rpms
/
exim
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f37-riscv64
rpms:epel7
rpms:epel8
rpms:epel9
rpms:f35
rpms:f36
rpms:f37
rpms:main
rpms:epel8-playground
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:el6
rpms:f29
rpms:f30
rpms:f28
rpms:f26
rpms:f27
rpms:f25
rpms:f24
rpms:f23
rpms:f22
rpms:f20
rpms:f21
rpms:f19
rpms:f18
rpms:f16
rpms:f17
rpms:f15
rpms:f13
rpms:f14
rpms:fc6
rpms:f11
rpms:f9
rpms:f10
rpms:f12
rpms:f7
rpms:f8
rpms:exim-4_72-1_el6
rpms:exim-4_72-1_fc12
rpms:EL-6-start
rpms:EL-6-split
rpms:exim-4_72-1_fc13
rpms:exim-4_72-1_fc14
rpms:exim-4_71-4_fc14
rpms:exim-4_71-3_fc14
rpms:exim-4_71-2_fc13
rpms:F-13-start
rpms:F-13-split
rpms:exim-4_71-1_fc13
rpms:exim-4_69-19_fc13
rpms:exim-4_69-18_fc12
rpms:exim-4_69-17_fc12
rpms:F-12-start
rpms:F-12-split
rpms:exim-4_69-16_fc12
rpms:exim-4_69-15_fc12
rpms:exim-4_69-14_fc12
rpms:exim-4_69-13_fc12
rpms:exim-4_69-12_fc12
rpms:exim-4_69-11_fc12
rpms:exim-4_69-10_fc11
rpms:F-11-start
rpms:F-11-split
rpms:exim-4_69-9_fc11
rpms:exim-4_69-8_fc11
rpms:exim-4_69-8_fc10
rpms:F-10-start
rpms:F-10-split
rpms:exim-4_69-7_fc10
rpms:exim-4_69-6_fc10
rpms:exim-4_69-5_fc10
rpms:exim-4_69-4_fc9
rpms:F-9-start
rpms:F-9-split
rpms:exim-4_69-3_fc9
rpms:exim-4_69-2_fc9
rpms:exim-4_69-1_fc9
rpms:exim-4_68-3_fc9
rpms:exim-4_68-2_fc9
rpms:exim-4_68-1_fc8
rpms:F-8-start
rpms:F-8-split
rpms:exim-4_67-5_fc8
rpms:exim-4_67-4_fc8
rpms:exim-4_67-3_fc8
rpms:exim-4_67-2_fc8
rpms:exim-4_67-1_fc8
rpms:F-7-start
rpms:F-7-split
rpms:exim-4_66-3_fc7
rpms:exim-4_66-2_fc7
rpms:exim-4_66-1_fc6
rpms:exim-4_63-6_fc7
rpms:exim-4_63-5_fc6
rpms:FC-6-start
rpms:FC-6-split
rpms:exim-4_63-4_fc6
rpms:exim-4_63-3_fc6
rpms:exim-4_63-2_fc6
rpms:exim-4_63-1_fc6
rpms:exim-4_62-6_fc6
rpms:exim-4_62-6
rpms:exim-4_62-3_fc6
rpms:exim-4_62-2_fc6
rpms:exim-4_62-1_fc6
rpms:exim-4_62-1_fc5
rpms:exim-4_61-2_fc6
rpms:exim-4_61-1_fc6
rpms:exim-4_60-5_fc6
rpms:exim-4_60-4_fc6
rpms:exim-4_60-3_fc5
rpms:FC-5-split
rpms:exim-4_60-2_fc5
rpms:exim-4_60-1_fc5
rpms:exim-4_54-4_fc5
rpms:exim-4_54-4_fc4
rpms:exim-4_54-3_fc5
rpms:exim-4_54-2_fc5
rpms:exim-4_54-1_fc5
rpms:exim-4_52-2_fc5
rpms:exim-4_52-1_fc5
rpms:exim-4_51-3
rpms:exim-4_51-1
rpms:FC-4-split
rpms:exim-4_50-2
..
compare: rpms:f26
Branches Tags
rpms:f37-riscv64
rpms:epel7
rpms:epel8
rpms:epel9
rpms:f35
rpms:f36
rpms:f37
rpms:main
rpms:rawhide
rpms:epel8-playground
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:el6
rpms:f29
rpms:f30
rpms:f28
rpms:f26
rpms:f27
rpms:f25
rpms:f24
rpms:f23
rpms:f22
rpms:f20
rpms:f21
rpms:f19
rpms:f18
rpms:f16
rpms:f17
rpms:f15
rpms:f13
rpms:f14
rpms:fc6
rpms:f11
rpms:f9
rpms:f10
rpms:f12
rpms:f7
rpms:f8
rpms:exim-4_72-1_el6
rpms:exim-4_72-1_fc12
rpms:EL-6-start
rpms:EL-6-split
rpms:exim-4_72-1_fc13
rpms:exim-4_72-1_fc14
rpms:exim-4_71-4_fc14
rpms:exim-4_71-3_fc14
rpms:exim-4_71-2_fc13
rpms:F-13-start
rpms:F-13-split
rpms:exim-4_71-1_fc13
rpms:exim-4_69-19_fc13
rpms:exim-4_69-18_fc12
rpms:exim-4_69-17_fc12
rpms:F-12-start
rpms:F-12-split
rpms:exim-4_69-16_fc12
rpms:exim-4_69-15_fc12
rpms:exim-4_69-14_fc12
rpms:exim-4_69-13_fc12
rpms:exim-4_69-12_fc12
rpms:exim-4_69-11_fc12
rpms:exim-4_69-10_fc11
rpms:F-11-start
rpms:F-11-split
rpms:exim-4_69-9_fc11
rpms:exim-4_69-8_fc11
rpms:exim-4_69-8_fc10
rpms:F-10-start
rpms:F-10-split
rpms:exim-4_69-7_fc10
rpms:exim-4_69-6_fc10
rpms:exim-4_69-5_fc10
rpms:exim-4_69-4_fc9
rpms:F-9-start
rpms:F-9-split
rpms:exim-4_69-3_fc9
rpms:exim-4_69-2_fc9
rpms:exim-4_69-1_fc9
rpms:exim-4_68-3_fc9
rpms:exim-4_68-2_fc9
rpms:exim-4_68-1_fc8
rpms:F-8-start
rpms:F-8-split
rpms:exim-4_67-5_fc8
rpms:exim-4_67-4_fc8
rpms:exim-4_67-3_fc8
rpms:exim-4_67-2_fc8
rpms:exim-4_67-1_fc8
rpms:F-7-start
rpms:F-7-split
rpms:exim-4_66-3_fc7
rpms:exim-4_66-2_fc7
rpms:exim-4_66-1_fc6
rpms:exim-4_63-6_fc7
rpms:exim-4_63-5_fc6
rpms:FC-6-start
rpms:FC-6-split
rpms:exim-4_63-4_fc6
rpms:exim-4_63-3_fc6
rpms:exim-4_63-2_fc6
rpms:exim-4_63-1_fc6
rpms:exim-4_62-6_fc6
rpms:exim-4_62-6
rpms:exim-4_62-3_fc6
rpms:exim-4_62-2_fc6
rpms:exim-4_62-1_fc6
rpms:exim-4_62-1_fc5
rpms:exim-4_61-2_fc6
rpms:exim-4_61-1_fc6
rpms:exim-4_60-5_fc6
rpms:exim-4_60-4_fc6
rpms:exim-4_60-3_fc5
rpms:FC-5-split
rpms:exim-4_60-2_fc5
rpms:exim-4_60-1_fc5
rpms:exim-4_54-4_fc5
rpms:exim-4_54-4_fc4
rpms:exim-4_54-3_fc5
rpms:exim-4_54-2_fc5
rpms:exim-4_54-1_fc5
rpms:exim-4_52-2_fc5
rpms:exim-4_52-1_fc5
rpms:exim-4_51-3
rpms:exim-4_51-1
rpms:FC-4-split
rpms:exim-4_50-2

13 Commits
rawhide ... f26

Author SHA1 Message Date
Jaroslav Škarvada e2248dbd33 Merge remote-tracking branch 'origin/f27' into f26 2018-03-14 09:22:30 +01:00
Jaroslav Škarvada 30733fc400 Fixed dec64table OOB read in b64decode 2018-03-14 09:21:51 +01:00
Jaroslav Škarvada ec59986267 Merge remote-tracking branch 'origin/f27' into f26 
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
 2018-02-16 23:23:54 +01:00
Jaroslav Škarvada 89ec6ddca7 Fixed mysql module 2018-02-16 23:21:06 +01:00
Jaroslav Škarvada 8afcc93eba Merge remote-tracking branch 'origin/f27' into f26 
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
 2018-02-14 13:41:44 +01:00
Jaroslav Škarvada 892636a58d New version 
Resolves: rhbz#1527710
Fixed buffer overflow in utility function
  Resolves: CVE-2018-6789
Updated and defuzzified patches
Dropped mariadb-macro-fix patch (not needed)
Dropped CVE-2017-1000369, calloutsize, CVE-2017-16943,
  CVE-2017-16944 patches (all upstreamed)
 2018-02-14 13:28:19 +01:00
Jaroslav Škarvada 9d7e2b6abf Updated comment 
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
 2017-12-01 14:20:42 +01:00
Jaroslav Škarvada 0b331bc81c Updated comment 
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
 2017-12-01 14:20:08 +01:00
Jaroslav Škarvada ee4305f1bc Fixed denial of service 
Resolves: CVE-2017-16944
 2017-12-01 13:40:00 +01:00
Jaroslav Škarvada 5f2743788a Fixed denial of service 
Resolves: CVE-2017-16944
 2017-12-01 13:35:37 +01:00
Jaroslav Škarvada 300e6ea624 Fixed use-after-free 
Resolves: CVE-2017-16943
 2017-11-27 15:33:25 +01:00
Jaroslav Škarvada 5c812c7dea Merge remote-tracking branch 'origin/master' into f27 
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
 2017-11-27 15:20:00 +01:00
Jaroslav Škarvada 8e27e1a822 Fixed use-after-free 
Resolves: CVE-2017-16943
 2017-11-27 14:23:22 +01:00
27 changed files with 1171 additions and 2249 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,2 +1 @@
/exim-*.tar.xz
/exim-*.tar.xz.asc
exim-*.tar.xz

