New version

Resolves: rhbz#2119687
New version
2022-08-19 21:49:55 +02:00 · 2022-06-23 14:03:49 +02:00 · 2021-08-02 14:53:38 +02:00 · 2021-05-04 20:41:21 +02:00 · 2021-04-12 23:59:13 +02:00 · 2021-04-12 14:32:55 +02:00
26 changed files with 2072 additions and 916 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
-exim-*.tar.xz
+/exim-*.tar.xz
 /exim-*.tar.xz.asc
--- a/Exim-Maintainers-Keyring.asc
+++ b/Exim-Maintainers-Keyring.asc
--- a/exim-4.90.1-nsl-fix.patch
+++ b/exim-4.90.1-nsl-fix.patch
@ -1,14 +0,0 @@
 diff --git a/src/EDITME b/src/EDITME
 index be31066..e48dd93 100644
 --- a/src/EDITME
 +++ b/src/EDITME
@@ -316,6 +316,9 @@ LOOKUP_MYSQL=2
 LOOKUP_MYSQL_PC=mariadb
 LOOKUP_NIS=yes
 LOOKUP_NISPLUS=yes
 +CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc
 +LIBS+=-L/usr/$(_lib)/nsl
 +
 # LOOKUP_ORACLE=yes
 LOOKUP_PASSWD=yes
 LOOKUP_PGSQL=2
--- a/exim-4.92-allow-filter.patch
+++ b/exim-4.92-allow-filter.patch
@ -1,13 +0,0 @@
 diff --git a/src/configure.default b/src/configure.default
 index cef3779..09f0b36 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -810,7 +810,7 @@ userforward:
 # local_part_suffix = +* : -*
 # local_part_suffix_optional
   file = $home/.forward
 -# allow_filter
 +  allow_filter
   no_verify
   no_expn
   check_ancestor
--- a/exim-4.92-config.patch
+++ b/exim-4.92-config.patch
@ -1,299 +0,0 @@
 diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
 index 7e0bf38..c97ccec 100755
 --- a/scripts/Configure-Makefile
 +++ b/scripts/Configure-Makefile
@@ -297,7 +297,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
   mv $mft $mftt
   echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
 -  echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
 +  echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
   echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
   echo "" >>$mft
   cat $mftt >> $mft
 diff --git a/src/EDITME b/src/EDITME
 index cbb0805..a42cd6f 100644
 --- a/src/EDITME
 +++ b/src/EDITME
@@ -98,7 +98,7 @@
 # /usr/local/sbin. The installation script will try to create this directory,
 # and any superior directories, if they do not exist.
 -BIN_DIRECTORY=/usr/exim/bin
 +BIN_DIRECTORY=/usr/sbin
 #------------------------------------------------------------------------------
@@ -114,7 +114,7 @@ BIN_DIRECTORY=/usr/exim/bin
 # don't exist. It will also install a default runtime configuration if this
 # file does not exist.
 -CONFIGURE_FILE=/usr/exim/configure
 +CONFIGURE_FILE=/etc/exim/exim.conf
 # It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
 # In this case, Exim will use the first of them that exists when it is run.
@@ -131,7 +131,7 @@ CONFIGURE_FILE=/usr/exim/configure
 # deliveries. (Local deliveries run as various non-root users, typically as the
 # owner of a local mailbox.) Specifying these values as root is not supported.
 -EXIM_USER=
 +EXIM_USER=93
 # If you specify EXIM_USER as a name, this is looked up at build time, and the
 # uid number is built into the binary. However, you can specify that this
@@ -152,7 +152,7 @@ EXIM_USER=
 # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
 # you want to use a group other than the default group for the given user.
 -# EXIM_GROUP=
 +EXIM_GROUP=93
 # Many sites define a user called "exim", with an appropriate default group,
 # and use
@@ -237,7 +237,7 @@ TRANSPORT_SMTP=yes
 # This one is special-purpose, and commonly not required, so it is not
 # included by default.
 -# TRANSPORT_LMTP=yes
 +TRANSPORT_LMTP=yes
 #------------------------------------------------------------------------------
@@ -246,9 +246,9 @@ TRANSPORT_SMTP=yes
 # MBX, is included only when requested. If you do not know what this is about,
 # leave these settings commented out.
 -# SUPPORT_MAILDIR=yes
 -# SUPPORT_MAILSTORE=yes
 -# SUPPORT_MBX=yes
 +SUPPORT_MAILDIR=yes
 +SUPPORT_MAILSTORE=yes
 +SUPPORT_MBX=yes
 #------------------------------------------------------------------------------
@@ -306,20 +306,22 @@ LOOKUP_DBM=yes
 LOOKUP_LSEARCH=yes
 LOOKUP_DNSDB=yes
 -# LOOKUP_CDB=yes
 -# LOOKUP_DSEARCH=yes
 +LOOKUP_CDB=yes
 +LOOKUP_DSEARCH=yes
 # LOOKUP_IBASE=yes
 -# LOOKUP_LDAP=yes
 -# LOOKUP_MYSQL=yes
 -# LOOKUP_MYSQL_PC=mariadb
 -# LOOKUP_NIS=yes
 -# LOOKUP_NISPLUS=yes
 +LOOKUP_LDAP=yes
 +LDAP_LIB_TYPE=OPENLDAP2
 +LOOKUP_LIBS=-lldap -llber -lsqlite3
 +LOOKUP_MYSQL=2
 +LOOKUP_MYSQL_PC=mariadb
 +LOOKUP_NIS=yes
 +LOOKUP_NISPLUS=yes
 # LOOKUP_ORACLE=yes
 -# LOOKUP_PASSWD=yes
 -# LOOKUP_PGSQL=yes
 +LOOKUP_PASSWD=yes
 +LOOKUP_PGSQL=2
 +LOOKUP_PGSQL_LIBS=-lpq
 # LOOKUP_REDIS=yes
 -# LOOKUP_SQLITE=yes
 -# LOOKUP_SQLITE_PC=sqlite3
 +LOOKUP_SQLITE=yes
 # LOOKUP_WHOSON=yes
 # These two settings are obsolete; all three lookups are compiled when
@@ -402,7 +404,7 @@ EXIM_MONITOR=eximon.bin
 # and the MIME ACL. Please read the documentation to learn more about these
 # features.
 -# WITH_CONTENT_SCAN=yes
 +WITH_CONTENT_SCAN=yes
 # If you have content scanning you may wish to only include some of the scanner
 # interfaces.  Uncomment any of these lines to remove that code.
@@ -595,7 +597,7 @@ FIXED_NEVER_USERS=root
 # CONFIGURE_OWNER setting, to specify a configuration file which is listed in
 # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
 -# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
 +TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
 #------------------------------------------------------------------------------
@@ -640,17 +642,14 @@ FIXED_NEVER_USERS=root
 # included in the Exim binary. You will then need to set up the run time
 # configuration to make use of the mechanism(s) selected.
 -# AUTH_CRAM_MD5=yes
 -# AUTH_CYRUS_SASL=yes
 -# AUTH_DOVECOT=yes
 -# AUTH_GSASL=yes
 -# AUTH_GSASL_PC=libgsasl
 -# AUTH_HEIMDAL_GSSAPI=yes
 -# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
 -# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
 -# AUTH_PLAINTEXT=yes
 -# AUTH_SPA=yes
 -# AUTH_TLS=yes
 +AUTH_CRAM_MD5=yes
 +AUTH_CYRUS_SASL=yes
 +AUTH_DOVECOT=yes
 +AUTH_GSASL=yes
 +AUTH_GSASL_PC=libgsasl
 +AUTH_PLAINTEXT=yes
 +AUTH_SPA=yes
 +AUTH_TLS=yes
 # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
 # requires multiple pkg-config files to work with Exim, so the second example
@@ -674,7 +673,7 @@ FIXED_NEVER_USERS=root
 # one that is set in the headers_charset option. The default setting is
 # defined by this setting:
 -HEADERS_CHARSET="ISO-8859-1"
 +HEADERS_CHARSET="UTF-8"
 # If you are going to make use of $header_xxx expansions in your configuration
 # file, or if your users are going to use them in filter files, and the normal
@@ -694,7 +693,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # the Sieve filter support. For those OS where iconv() is known to be installed
 # as standard, the file in OS/Makefile-xxxx contains
 #
 -# HAVE_ICONV=yes
 +HAVE_ICONV=yes
 #
 # If you are not using one of those systems, but have installed iconv(), you
 # need to uncomment that line above. In some cases, you may find that iconv()
@@ -763,11 +762,11 @@ HEADERS_CHARSET="ISO-8859-1"
 # leave these settings commented out.
 # This setting is required for any TLS support (either OpenSSL or GnuTLS)
 -# SUPPORT_TLS=yes
 +SUPPORT_TLS=yes
 # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
 -# USE_OPENSSL_PC=openssl
 -# TLS_LIBS=-lssl -lcrypto
 +TLS_INCLUDE=-I/usr/kerberos/include
 +TLS_LIBS=-lssl -lcrypto
 # Uncomment the first and either the second or the third of these if you
 # are using GnuTLS.  If you have pkg-config, then the second, else the third.
@@ -839,7 +838,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # Once you have done this, "make install" will build the info files and
 # install them in the directory you have defined.
 -# INFO_DIRECTORY=/usr/share/info
 +INFO_DIRECTORY=/usr/share/info
 #------------------------------------------------------------------------------
@@ -852,7 +851,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # %s. This will be replaced by one of the strings "main", "panic", or "reject"
 # to form the final file names. Some installations may want something like this:
 -# LOG_FILE_PATH=/var/log/exim_%slog
 +LOG_FILE_PATH=/var/log/exim/%s.log
 # which results in files with names /var/log/exim_mainlog, etc. The directory
 # in which the log files are placed must exist; Exim does not try to create
@@ -924,7 +923,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
 # Perl costs quite a lot of resources. Only do this if you really need it.
 -# EXIM_PERL=perl.o
 +EXIM_PERL=perl.o
 #------------------------------------------------------------------------------
@@ -934,7 +933,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # that the local_scan API is made available by the linker. You may also need
 # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
 -# EXPAND_DLFUNC=yes
 +EXPAND_DLFUNC=yes
 #------------------------------------------------------------------------------
@@ -944,7 +943,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # support, which is intended for use in conjunction with the SMTP AUTH
 # facilities, is included only when requested by the following setting:
 -# SUPPORT_PAM=yes
 +SUPPORT_PAM=yes
 # You probably need to add -lpam to EXTRALIBS, and in some releases of
 # GNU/Linux -ldl is also needed.
@@ -1052,7 +1051,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # group. Once you have installed saslauthd, you should arrange for it to be
