version
|
||||||
|
Resolves: rhbz#1756656
|
||||||
|
Resolves: CVE-2019-16928
|
||||||
|
|
||||||
|
* Fri Sep 6 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.2-1
|
||||||
|
- New version
|
||||||
|
Resolves: CVE-2019-15846
|
||||||
|
|
||||||
|
* Tue Aug 20 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.1-1
|
||||||
|
- New version
|
||||||
|
Resolves: rhbz#1742312
|
||||||
|
|
||||||
|
* Tue Jun 4 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-1
|
||||||
|
- New version
|
||||||
|
- De-fuzzified patches
|
||||||
|
|
||||||
|
* Wed Mar 27 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.91-3
|
||||||
|
- Enabled DANE support
|
||||||
|
Resolves: rhbz#1693202
|
||||||
|
- De-fuzzified support-proxies patch
|
||||||
|
|
||||||
|
* Wed Feb 20 2019 Marcel Härry <mh+fedora@scrit.ch> - 4.91-2
|
||||||
|
- Enable proxy and socks support Resolves: rhbz#1542870
|
||||||
|
|
||||||
|
* Mon Aug 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.91-1
|
||||||
|
- New version
|
||||||
|
Resolves: rhbz#1615158
|
||||||
|
- Dropped dynlookup-config patch (merged into config patch)
|
||||||
|
- Dropped dec64table-read-fix patch (already upstream)
|
||||||
|
- De-fuzzified patches
|
||||||
|
|
||||||
|
* Wed Mar 14 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-3
|
||||||
|
- Fixed dec64table OOB read in b64decode
|
||||||
|
|
||||||
|
* Fri Feb 16 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-2
|
||||||
|
- Fixed undefined symbols in mysql module
|
||||||
|
|
||||||
|
* Tue Feb 13 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-1
|
||||||
|
- New version
|
||||||
|
Resolves: rhbz#1527710
|
||||||
|
- Fixed buffer overflow in utility function
|
||||||
|
Resolves: CVE-2018-6789
|
||||||
|
- Updated and defuzzified patches
|
||||||
|
- Dropped mariadb-macro-fix patch (not needed)
|
||||||
|
- Dropped CVE-2017-1000369, calloutsize, CVE-2017-16943,
|
||||||
|
CVE-2017-16944 patches (all upstreamed)
|
||||||
|
|
||||||
|
* Fri Dec 1 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-4
|
||||||
|
- Fixed denial of service
|
||||||
|
Resolves: CVE-2017-16944
|
||||||
|
|
||||||
|
* Mon Nov 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-3
|
||||||
|
- Fixed use-after-free
|
||||||
|
Resolves: CVE-2017-16943
|
||||||
|
|
||||||
|
* Fri Aug 18 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-2
|
||||||
|
- Fixed compilation with the mariadb-10.2
|
||||||
|
Resolves: rhbz#1467312
|
||||||
|
- Fixed multiple memory leaks
|
||||||
|
Resolves: CVE-2017-1000369
|
||||||
|
- Fixed typo causing exim-clamav to create /0750 directory
|
||||||
|
Resolves: rhbz#1412028
|
||||||
|
- On callout avoid SIZE option when doing recipient verification with
|
||||||
|
caching enabled
|
||||||
|
Resolves: rhbz#1482217
|
||||||
|
- Fixed some minor whitespace problems in the spec
|
||||||
|
|
||||||
|
* Wed Mar 8 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-1
|
||||||
|
- New version
|
||||||
|
Resolves: rhbz#1428141
|
||||||
|
- Switched to xz archive
|
||||||
|
- Dropped DKIM-fix patch (already upstream)
|
||||||
|
|
||||||
* Mon Jan 23 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.88-3
|
* Mon Jan 23 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.88-3
|
||||||
- Fixed DKIM
|
- Fixed DKIM
|
||||||
- Defuzzified patches and fixed some whitespaces
|
- Defuzzified patches and fixed some whitespaces
|
||||||
|
|
||||||
* Sat Jan 14 2017 Ville Skyttä <ville.skytta@iki.fi> - 4.88-2
|
* Mon Jan 2 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.88-2
|
||||||
- Move tmpfiles.d config to %%{_tmpfilesdir}
|
- Fixed changelog and sources
|
||||||
- Install license files as %%license
|
|
||||||
|
|
||||||
* Sun Dec 25 2016 David Woodhouse <dwmw2@infradead.org> - 4.88-1
|
* Mon Jan 2 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.88-1
|
||||||
- Update to 4.88 (CVE-2016-9963 / rhbz#1405323)
|
- New version
|
||||||
|
- Fixed DKIM private key leakage
|
||||||
|
Resolves: CVE-2016-9963
|