1027
Exim-Maintainers-Keyring.asc
View File

File diff suppressed because it is too large Load Diff

4
exim-4.94-libdir.patch → exim-4.82-libdir.patch
View File

@ -1,8 +1,8 @@
diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
index dfb2fa8..58c30f7 100644
index 990f884..d1ef114 100644
--- a/OS/Makefile-Linux
+++ b/OS/Makefile-Linux
@@ -27,8 +27,8 @@ LIBRESOLV = -lresolv
@@ -24,8 +24,8 @@ LIBRESOLV = -lresolv
X11=/usr/X11R6
XINCLUDE=-I$(X11)/include

8
exim-4.96-pic.patch → exim-4.85-pic.patch
View File

@ -1,13 +1,13 @@
diff --git a/src/lookups/Makefile b/src/lookups/Makefile
index 19585bf..a0d355f 100644
index 6ba0cb1..21a7ad7 100644
--- a/src/lookups/Makefile
+++ b/src/lookups/Makefile
@@ -24,7 +24,7 @@ lookups.a: $(OBJ)
@@ -22,7 +22,7 @@ lookups.a: $(OBJ)
$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) $*.c
.c.so:; @echo "$(CC) -shared $*.c"
- $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@
+ $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@
lf_check_file.o: $(HDRS) lf_check_file.c lf_functions.h
lf_quote.o: $(HDRS) lf_quote.c lf_functions.h
lf_check_file.o: $(PHDRS) lf_check_file.c lf_functions.h
lf_quote.o: $(PHDRS) lf_quote.c lf_functions.h

13
exim-4.87-localhost-is-local.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/configure.default b/src/configure.default
index d1ce2f1..1f10008 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -55,7 +55,7 @@
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists:
-domainlist local_domains = @
+domainlist local_domains = @ : localhost : localhost.localdomain
domainlist relay_to_domains =
hostlist relay_from_hosts = localhost
# (We rely upon hostname resolution working for localhost, because the default

13
exim-4.90.1-allow-filter.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/configure.default b/src/configure.default
index 2cce34b..50e9236 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -727,7 +727,7 @@ userforward:
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
-# allow_filter
+ allow_filter
no_verify
no_expn
check_ancestor

299
exim-4.90.1-config.patch Normal file
View File

@ -0,0 +1,299 @@
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
index 2af1927..e461505 100755
--- a/scripts/Configure-Makefile
+++ b/scripts/Configure-Makefile
@@ -296,7 +296,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
mv $mft $mftt
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
+ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
echo "" >>$mft
cat $mftt >> $mft
diff --git a/src/EDITME b/src/EDITME
index 72e26ce..0bd97f1 100644
--- a/src/EDITME
+++ b/src/EDITME
@@ -98,7 +98,7 @@
# /usr/local/sbin. The installation script will try to create this directory,
# and any superior directories, if they do not exist.
-BIN_DIRECTORY=/usr/exim/bin
+BIN_DIRECTORY=/usr/sbin
#------------------------------------------------------------------------------
@@ -114,7 +114,7 @@ BIN_DIRECTORY=/usr/exim/bin
# don't exist. It will also install a default runtime configuration if this
# file does not exist.
-CONFIGURE_FILE=/usr/exim/configure
+CONFIGURE_FILE=/etc/exim/exim.conf
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
# In this case, Exim will use the first of them that exists when it is run.
@@ -131,7 +131,7 @@ CONFIGURE_FILE=/usr/exim/configure
# deliveries. (Local deliveries run as various non-root users, typically as the
# owner of a local mailbox.) Specifying these values as root is not supported.
-EXIM_USER=
+EXIM_USER=93
# If you specify EXIM_USER as a name, this is looked up at build time, and the
# uid number is built into the binary. However, you can specify that this
@@ -152,7 +152,7 @@ EXIM_USER=
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
# you want to use a group other than the default group for the given user.
-# EXIM_GROUP=
+EXIM_GROUP=93
# Many sites define a user called "exim", with an appropriate default group,
# and use
@@ -237,7 +237,7 @@ TRANSPORT_SMTP=yes
# This one is special-purpose, and commonly not required, so it is not
# included by default.
-# TRANSPORT_LMTP=yes
+TRANSPORT_LMTP=yes
#------------------------------------------------------------------------------
@@ -246,9 +246,9 @@ TRANSPORT_SMTP=yes
# MBX, is included only when requested. If you do not know what this is about,
# leave these settings commented out.
-# SUPPORT_MAILDIR=yes
-# SUPPORT_MAILSTORE=yes
-# SUPPORT_MBX=yes
+SUPPORT_MAILDIR=yes
+SUPPORT_MAILSTORE=yes
+SUPPORT_MBX=yes
#------------------------------------------------------------------------------
@@ -306,20 +306,22 @@ LOOKUP_DBM=yes
LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes
-# LOOKUP_CDB=yes
-# LOOKUP_DSEARCH=yes
+LOOKUP_CDB=yes
+LOOKUP_DSEARCH=yes
# LOOKUP_IBASE=yes
-# LOOKUP_LDAP=yes
-# LOOKUP_MYSQL=yes
-# LOOKUP_MYSQL_PC=mariadb
-# LOOKUP_NIS=yes
-# LOOKUP_NISPLUS=yes
+LOOKUP_LDAP=yes
+LDAP_LIB_TYPE=OPENLDAP2
+LOOKUP_INCLUDE=-I/usr/include/mysql
+LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient -lpq
+LOOKUP_MYSQL=yes
+LOOKUP_MYSQL_PC=mariadb
+LOOKUP_NIS=yes
+LOOKUP_NISPLUS=yes
# LOOKUP_ORACLE=yes
-# LOOKUP_PASSWD=yes
-# LOOKUP_PGSQL=yes
+LOOKUP_PASSWD=yes
+LOOKUP_PGSQL=yes
# LOOKUP_REDIS=yes
-# LOOKUP_SQLITE=yes
-# LOOKUP_SQLITE_PC=sqlite3
+LOOKUP_SQLITE=yes
# LOOKUP_WHOSON=yes
# These two settings are obsolete; all three lookups are compiled when
@@ -396,7 +398,7 @@ EXIM_MONITOR=eximon.bin
# and the MIME ACL. Please read the documentation to learn more about these
# features.
-# WITH_CONTENT_SCAN=yes
+WITH_CONTENT_SCAN=yes
#------------------------------------------------------------------------------
# If you're using ClamAV and are backporting fixes to an old version, instead
@@ -584,7 +586,7 @@ FIXED_NEVER_USERS=root
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
#------------------------------------------------------------------------------
@@ -629,17 +631,14 @@ FIXED_NEVER_USERS=root
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
-# AUTH_CRAM_MD5=yes
-# AUTH_CYRUS_SASL=yes
-# AUTH_DOVECOT=yes
-# AUTH_GSASL=yes
-# AUTH_GSASL_PC=libgsasl
-# AUTH_HEIMDAL_GSSAPI=yes
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
-# AUTH_PLAINTEXT=yes
-# AUTH_SPA=yes
-# AUTH_TLS=yes
+AUTH_CRAM_MD5=yes
+AUTH_CYRUS_SASL=yes
+AUTH_DOVECOT=yes
+AUTH_GSASL=yes
+AUTH_GSASL_PC=libgsasl
+AUTH_PLAINTEXT=yes
+AUTH_SPA=yes
+AUTH_TLS=yes
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
# requires multiple pkg-config files to work with Exim, so the second example
@@ -663,7 +662,7 @@ FIXED_NEVER_USERS=root
# one that is set in the headers_charset option. The default setting is
# defined by this setting:
-HEADERS_CHARSET="ISO-8859-1"
+HEADERS_CHARSET="UTF-8"
# If you are going to make use of $header_xxx expansions in your configuration
# file, or if your users are going to use them in filter files, and the normal
@@ -683,7 +682,7 @@ HEADERS_CHARSET="ISO-8859-1"
# the Sieve filter support. For those OS where iconv() is known to be installed
# as standard, the file in OS/Makefile-xxxx contains
#
-# HAVE_ICONV=yes
+HAVE_ICONV=yes
#
# If you are not using one of those systems, but have installed iconv(), you
# need to uncomment that line above. In some cases, you may find that iconv()
@@ -752,11 +751,11 @@ HEADERS_CHARSET="ISO-8859-1"
# leave these settings commented out.
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
-# SUPPORT_TLS=yes
+SUPPORT_TLS=yes
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
-# USE_OPENSSL_PC=openssl
-# TLS_LIBS=-lssl -lcrypto
+TLS_INCLUDE=-I/usr/kerberos/include
+TLS_LIBS=-lssl -lcrypto
# Uncomment the first and either the second or the third of these if you
# are using GnuTLS. If you have pkg-config, then the second, else the third.
@@ -825,7 +824,7 @@ HEADERS_CHARSET="ISO-8859-1"
# Once you have done this, "make install" will build the info files and
# install them in the directory you have defined.
-# INFO_DIRECTORY=/usr/share/info
+INFO_DIRECTORY=/usr/share/info
#------------------------------------------------------------------------------
@@ -838,7 +837,7 @@ HEADERS_CHARSET="ISO-8859-1"
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
# to form the final file names. Some installations may want something like this:
-# LOG_FILE_PATH=/var/log/exim_%slog
+LOG_FILE_PATH=/var/log/exim/%s.log
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
@@ -910,7 +909,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
# Perl costs quite a lot of resources. Only do this if you really need it.
-# EXIM_PERL=perl.o
+EXIM_PERL=perl.o
#------------------------------------------------------------------------------
@@ -920,7 +919,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# that the local_scan API is made available by the linker. You may also need
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
-# EXPAND_DLFUNC=yes
+EXPAND_DLFUNC=yes
#------------------------------------------------------------------------------
@@ -930,7 +929,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# support, which is intended for use in conjunction with the SMTP AUTH
# facilities, is included only when requested by the following setting:
-# SUPPORT_PAM=yes
+SUPPORT_PAM=yes
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
@@ -1028,7 +1027,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# group. Once you have installed saslauthd, you should arrange for it to be
# started by root at boot time.
-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
#------------------------------------------------------------------------------
@@ -1042,8 +1041,8 @@ ZCAT_COMMAND=/usr/bin/zcat
# library for TCP wrappers, so you probably need something like this:
#
# USE_TCP_WRAPPERS=yes
-# CFLAGS=-O -I/usr/local/include
-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
+EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
#
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
# as well.
@@ -1095,7 +1094,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# is "yes", as well as supporting line editing, a history of input lines in the
# current run is maintained.
-# USE_READLINE=yes
+USE_READLINE=yes
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
# Note that this option adds to the size of the Exim binary, because the
@@ -1112,7 +1111,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
#------------------------------------------------------------------------------
# Uncomment this setting to include IPv6 support.
-# HAVE_IPV6=yes
+HAVE_IPV6=yes
###############################################################################
# THINGS YOU ALMOST NEVER NEED TO MENTION #
@@ -1133,13 +1132,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities.
-# CHOWN_COMMAND=/usr/bin/chown
-# CHGRP_COMMAND=/usr/bin/chgrp
-# CHMOD_COMMAND=/usr/bin/chmod
-# MV_COMMAND=/bin/mv
-# RM_COMMAND=/bin/rm
-# TOUCH_COMMAND=/usr/bin/touch
-# PERL_COMMAND=/usr/bin/perl
+CHOWN_COMMAND=/usr/bin/chown
+CHGRP_COMMAND=/usr/bin/chgrp
+CHMOD_COMMAND=/usr/bin/chmod
+MV_COMMAND=/usr/bin/mv
+RM_COMMAND=/usr/bin/rm
+TOUCH_COMMAND=/usr/bin/touch
+PERL_COMMAND=/usr/bin/perl
#------------------------------------------------------------------------------
@@ -1341,7 +1340,7 @@ EXIM_TMPDIR="/tmp"
# (process id) to a file so that it can easily be identified. The path of the
# file can be specified here. Some installations may want something like this:
-# PID_FILE_PATH=/var/lock/exim.pid
+PID_FILE_PATH=/var/run/exim.pid
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".