 # started by root at boot time.
 -# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
 +CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
 #------------------------------------------------------------------------------
@@ -1066,8 +1065,8 @@ ZCAT_COMMAND=/usr/bin/zcat
 # library for TCP wrappers, so you probably need something like this:
 #
 # USE_TCP_WRAPPERS=yes
 -# CFLAGS=-O -I/usr/local/include
 -# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
 +CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
 +EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
 #
 # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
 # as well.
@@ -1119,7 +1118,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 # is "yes", as well as supporting line editing, a history of input lines in the
 # current run is maintained.
 -# USE_READLINE=yes
 +USE_READLINE=yes
 # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
 # Note that this option adds to the size of the Exim binary, because the
@@ -1136,7 +1135,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 #------------------------------------------------------------------------------
 # Uncomment this setting to include IPv6 support.
 -# HAVE_IPV6=yes
 +HAVE_IPV6=yes
 ###############################################################################
 #              THINGS YOU ALMOST NEVER NEED TO MENTION                        #
@@ -1157,13 +1156,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 # haven't got Perl, Exim will still build and run; you just won't be able to
 # use those utilities.
 -# CHOWN_COMMAND=/usr/bin/chown
 -# CHGRP_COMMAND=/usr/bin/chgrp
 -# CHMOD_COMMAND=/usr/bin/chmod
 -# MV_COMMAND=/bin/mv
 -# RM_COMMAND=/bin/rm
 -# TOUCH_COMMAND=/usr/bin/touch
 -# PERL_COMMAND=/usr/bin/perl
 +CHOWN_COMMAND=/usr/bin/chown
 +CHGRP_COMMAND=/usr/bin/chgrp
 +CHMOD_COMMAND=/usr/bin/chmod
 +MV_COMMAND=/usr/bin/mv
 +RM_COMMAND=/usr/bin/rm
 +TOUCH_COMMAND=/usr/bin/touch
 +PERL_COMMAND=/usr/bin/perl
 #------------------------------------------------------------------------------
@@ -1365,7 +1364,7 @@ EXIM_TMPDIR="/tmp"
 # (process id) to a file so that it can easily be identified. The path of the
 # file can be specified here. Some installations may want something like this:
 -# PID_FILE_PATH=/var/lock/exim.pid
 +PID_FILE_PATH=/var/run/exim.pid
 # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
 # using the name "exim-daemon.pid".
--- a/exim-4.92-cyrus.patch
+++ b/exim-4.92-cyrus.patch
@ -1,21 +0,0 @@
 diff --git a/src/configure.default b/src/configure.default
 index 69e0ed1..6db4947 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -901,6 +901,16 @@ address_reply:
   driver = autoreply
 +# This transport is used to deliver local mail to cyrus IMAP server via UNIX
 +# socket. You'll need to configure the 'localuser' router above to use it.
 +#
 +#lmtp_delivery:
 +#  home_directory = /var/spool/imap
 +#  driver = lmtp
 +#  command = "/usr/lib/cyrus-imapd/deliver -l"
 +#  batch_max = 20
 +#  user = cyrus
 +
 ######################################################################
 #                      RETRY CONFIGURATION                           #
--- a/exim-4.92-dane-enable.patch
+++ b/exim-4.92-dane-enable.patch
@ -1,13 +0,0 @@
 diff --git a/src/EDITME b/src/EDITME
 index e3b98e9..d621c46 100644
 --- a/src/EDITME
 +++ b/src/EDITME
@@ -372,7 +372,7 @@ PCRE_CONFIG=yes
 # Uncomment the following line to add DANE support
 # Note: Enabling this unconditionally overrides DISABLE_DNSSEC
 # For DANE under GnuTLS we need an additional library.  See TLS_LIBS below.
 -# SUPPORT_DANE=yes
 +SUPPORT_DANE=yes
 #------------------------------------------------------------------------------
 # Additional libraries and include directories may be required for some
--- a/exim-4.92-environment.patch
+++ b/exim-4.92-environment.patch
@ -1,15 +0,0 @@
 diff --git a/src/configure.default b/src/configure.default
 index 241a961..1403d4a 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -384,8 +384,8 @@ timeout_frozen_after = 7d
 # Note that TZ is handled separately by the timezone runtime option
 # and TIMEZONE_DEFAULT buildtime option.
 -# keep_environment = ^LDAP
 -# add_environment = PATH=/usr/bin::/bin
 +keep_environment = ^LDAP
 +add_environment = PATH=/usr/bin::/bin
--- a/exim-4.92-greylist-conf.patch
+++ b/exim-4.92-greylist-conf.patch
@ -1,119 +0,0 @@
 diff --git a/src/configure.default b/src/configure.default
 index 9242bac..eabf102 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -119,6 +119,7 @@ hostlist   relay_from_hosts = localhost
 # manual for details. The lists above are used in the access control lists for
 # checking incoming messages. The names of these ACLs are defined here:
 +acl_smtp_mail =         acl_check_mail
 acl_smtp_rcpt =         acl_check_rcpt
 .ifdef _HAVE_PRDR
 acl_smtp_data_prdr =    acl_check_prdr
@@ -395,6 +396,29 @@ timeout_frozen_after = 7d
 begin acl
 +
 +# This access control list is used for the MAIL command in an incoming
 +# SMTP message.
 +
 +acl_check_mail:
 +
 +  # Hosts are required to say HELO (or EHLO) before sending mail.
 +  # So don't allow them to use the MAIL command if they haven't
 +  # done so.
 +
 +  deny condition = ${if eq{$sender_helo_name}{} {1}}
 +       message = Nice boys say HELO first
 +
 +  # Use the lack of reverse DNS to trigger greylisting. Some people
 +  # even reject for it but that would be a little excessive.
 +
 +  warn condition = ${if eq{$sender_host_name}{} {1}}
 +       set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
 +
 +  accept
 +
 +
 +
 # This access control list is used for every RCPT command in an incoming
 # SMTP message. The tests are run in order until the address is either
 # accepted or denied.
@@ -520,7 +544,8 @@ acl_check_rcpt:
   # There are no default checks on DNS black lists because the domains that
   # contain these lists are changing all the time. However, here are two
   # examples of how you can get Exim to perform a DNS black list lookup at this
 -  # point. The first one denies, whereas the second just warns.
 +  # point. The first one denies, whereas the second just warns. The third
 +  # triggers greylisting for any host in the blacklist.
   #
   # deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
   #         dnslists      = black.list.example
@@ -528,6 +553,10 @@ acl_check_rcpt:
   # warn    dnslists      = black.list.example
   #         add_header    = X-Warning: $sender_host_address is in a black list at $dnslist_domain
   #         log_message   = found in $dnslist_domain
 +  #
 +  # warn    dnslists      = black.list.example
 +  #         set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
 +  #
   #############################################################################
   #############################################################################
@@ -554,6 +583,10 @@ acl_check_rcpt:
   #        set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
   #############################################################################
 +  # Alternatively, greylist for it:
 +  # warn !verify = csa
 +  #      set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
 +
   # At this point, the address has passed all the checks that have been
   # configured, so we accept it unconditionally.
@@ -612,6 +645,12 @@ acl_check_data:
   # deny    condition  = ${if !def:h_Message-ID: {1}}
   #         message    = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
   #                      Most messages without it are spam, so your mail has been rejected.
 +  #
 +  # Alternatively if we're feeling more lenient we could just use it to
 +  # trigger greylisting instead:
 +
 +  warn    condition  = ${if !def:h_Message-ID: {1}}
 +          set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
   # Deny if the message contains a virus. Before enabling this check, you
   # must install a virus scanner and set the av_scanner option above.
@@ -658,8 +697,31 @@ acl_check_data:
   #         message   = Your message scored $spam_score SpamAssassin point. Report follows:\n\
   #  	    	        $spam_report
 +  # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
 +  #
 +  # warn    condition = ${if >{$spam_score_int}{5} {1}}
 +  #         set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
 +
 +
 +  # If you want to greylist _all_ mail rather than only mail which looks like there
 +  # might be something wrong with it, then you can do this...
 +  #
 +  # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
 +
 +  # Now, invoke the greylisting. For this you need to have installed the exim-greylist
 +  # package which contains this subroutine, and you need to uncomment the bit below
 +  # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
 +  # greylisting will kick in and will defer the mail to check if the sender is a
 +  # proper mail which which retries, or whether it's a zombie. For more details, see
 +  # the exim-greylist.conf.inc file itself.
 +  #
 +  # require acl = greylist_mail
 +
   accept
 +# To enable the greylisting, also uncomment this line:
 +# .include /etc/exim/exim-greylist.conf.inc
 +
 acl_check_mime:
   # File extension filtering.
--- a/exim-4.92-localhost-is-local.patch
+++ b/exim-4.92-localhost-is-local.patch
@ -1,13 +0,0 @@
 diff --git a/src/configure.default b/src/configure.default
 index 09f0b36..9242bac 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -67,7 +67,7 @@
 # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
 # are all colon-separated lists:
 -domainlist local_domains = @
 +domainlist local_domains = @ : localhost : localhost.localdomain
 domainlist relay_to_domains =
 hostlist   relay_from_hosts = localhost
 # (We rely upon hostname resolution working for localhost, because the default
--- a/exim-4.92-pamconfig.patch
+++ b/exim-4.92-pamconfig.patch
@ -1,78 +0,0 @@
 diff --git a/src/configure.default b/src/configure.default
 index 6db4947..f1198b1 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -157,7 +157,7 @@ acl_smtp_data =         acl_check_data
 # Allow any client to use TLS.
 -# tls_advertise_hosts = *
 +tls_advertise_hosts = *
 # Specify the location of the Exim server's TLS certificate and private key.
 # The private key must not be encrypted (password protected). You can put
@@ -165,8 +165,8 @@ acl_smtp_data =         acl_check_data
 # need the first setting, or in separate files, in which case you need both
 # options.
 -# tls_certificate = /etc/ssl/exim.crt
 -# tls_privatekey = /etc/ssl/exim.pem
 +tls_certificate = /etc/pki/tls/certs/exim.pem
 +tls_privatekey = /etc/pki/tls/private/exim.pem
 # For OpenSSL, prefer EC- over RSA-authenticated ciphers
 # tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
@@ -180,8 +180,8 @@ acl_smtp_data =         acl_check_data
 # them you should also allow TLS-on-connect on the traditional but
 # non-standard port 465.
 -# daemon_smtp_ports = 25 : 465 : 587
 -# tls_on_connect_ports = 465
 +daemon_smtp_ports = 25 : 465 : 587
 +tls_on_connect_ports = 465
 # Specify the domain you want to be added to all unqualified addresses
@@ -239,6 +239,24 @@ never_users = root
 host_lookup = *
 +# This setting, if uncommented, allows users to authenticate using
 +# their system passwords against saslauthd if they connect over a
 +# secure connection. If you have network logins such as NIS or
 +# Kerberos rather than only local users, then you possibly also want
 +# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
 +# too. Once a user is authenticated, the acl_check_rcpt ACL then
 +# allows them to relay through the system.
 +#
 +# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
 +#
 +# By default, we set this option to allow SMTP AUTH from nowhere
 +# (Exim's default would be to allow it from anywhere, even on an
 +# unencrypted connection).
 +#
 +# Comment this one out if you uncomment the above. Did you make sure
 +# saslauthd is actually running first?