||||||
|
|
||||||
* Thu Jun 9 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.87-5
|
* Mon Apr 18 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-2
|
||||||
- Allow configuration of user:group through sysconfig
|
|
||||||
Resolves: rhbz#1344250
|
|
||||||
|
|
||||||
* Sat May 14 2016 Jitka Plesnikova <jplesnik@redhat.com> - 4.87-4
|
|
||||||
- Perl 5.24 rebuild
|
|
||||||
|
|
||||||
* Wed May 4 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.87-3
|
|
||||||
- Dropped sa-exim which has been obsoleted long time ago by the proper
|
|
||||||
built-in ACL support
|
|
||||||
- Unconditionalized sources
|
|
||||||
Resolves: rhbz#1332211
|
|
||||||
|
|
||||||
* Mon Apr 18 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.87-2
|
|
||||||
- Used sane environment defaults in default configuration
|
- Used sane environment defaults in default configuration
|
||||||
Resolves: rhbz#1323775
|
Resolves: rhbz#1323775
|
||||||
|
|
||||||
* Sun Apr 10 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.87-1
|
* Thu Mar 3 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-1
|
||||||
- New version
|
- New version (security bug fix release)
|
||||||
Resolves: rhbz#1325557
|
|
||||||
|
|
||||||
* Thu Mar 3 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.86.2-1
|
|
||||||
- New version
|
|
||||||
Resolves: rhbz#1314118
|
Resolves: rhbz#1314118
|
||||||
- Fixed local privilege escalation for set-uid root when using perl_startup
|
- Fixed local privilege escalation for set-uid root when using perl_startup
|
||||||
Resolves: CVE-2016-1531
|
Resolves: CVE-2016-1531
|
||||||
- Defuzzified patches
|
- Defuzzified patches
|
||||||
|
|
||||||
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 4.86-4
|
* Mon Dec 7 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84-5
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
- MIME crash fix (by mime-fix patch)
|
||||||
|
Resolves: rhbz#1289056
|
||||||
* Mon Nov 2 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.86-3
|
|
||||||
- Fixed exim-gen-cert not to output error on success
|
|
||||||
|
|
||||||
* Fri Sep 18 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.86-2
|
|
||||||
- Hardened build, rebuilt with the full RELRO (only the daemon)
|
|
||||||
|
|
||||||
* Mon Jul 27 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.86-1
|
|
||||||
- New version
|
|
||||||
Resolves: rhbz#1246923
|
|
||||||
- Updated and defuzzified patches
|
|
||||||
|
|
||||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.85-5
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4.85-4
|
|
||||||
- Perl 5.22 rebuild
|
|
||||||
|
|
||||||
* Tue Mar 10 2015 Adam Jackson <ajax@redhat.com> 4.85-3
|
|
||||||
- Drop sysvinit subpackages for F23+
|
|
||||||
|
|
||||||
* Tue Feb 10 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.85-2
|
|
||||||
- Shared objects are now compiled with PIC, not PIE, which is needed for gcc-5,
|
|
||||||
(by pic patch)
|
|
||||||
Resolves: rhbz#1190784
|
|
||||||
|
|
||||||
* Tue Jan 13 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.85-1
|
|
||||||
- New version
|
|
||||||
Resolves: rhbz#1181479
|
|
||||||
- De-fuzzified config and dlopen-localscan patches
|
|
||||||
|
|
||||||
* Fri Oct 10 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84-4
|
* Fri Oct 10 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84-4
|
||||||
- Do not override LFLAGS (problem reported by Todd Lyons)
|
- Do not override LFLAGS (problem reported by Todd Lyons)
|
||||||
|
|
3
sources
3
sources
|
@ -1 +1,2 @@
|
||||||
SHA512 (exim-4.88.tar.bz2) = ea094bf703628c201de119fc5f09539475e52158e935f8f2a9e4138c4a1bfe885017145c3cc5e22aa9087b195091955c69385ebf1ea0baec64ed5c1b8e3b1caf
|
SHA512 (sa-exim-4.2.tar.gz) = 2c1839c4d897bf65d19c754bbc9dc0674276ccad4a564c639591396afc23f1456decceec94817f62ee9b688f5d6d90436d3d47c869e04a69c955b1376c9fbd7b
|
||||||
|
SHA512 (exim-4.96.tar.xz) = 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
|
||||||
|
|
Loading…
Reference in New Issue