21
exim-4.90.1-cyrus.patch Normal file
View File

@ -0,0 +1,21 @@
diff --git a/src/configure.default b/src/configure.default
index 562d0be..1138335 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -768,6 +768,16 @@ address_reply:
driver = autoreply
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
+# socket. You'll need to configure the 'localuser' router above to use it.
+#
+#lmtp_delivery:
+# home_directory = /var/spool/imap
+# driver = lmtp
+# command = "/usr/lib/cyrus-imapd/deliver -l"
+# batch_max = 20
+# user = cyrus
+
######################################################################
# RETRY CONFIGURATION #

16
exim-4.90.1-dec64table-read-fix.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/src/base64.c b/src/src/base64.c
index dbbd6a4..e63522e 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -173,7 +173,7 @@ while ((x = *code++) != 0)
while (isspace(y = *code++)) ;
/* debug_printf("b64d: '%c'\n", y); */
- if (y == 0 || (y = dec64table[y]) == 255)
+ if (y > 127 || (y = dec64table[y]) == 255)
return -1;
*result++ = (x << 2) | (y >> 4);
--
1.9.1

69
exim-4.96-dlopen-localscan.patch → exim-4.90.1-dlopen-localscan.patch
View File

@ -1,19 +1,17 @@
diff --git a/src/EDITME b/src/EDITME
index cf0b33e..7d4cbf3 100644
index 0bd97f1..ce2b047 100644
--- a/src/EDITME
+++ b/src/EDITME
@@ -878,6 +878,21 @@ HAVE_ICONV=yes
# *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***
@@ -809,6 +809,20 @@ TLS_LIBS=-lssl -lcrypto
+#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
+# On systems which support dynamic loading of shared libraries, Exim can
+# load a local_scan function specified in its config file instead of having
+# to be recompiled with the desired local_scan function. For a full
+# description of the API to this function, see the Exim specification.
+
+DLOPEN_LOCAL_SCAN=yes
+HAVE_LOCAL_SCAN=yes
+
+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
+# linker flags. Without it, the loaded .so won't be able to access any
@ -21,16 +19,17 @@ index cf0b33e..7d4cbf3 100644
+
+LFLAGS=-rdynamic -ldl -pie
+
#------------------------------------------------------------------------------
+#------------------------------------------------------------------------------
# The default distribution of Exim contains only the plain text form of the
# documentation. Other forms are available separately. If you want to install
# the documentation in "info" format, first fetch the Texinfo documentation
diff --git a/src/config.h.defaults b/src/config.h.defaults
index 25ab755..e27a51d 100644
index 4750523..e3943a8 100644
--- a/src/config.h.defaults
+++ b/src/config.h.defaults
@@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'.
@@ -31,6 +31,8 @@ Do not put spaces between # and the 'define'.
#define AUTH_VARS 4
#define AUTH_VARS 3
+#define DLOPEN_LOCAL_SCAN
+
@ -38,10 +37,10 @@ index 25ab755..e27a51d 100644
#define CONFIGURE_FILE
diff --git a/src/globals.c b/src/globals.c
index ff246fe..b9dfbbb 100644
index 5df84bd..74724fd 100644
--- a/src/globals.c
+++ b/src/globals.c
@@ -151,6 +151,10 @@ time_t tls_watch_trigger_time = (time_t)0;
@@ -167,6 +167,10 @@ uschar *tls_verify_hosts = NULL;
uschar *tls_advertise_hosts = NULL;
#endif
@ -53,12 +52,12 @@ index ff246fe..b9dfbbb 100644
/* Per Recipient Data Response variables */
BOOL prdr_enable = FALSE;
diff --git a/src/globals.h b/src/globals.h
index fe099e4..7530a76 100644
index 37d4cad..2b313e0 100644
--- a/src/globals.h
+++ b/src/globals.h
@@ -148,6 +148,11 @@ extern uschar *tls_verify_hosts; /* Mandatory client verification */
extern int tls_watch_fd; /* for inotify of creds files */
extern time_t tls_watch_trigger_time; /* non-0: triggered */
@@ -126,6 +126,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */
extern uschar *tls_verify_certificates;/* Path for certificates to check */
extern uschar *tls_verify_hosts; /* Mandatory client verification */
#endif
+
+#ifdef DLOPEN_LOCAL_SCAN
@ -69,25 +68,21 @@ index fe099e4..7530a76 100644
extern uschar *dsn_envid; /* DSN envid string */
diff --git a/src/local_scan.c b/src/local_scan.c
index 7a3bae7..6ea5d2d 100644
index 3500047..8599172 100644
--- a/src/local_scan.c
+++ b/src/local_scan.c
@@ -6,59 +6,133 @@
/* Copyright (c) The Exim Maintainers 2021 */
@@ -5,60 +5,131 @@
/* Copyright (c) University of Cambridge 1995 - 2009 */
/* See the file NOTICE for conditions of use and distribution. */
+#include <local_scan.h>
+#include "exim.h"
-/******************************************************************************
-This file contains a template local_scan() function that just returns ACCEPT.
-If you want to implement your own version, you should copy this file to, say
-Local/local_scan.c, and edit the copy. To use your version instead of the
-default, you must set
+#ifdef DLOPEN_LOCAL_SCAN
+extern uschar *local_scan_path; /* Path to local_scan() library */
+#endif
-HAVE_LOCAL_SCAN=yes
-
-LOCAL_SCAN_SOURCE=Local/local_scan.c
-
-in your Local/Makefile. This makes it easy to copy your version for use with
@ -137,6 +132,8 @@ index 7a3bae7..6ea5d2d 100644
int
local_scan(int fd, uschar **return_text)
{
fd = fd; /* Keep picky compilers happy */
return_text = return_text;
-return LOCAL_SCAN_ACCEPT;
+#ifdef DLOPEN_LOCAL_SCAN
+/* local_scan_path is defined AND not the empty string */
@ -168,8 +165,8 @@ index 7a3bae7..6ea5d2d 100644
+else
+#endif
+ return LOCAL_SCAN_ACCEPT;
+ }
+
}
+#ifdef DLOPEN_LOCAL_SCAN
+
+static int load_local_scan_library(void)
@ -248,22 +245,22 @@ index 7a3bae7..6ea5d2d 100644
+ }
+
+return TRUE;
}
+}
+
+#endif /* DLOPEN_LOCAL_SCAN */
+
/* End of local_scan.c */
diff --git a/src/readconf.c b/src/readconf.c
index 06bc50f..6ecb0af 100644
index 8d5f38c..73095be 100644
--- a/src/readconf.c
+++ b/src/readconf.c
@@ -212,6 +212,9 @@ static optionlist optionlist_config[] = {
{ "local_from_prefix", opt_stringptr, {&local_from_prefix} },
{ "local_from_suffix", opt_stringptr, {&local_from_suffix} },
{ "local_interfaces", opt_stringptr, {&local_interfaces} },
@@ -195,6 +195,9 @@ static optionlist optionlist_config[] = {
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
{ "local_interfaces", opt_stringptr, &local_interfaces },
+#ifdef DLOPEN_LOCAL_SCAN
+ { "local_scan_path", opt_stringptr, &local_scan_path },
+#endif
#ifdef HAVE_LOCAL_SCAN
{ "local_scan_timeout", opt_time, {&local_scan_timeout} },
#endif
{ "local_scan_timeout", opt_time, &local_scan_timeout },
{ "local_sender_retain", opt_bool, &local_sender_retain },
{ "localhost_number", opt_stringptr, &host_number_string },