 +#
 +auth_advertise_hosts =
 # The setting below causes Exim to try to initialize the system resolver
 # library with DNSSEC support.  It has no effect if your library lacks
@@ -980,7 +998,7 @@ begin authenticators
 #  driver                     = plaintext
 #  server_set_id              = $auth2
 #  server_prompts             = :
 -#  server_condition           = Authentication is not yet configured
 +#  server_condition           = ${if saslauthd{{$2}{$3}{smtp}} {1}}
 #  server_advertise_condition = ${if def:tls_in_cipher }
 # LOGIN authentication has traditional prompts and responses. There is no
@@ -992,7 +1010,7 @@ begin authenticators
 #  driver                     = plaintext
 #  server_set_id              = $auth1
 #  server_prompts             = <| Username: | Password:
 -#  server_condition           = Authentication is not yet configured
 +#  server_condition           = ${if saslauthd{{$1}{$2}{smtp}} {1}}
 #  server_advertise_condition = ${if def:tls_in_cipher }
--- a/exim-4.92-procmail.patch
+++ b/exim-4.92-procmail.patch
@ -1,34 +0,0 @@
 diff --git a/src/configure.default b/src/configure.default
 index 8f88a3b..cef3779 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -818,6 +818,12 @@ userforward:
   pipe_transport = address_pipe
   reply_transport = address_reply
 +procmail:
 +  driver = accept
 +  check_local_user
 +  require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
 +  transport = procmail
 +  no_verify
 # This router matches local user mailboxes. If the router fails, the error
 # message is "Unknown user".
@@ -866,6 +872,16 @@ remote_smtp:
   hosts_try_prdr = *
 .endif
 +# This transport invokes procmail to deliver mail
 +procmail:
 +  driver = pipe
 +  command = "/usr/bin/procmail -d $local_part"
 +  return_path_add
 +  delivery_date_add
 +  envelope_to_add
 +  user = $local_part
 +  initgroups
 +  return_output
 # This transport is used for delivering messages to a smarthost, if the
 # smarthost router is enabled.  This starts from the same basis as
--- a/exim-4.92-rhl.patch
+++ b/exim-4.92-rhl.patch
@ -1,24 +0,0 @@
 diff --git a/src/configure.default b/src/configure.default
 index 555dec3..69e0ed1 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -718,7 +718,7 @@ system_aliases:
   driver = redirect
   allow_fail
   allow_defer
 -  data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
 +  data = ${lookup{$local_part}lsearch{/etc/aliases}}
 # user = exim
   file_transport = address_file
   pipe_transport = address_pipe
@@ -867,8 +867,8 @@ local_delivery:
   delivery_date_add
   envelope_to_add
   return_path_add
 -# group = mail
 -# mode = 0660
 +  group = mail
 +  mode = 0660
 # This transport is used for handling pipe deliveries generated by alias or
--- a/exim-4.92-smarthost-config.patch
+++ b/exim-4.92-smarthost-config.patch
@ -1,51 +0,0 @@
 diff --git a/src/configure.default b/src/configure.default
 index eabf102..db2d98a 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -934,6 +934,15 @@ remote_smtp:
   hosts_try_prdr = *
 .endif
 +# This transport is used for delivering messages over SMTP using the
 +# "message submission" port (RFC4409).
 +
 +remote_msa:
 +  driver = smtp
 +  port = 587
 +  hosts_require_auth = *
 +
 +
 # This transport invokes procmail to deliver mail
 procmail:
   driver = pipe
@@ -1083,6 +1092,21 @@ begin rewrite
 #                   AUTHENTICATION CONFIGURATION                     #
 ######################################################################
 +begin authenticators
 +
 +# This authenticator supports CRAM-MD5 username/password authentication
 +# with Exim acting as a _client_, as it might when sending its outgoing
 +# mail to a smarthost rather than directly to the final recipient.
 +# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
 +
 +#client_auth:
 +#  driver = cram_md5
 +#  public_name = CRAM-MD5
 +#  client_name = SMTPAUTH_USERNAME
 +#  client_secret = SMTPAUTH_PASSWORD
 +
 +#
 +
 # The following authenticators support plaintext username/password
 # authentication using the standard PLAIN mechanism and the traditional
 # but non-standard LOGIN mechanism, with Exim acting as the server.
@@ -1098,7 +1122,7 @@ begin rewrite
 # The default RCPT ACL checks for successful authentication, and will accept
 # messages from authenticated users from anywhere on the Internet.
 -begin authenticators
 +#
 # PLAIN authentication has no server prompts. The client sends its
 # credentials in one lump, containing an authorization ID (which we do not
--- a/exim-4.92-spamdconf.patch
+++ b/exim-4.92-spamdconf.patch
@ -1,108 +0,0 @@
 diff --git a/src/configure.default b/src/configure.default
 index f1198b1..8f88a3b 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -124,6 +124,7 @@ acl_smtp_rcpt =         acl_check_rcpt
 acl_smtp_data_prdr =    acl_check_prdr
 .endif
 acl_smtp_data =         acl_check_data
 +acl_smtp_mime =         acl_check_mime
 # You should not change those settings until you understand how ACLs work.
@@ -136,7 +137,7 @@ acl_smtp_data =         acl_check_data
 # of what to set for other virus scanners. The second modification is in the
 # acl_check_data access control list (see below).
 -# av_scanner = clamd:/tmp/clamd
 +av_scanner = clamd:/var/run/clamd.exim/clamd.sock
 # For spam scanning, there is a similar option that defines the interface to
@@ -458,7 +459,8 @@ acl_check_rcpt:
   accept  local_parts   = postmaster
           domains       = +local_domains
 -  # Deny unless the sender address can be verified.
 +  # Deny unless the sender address can be routed. For proper verification of the
 +  # address, read the documentation on callouts and add the /callout modifier.
   require verify        = sender
@@ -601,21 +603,26 @@ acl_check_data:
           message =     header syntax
           log_message = header syntax ($acl_verify_message)
 +  # Put simple tests first. A good one is to check for the presence of a
 +  # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
 +  # or misconfigured mailer software occasionally omits this from genuine
 +  # messages too, though -- although it's not hard for the offender to fix
 +  # after they receive a bounce because of it.
 +  #
 +  # deny    condition  = ${if !def:h_Message-ID: {1}}
 +  #         message    = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
 +  #                      Most messages without it are spam, so your mail has been rejected.
 +
   # Deny if the message contains a virus. Before enabling this check, you
   # must install a virus scanner and set the av_scanner option above.
   #
   # deny    malware    = *
   #         message    = This message contains a virus ($malware_name).
 -  # Add headers to a message if it is judged to be spam. Before enabling this,
 -  # you must install SpamAssassin. You may also need to set the spamd_address
 -  # option above.
 +  # Bypass SpamAssassin checks if the message is too large.
   #
 -  # warn    spam       = nobody
 -  #         add_header = X-Spam_score: $spam_score\n\
 -  #                      X-Spam_score_int: $spam_score_int\n\
 -  #                      X-Spam_bar: $spam_bar\n\
 -  #                      X-Spam_report: $spam_report
 +  # accept  condition  = ${if >={$message_size}{100000} {1}}
 +  #         add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
   #############################################################################
   # No more tests if PRDR was actively used.
@@ -629,11 +636,40 @@ acl_check_data:
   #           condition    = ...
   #############################################################################
 +  # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
 +  # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
 +  # score exceeds the SA system threshold.
 +  #
 +  # warn    spam       = nobody/defer_ok
 +  #         add_header = X-Spam-Flag: YES
 +  #
 +  # accept  condition  = ${if !def:spam_score_int {1}}
 +  #         add_header = X-Spam-Note: SpamAssassin invocation failed
 +  #
 -  # Accept the message.
 +  # Unconditionally add score and report headers
 +  #
 +  # warn    add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
 +  #                      X-Spam-Report: $spam_report
 +
 +  # And reject if the SpamAssassin score is greater than ten
 +  #
 +  # deny    condition = ${if >{$spam_score_int}{100} {1}}
 +  #         message   = Your message scored $spam_score SpamAssassin point. Report follows:\n\
 +  #  	    	        $spam_report
   accept
 +acl_check_mime:
 +
 +  # File extension filtering.
 +  deny message = Blacklisted file extension detected
 +       condition = ${if match \
 +                        {${lc:$mime_filename}} \
 +                        {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
 +                     {1}{0}}
 +
 +  accept
 ######################################################################
--- a/exim-4.92-support-proxies.patch
+++ b/exim-4.92-support-proxies.patch
@ -1,19 +0,0 @@
 diff --git a/src/EDITME b/src/EDITME
 index 4e3a9a3..e3b98e9 100644
 --- a/src/EDITME
 +++ b/src/EDITME
@@ -972,12 +972,12 @@ SUPPORT_PAM=yes
 # If you may want to use outbound (client-side) proxying, using Socks5,
 # uncomment the line below.
 -# SUPPORT_SOCKS=yes
 +SUPPORT_SOCKS=yes
 # If you may want to use inbound (server-side) proxying, using Proxy Protocol,
 # uncomment the line below.
 -# SUPPORT_PROXY=yes
 +SUPPORT_PROXY=yes
 #------------------------------------------------------------------------------
--- a/exim-4.94-libdir.patch
+++ b/exim-4.94-libdir.patch
@ -1,8 +1,8 @@
 diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
-index 990f884..d1ef114 100644
+index dfb2fa8..58c30f7 100644
 --- a/OS/Makefile-Linux
 +++ b/OS/Makefile-Linux
-@@ -24,8 +24,8 @@ LIBRESOLV = -lresolv
+@@ -27,8 +27,8 @@ LIBRESOLV = -lresolv
 X11=/usr/X11R6
 XINCLUDE=-I$(X11)/include
--- a/exim-4.96-build-fix.patch
+++ b/exim-4.96-build-fix.patch
@ -0,0 +1,13 @@
 diff --git a/src/drtables.c b/src/drtables.c
 index 513ef6c..3fa5c92 100644
 --- a/src/drtables.c
 +++ b/src/drtables.c
@@ -736,7 +736,7 @@ else
     {
     char * name = ent->d_name;
     int len = (int)strlen(name);
 -    if (regex_match(regex_islookupmod, US name, len, NUL))
 +    if (regex_match(regex_islookupmod, US name, len, NULL))
       {
       int pathnamelen = len + (int)strlen(LOOKUP_MODULE_DIR) + 2;
       void *dl;