26
exim-4.90.1-dynlookup-config.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git a/src/EDITME b/src/EDITME
index ce2b047..8b773ea 100644
--- a/src/EDITME
+++ b/src/EDITME
@@ -311,15 +311,17 @@ LOOKUP_DSEARCH=yes
# LOOKUP_IBASE=yes
LOOKUP_LDAP=yes
LDAP_LIB_TYPE=OPENLDAP2
-LOOKUP_INCLUDE=-I/usr/include/mysql
-LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient -lpq
-LOOKUP_MYSQL=yes
+LOOKUP_LIBS=-lldap -llber -lsqlite3
+# LOOKUP_INCLUDE=-I/usr/include/mysql
+# LOOKUP_MYSQL_LIBS=-lmysqlclient
+LOOKUP_PGSQL_LIBS=-lpq
+LOOKUP_MYSQL=2
LOOKUP_MYSQL_PC=mariadb
LOOKUP_NIS=yes
LOOKUP_NISPLUS=yes
# LOOKUP_ORACLE=yes
LOOKUP_PASSWD=yes
-LOOKUP_PGSQL=yes
+LOOKUP_PGSQL=2
# LOOKUP_REDIS=yes
LOOKUP_SQLITE=yes
# LOOKUP_WHOSON=yes

15
exim-4.90.1-environment.patch Normal file
View File

@ -0,0 +1,15 @@
diff --git a/src/configure.default b/src/configure.default
index b955c6e..590c664 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -360,8 +360,8 @@ timeout_frozen_after = 7d
# Note that TZ is handled separately by the timezone runtime option
# and TIMEZONE_DEFAULT buildtime option.
-# keep_environment = ^LDAP
-# add_environment = PATH=/usr/bin::/bin
+keep_environment = ^LDAP
+add_environment = PATH=/usr/bin::/bin

118
exim-4.90.1-greylist-conf.patch Normal file
View File

@ -0,0 +1,118 @@
diff --git a/src/configure.default b/src/configure.default
index 72675be..30ffc8c 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -107,6 +107,7 @@ hostlist relay_from_hosts = localhost
# manual for details. The lists above are used in the access control lists for
# checking incoming messages. The names of these ACLs are defined here:
+acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
@@ -371,6 +372,29 @@ timeout_frozen_after = 7d
begin acl
+
+# This access control list is used for the MAIL command in an incoming
+# SMTP message.
+
+acl_check_mail:
+
+ # Hosts are required to say HELO (or EHLO) before sending mail.
+ # So don't allow them to use the MAIL command if they haven't
+ # done so.
+
+ deny condition = ${if eq{$sender_helo_name}{} {1}}
+ message = Nice boys say HELO first
+
+ # Use the lack of reverse DNS to trigger greylisting. Some people
+ # even reject for it but that would be a little excessive.
+
+ warn condition = ${if eq{$sender_host_name}{} {1}}
+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
+
+ accept
+
+
+
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
@@ -496,7 +520,8 @@ acl_check_rcpt:
# There are no default checks on DNS black lists because the domains that
# contain these lists are changing all the time. However, here are two
# examples of how you can get Exim to perform a DNS black list lookup at this
- # point. The first one denies, whereas the second just warns.
+ # point. The first one denies, whereas the second just warns. The third
+ # triggers greylisting for any host in the blacklist.
#
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
# dnslists = black.list.example
@@ -504,6 +529,10 @@ acl_check_rcpt:
# warn dnslists = black.list.example
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
# log_message = found in $dnslist_domain
+ #
+ # warn dnslists = black.list.example
+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
+ #
#############################################################################
#############################################################################
@@ -517,6 +546,10 @@ acl_check_rcpt:
# require verify = csa
#############################################################################
+ # Alternatively, greylist for it:
+ # warn !verify = csa
+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
+
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
@@ -549,6 +582,12 @@ acl_check_data:
# deny condition = ${if !def:h_Message-ID: {1}}
# message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
# Most messages without it are spam, so your mail has been rejected.
+ #
+ # Alternatively if we're feeling more lenient we could just use it to
+ # trigger greylisting instead:
+
+ warn condition = ${if !def:h_Message-ID: {1}}
+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
# Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above.
@@ -583,8 +622,30 @@ acl_check_data:
# message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
# $spam_report
+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
+ #
+ # warn condition = ${if >{$spam_score_int}{5} {1}}
+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
+
+
+ # If you want to greylist _all_ mail rather than only mail which looks like there
+ # might be something wrong with it, then you can do this...
+ #
+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
+
+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist
+ # package which contains this subroutine, and you need to uncomment the bit below
+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
+ # greylisting will kick in and will defer the mail to check if the sender is a
+ # proper mail which which retries, or whether it's a zombie. For more details, see
+ # the exim-greylist.conf.inc file itself.
+ #
+ # require acl = greylist_mail
+
accept
+# To enable the greylisting, also uncomment this line:
+# .include /etc/exim/exim-greylist.conf.inc
acl_check_mime:

78
exim-4.90.1-pamconfig.patch Normal file
View File

@ -0,0 +1,78 @@
diff --git a/src/configure.default b/src/configure.default
index 1138335..0675b40 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -142,7 +142,7 @@ acl_smtp_data = acl_check_data
# Allow any client to use TLS.
-# tls_advertise_hosts = *
+tls_advertise_hosts = *
# Specify the location of the Exim server's TLS certificate and private key.
# The private key must not be encrypted (password protected). You can put
@@ -150,8 +150,8 @@ acl_smtp_data = acl_check_data
# need the first setting, or in separate files, in which case you need both
# options.
-# tls_certificate = /etc/ssl/exim.crt
-# tls_privatekey = /etc/ssl/exim.pem
+tls_certificate = /etc/pki/tls/certs/exim.pem
+tls_privatekey = /etc/pki/tls/private/exim.pem
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
@@ -165,8 +165,8 @@ acl_smtp_data = acl_check_data
# them you should also allow TLS-on-connect on the traditional but
# non-standard port 465.
-# daemon_smtp_ports = 25 : 465 : 587
-# tls_on_connect_ports = 465
+daemon_smtp_ports = 25 : 465 : 587
+tls_on_connect_ports = 465
# Specify the domain you want to be added to all unqualified addresses
@@ -224,6 +224,24 @@ never_users = root
host_lookup = *
+# This setting, if uncommented, allows users to authenticate using
+# their system passwords against saslauthd if they connect over a
+# secure connection. If you have network logins such as NIS or
+# Kerberos rather than only local users, then you possibly also want
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
+# allows them to relay through the system.
+#
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
+#
+# By default, we set this option to allow SMTP AUTH from nowhere
+# (Exim's default would be to allow it from anywhere, even on an
+# unencrypted connection).
+#
+# Comment this one out if you uncomment the above. Did you make sure
+# saslauthd is actually running first?
+#
+auth_advertise_hosts =
# The settings below cause Exim to make RFC 1413 (ident) callbacks
# for all incoming SMTP calls. You can limit the hosts to which these
@@ -847,7 +865,7 @@ begin authenticators
# driver = plaintext
# server_set_id = $auth2
# server_prompts = :
-# server_condition = Authentication is not yet configured
+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
# server_advertise_condition = ${if def:tls_in_cipher }
# LOGIN authentication has traditional prompts and responses. There is no
@@ -859,7 +877,7 @@ begin authenticators
# driver = plaintext
# server_set_id = $auth1
# server_prompts = <| Username: | Password:
-# server_condition = Authentication is not yet configured
+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
# server_advertise_condition = ${if def:tls_in_cipher }

34
exim-4.90.1-procmail.patch Normal file
View File

@ -0,0 +1,34 @@
diff --git a/src/configure.default b/src/configure.default
index 8b4575c..2cce34b 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -735,6 +735,12 @@ userforward:
pipe_transport = address_pipe
reply_transport = address_reply
+procmail:
+ driver = accept
+ check_local_user
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+ transport = procmail
+ no_verify
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
@@ -776,6 +782,16 @@ remote_smtp:
driver = smtp
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+# This transport invokes procmail to deliver mail
+procmail:
+ driver = pipe
+ command = "/usr/bin/procmail -d $local_part"
+ return_path_add
+ delivery_date_add
+ envelope_to_add
+ user = $local_part
+ initgroups
+ return_output
# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the

24
exim-4.90.1-rhl.patch Normal file
View File

@ -0,0 +1,24 @@
diff --git a/src/configure.default b/src/configure.default
index 1dc9b91..562d0be 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -633,7 +633,7 @@ system_aliases:
driver = redirect
allow_fail
allow_defer
- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe
@@ -734,8 +734,8 @@ local_delivery:
delivery_date_add
envelope_to_add
return_path_add
-# group = mail
-# mode = 0660
+ group = mail
+ mode = 0660
# This transport is used for handling pipe deliveries generated by alias or

51
exim-4.90.1-smarthost-config.patch Normal file
View File

@ -0,0 +1,51 @@
diff --git a/src/configure.default b/src/configure.default
index 30ffc8c..b955c6e 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -843,6 +843,15 @@ remote_smtp:
driver = smtp
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+# This transport is used for delivering messages over SMTP using the
+# "message submission" port (RFC4409).
+
+remote_msa:
+ driver = smtp
+ port = 587
+ hosts_require_auth = *
+
+
# This transport invokes procmail to deliver mail
procmail:
driver = pipe
@@ -951,6 +960,21 @@ begin rewrite
# AUTHENTICATION CONFIGURATION #
######################################################################
+begin authenticators
+
+# This authenticator supports CRAM-MD5 username/password authentication
+# with Exim acting as a _client_, as it might when sending its outgoing
+# mail to a smarthost rather than directly to the final recipient.
+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
+
+#client_auth:
+# driver = cram_md5
+# public_name = CRAM-MD5
+# client_name = SMTPAUTH_USERNAME
+# client_secret = SMTPAUTH_PASSWORD
+
+#
+
# The following authenticators support plaintext username/password
# authentication using the standard PLAIN mechanism and the traditional
# but non-standard LOGIN mechanism, with Exim acting as the server.
@@ -966,7 +990,7 @@ begin rewrite
# The default RCPT ACL checks for successful authentication, and will accept
# messages from authenticated users from anywhere on the Internet.
-begin authenticators
+#
# PLAIN authentication has no server prompts. The client sends its
# credentials in one lump, containing an authorization ID (which we do not

104
exim-4.90.1-spamdconf.patch Normal file
View File

@ -0,0 +1,104 @@
diff --git a/src/configure.default b/src/configure.default
index 0675b40..8b4575c 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -109,6 +109,7 @@ hostlist relay_from_hosts = localhost
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
+acl_smtp_mime = acl_check_mime
# You should not change those settings until you understand how ACLs work.
@@ -121,7 +122,7 @@ acl_smtp_data = acl_check_data
# of what to set for other virus scanners. The second modification is in the
# acl_check_data access control list (see below).
-# av_scanner = clamd:/tmp/clamd
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
# For spam scanning, there is a similar option that defines the interface to
@@ -434,7 +435,8 @@ acl_check_rcpt:
accept local_parts = postmaster
domains = +local_domains
- # Deny unless the sender address can be verified.
+ # Deny unless the sender address can be routed. For proper verification of the
+ # address, read the documentation on callouts and add the /callout modifier.
require verify = sender
@@ -538,27 +540,63 @@ acl_check_data:
got $max_received_linelength
condition = ${if > {$max_received_linelength}{998}}
+ # Put simple tests first. A good one is to check for the presence of a
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
+ # or misconfigured mailer software occasionally omits this from genuine
+ # messages too, though -- although it's not hard for the offender to fix
+ # after they receive a bounce because of it.
+ #
+ # deny condition = ${if !def:h_Message-ID: {1}}
+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
+ # Most messages without it are spam, so your mail has been rejected.
+
# Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above.
#
# deny malware = *
# message = This message contains a virus ($malware_name).
- # Add headers to a message if it is judged to be spam. Before enabling this,
- # you must install SpamAssassin. You may also need to set the spamd_address
- # option above.
+ # Bypass SpamAssassin checks if the message is too large.
#
- # warn spam = nobody
- # add_header = X-Spam_score: $spam_score\n\
- # X-Spam_score_int: $spam_score_int\n\
- # X-Spam_bar: $spam_bar\n\
- # X-Spam_report: $spam_report
+ # accept condition = ${if >={$message_size}{100000} {1}}
+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
- # Accept the message.
+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
+ # score exceeds the SA system threshold.
+ #
+ # warn spam = nobody/defer_ok
+ # add_header = X-Spam-Flag: YES
+ #
+ # accept condition = ${if !def:spam_score_int {1}}
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
+ #
+
+ # Unconditionally add score and report headers
+ #
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
+ # X-Spam-Report: $spam_report
+
+ # And reject if the SpamAssassin score is greater than ten
+ #
+ # deny condition = ${if >{$spam_score_int}{100} {1}}
+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
+ # $spam_report
accept
+acl_check_mime:
+
+ # File extension filtering.
+ deny message = Blacklisted file extension detected
+ condition = ${if match \
+ {${lc:$mime_filename}} \
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
+ {1}{0}}
+
+ accept
+
######################################################################
# ROUTERS CONFIGURATION #

13
exim-4.96-build-fix.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/drtables.c b/src/drtables.c
index 513ef6c..3fa5c92 100644
--- a/src/drtables.c
+++ b/src/drtables.c
@@ -736,7 +736,7 @@ else
{
char * name = ent->d_name;
int len = (int)strlen(name);
- if (regex_match(regex_islookupmod, US name, len, NUL))
+ if (regex_match(regex_islookupmod, US name, len, NULL))
{
int pathnamelen = len + (int)strlen(LOOKUP_MODULE_DIR) + 2;
void *dl;