--- a/exim-4.96-config.patch
+++ b/exim-4.96-config.patch
@ -0,0 +1,816 @@
 diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
 index ed77b6a..b9eb64d 100755
 --- a/scripts/Configure-Makefile
 +++ b/scripts/Configure-Makefile
@@ -317,7 +317,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
   mv $mft $mftt
   echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
 -  echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
 +  echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
   echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
   echo "" >>$mft
   cat $mftt >> $mft
 diff --git a/src/EDITME b/src/EDITME
 index 53022e5..32d9b7d 100644
 --- a/src/EDITME
 +++ b/src/EDITME
@@ -99,7 +99,7 @@
 # /usr/local/sbin. The installation script will try to create this directory,
 # and any superior directories, if they do not exist.
 -BIN_DIRECTORY=/usr/exim/bin
 +BIN_DIRECTORY=/usr/sbin
 #------------------------------------------------------------------------------
@@ -115,7 +115,7 @@ BIN_DIRECTORY=/usr/exim/bin
 # don't exist. It will also install a default runtime configuration if this
 # file does not exist.
 -CONFIGURE_FILE=/usr/exim/configure
 +CONFIGURE_FILE=/etc/exim/exim.conf
 # It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
 # In this case, Exim will use the first of them that exists when it is run.
@@ -132,7 +132,7 @@ CONFIGURE_FILE=/usr/exim/configure
 # deliveries. (Local deliveries run as various non-root users, typically as the
 # owner of a local mailbox.) Specifying these values as root is not supported.
 -EXIM_USER=
 +EXIM_USER=93
 # If you specify EXIM_USER as a name, this is looked up at build time, and the
 # uid number is built into the binary. However, you can specify that this
@@ -153,7 +153,7 @@ EXIM_USER=
 # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
 # you want to use a group other than the default group for the given user.
 -# EXIM_GROUP=
 +EXIM_GROUP=93
 # Many sites define a user called "exim", with an appropriate default group,
 # and use
@@ -210,10 +210,10 @@ SPOOL_DIRECTORY=/var/spool/exim
 # If you are building with TLS, the library configuration must be done:
 # Uncomment this if you are using OpenSSL
 -# USE_OPENSSL=yes
 +USE_OPENSSL=yes
 # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
 # and an optional location.
 -# USE_OPENSSL_PC=openssl
 +USE_OPENSSL_PC=openssl
 # TLS_LIBS=-lssl -lcrypto
 # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
@@ -340,7 +340,7 @@ TRANSPORT_SMTP=yes
 # This one is special-purpose, and commonly not required, so it is not
 # included by default.
 -# TRANSPORT_LMTP=yes
 +TRANSPORT_LMTP=yes
 #------------------------------------------------------------------------------
@@ -349,9 +349,9 @@ TRANSPORT_SMTP=yes
 # MBX, is included only when requested. If you do not know what this is about,
 # leave these settings commented out.
 -# SUPPORT_MAILDIR=yes
 -# SUPPORT_MAILSTORE=yes
 -# SUPPORT_MBX=yes
 +SUPPORT_MAILDIR=yes
 +SUPPORT_MAILSTORE=yes
 +SUPPORT_MBX=yes
 #------------------------------------------------------------------------------
@@ -409,22 +409,28 @@ LOOKUP_DBM=yes
 LOOKUP_LSEARCH=yes
 LOOKUP_DNSDB=yes
 -# LOOKUP_CDB=yes
 -# LOOKUP_DSEARCH=yes
 +LOOKUP_CDB=yes
 +LOOKUP_DSEARCH=yes
 # LOOKUP_IBASE=yes
 # LOOKUP_JSON=yes
 -# LOOKUP_LDAP=yes
 +LOOKUP_LDAP=yes
 +LDAP_LIB_TYPE=OPENLDAP2
 +LOOKUP_LIBS=-lldap -llber -lsqlite3
 # LOOKUP_LMDB=yes
 -# LOOKUP_MYSQL=yes
 -# LOOKUP_MYSQL_PC=mariadb
 -# LOOKUP_NIS=yes
 -# LOOKUP_NISPLUS=yes
 +LOOKUP_MYSQL=2
 +LOOKUP_MYSQL_PC=mariadb
 +LOOKUP_NIS=yes
 +LOOKUP_NISPLUS=yes
 +CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc
 +LIBS+=-L/usr/$(_lib)/nsl
 +
 # LOOKUP_ORACLE=yes
 -# LOOKUP_PASSWD=yes
 -# LOOKUP_PGSQL=yes
 +LOOKUP_PASSWD=yes
 +LOOKUP_PGSQL=2
 +LOOKUP_PGSQL_LIBS=-lpq
 # LOOKUP_REDIS=yes
 -# LOOKUP_SQLITE=yes
 +LOOKUP_SQLITE=yes
 # LOOKUP_SQLITE_PC=sqlite3
 # LOOKUP_WHOSON=yes
@@ -437,7 +443,7 @@ LOOKUP_DNSDB=yes
 # Some platforms may need this for LOOKUP_NIS:
 -# LIBS += -lnsl
 +LIBS += -lnsl
 #------------------------------------------------------------------------------
 # If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
@@ -511,7 +517,7 @@ SUPPORT_DANE=yes
 # files are defaulted in the OS/Makefile-Default file, but can be overridden in
 # local OS-specific make files.
 -# EXIM_MONITOR=eximon.bin
 +EXIM_MONITOR=eximon.bin
 #------------------------------------------------------------------------------
@@ -521,7 +527,7 @@ SUPPORT_DANE=yes
 # and the MIME ACL. Please read the documentation to learn more about these
 # features.
 -# WITH_CONTENT_SCAN=yes
 +WITH_CONTENT_SCAN=yes
 # If you have content scanning you may wish to only include some of the scanner
 # interfaces.  Uncomment any of these lines to remove that code.
@@ -604,12 +610,12 @@ DISABLE_MAL_MKS=yes
 # using libopendmarc libraries. You must have SPF and DKIM support enabled also.
 # Library version libopendmarc-1.4.1-1.fc33.x86_64  (on Fedora 33) is known broken;
 # 1.3.2-3 works.  I seems that the OpenDMARC project broke their API.
 -# SUPPORT_DMARC=yes
 +SUPPORT_DMARC=yes
 # CFLAGS += -I/usr/local/include
 -# LDFLAGS += -lopendmarc
 +LDFLAGS += -lopendmarc
 # Uncomment the following if you need to change the default. You can
 # override it at runtime (main config option dmarc_tld_file)
 -# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
 +DMARC_TLD_FILE=/usr/share/publicsuffix/public_suffix_list.dat
 # Uncomment the following line to add ARC (Authenticated Received Chain)
 # support.  You must have SPF and DKIM support enabled also.
@@ -709,7 +715,7 @@ FIXED_NEVER_USERS=root
 # CONFIGURE_OWNER setting, to specify a configuration file which is listed in
 # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
 -# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
 +TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
 #------------------------------------------------------------------------------
@@ -754,18 +760,18 @@ FIXED_NEVER_USERS=root
 # included in the Exim binary. You will then need to set up the run time
 # configuration to make use of the mechanism(s) selected.
 -# AUTH_CRAM_MD5=yes
 -# AUTH_CYRUS_SASL=yes
 -# AUTH_DOVECOT=yes
 +AUTH_CRAM_MD5=yes
 +AUTH_CYRUS_SASL=yes
 +AUTH_DOVECOT=yes
 # AUTH_EXTERNAL=yes
 -# AUTH_GSASL=yes
 -# AUTH_GSASL_PC=libgsasl
 +AUTH_GSASL=yes
 +AUTH_GSASL_PC=libgsasl
 # AUTH_HEIMDAL_GSSAPI=yes
 # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
 # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
 -# AUTH_PLAINTEXT=yes
 -# AUTH_SPA=yes
 -# AUTH_TLS=yes
 +AUTH_PLAINTEXT=yes
 +AUTH_SPA=yes
 +AUTH_TLS=yes
 # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
 # requires multiple pkg-config files to work with Exim, so the second example
@@ -792,7 +798,7 @@ FIXED_NEVER_USERS=root
 # one that is set in the headers_charset option. The default setting is
 # defined by this setting:
 -HEADERS_CHARSET="ISO-8859-1"
 +HEADERS_CHARSET="UTF-8"
 # If you are going to make use of $header_xxx expansions in your configuration
 # file, or if your users are going to use them in filter files, and the normal
@@ -812,7 +818,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # the Sieve filter support. For those OS where iconv() is known to be installed
 # as standard, the file in OS/Makefile-xxxx contains
 #
 -# HAVE_ICONV=yes
 +HAVE_ICONV=yes
 #
 # If you are not using one of those systems, but have installed iconv(), you
 # need to uncomment that line above. In some cases, you may find that iconv()
@@ -888,7 +894,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # Once you have done this, "make install" will build the info files and
 # install them in the directory you have defined.
 -# INFO_DIRECTORY=/usr/share/info
 +INFO_DIRECTORY=/usr/share/info
 #------------------------------------------------------------------------------
@@ -901,7 +907,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # %s. This will be replaced by one of the strings "main", "panic", or "reject"
 # to form the final file names. Some installations may want something like this:
 -# LOG_FILE_PATH=/var/log/exim_%slog
 +LOG_FILE_PATH=/var/log/exim/%s.log
 # which results in files with names /var/log/exim_mainlog, etc. The directory
 # in which the log files are placed must exist; Exim does not try to create
@@ -973,7 +979,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
 # Perl costs quite a lot of resources. Only do this if you really need it.
 -# EXIM_PERL=perl.o
 +EXIM_PERL=perl.o
 #------------------------------------------------------------------------------
@@ -983,7 +989,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # that the local_scan API is made available by the linker. You may also need
 # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
 -# EXPAND_DLFUNC=yes
 +EXPAND_DLFUNC=yes
 #------------------------------------------------------------------------------
@@ -993,7 +999,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # support, which is intended for use in conjunction with the SMTP AUTH
 # facilities, is included only when requested by the following setting:
 -# SUPPORT_PAM=yes
 +SUPPORT_PAM=yes
 # You probably need to add -lpam to EXTRALIBS, and in some releases of
 # GNU/Linux -ldl is also needed.
@@ -1005,12 +1011,12 @@ ZCAT_COMMAND=/usr/bin/zcat
 # If you may want to use outbound (client-side) proxying, using Socks5,
 # uncomment the line below.
 -# SUPPORT_SOCKS=yes
 +SUPPORT_SOCKS=yes
 # If you may want to use inbound (server-side) proxying, using Proxy Protocol,
 # uncomment the line below.
 -# SUPPORT_PROXY=yes
 +SUPPORT_PROXY=yes
 #------------------------------------------------------------------------------
@@ -1034,9 +1040,9 @@ ZCAT_COMMAND=/usr/bin/zcat
 # installed on your system (www.libspf2.org). Depending on where it is installed
 # you may have to edit the CFLAGS and LDFLAGS lines.
 -# SUPPORT_SPF=yes
 +SUPPORT_SPF=yes
 # CFLAGS  += -I/usr/local/include
 -# LDFLAGS += -lspf2
 +LDFLAGS += -lspf2
 #------------------------------------------------------------------------------
@@ -1101,7 +1107,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # group. Once you have installed saslauthd, you should arrange for it to be
 # started by root at boot time.
 -# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
 +CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
 #------------------------------------------------------------------------------
@@ -1115,8 +1121,8 @@ ZCAT_COMMAND=/usr/bin/zcat
 # library for TCP wrappers, so you probably need something like this:
 #
 # USE_TCP_WRAPPERS=yes
 -# CFLAGS=-O -I/usr/local/include
 -# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
 +CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
 +EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
 #
 # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
 # as well.
@@ -1168,7 +1174,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 # is "yes", as well as supporting line editing, a history of input lines in the
 # current run is maintained.
 -# USE_READLINE=yes
 +USE_READLINE=yes
 # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
 # Note that this option adds to the size of the Exim binary, because the
@@ -1185,7 +1191,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 #------------------------------------------------------------------------------