815
exim-4.96-config.patch
View File

@ -1,815 +0,0 @@
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
index ed77b6a..b9eb64d 100755
--- a/scripts/Configure-Makefile
+++ b/scripts/Configure-Makefile
@@ -317,7 +317,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
mv $mft $mftt
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
+ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
echo "" >>$mft
cat $mftt >> $mft
diff --git a/src/EDITME b/src/EDITME
index 53022e5..cf0b33e 100644
--- a/src/EDITME
+++ b/src/EDITME
@@ -99,7 +99,7 @@
# /usr/local/sbin. The installation script will try to create this directory,
# and any superior directories, if they do not exist.
-BIN_DIRECTORY=/usr/exim/bin
+BIN_DIRECTORY=/usr/sbin
#------------------------------------------------------------------------------
@@ -115,7 +115,7 @@ BIN_DIRECTORY=/usr/exim/bin
# don't exist. It will also install a default runtime configuration if this
# file does not exist.
-CONFIGURE_FILE=/usr/exim/configure
+CONFIGURE_FILE=/etc/exim/exim.conf
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
# In this case, Exim will use the first of them that exists when it is run.
@@ -132,7 +132,7 @@ CONFIGURE_FILE=/usr/exim/configure
# deliveries. (Local deliveries run as various non-root users, typically as the
# owner of a local mailbox.) Specifying these values as root is not supported.
-EXIM_USER=
+EXIM_USER=93
# If you specify EXIM_USER as a name, this is looked up at build time, and the
# uid number is built into the binary. However, you can specify that this
@@ -153,7 +153,7 @@ EXIM_USER=
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
# you want to use a group other than the default group for the given user.
-# EXIM_GROUP=
+EXIM_GROUP=93
# Many sites define a user called "exim", with an appropriate default group,
# and use
@@ -210,10 +210,10 @@ SPOOL_DIRECTORY=/var/spool/exim
# If you are building with TLS, the library configuration must be done:
# Uncomment this if you are using OpenSSL
-# USE_OPENSSL=yes
+USE_OPENSSL=yes
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
# and an optional location.
-# USE_OPENSSL_PC=openssl
+USE_OPENSSL_PC=openssl
# TLS_LIBS=-lssl -lcrypto
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
@@ -340,7 +340,7 @@ TRANSPORT_SMTP=yes
# This one is special-purpose, and commonly not required, so it is not
# included by default.
-# TRANSPORT_LMTP=yes
+TRANSPORT_LMTP=yes
#------------------------------------------------------------------------------
@@ -349,9 +349,9 @@ TRANSPORT_SMTP=yes
# MBX, is included only when requested. If you do not know what this is about,
# leave these settings commented out.
-# SUPPORT_MAILDIR=yes
-# SUPPORT_MAILSTORE=yes
-# SUPPORT_MBX=yes
+SUPPORT_MAILDIR=yes
+SUPPORT_MAILSTORE=yes
+SUPPORT_MBX=yes
#------------------------------------------------------------------------------
@@ -409,22 +409,28 @@ LOOKUP_DBM=yes
LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes
-# LOOKUP_CDB=yes
-# LOOKUP_DSEARCH=yes
+LOOKUP_CDB=yes
+LOOKUP_DSEARCH=yes
# LOOKUP_IBASE=yes
# LOOKUP_JSON=yes
-# LOOKUP_LDAP=yes
+LOOKUP_LDAP=yes
+LDAP_LIB_TYPE=OPENLDAP2
+LOOKUP_LIBS=-lldap -llber -lsqlite3
# LOOKUP_LMDB=yes
-# LOOKUP_MYSQL=yes
-# LOOKUP_MYSQL_PC=mariadb
-# LOOKUP_NIS=yes
+LOOKUP_MYSQL=2
+LOOKUP_MYSQL_PC=mariadb
+LOOKUP_NIS=yes
# LOOKUP_NISPLUS=yes
+CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc
+LIBS+=-L/usr/$(_lib)/nsl
+
# LOOKUP_ORACLE=yes
-# LOOKUP_PASSWD=yes
-# LOOKUP_PGSQL=yes
+LOOKUP_PASSWD=yes
+LOOKUP_PGSQL=2
+LOOKUP_PGSQL_LIBS=-lpq
# LOOKUP_REDIS=yes
-# LOOKUP_SQLITE=yes
+LOOKUP_SQLITE=yes
# LOOKUP_SQLITE_PC=sqlite3
# LOOKUP_WHOSON=yes
@@ -437,7 +443,7 @@ LOOKUP_DNSDB=yes
# Some platforms may need this for LOOKUP_NIS:
-# LIBS += -lnsl
+LIBS += -lnsl
#------------------------------------------------------------------------------
# If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
@@ -511,7 +517,7 @@ SUPPORT_DANE=yes
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
# local OS-specific make files.
-# EXIM_MONITOR=eximon.bin
+EXIM_MONITOR=eximon.bin
#------------------------------------------------------------------------------
@@ -521,7 +527,7 @@ SUPPORT_DANE=yes
# and the MIME ACL. Please read the documentation to learn more about these
# features.
-# WITH_CONTENT_SCAN=yes
+WITH_CONTENT_SCAN=yes
# If you have content scanning you may wish to only include some of the scanner
# interfaces. Uncomment any of these lines to remove that code.
@@ -604,12 +610,12 @@ DISABLE_MAL_MKS=yes
# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken;
# 1.3.2-3 works. I seems that the OpenDMARC project broke their API.
-# SUPPORT_DMARC=yes
+SUPPORT_DMARC=yes
# CFLAGS += -I/usr/local/include
-# LDFLAGS += -lopendmarc
+LDFLAGS += -lopendmarc
# Uncomment the following if you need to change the default. You can
# override it at runtime (main config option dmarc_tld_file)
-# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
+DMARC_TLD_FILE=/usr/share/publicsuffix/public_suffix_list.dat
# Uncomment the following line to add ARC (Authenticated Received Chain)
# support. You must have SPF and DKIM support enabled also.
@@ -709,7 +715,7 @@ FIXED_NEVER_USERS=root
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
#------------------------------------------------------------------------------
@@ -754,18 +760,18 @@ FIXED_NEVER_USERS=root
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
-# AUTH_CRAM_MD5=yes
-# AUTH_CYRUS_SASL=yes
-# AUTH_DOVECOT=yes
+AUTH_CRAM_MD5=yes
+AUTH_CYRUS_SASL=yes
+AUTH_DOVECOT=yes
# AUTH_EXTERNAL=yes
-# AUTH_GSASL=yes
-# AUTH_GSASL_PC=libgsasl
+AUTH_GSASL=yes
+AUTH_GSASL_PC=libgsasl
# AUTH_HEIMDAL_GSSAPI=yes
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
-# AUTH_PLAINTEXT=yes
-# AUTH_SPA=yes
-# AUTH_TLS=yes
+AUTH_PLAINTEXT=yes
+AUTH_SPA=yes
+AUTH_TLS=yes
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
# requires multiple pkg-config files to work with Exim, so the second example
@@ -792,7 +798,7 @@ FIXED_NEVER_USERS=root
# one that is set in the headers_charset option. The default setting is
# defined by this setting:
-HEADERS_CHARSET="ISO-8859-1"
+HEADERS_CHARSET="UTF-8"
# If you are going to make use of $header_xxx expansions in your configuration
# file, or if your users are going to use them in filter files, and the normal
@@ -812,7 +818,7 @@ HEADERS_CHARSET="ISO-8859-1"
# the Sieve filter support. For those OS where iconv() is known to be installed
# as standard, the file in OS/Makefile-xxxx contains
#
-# HAVE_ICONV=yes
+HAVE_ICONV=yes
#
# If you are not using one of those systems, but have installed iconv(), you
# need to uncomment that line above. In some cases, you may find that iconv()
@@ -888,7 +894,7 @@ HEADERS_CHARSET="ISO-8859-1"
# Once you have done this, "make install" will build the info files and
# install them in the directory you have defined.
-# INFO_DIRECTORY=/usr/share/info
+INFO_DIRECTORY=/usr/share/info
#------------------------------------------------------------------------------
@@ -901,7 +907,7 @@ HEADERS_CHARSET="ISO-8859-1"
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
# to form the final file names. Some installations may want something like this:
-# LOG_FILE_PATH=/var/log/exim_%slog
+LOG_FILE_PATH=/var/log/exim/%s.log
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
@@ -973,7 +979,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
# Perl costs quite a lot of resources. Only do this if you really need it.
-# EXIM_PERL=perl.o
+EXIM_PERL=perl.o
#------------------------------------------------------------------------------
@@ -983,7 +989,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# that the local_scan API is made available by the linker. You may also need
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
-# EXPAND_DLFUNC=yes
+EXPAND_DLFUNC=yes
#------------------------------------------------------------------------------
@@ -993,7 +999,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# support, which is intended for use in conjunction with the SMTP AUTH
# facilities, is included only when requested by the following setting:
-# SUPPORT_PAM=yes
+SUPPORT_PAM=yes
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
@@ -1005,12 +1011,12 @@ ZCAT_COMMAND=/usr/bin/zcat
# If you may want to use outbound (client-side) proxying, using Socks5,
# uncomment the line below.
-# SUPPORT_SOCKS=yes
+SUPPORT_SOCKS=yes
# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
# uncomment the line below.
-# SUPPORT_PROXY=yes
+SUPPORT_PROXY=yes
#------------------------------------------------------------------------------
@@ -1034,9 +1040,9 @@ ZCAT_COMMAND=/usr/bin/zcat
# installed on your system (www.libspf2.org). Depending on where it is installed
# you may have to edit the CFLAGS and LDFLAGS lines.
-# SUPPORT_SPF=yes
+SUPPORT_SPF=yes
# CFLAGS += -I/usr/local/include
-# LDFLAGS += -lspf2
+LDFLAGS += -lspf2
#------------------------------------------------------------------------------
@@ -1101,7 +1107,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# group. Once you have installed saslauthd, you should arrange for it to be
# started by root at boot time.
-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
#------------------------------------------------------------------------------
@@ -1115,8 +1121,8 @@ ZCAT_COMMAND=/usr/bin/zcat
# library for TCP wrappers, so you probably need something like this:
#
# USE_TCP_WRAPPERS=yes
-# CFLAGS=-O -I/usr/local/include
-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
+EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
#
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
# as well.
@@ -1168,7 +1174,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# is "yes", as well as supporting line editing, a history of input lines in the
# current run is maintained.
-# USE_READLINE=yes
+USE_READLINE=yes
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
# Note that this option adds to the size of the Exim binary, because the
@@ -1185,7 +1191,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
#------------------------------------------------------------------------------
# Uncomment this setting to include IPv6 support.
-# HAVE_IPV6=yes
+HAVE_IPV6=yes
###############################################################################
# THINGS YOU ALMOST NEVER NEED TO MENTION #
@@ -1206,13 +1212,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities.
-# CHOWN_COMMAND=/usr/bin/chown
-# CHGRP_COMMAND=/usr/bin/chgrp
-# CHMOD_COMMAND=/usr/bin/chmod
-# MV_COMMAND=/bin/mv
-# RM_COMMAND=/bin/rm
-# TOUCH_COMMAND=/usr/bin/touch
-# PERL_COMMAND=/usr/bin/perl
+CHOWN_COMMAND=/usr/bin/chown
+CHGRP_COMMAND=/usr/bin/chgrp
+CHMOD_COMMAND=/usr/bin/chmod
+MV_COMMAND=/usr/bin/mv
+RM_COMMAND=/usr/bin/rm
+TOUCH_COMMAND=/usr/bin/touch
+PERL_COMMAND=/usr/bin/perl
#------------------------------------------------------------------------------
@@ -1414,7 +1420,7 @@ EXIM_TMPDIR="/tmp"
# (process id) to a file so that it can easily be identified. The path of the
# file can be specified here. Some installations may want something like this:
-# PID_FILE_PATH=/var/lock/exim.pid
+PID_FILE_PATH=/var/run/exim.pid
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".
diff --git a/src/configure.default b/src/configure.default
index 3761daf..a5d3718 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -67,7 +67,7 @@
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists:
-domainlist local_domains = @
+domainlist local_domains = @ : localhost : localhost.localdomain
domainlist relay_to_domains =
hostlist relay_from_hosts = localhost
# (We rely upon hostname resolution working for localhost, because the default
@@ -119,11 +119,13 @@ hostlist relay_from_hosts = localhost
# manual for details. The lists above are used in the access control lists for
# checking incoming messages. The names of these ACLs are defined here:
+acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
.ifdef _HAVE_PRDR
acl_smtp_data_prdr = acl_check_prdr
.endif
acl_smtp_data = acl_check_data
+acl_smtp_mime = acl_check_mime
# You should not change those settings until you understand how ACLs work.
@@ -136,7 +138,7 @@ acl_smtp_data = acl_check_data
# of what to set for other virus scanners. The second modification is in the
# acl_check_data access control list (see below).
-# av_scanner = clamd:/tmp/clamd
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
# For spam scanning, there is a similar option that defines the interface to
@@ -147,6 +149,12 @@ acl_smtp_data = acl_check_data
# spamd_address = 127.0.0.1 783
+# Set the default sqlite database file for greylisting. Uncomment this
+# if you use the greylisting ACLs defined below.
+
+# sqlite_dbfile = /var/spool/exim/db/greylist.db
+
+
# If Exim is compiled with support for TLS, you may want to change the
# following option so that Exim disallows certain clients from makeing encrypted
# connections. The default is to allow all.
@@ -157,7 +165,7 @@ acl_smtp_data = acl_check_data
# This is equivalent to the default.
-# tls_advertise_hosts = *
+tls_advertise_hosts = *
# Specify the location of the Exim server's TLS certificate and private key.
# The private key must not be encrypted (password protected). You can put
@@ -165,8 +173,8 @@ acl_smtp_data = acl_check_data
# need the first setting, or in separate files, in which case you need both
# options.
-# tls_certificate = /etc/ssl/exim.crt
-# tls_privatekey = /etc/ssl/exim.pem
+tls_certificate = /etc/pki/tls/certs/exim.pem
+tls_privatekey = /etc/pki/tls/private/exim.pem
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
.ifdef _HAVE_OPENSSL
@@ -189,8 +197,8 @@ tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
# them you should also allow TLS-on-connect on the traditional but
# non-standard port 465.
-# daemon_smtp_ports = 25 : 465 : 587
-# tls_on_connect_ports = 465
+daemon_smtp_ports = 25 : 465 : 587
+tls_on_connect_ports = 465
# Specify the domain you want to be added to all unqualified addresses
@@ -248,6 +256,24 @@ never_users = root
host_lookup = *
+# This setting, if uncommented, allows users to authenticate using
+# their system passwords against saslauthd if they connect over a
+# secure connection. If you have network logins such as NIS or
+# Kerberos rather than only local users, then you possibly also want
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
+# allows them to relay through the system.
+#
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
+#
+# By default, we set this option to allow SMTP AUTH from nowhere
+# (Exim's default would be to allow it from anywhere, even on an
+# unencrypted connection).
+#
+# Comment this one out if you uncomment the above. Did you make sure
+# saslauthd is actually running first?
+#
+auth_advertise_hosts =
# The setting below causes Exim to try to initialize the system resolver
# library with DNSSEC support. It has no effect if your library lacks
@@ -378,8 +404,8 @@ timeout_frozen_after = 7d
# Note that TZ is handled separately by the timezone runtime option
# and TIMEZONE_DEFAULT buildtime option.
-# keep_environment = ^LDAP
-# add_environment = PATH=/usr/bin::/bin
+keep_environment = ^LDAP
+add_environment = PATH=/usr/bin::/bin
@@ -390,6 +416,29 @@ timeout_frozen_after = 7d
begin acl
+
+# This access control list is used for the MAIL command in an incoming
+# SMTP message.
+
+acl_check_mail:
+
+ # Hosts are required to say HELO (or EHLO) before sending mail.
+ # So don't allow them to use the MAIL command if they haven't
+ # done so.
+
+ deny condition = ${if eq{$sender_helo_name}{} {1}}
+ message = Nice boys say HELO first
+
+ # Use the lack of reverse DNS to trigger greylisting. Some people
+ # even reject for it but that would be a little excessive.
+
+ warn condition = ${if eq{$sender_host_name}{} {1}}
+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
+
+ accept
+
+
+
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
@@ -401,6 +450,7 @@ acl_check_rcpt:
accept hosts = :
control = dkim_disable_verify
+ control = dmarc_disable_verify
#############################################################################
# The following section of the ACL is concerned with local parts that contain
@@ -454,7 +504,8 @@ acl_check_rcpt:
accept local_parts = postmaster
domains = +local_domains
- # Deny unless the sender address can be verified.
+ # Deny unless the sender address can be routed. For proper verification of the
+ # address, read the documentation on callouts and add the /callout modifier.
require verify = sender
@@ -494,6 +545,7 @@ acl_check_rcpt:
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
+ control = dmarc_disable_verify
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
@@ -503,6 +555,7 @@ acl_check_rcpt:
accept authenticated = *
control = submission
control = dkim_disable_verify
+ control = dmarc_disable_verify
# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
@@ -523,7 +576,8 @@ acl_check_rcpt:
# There are no default checks on DNS black lists because the domains that
# contain these lists are changing all the time. However, here are two
# examples of how you can get Exim to perform a DNS black list lookup at this
- # point. The first one denies, whereas the second just warns.
+ # point. The first one denies, whereas the second just warns. The third
+ # triggers greylisting for any host in the blacklist.
#
# deny dnslists = black.list.example
# message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
@@ -531,6 +585,10 @@ acl_check_rcpt:
# warn dnslists = black.list.example
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
# log_message = found in $dnslist_domain
+ #
+ # warn dnslists = black.list.example
+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
+ #
#############################################################################
#############################################################################
@@ -557,6 +615,10 @@ acl_check_rcpt:
# set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
#############################################################################
+ # Alternatively, greylist for it:
+ # warn !verify = csa
+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
+
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
@@ -606,21 +668,32 @@ acl_check_data:
message = header syntax
log_message = header syntax ($acl_verify_message)
+ # Put simple tests first. A good one is to check for the presence of a
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
+ # or misconfigured mailer software occasionally omits this from genuine
+ # messages too, though -- although it's not hard for the offender to fix
+ # after they receive a bounce because of it.
+ #
+ # deny condition = ${if !def:h_Message-ID: {1}}
+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
+ # Most messages without it are spam, so your mail has been rejected.
+ #
+ # Alternatively if we're feeling more lenient we could just use it to
+ # trigger greylisting instead:
+
+ warn condition = ${if !def:h_Message-ID: {1}}
+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
+
# Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above.
#
# deny malware = *
# message = This message contains a virus ($malware_name).
- # Add headers to a message if it is judged to be spam. Before enabling this,
- # you must install SpamAssassin. You may also need to set the spamd_address
- # option above.
+ # Bypass SpamAssassin checks if the message is too large.
#
- # warn spam = nobody
- # add_header = X-Spam_score: $spam_score\n\
- # X-Spam_score_int: $spam_score_int\n\
- # X-Spam_bar: $spam_bar\n\
- # X-Spam_report: $spam_report
+ # accept condition = ${if >={$message_size}{100000} {1}}
+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
#############################################################################
# No more tests if PRDR was actively used.
@@ -634,11 +707,63 @@ acl_check_data:
# condition = ...
#############################################################################
+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
+ # score exceeds the SA system threshold.
+ #
+ # warn spam = nobody/defer_ok
+ # add_header = X-Spam-Flag: YES
+ #
+ # accept condition = ${if !def:spam_score_int {1}}
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
+ #
+
+ # Unconditionally add score and report headers
+ #
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
+ # X-Spam-Report: $spam_report
+
+ # And reject if the SpamAssassin score is greater than ten
+ #
+ # deny condition = ${if >{$spam_score_int}{100} {1}}
+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
+ # $spam_report
+
+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
+ #
+ # warn condition = ${if >{$spam_score_int}{5} {1}}
+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
+
- # Accept the message.
+ # If you want to greylist _all_ mail rather than only mail which looks like there
+ # might be something wrong with it, then you can do this...
+ #
+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
+
+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist
+ # package which contains this subroutine, and you need to uncomment the bit below
+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
+ # greylisting will kick in and will defer the mail to check if the sender is a
+ # proper mail which which retries, or whether it's a zombie. For more details, see
+ # the exim-greylist.conf.inc file itself.
+ #
+ # require acl = greylist_mail
accept
+# To enable the greylisting, also uncomment this line:
+# .include /etc/exim/exim-greylist.conf.inc
+
+acl_check_mime:
+
+ # File extension filtering.
+ deny message = Blacklisted file extension detected
+ condition = ${if match \
+ {${lc:$mime_filename}} \
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
+ {1}{0}}
+
+ accept
######################################################################
@@ -740,7 +865,7 @@ system_aliases:
driver = redirect
allow_fail
allow_defer
- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe
@@ -778,7 +903,7 @@ userforward:
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
-# allow_filter
+ allow_filter
no_verify
no_expn
check_ancestor
@@ -786,6 +911,12 @@ userforward:
pipe_transport = address_pipe
reply_transport = address_reply
+procmail:
+ driver = accept
+ check_local_user
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+ transport = procmail
+ no_verify
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
@@ -826,6 +957,25 @@ remote_smtp:
tls_resumption_hosts = *
.endif
+# This transport is used for delivering messages over SMTP using the
+# "message submission" port (RFC4409).
+
+remote_msa:
+ driver = smtp
+ port = 587
+ hosts_require_auth = *
+
+
+# This transport invokes procmail to deliver mail
+procmail:
+ driver = pipe
+ command = "/usr/bin/procmail -d $local_part"
+ return_path_add
+ delivery_date_add
+ envelope_to_add
+ user = $local_part
+ initgroups
+ return_output
# This transport is used for delivering messages to a smarthost, if the
# smarthost router is enabled. This starts from the same basis as
@@ -880,8 +1030,8 @@ local_delivery:
delivery_date_add
envelope_to_add
return_path_add
-# group = mail
-# mode = 0660
+ group = mail
+ mode = 0660
# This transport is used for handling pipe deliveries generated by alias or
@@ -914,6 +1064,16 @@ address_reply:
driver = autoreply
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
+# socket. You'll need to configure the 'localuser' router above to use it.
+#
+#lmtp_delivery:
+# home_directory = /var/spool/imap
+# driver = lmtp
+# command = "/usr/lib/cyrus-imapd/deliver -l"
+# batch_max = 20
+# user = cyrus
+
######################################################################
# RETRY CONFIGURATION #
@@ -954,6 +1114,21 @@ begin rewrite
# AUTHENTICATION CONFIGURATION #
######################################################################
+begin authenticators
+
+# This authenticator supports CRAM-MD5 username/password authentication
+# with Exim acting as a _client_, as it might when sending its outgoing
+# mail to a smarthost rather than directly to the final recipient.
+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
+
+#client_auth:
+# driver = cram_md5
+# public_name = CRAM-MD5
+# client_name = SMTPAUTH_USERNAME
+# client_secret = SMTPAUTH_PASSWORD
+
+#
+
# The following authenticators support plaintext username/password
# authentication using the standard PLAIN mechanism and the traditional
# but non-standard LOGIN mechanism, with Exim acting as the server.
@@ -969,7 +1144,7 @@ begin rewrite
# The default RCPT ACL checks for successful authentication, and will accept
# messages from authenticated users from anywhere on the Internet.
-begin authenticators
+#
# PLAIN authentication has no server prompts. The client sends its
# credentials in one lump, containing an authorization ID (which we do not
@@ -983,7 +1158,7 @@ begin authenticators
# driver = plaintext
# server_set_id = $auth2
# server_prompts = :
-# server_condition = Authentication is not yet configured
+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
# server_advertise_condition = ${if def:tls_in_cipher }
# LOGIN authentication has traditional prompts and responses. There is no
@@ -995,7 +1170,7 @@ begin authenticators
# driver = plaintext
# server_set_id = $auth1
# server_prompts = <| Username: | Password:
-# server_condition = Authentication is not yet configured
+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
# server_advertise_condition = ${if def:tls_in_cipher }