 # Uncomment this setting to include IPv6 support.
 -# HAVE_IPV6=yes
 +HAVE_IPV6=yes
 ###############################################################################
 #              THINGS YOU ALMOST NEVER NEED TO MENTION                        #
@@ -1206,13 +1212,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 # haven't got Perl, Exim will still build and run; you just won't be able to
 # use those utilities.
 -# CHOWN_COMMAND=/usr/bin/chown
 -# CHGRP_COMMAND=/usr/bin/chgrp
 -# CHMOD_COMMAND=/usr/bin/chmod
 -# MV_COMMAND=/bin/mv
 -# RM_COMMAND=/bin/rm
 -# TOUCH_COMMAND=/usr/bin/touch
 -# PERL_COMMAND=/usr/bin/perl
 +CHOWN_COMMAND=/usr/bin/chown
 +CHGRP_COMMAND=/usr/bin/chgrp
 +CHMOD_COMMAND=/usr/bin/chmod
 +MV_COMMAND=/usr/bin/mv
 +RM_COMMAND=/usr/bin/rm
 +TOUCH_COMMAND=/usr/bin/touch
 +PERL_COMMAND=/usr/bin/perl
 #------------------------------------------------------------------------------
@@ -1414,7 +1420,7 @@ EXIM_TMPDIR="/tmp"
 # (process id) to a file so that it can easily be identified. The path of the
 # file can be specified here. Some installations may want something like this:
 -# PID_FILE_PATH=/var/lock/exim.pid
 +PID_FILE_PATH=/var/run/exim.pid
 # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
 # using the name "exim-daemon.pid".
 diff --git a/src/configure.default b/src/configure.default
 index 3761daf..a5d3718 100644
 --- a/src/configure.default
 +++ b/src/configure.default
@@ -67,7 +67,7 @@
 # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
 # are all colon-separated lists:
 -domainlist local_domains = @
 +domainlist local_domains = @ : localhost : localhost.localdomain
 domainlist relay_to_domains =
 hostlist   relay_from_hosts = localhost
 # (We rely upon hostname resolution working for localhost, because the default
@@ -119,11 +119,13 @@ hostlist   relay_from_hosts = localhost
 # manual for details. The lists above are used in the access control lists for
 # checking incoming messages. The names of these ACLs are defined here:
 +acl_smtp_mail =         acl_check_mail
 acl_smtp_rcpt =         acl_check_rcpt
 .ifdef _HAVE_PRDR
 acl_smtp_data_prdr =    acl_check_prdr
 .endif
 acl_smtp_data =         acl_check_data
 +acl_smtp_mime =         acl_check_mime
 # You should not change those settings until you understand how ACLs work.
@@ -136,7 +138,7 @@ acl_smtp_data =         acl_check_data
 # of what to set for other virus scanners. The second modification is in the
 # acl_check_data access control list (see below).
 -# av_scanner = clamd:/tmp/clamd
 +av_scanner = clamd:/var/run/clamd.exim/clamd.sock
 # For spam scanning, there is a similar option that defines the interface to
@@ -147,6 +149,12 @@ acl_smtp_data =         acl_check_data
 # spamd_address = 127.0.0.1 783
 +# Set the default sqlite database file for greylisting. Uncomment this
 +# if you use the greylisting ACLs defined below.
 +
 +# sqlite_dbfile = /var/spool/exim/db/greylist.db
 +
 +
 # If Exim is compiled with support for TLS, you may want to change the
 # following option so that Exim disallows certain clients from makeing encrypted
 # connections. The default is to allow all.
@@ -157,7 +165,7 @@ acl_smtp_data =         acl_check_data
 # This is equivalent to the default.
 -# tls_advertise_hosts = *
 +tls_advertise_hosts = *
 # Specify the location of the Exim server's TLS certificate and private key.
 # The private key must not be encrypted (password protected). You can put
@@ -165,8 +173,8 @@ acl_smtp_data =         acl_check_data
 # need the first setting, or in separate files, in which case you need both
 # options.
 -# tls_certificate = /etc/ssl/exim.crt
 -# tls_privatekey = /etc/ssl/exim.pem
 +tls_certificate = /etc/pki/tls/certs/exim.pem
 +tls_privatekey = /etc/pki/tls/private/exim.pem
 # For OpenSSL, prefer EC- over RSA-authenticated ciphers
 .ifdef _HAVE_OPENSSL
@@ -189,8 +197,8 @@ tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
 # them you should also allow TLS-on-connect on the traditional but
 # non-standard port 465.
 -# daemon_smtp_ports = 25 : 465 : 587
 -# tls_on_connect_ports = 465
 +daemon_smtp_ports = 25 : 465 : 587
 +tls_on_connect_ports = 465
 # Specify the domain you want to be added to all unqualified addresses
@@ -248,6 +256,24 @@ never_users = root
 host_lookup = *
 +# This setting, if uncommented, allows users to authenticate using
 +# their system passwords against saslauthd if they connect over a
 +# secure connection. If you have network logins such as NIS or
 +# Kerberos rather than only local users, then you possibly also want
 +# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
 +# too. Once a user is authenticated, the acl_check_rcpt ACL then
 +# allows them to relay through the system.
 +#
 +# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
 +#
 +# By default, we set this option to allow SMTP AUTH from nowhere
 +# (Exim's default would be to allow it from anywhere, even on an
 +# unencrypted connection).
 +#
 +# Comment this one out if you uncomment the above. Did you make sure
 +# saslauthd is actually running first?
 +#
 +auth_advertise_hosts =
 # The setting below causes Exim to try to initialize the system resolver
 # library with DNSSEC support.  It has no effect if your library lacks
@@ -378,8 +404,8 @@ timeout_frozen_after = 7d
 # Note that TZ is handled separately by the timezone runtime option
 # and TIMEZONE_DEFAULT buildtime option.
 -# keep_environment = ^LDAP
 -# add_environment = PATH=/usr/bin::/bin
 +keep_environment = ^LDAP
 +add_environment = PATH=/usr/bin::/bin
@@ -390,6 +416,29 @@ timeout_frozen_after = 7d
 begin acl
 +
 +# This access control list is used for the MAIL command in an incoming
 +# SMTP message.
 +
 +acl_check_mail:
 +
 +  # Hosts are required to say HELO (or EHLO) before sending mail.
 +  # So don't allow them to use the MAIL command if they haven't
 +  # done so.
 +
 +  deny condition = ${if eq{$sender_helo_name}{} {1}}
 +       message = Nice boys say HELO first
 +
 +  # Use the lack of reverse DNS to trigger greylisting. Some people
 +  # even reject for it but that would be a little excessive.
 +
 +  warn condition = ${if eq{$sender_host_name}{} {1}}
 +       set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
 +
 +  accept
 +
 +
 +
 # This access control list is used for every RCPT command in an incoming
 # SMTP message. The tests are run in order until the address is either
 # accepted or denied.
@@ -401,6 +450,7 @@ acl_check_rcpt:
   accept  hosts = :
           control = dkim_disable_verify
 +          control = dmarc_disable_verify
   #############################################################################
   # The following section of the ACL is concerned with local parts that contain
@@ -454,7 +504,8 @@ acl_check_rcpt:
   accept  local_parts   = postmaster
           domains       = +local_domains
 -  # Deny unless the sender address can be verified.
 +  # Deny unless the sender address can be routed. For proper verification of the
 +  # address, read the documentation on callouts and add the /callout modifier.
   require verify        = sender
@@ -494,6 +545,7 @@ acl_check_rcpt:
   accept  hosts         = +relay_from_hosts
           control       = submission
           control       = dkim_disable_verify
 +          control       = dmarc_disable_verify
   # Accept if the message arrived over an authenticated connection, from
   # any host. Again, these messages are usually from MUAs, so recipient
@@ -503,6 +555,7 @@ acl_check_rcpt:
   accept  authenticated = *
           control       = submission
           control       = dkim_disable_verify
 +          control       = dmarc_disable_verify
   # Insist that any other recipient address that we accept is either in one of
   # our local domains, or is in a domain for which we explicitly allow
@@ -523,7 +576,8 @@ acl_check_rcpt:
   # There are no default checks on DNS black lists because the domains that
   # contain these lists are changing all the time. However, here are two
   # examples of how you can get Exim to perform a DNS black list lookup at this
 -  # point. The first one denies, whereas the second just warns.
 +  # point. The first one denies, whereas the second just warns. The third
 +  # triggers greylisting for any host in the blacklist.
   #
   # deny    dnslists      = black.list.example
   #         message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
@@ -531,6 +585,10 @@ acl_check_rcpt:
   # warn    dnslists      = black.list.example
   #         add_header    = X-Warning: $sender_host_address is in a black list at $dnslist_domain
   #         log_message   = found in $dnslist_domain
 +  #
 +  # warn    dnslists      = black.list.example
 +  #         set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
 +  #
   #############################################################################
   #############################################################################
@@ -557,6 +615,10 @@ acl_check_rcpt:
   #        set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
   #############################################################################
 +  # Alternatively, greylist for it:
 +  # warn !verify = csa
 +  #      set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
 +
   # At this point, the address has passed all the checks that have been
   # configured, so we accept it unconditionally.
@@ -606,21 +668,32 @@ acl_check_data:
           message =     header syntax
           log_message = header syntax ($acl_verify_message)
 +  # Put simple tests first. A good one is to check for the presence of a
 +  # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
 +  # or misconfigured mailer software occasionally omits this from genuine
 +  # messages too, though -- although it's not hard for the offender to fix
 +  # after they receive a bounce because of it.
 +  #
 +  # deny    condition  = ${if !def:h_Message-ID: {1}}
 +  #         message    = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
 +  #                      Most messages without it are spam, so your mail has been rejected.
 +  #
 +  # Alternatively if we're feeling more lenient we could just use it to
 +  # trigger greylisting instead:
 +
 +  warn    condition  = ${if !def:h_Message-ID: {1}}
 +          set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
 +
   # Deny if the message contains a virus. Before enabling this check, you
   # must install a virus scanner and set the av_scanner option above.
   #
   # deny    malware    = *
   #         message    = This message contains a virus ($malware_name).
 -  # Add headers to a message if it is judged to be spam. Before enabling this,
 -  # you must install SpamAssassin. You may also need to set the spamd_address
 -  # option above.
 +  # Bypass SpamAssassin checks if the message is too large.
   #
 -  # warn    spam       = nobody
 -  #         add_header = X-Spam_score: $spam_score\n\
 -  #                      X-Spam_score_int: $spam_score_int\n\
 -  #                      X-Spam_bar: $spam_bar\n\
 -  #                      X-Spam_report: $spam_report
 +  # accept  condition  = ${if >={$message_size}{100000} {1}}
 +  #         add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
   #############################################################################
   # No more tests if PRDR was actively used.
@@ -634,11 +707,63 @@ acl_check_data:
   #           condition    = ...
   #############################################################################
 +  # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
 +  # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
 +  # score exceeds the SA system threshold.
 +  #
 +  # warn    spam       = nobody/defer_ok
 +  #         add_header = X-Spam-Flag: YES
 +  #
 +  # accept  condition  = ${if !def:spam_score_int {1}}
 +  #         add_header = X-Spam-Note: SpamAssassin invocation failed
 +  #
 +
 +  # Unconditionally add score and report headers
 +  #
 +  # warn    add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
 +  #                      X-Spam-Report: $spam_report
 +
 +  # And reject if the SpamAssassin score is greater than ten
 +  #
 +  # deny    condition = ${if >{$spam_score_int}{100} {1}}
 +  #         message   = Your message scored $spam_score SpamAssassin point. Report follows:\n\
 +  #  	    	        $spam_report
 +
 +  # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
 +  #
 +  # warn    condition = ${if >{$spam_score_int}{5} {1}}
 +  #         set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
 +
 -  # Accept the message.
 +  # If you want to greylist _all_ mail rather than only mail which looks like there
 +  # might be something wrong with it, then you can do this...
 +  #
 +  # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
 +
 +  # Now, invoke the greylisting. For this you need to have installed the exim-greylist
 +  # package which contains this subroutine, and you need to uncomment the bit below
 +  # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
 +  # greylisting will kick in and will defer the mail to check if the sender is a
 +  # proper mail which which retries, or whether it's a zombie. For more details, see
 +  # the exim-greylist.conf.inc file itself.
 +  #
 +  # require acl = greylist_mail
   accept
 +# To enable the greylisting, also uncomment this line:
 +# .include /etc/exim/exim-greylist.conf.inc
 +
 +acl_check_mime:
 +
 +  # File extension filtering.
 +  deny message = Blacklisted file extension detected
 +       condition = ${if match \
 +                        {${lc:$mime_filename}} \
 +                        {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
 +                     {1}{0}}
 +
 +  accept
 ######################################################################
@@ -740,7 +865,7 @@ system_aliases:
   driver = redirect
   allow_fail
   allow_defer
 -  data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
 +  data = ${lookup{$local_part}lsearch{/etc/aliases}}
 # user = exim
   file_transport = address_file
   pipe_transport = address_pipe
@@ -778,7 +903,7 @@ userforward:
 # local_part_suffix = +* : -*
 # local_part_suffix_optional
   file = $home/.forward
 -# allow_filter
 +  allow_filter
   no_verify
   no_expn
   check_ancestor
@@ -786,6 +911,12 @@ userforward:
   pipe_transport = address_pipe
   reply_transport = address_reply
 +procmail:
 +  driver = accept
 +  check_local_user
 +  require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
 +  transport = procmail
 +  no_verify
 # This router matches local user mailboxes. If the router fails, the error
 # message is "Unknown user".
@@ -826,6 +957,25 @@ remote_smtp:
   tls_resumption_hosts = *
 .endif
 +# This transport is used for delivering messages over SMTP using the
 +# "message submission" port (RFC4409).
 +
 +remote_msa:
 +  driver = smtp
 +  port = 587
 +  hosts_require_auth = *
 +
 +
 +# This transport invokes procmail to deliver mail
 +procmail:
 +  driver = pipe
 +  command = "/usr/bin/procmail -d $local_part"
 +  return_path_add
 +  delivery_date_add
 +  envelope_to_add
 +  user = $local_part
 +  initgroups
 +  return_output
 # This transport is used for delivering messages to a smarthost, if the
 # smarthost router is enabled.  This starts from the same basis as
@@ -880,8 +1030,8 @@ local_delivery:
   delivery_date_add
   envelope_to_add
   return_path_add
 -# group = mail
 -# mode = 0660
 +  group = mail
 +  mode = 0660
 # This transport is used for handling pipe deliveries generated by alias or
@@ -914,6 +1064,16 @@ address_reply:
   driver = autoreply
 +# This transport is used to deliver local mail to cyrus IMAP server via UNIX
 +# socket. You'll need to configure the 'localuser' router above to use it.
 +#
 +#lmtp_delivery:
 +#  home_directory = /var/spool/imap
 +#  driver = lmtp
 +#  command = "/usr/lib/cyrus-imapd/deliver -l"
 +#  batch_max = 20
 +#  user = cyrus
 +
 ######################################################################
 #                      RETRY CONFIGURATION                           #
@@ -954,6 +1114,21 @@ begin rewrite
 #                   AUTHENTICATION CONFIGURATION                     #
 ######################################################################
 +begin authenticators
 +
 +# This authenticator supports CRAM-MD5 username/password authentication
 +# with Exim acting as a _client_, as it might when sending its outgoing
 +# mail to a smarthost rather than directly to the final recipient.
 +# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
 +
 +#client_auth:
 +#  driver = cram_md5
 +#  public_name = CRAM-MD5
 +#  client_name = SMTPAUTH_USERNAME
 +#  client_secret = SMTPAUTH_PASSWORD
 +
 +#
 +
 # The following authenticators support plaintext username/password
 # authentication using the standard PLAIN mechanism and the traditional
 # but non-standard LOGIN mechanism, with Exim acting as the server.
@@ -969,7 +1144,7 @@ begin rewrite
 # The default RCPT ACL checks for successful authentication, and will accept
 # messages from authenticated users from anywhere on the Internet.
 -begin authenticators
 +#
 # PLAIN authentication has no server prompts. The client sends its
 # credentials in one lump, containing an authorization ID (which we do not
@@ -983,7 +1158,7 @@ begin authenticators
 #  driver                     = plaintext
 #  server_set_id              = $auth2
 #  server_prompts             = :
 -#  server_condition           = Authentication is not yet configured
 +#  server_condition           = ${if saslauthd{{$2}{$3}{smtp}} {1}}
 #  server_advertise_condition = ${if def:tls_in_cipher }
 # LOGIN authentication has traditional prompts and responses. There is no
@@ -995,7 +1170,7 @@ begin authenticators
 #  driver                     = plaintext
 #  server_set_id              = $auth1
 #  server_prompts             = <| Username: | Password:
 -#  server_condition           = Authentication is not yet configured
 +#  server_condition           = ${if saslauthd{{$1}{$2}{smtp}} {1}}
 #  server_advertise_condition = ${if def:tls_in_cipher }
--- a/exim-4.96-dlopen-localscan.patch
+++ b/exim-4.96-dlopen-localscan.patch
@ -1,9 +1,9 @@
 diff --git a/src/EDITME b/src/EDITME
-index a42cd6f..0acd673 100644
+index cf0b33e..7d4cbf3 100644
 --- a/src/EDITME
 +++ b/src/EDITME
-@@ -822,6 +822,20 @@ TLS_LIBS=-lssl -lcrypto
+@@ -878,6 +878,21 @@ HAVE_ICONV=yes
- # specified in INCLUDE.
+ # *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***
 +#------------------------------------------------------------------------------
@ -13,6 +13,7 @@ index a42cd6f..0acd673 100644
 +# description of the API to this function, see the Exim specification.
 +
 +DLOPEN_LOCAL_SCAN=yes
 +HAVE_LOCAL_SCAN=yes
 +
 +# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
 +# linker flags.  Without it, the loaded .so won't be able to access any
@ -24,12 +25,12 @@ index a42cd6f..0acd673 100644
 # The default distribution of Exim contains only the plain text form of the
 # documentation. Other forms are available separately. If you want to install
 diff --git a/src/config.h.defaults b/src/config.h.defaults
-index 7c2e534..3fafe61 100644
+index 25ab755..e27a51d 100644
 --- a/src/config.h.defaults
 +++ b/src/config.h.defaults
-@@ -32,6 +32,8 @@ Do not put spaces between # and the 'define'.
+@@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'.
- #define AUTH_VARS                     3
+ #define AUTH_VARS                     4
 +#define DLOPEN_LOCAL_SCAN
 +
@ -37,10 +38,10 @@ index 7c2e534..3fafe61 100644
 #define CONFIGURE_FILE
 diff --git a/src/globals.c b/src/globals.c
-index b3362a3..0884fe5 100644
+index ff246fe..b9dfbbb 100644
 --- a/src/globals.c
 +++ b/src/globals.c
-@@ -173,6 +173,10 @@ uschar *tls_verify_hosts       = NULL;
+@@ -151,6 +151,10 @@ time_t  tls_watch_trigger_time = (time_t)0;
 uschar *tls_advertise_hosts    = NULL;
 #endif
@ -52,12 +53,12 @@ index b3362a3..0884fe5 100644
 /* Per Recipient Data Response variables */
 BOOL    prdr_enable            = FALSE;
 diff --git a/src/globals.h b/src/globals.h
-index f71f104..3faf176 100644
+index fe099e4..7530a76 100644
 --- a/src/globals.h
 +++ b/src/globals.h
-@@ -131,6 +131,11 @@ extern uschar *tls_try_verify_hosts;   /* Optional client verification */
+@@ -148,6 +148,11 @@ extern uschar *tls_verify_hosts;       /* Mandatory client verification */
- extern uschar *tls_verify_certificates;/* Path for certificates to check */
+ extern int     tls_watch_fd;	       /* for inotify of creds files */
- extern uschar *tls_verify_hosts;       /* Mandatory client verification */
+ extern time_t  tls_watch_trigger_time; /* non-0: triggered */
 #endif
 +
 +#ifdef DLOPEN_LOCAL_SCAN
@ -68,21 +69,24 @@ index f71f104..3faf176 100644
 extern uschar  *dsn_envid;             /* DSN envid string */
 diff --git a/src/local_scan.c b/src/local_scan.c
-index 4dd0b2b..8599172 100644
+index 7a3bae7..6ea5d2d 100644
 --- a/src/local_scan.c
 +++ b/src/local_scan.c
-@@ -5,61 +5,131 @@
+@@ -6,59 +6,133 @@
- /* Copyright (c) University of Cambridge 1995 - 2009 */
+ /* Copyright (c) The Exim Maintainers 2021 */
 /* See the file NOTICE for conditions of use and distribution. */
-+#include "exim.h"
+#include <local_scan.h>
 -/******************************************************************************
 -This file contains a template local_scan() function that just returns ACCEPT.
 -If you want to implement your own version, you should copy this file to, say
 -Local/local_scan.c, and edit the copy. To use your version instead of the
 -default, you must set
-
+#ifdef DLOPEN_LOCAL_SCAN
 +extern uschar *local_scan_path;        /* Path to local_scan() library */
 +#endif
 -HAVE_LOCAL_SCAN=yes
 -LOCAL_SCAN_SOURCE=Local/local_scan.c
 -
@ -133,8 +137,6 @@ index 4dd0b2b..8599172 100644
 int
 local_scan(int fd, uschar **return_text)
 {
 fd = fd;                      /* Keep picky compilers happy */
 return_text = return_text;
 -return LOCAL_SCAN_ACCEPT;
 +#ifdef DLOPEN_LOCAL_SCAN
 +/* local_scan_path is defined AND not the empty string */
@ -166,8 +168,8 @@ index 4dd0b2b..8599172 100644
 +else
 +#endif
 +  return LOCAL_SCAN_ACCEPT;
- }
+ }
- 
+ 
 +#ifdef DLOPEN_LOCAL_SCAN
 +
 +static int load_local_scan_library(void)
@ -246,22 +248,22 @@ index 4dd0b2b..8599172 100644
 +  }
 +
 +return TRUE;
-+}
+ }
-+
+ 
 +#endif /* DLOPEN_LOCAL_SCAN */
 +
 /* End of local_scan.c */
 diff --git a/src/readconf.c b/src/readconf.c
-index 5742d10..3f1d9c1 100644
+index 06bc50f..6ecb0af 100644
 --- a/src/readconf.c
 +++ b/src/readconf.c
-@@ -199,6 +199,9 @@ static optionlist optionlist_config[] = {
+@@ -212,6 +212,9 @@ static optionlist optionlist_config[] = {
-   { "local_from_prefix",        opt_stringptr,   &local_from_prefix },
+   { "local_from_prefix",        opt_stringptr,   {&local_from_prefix} },
-   { "local_from_suffix",        opt_stringptr,   &local_from_suffix },
+   { "local_from_suffix",        opt_stringptr,   {&local_from_suffix} },
-   { "local_interfaces",         opt_stringptr,   &local_interfaces },
+   { "local_interfaces",         opt_stringptr,   {&local_interfaces} },
 +#ifdef DLOPEN_LOCAL_SCAN
 +  { "local_scan_path",          opt_stringptr,   &local_scan_path },
 +#endif
 #ifdef HAVE_LOCAL_SCAN
-   { "local_scan_timeout",       opt_time,        &local_scan_timeout },
+   { "local_scan_timeout",       opt_time,        {&local_scan_timeout} },
 #endif
--- a/exim-4.96-no-gsasl.patch
+++ b/exim-4.96-no-gsasl.patch
@ -0,0 +1,15 @@
 diff --git a/src/EDITME b/src/EDITME
 index 2893392..5de1f03 100644
 --- a/src/EDITME
 +++ b/src/EDITME
@@ -764,8 +764,8 @@ AUTH_CRAM_MD5=yes
 AUTH_CYRUS_SASL=yes
 AUTH_DOVECOT=yes
 # AUTH_EXTERNAL=yes
 -AUTH_GSASL=yes
 -AUTH_GSASL_PC=libgsasl
 +# AUTH_GSASL=yes
 +# AUTH_GSASL_PC=libgsasl
 # AUTH_HEIMDAL_GSSAPI=yes
 # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
 # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
--- a/exim-4.96-opendmarc-1.4-build-fix.patch
+++ b/exim-4.96-opendmarc-1.4-build-fix.patch
@ -0,0 +1,13 @@
 diff --git a/src/dmarc.c b/src/dmarc.c
 index 17bba9d..a218380 100644
 --- a/src/dmarc.c
 +++ b/src/dmarc.c
@@ -459,7 +459,7 @@ if (!dmarc_abort && !sender_host_authenticated)
 		  vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
 		  DMARC_POLICY_DKIM_OUTCOME_NONE;
     libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain,
 -					       dkim_result, US"");
 +					       sig->selector, dkim_result, US"");
     DEBUG(D_receive)
       debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
     if (libdm_status != DMARC_PARSE_OKAY)
--- a/exim-4.96-pic.patch
+++ b/exim-4.96-pic.patch
@ -1,13 +1,13 @@
 diff --git a/src/lookups/Makefile b/src/lookups/Makefile
-index 6ba0cb1..21a7ad7 100644
+index 19585bf..a0d355f 100644
 --- a/src/lookups/Makefile
 +++ b/src/lookups/Makefile
-@@ -22,7 +22,7 @@ lookups.a:       $(OBJ)
+@@ -24,7 +24,7 @@ lookups.a:       $(OBJ)
 		 $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) $*.c
 .c.so:;          @echo "$(CC) -shared $*.c"
 -		 $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@
 +		 $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@
- lf_check_file.o: $(PHDRS) lf_check_file.c  lf_functions.h
+ lf_check_file.o: $(HDRS) lf_check_file.c  lf_functions.h
- lf_quote.o:      $(PHDRS) lf_quote.c       lf_functions.h
+ lf_quote.o:      $(HDRS) lf_quote.c       lf_functions.h
--- a/exim-greylist.conf.inc
+++ b/exim-greylist.conf.inc
@ -1,11 +1,44 @@
-# $Id: acl-greylist-sqlite,v 1.3 2007/11/25 19:17:28 dwmw2 Exp $
+#
 # Exim ACL for greylisting. David Woodhouse <dwmw2@infradead.org>
 #
 # For full background on the logic behind greylisting and how this
 # ACL works, see https://github.com/Exim/exim/wiki/SimpleGreylisting
 #
-GREYDB=/var/spool/exim/db/greylist.db
+# UPDATING TO EXIM 4.94+
 # ======================
 #
 # Previous versions of this ACL specified the sqlite database filename 
 # in the sqlite lookup strings directly, but since Exim 4.94 is it no 
 # longer permitted to mix "tainted" text which comes from the message 
 # itself, with the filename. Thus, you now have to set
 #
 # sqlite_dbfile = /var/spool/exim/db/greylist.db
 #
 # ... in the main configuration because it can't be specified within
 # the ACL in this file any more.
-# ACL for greylisting. Place reason(s) for greylisting into a variable named
+# USING THIS ACL
-# $acl_m_greylistreasons before invoking with 'require acl = greylist_mail'.
+# ==============
-# The reasons should be separate lines of text, and will be reported in
+#
-# the SMTP rejection message as well as the log message.
+# First set sqlite_dbfile in the main configuration file to point to
 # the greylist sqlite database, as described above.
 #
 # In your main ACLs, gather reason(s) for greylisting into a variable 
 # named $acl_m_greylistreasons before invoking this ACL with
 # 'require acl = greylist_mail'. The reasons should be separate lines
 # of text, and will be reported in the SMTP rejection message as well
 # as the log message. Anything "suspicious" about the email can be
 # used as criteria here — being HTML, having even a few SpamAssassin
 # points, even lacking SPF authorisation (which is OK for greylisting
 # although you should never reject outright for an SPF "failure"
 # because of the flaws in SPF).
 #
 # Obviously you need to .include this file too in order to be able
 # to invoke this greylist_mail ACL.
 # HOW IT WORKS
 # ============
 #
 # When a suspicious mail is seen, we temporarily reject it and wait to see
 # if the sender tries again. Most spam robots won't bother. Real mail hosts
@ -44,15 +77,13 @@ GREYDB=/var/spool/exim/db/greylist.db
 #
 greylist_mail:
-  # First, accept if it there's absolutely nothing suspicious about it...
+  # Firstly,  accept if it was generated locally or by authenticated clients.
  accept condition = ${if eq{$acl_m_greylistreasons}{} {1}}
  # ... or if it was generated locally or by authenticated clients.
  accept hosts = :
  accept authenticated = *
  # Secondly, there's _absolutely_ no point in greylisting mail from
  # hosts which are known to resend their mail. Just accept it.
-  accept condition = ${lookup sqlite {GREYDB SELECT host from resenders \
+  accept condition = ${lookup sqlite {SELECT host from resenders \
 			       WHERE helo='${quote_sqlite:$sender_helo_name}' \
 			       AND host='$sender_host_address';} {1}}
@ -62,15 +93,28 @@ greylist_mail:
  # Attempt to look up this mail in the greylist database. If it's there,
  # remember the expiry time for it; we need to make sure they've waited
  # long enough.
-  warn set acl_m_greyexpiry = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
+  warn set acl_m_greyexpiry = ${lookup sqlite {SELECT expire FROM greylist \
 				WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
  # If there's absolutely nothing suspicious about the email, accept it. BUT...
  accept condition = ${if eq {$acl_m_greylistreasons}{} {1}}
         condition = ${if eq {$acl_m_greyexpiry}{} {1}}
  # ..if this same mail was greylisted before (perhaps because it came from a
  # host which *was* suspicious), then we still want to mark that original host
  # as a "known resender". If we don't, then hosts which attempt to deliver from
  # a dodgy Legacy IP address but then fall back to using IPv6 after greylisting
  # will *never* see their Legacy IP address added to the 'known resenders' list.
  accept condition = ${if eq {$acl_m_greylistreasons}{} {1}}
         acl = write_known_resenders
  # If the mail isn't already the database -- i.e. if the $acl_m_greyexpiry
  # variable we just looked up is empty -- then try to add it now. This is 
  # where the 5 minute timeout is set ($tod_epoch + 300), should you wish
  # to change it.
  warn  condition = ${if eq {$acl_m_greyexpiry}{} {1}}
-	set acl_m_dontcare = ${lookup sqlite {GREYDB INSERT INTO greylist \
+	set acl_m_dontcare = ${lookup sqlite {INSERT INTO greylist \
 					VALUES ( '$acl_m_greyident', \
 						 '${eval10:$tod_epoch+300}', \
 						 '$sender_host_address', \
@ -79,7 +123,7 @@ greylist_mail:
  # Be paranoid, and check if the insertion succeeded (by doing another lookup).
  # Otherwise, if there's a database error we might end up deferring for ever.
  defer condition = ${if eq {$acl_m_greyexpiry}{} {1}}
-        condition = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
+        condition = ${lookup sqlite {SELECT expire FROM greylist \
 				WHERE id='${quote_sqlite:$acl_m_greyident}';} {1}}
        message = Your mail was considered suspicious for the following reason(s):\n$acl_m_greylistreasons \
 		  The mail has been greylisted for 5 minutes, after which it should be accepted. \
@ -105,13 +149,16 @@ greylist_mail:
 		  You should wait another ${eval10:$acl_m_greyexpiry-$tod_epoch} seconds.\n\
 		  Reason(s) for greylisting: \n$acl_m_greylistreasons
  accept acl = write_known_resenders
 write_known_resenders:
  # The message was listed but it's been more than five minutes. Accept it now and whitelist
  # the _original_ sending host by its { IP, HELO } so that we don't delay its mail again.
-  warn set acl_m_orighost = ${lookup sqlite {GREYDB SELECT host FROM greylist \
+  warn set acl_m_orighost = ${lookup sqlite {SELECT host FROM greylist \
 				WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
-       set acl_m_orighelo = ${lookup sqlite {GREYDB SELECT helo FROM greylist \
+       set acl_m_orighelo = ${lookup sqlite {SELECT helo FROM greylist \
 				WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
-       set acl_m_dontcare = ${lookup sqlite {GREYDB INSERT INTO resenders \
+       set acl_m_dontcare = ${lookup sqlite {INSERT INTO resenders \
 				VALUES ( '$acl_m_orighost', \
 					 '${quote_sqlite:$acl_m_orighelo}', \
 					 '$tod_epoch' ); }}
--- a/exim.spec
+++ b/exim.spec
@ -11,10 +11,10 @@
 Summary: The exim mail transfer agent
 Name: exim
-Version: 4.92.3
+Version: 4.96
-Release: 2%{?dist}
+Release: 1%{?dist}
 License: GPLv2+
-Url: http://www.exim.org/
+Url: https://www.exim.org/
 Provides: MTA smtpd smtpdaemon server(smtp)
 Requires(post): /sbin/restorecon %{_sbindir}/alternatives systemd
@ -24,7 +24,10 @@ Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
 %if %{with clamav}
 BuildRequires: clamav-devel
 %endif
-Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz
+Source: https://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz
 Source1: https://ftp.exim.org/pub/exim/exim4/%{name}-%{version}.tar.xz.asc
 Source2: https://downloads.exim.org/Exim-Maintainers-Keyring.asc
 Source3: exim.sysconfig
 Source4: exim.logrotate
 Source5: exim-tidydb.sh
@ -39,39 +42,35 @@ Source24: exim.service
 Source25: exim-gen-cert
 Source26: clamd.exim.service
-Patch4: exim-4.92-rhl.patch
+Patch0: exim-4.96-config.patch
-Patch6: exim-4.92-config.patch
+Patch1: exim-4.94-libdir.patch
-Patch8: exim-4.82-libdir.patch
+Patch2: exim-4.96-dlopen-localscan.patch
-Patch12: exim-4.92-cyrus.patch
+Patch3: exim-4.96-pic.patch
-Patch13: exim-4.92-pamconfig.patch
+Patch4: exim-4.96-no-gsasl.patch
-Patch14: exim-4.92-spamdconf.patch
+# https://bugs.exim.org/show_bug.cgi?id=2728
-Patch18: exim-4.92-dlopen-localscan.patch
+Patch5: exim-4.96-opendmarc-1.4-build-fix.patch
-Patch19: exim-4.92-procmail.patch
+# https://bugs.exim.org/show_bug.cgi?id=2899
-Patch20: exim-4.92-allow-filter.patch
+Patch6: exim-4.96-build-fix.patch
 Patch21: exim-4.92-localhost-is-local.patch
 Patch22: exim-4.92-greylist-conf.patch
 Patch23: exim-4.92-smarthost-config.patch
 Patch26: exim-4.85-pic.patch
 Patch27: exim-4.92-environment.patch
 # Workaround for NIS removal from glibc, bug 1534920
 Patch33: exim-4.90.1-nsl-fix.patch
 Patch40: exim-4.92-support-proxies.patch
 Patch41: exim-4.92-dane-enable.patch
 Requires: /etc/pki/tls/certs /etc/pki/tls/private
 Requires: /etc/aliases
 Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 BuildRequires: gcc libdb-devel openssl-devel openldap-devel pam-devel
-BuildRequires: pcre-devel sqlite-devel cyrus-sasl-devel
+BuildRequires: pcre2-devel sqlite-devel cyrus-sasl-devel
 BuildRequires: libspf2-devel libopendmarc-devel
 BuildRequires: openldap-devel openssl-devel mariadb-connector-c-devel libpq-devel
 BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
 BuildRequires: perl-devel
 BuildRequires: perl-generators
 BuildRequires: libICE-devel libXpm-devel libXt-devel perl(ExtUtils::Embed)
 # mariadb-devel for mariadb pkgconfig
-BuildRequires: systemd-units libgsasl-devel mariadb-devel
+BuildRequires: systemd-units mariadb-devel
 # Workaround for NIS removal from glibc, bug 1534920
 BuildRequires: libnsl2-devel libtirpc-devel
 BuildRequires: gnupg2 grep
 %if 0%{?rhel} == 8
 BuildRequires:  epel-rpm-macros >= 8-5
 %endif
 %description
 Exim is a message transfer agent (MTA) developed at the University of
@ -157,31 +156,28 @@ greylisting for whatever 'offences' you can dream of, or even to make
 greylisting unconditional.
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %setup -q
-%patch4 -p1 -b .rhl
+%patch0 -p1 -b .config
-%patch6 -p1 -b .config
+%patch1 -p1 -b .libdir
-%patch8 -p1 -b .libdir
+%patch2 -p1 -b .dl
-%patch12 -p1 -b .cyrus
+%patch3 -p1 -b .fpic
-%patch13 -p1 -b .pam
+%patch4 -p1 -b .no-gsasl
-%patch14 -p1 -b .spamd
+%patch5 -p1 -b .opendmarc-1.4-build-fix
-%patch18 -p1 -b .dl
+%patch6 -p1 -b .build-fix
 %patch19 -p1 -b .procmail
 %patch20 -p1 -b .filter
 %patch21 -p1 -b .localhost
 %patch22 -p1 -b .grey
 %patch23 -p1 -b .smarthost
 %patch26 -p1 -b .fpic
 %patch27 -p1 -b .environment
 %patch33 -p1 -b .nsl-fix
 %patch40 -p1 -b .proxy
 %patch41 -p1 -b .dane-enable
 cp src/EDITME Local/Makefile
 sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
 sed -i 's@^# AUTH_LIBS=-lsasl2@AUTH_LIBS=-lsasl2@' Local/Makefile
 cp exim_monitor/EDITME Local/eximon.conf
 # Workaround for rhbz#1791878
 pushd doc
 for f in $(ls -dp cve-* | grep -v '/\|\(\.txt\)$'); do
  mv "$f" "$f.txt"
 done
 popd
 %build
 %ifnarch s390 s390x sparc sparcv9 sparcv9v sparc64 sparc64v
@ -191,7 +187,9 @@ cp exim_monitor/EDITME Local/eximon.conf
 	export PIE=-fPIE
 	export PIC=-fPIC
 %endif
-make _lib=%{_lib} FULLECHO= LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now}"
+
 export LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now}"
 make _lib=%{_lib} FULLECHO=
 %install
 mkdir -p $RPM_BUILD_ROOT%{_sbindir}
@ -485,6 +483,50 @@ fi
 %{_sysconfdir}/cron.daily/greylist-tidy.sh
 %changelog
 * Fri Aug 19 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 4.96-1
 - New version
  Resolves: rhbz#2119687
 * Thu Jun 23 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 4.95-1
 - New version
  Resolves: rhbz#2100385
 * Mon Aug  2 2021 Marcel Härry <mh+fedora@scrit.ch> - 4.94.2-2
 - Fix dmarc checks - fixes bz#1989089
 * Tue May  4 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94.2-1
 - New version
 * Mon Apr 12 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-3
 - Release bump to fix greylisting
 * Thu Mar 25 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-2
 - Fixed cname handling in TLS certificate verification
  Resolves: rhbz#1942583
 * Mon Jun  1 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-1
 - New version
  Resolves: rhbz#1842590
 - Used Exim maintainers keyring for GPG verification
 - Dropped CVE-2020-12783 patch (upstreamed)
 - Used better workaround for rhbz#1791878
  Resolves: rhbz#1842633
 * Fri May 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-3
 - Fixed out-of-bounds read in the SPA authenticator
  Resolves: CVE-2020-12783
 * Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-2
 - Enabled spf2 and opendmarc support
  Resolves: rhbz#1829076
 * Fri Mar 20 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-1
 - Rebased to 4.93
  Resolves: rhbz#1827425
 * Tue Nov 19 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-3
 - Temporaly disabled gsasl support due to rhbz#1741538
 * Thu Oct 10 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-2
 - Dropped sysvinit artifacts
--- a/3
+++ b/3
@ -1 +1,2 @@
-SHA512 (exim-4.92.3.tar.xz) = ca6d6f50653502345511b683859b33aa02faa48454fb2100ff89fed3dcb8af8933e7bce68939365fdee42f96eec0c3b135cf748f4581e92a62be0f0ab093868a
+SHA512 (exim-4.96.tar.xz) = 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
 SHA512 (exim-4.96.tar.xz.asc) = a231c97e44a7365ac5961f2827b89d8cdf6ad94964633814f31e44d94ada9900f76664c45c2f55e378245e44739a0ef323786ca29b4093e44ce2b008eca4ad64
Author	SHA1	Message	Date
Jaroslav Škarvada	f82215e0a3	New version Resolves: rhbz#2119687	2022-08-19 21:49:55 +02:00
Jaroslav Škarvada	05b4f9b763	New version Resolves: rhbz#2100385	2022-06-23 14:03:49 +02:00
mh	1aba7be61c	Fix dmarc checks Resolves: rhbz#1989089	2021-08-02 14:53:38 +02:00
Jaroslav Škarvada	3933fc3e7e	New version	2021-05-04 20:41:21 +02:00
Jaroslav Škarvada	f749ab0447	Release bump to fix greylisting	2021-04-12 23:59:13 +02:00
David Woodhouse	116a80fa29	Fix greylisting for Exim 4.94	2021-04-12 14:32:55 +02:00
Jaroslav Škarvada	4ff6d0e9dd	Fixed cname handling in TLS certificate verification Resolves: rhbz#1942583	2021-03-25 15:37:49 +01:00
Troy Dawson	150f469f50	remove package.cfg per new epel-playground policy	2020-09-24 17:13:20 +00:00
Jaroslav Škarvada	6f60ea88bc	New version Resolves: rhbz#1842590 Used Exim maintainers keyring for GPG verification Dropped CVE-2020-12783 patch (upstreamed) Used better workaround for rhbz#1791878 Resolves: rhbz#1842633	2020-06-01 21:39:38 +02:00
Jaroslav Škarvada	d54a15799d	Fixed out-of-bounds read in the SPA authenticator Resolves: CVE-2020-12783	2020-05-15 21:05:08 +02:00
Jaroslav Škarvada	84e5a5c317	Fixed FTBFS with spf2 and opendmarc Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>	2020-04-29 19:21:40 +02:00
Jaroslav Škarvada	b21ff80453	Enabled spf2 and opendmarc support Resolves: rhbz#1829076	2020-04-29 18:14:00 +02:00
Jaroslav Škarvada	1e93e1a8e6	Rebased to 4.93 Resolves: rhbz#1827425	2020-04-27 23:02:54 +02:00
Jaroslav Škarvada	282705f20f	Temporaly disabled gsasl support due to rhbz#1741538	2019-11-19 14:11:49 +01:00
Jaroslav Škarvada	405208e758	Merge remote-tracking branch 'origin/master' into epel8	2019-10-10 17:13:17 +02:00
Jaroslav Škarvada	49d9f3a2b3	Merge remote-tracking branch 'origin/master' into epel8	2019-09-30 13:31:06 +02:00
Jaroslav Škarvada	c83c2550aa	Merge remote-tracking branch 'origin/master' into epel8	2019-09-26 18:02:23 +02:00
Gwyn Ciesla	efeefeae8c	"Adding package.cfg file"	2019-09-26 09:46:11 -05:00
`@ -1 +1,2 @@`
	`exim-*.tar.xz`	`/exim-*.tar.xz`
		`/exim-*.tar.xz.asc`
`@ -1 +1,2 @@`
	`SHA512 (exim-4.92.3.tar.xz) = ca6d6f50653502345511b683859b33aa02faa48454fb2100ff89fed3dcb8af8933e7bce68939365fdee42f96eec0c3b135cf748f4581e92a62be0f0ab093868a`	`SHA512 (exim-4.96.tar.xz) = 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e`
		`SHA512 (exim-4.96.tar.xz.asc) = a231c97e44a7365ac5961f2827b89d8cdf6ad94964633814f31e44d94ada9900f76664c45c2f55e378245e44739a0ef323786ca29b4093e44ce2b008eca4ad64`