13
exim-4.96-opendmarc-1.4-build-fix.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/dmarc.c b/src/dmarc.c
index 17bba9d..a218380 100644
--- a/src/dmarc.c
+++ b/src/dmarc.c
@@ -459,7 +459,7 @@ if (!dmarc_abort && !sender_host_authenticated)
vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
DMARC_POLICY_DKIM_OUTCOME_NONE;
libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain,
- dkim_result, US"");
+ sig->selector, dkim_result, US"");
DEBUG(D_receive)
debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
if (libdm_status != DMARC_PARSE_OKAY)

2
exim-clamav-tmpfiles.conf
View File

@ -1 +1 @@
D /run/clamd.exim 0750 exim exim -
D /var/run/clamd.exim 0750 exim exim -

79
exim-greylist.conf.inc
View File

@ -1,44 +1,11 @@
#
# Exim ACL for greylisting. David Woodhouse <dwmw2@infradead.org>
#
# For full background on the logic behind greylisting and how this
# ACL works, see https://github.com/Exim/exim/wiki/SimpleGreylisting
#
# $Id: acl-greylist-sqlite,v 1.3 2007/11/25 19:17:28 dwmw2 Exp $
# UPDATING TO EXIM 4.94+
# ======================
#
# Previous versions of this ACL specified the sqlite database filename
# in the sqlite lookup strings directly, but since Exim 4.94 is it no
# longer permitted to mix "tainted" text which comes from the message
# itself, with the filename. Thus, you now have to set
#
# sqlite_dbfile = /var/spool/exim/db/greylist.db
#
# ... in the main configuration because it can't be specified within
# the ACL in this file any more.
GREYDB=/var/spool/exim/db/greylist.db
# USING THIS ACL
# ==============
#
# First set sqlite_dbfile in the main configuration file to point to
# the greylist sqlite database, as described above.
#
# In your main ACLs, gather reason(s) for greylisting into a variable
# named $acl_m_greylistreasons before invoking this ACL with
# 'require acl = greylist_mail'. The reasons should be separate lines
# of text, and will be reported in the SMTP rejection message as well
# as the log message. Anything "suspicious" about the email can be
# used as criteria here — being HTML, having even a few SpamAssassin
# points, even lacking SPF authorisation (which is OK for greylisting
# although you should never reject outright for an SPF "failure"
# because of the flaws in SPF).
#
# Obviously you need to .include this file too in order to be able
# to invoke this greylist_mail ACL.
# HOW IT WORKS
# ============
# ACL for greylisting. Place reason(s) for greylisting into a variable named
# $acl_m_greylistreasons before invoking with 'require acl = greylist_mail'.
# The reasons should be separate lines of text, and will be reported in
# the SMTP rejection message as well as the log message.
#
# When a suspicious mail is seen, we temporarily reject it and wait to see
# if the sender tries again. Most spam robots won't bother. Real mail hosts
@ -77,13 +44,15 @@
#
greylist_mail:
# Firstly, accept if it was generated locally or by authenticated clients.
# First, accept if it there's absolutely nothing suspicious about it...
accept condition = ${if eq{$acl_m_greylistreasons}{} {1}}
# ... or if it was generated locally or by authenticated clients.
accept hosts = :
accept authenticated = *
# Secondly, there's _absolutely_ no point in greylisting mail from
# hosts which are known to resend their mail. Just accept it.
accept condition = ${lookup sqlite {SELECT host from resenders \
accept condition = ${lookup sqlite {GREYDB SELECT host from resenders \
WHERE helo='${quote_sqlite:$sender_helo_name}' \
AND host='$sender_host_address';} {1}}
@ -93,28 +62,15 @@ greylist_mail:
# Attempt to look up this mail in the greylist database. If it's there,
# remember the expiry time for it; we need to make sure they've waited
# long enough.
warn set acl_m_greyexpiry = ${lookup sqlite {SELECT expire FROM greylist \
warn set acl_m_greyexpiry = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
# If there's absolutely nothing suspicious about the email, accept it. BUT...
accept condition = ${if eq {$acl_m_greylistreasons}{} {1}}
condition = ${if eq {$acl_m_greyexpiry}{} {1}}
# ..if this same mail was greylisted before (perhaps because it came from a
# host which *was* suspicious), then we still want to mark that original host
# as a "known resender". If we don't, then hosts which attempt to deliver from
# a dodgy Legacy IP address but then fall back to using IPv6 after greylisting
# will *never* see their Legacy IP address added to the 'known resenders' list.
accept condition = ${if eq {$acl_m_greylistreasons}{} {1}}
acl = write_known_resenders
# If the mail isn't already the database -- i.e. if the $acl_m_greyexpiry
# variable we just looked up is empty -- then try to add it now. This is
# where the 5 minute timeout is set ($tod_epoch + 300), should you wish
# to change it.
warn condition = ${if eq {$acl_m_greyexpiry}{} {1}}
set acl_m_dontcare = ${lookup sqlite {INSERT INTO greylist \
set acl_m_dontcare = ${lookup sqlite {GREYDB INSERT INTO greylist \
VALUES ( '$acl_m_greyident', \
'${eval10:$tod_epoch+300}', \
'$sender_host_address', \
@ -123,7 +79,7 @@ greylist_mail:
# Be paranoid, and check if the insertion succeeded (by doing another lookup).
# Otherwise, if there's a database error we might end up deferring for ever.
defer condition = ${if eq {$acl_m_greyexpiry}{} {1}}
condition = ${lookup sqlite {SELECT expire FROM greylist \
condition = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
WHERE id='${quote_sqlite:$acl_m_greyident}';} {1}}
message = Your mail was considered suspicious for the following reason(s):\n$acl_m_greylistreasons \
The mail has been greylisted for 5 minutes, after which it should be accepted. \
@ -149,16 +105,13 @@ greylist_mail:
You should wait another ${eval10:$acl_m_greyexpiry-$tod_epoch} seconds.\n\
Reason(s) for greylisting: \n$acl_m_greylistreasons
accept acl = write_known_resenders
write_known_resenders:
# The message was listed but it's been more than five minutes. Accept it now and whitelist
# the _original_ sending host by its { IP, HELO } so that we don't delay its mail again.
warn set acl_m_orighost = ${lookup sqlite {SELECT host FROM greylist \
warn set acl_m_orighost = ${lookup sqlite {GREYDB SELECT host FROM greylist \
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
set acl_m_orighelo = ${lookup sqlite {SELECT helo FROM greylist \
set acl_m_orighelo = ${lookup sqlite {GREYDB SELECT helo FROM greylist \
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
set acl_m_dontcare = ${lookup sqlite {INSERT INTO resenders \
set acl_m_dontcare = ${lookup sqlite {GREYDB INSERT INTO resenders \
VALUES ( '$acl_m_orighost', \
'${quote_sqlite:$acl_m_orighelo}', \
'$tod_epoch' ); }}

132
exim.init Normal file
View File

@ -0,0 +1,132 @@
#!/bin/bash
#
# exim This shell script takes care of starting and stopping exim
#
# chkconfig: 2345 80 30
# description: Exim is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: exim
# config: /etc/exim/exim.conf
# pidfile: /var/run/exim.pid
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
# Source exim configureation.
if [ -f /etc/sysconfig/exim ] ; then
. /etc/sysconfig/exim
else
DAEMON=yes
QUEUE=1h
fi
USER=${USER:=exim}
GROUP=${GROUP:=exim}
gen_cert() {
if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
umask 077
FQDN=`hostname`
if [ "x${FQDN}" = "x" ]; then
FQDN=localhost.localdomain
fi
echo -n $"Generating exim certificate: "
cat << EOF | openssl req -new -x509 -days 365 -nodes \
-out /etc/pki/tls/certs/exim.pem \
-keyout /etc/pki/tls/private/exim.pem &>/dev/null
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
${FQDN}
root@${FQDN}
EOF
if [ $? -eq 0 ]; then
success
chown $USER:$GROUP /etc/pki/tls/{private,certs}/exim.pem
chmod 600 /etc/pki/tls/{private,certs}/exim.pem
else
failure
fi
echo
fi
}
start() {
[ "$EUID" != "0" ] && exit 4
[ "${NETWORKING}" = "no" ] && exit 1
[ -f /usr/sbin/exim ] || exit 5
# check ownerships
# do this by seeing if /var/log/exim/main.log exists and is
# owned by exim - if owned by someone else we fix it up
if [ -f /var/log/exim/main.log ]
then
if [ "exim" != "`ls -l /var/log/exim/main.log | awk '{print $4}'`" ]
then
chown -R $USER:$GROUP /var/log/exim /var/spool/exim
fi
fi
# generate certificate if doesn't exist
gen_cert
# Start daemons.
echo -n $"Starting exim: "
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
$([ -n "$QUEUE" ] && echo -q$QUEUE)
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/exim
}
stop() {
[ "$EUID" != "0" ] && exit 4
# Stop daemons.
echo -n $"Shutting down exim: "
killproc exim
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/exim
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload|force-reload)
status exim > /dev/null || exit 7
echo -n $"Reloading exim:"
killproc exim -HUP
echo
;;
condrestart|try-restart)
status exim > /dev/null || exit 0
restart
;;
status)
status exim
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|force-reload|status|condrestart|try-restart}"
exit 2
esac
exit $RETVAL

438
exim.spec
View File

@ -6,28 +6,32 @@
%bcond_without clamav
%endif
%global sysv2systemdnvr 4.76-6
# hardened build if not overridden
%{!?_hardened_build:%global _hardened_build 1}
Summary: The exim mail transfer agent
Name: exim
Version: 4.96
Release: 2%{?dist}
Version: 4.90.1
Release: 3%{?dist}
License: GPLv2+
Url: https://www.exim.org/
Url: http://www.exim.org/
Group: System Environment/Daemons
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Provides: MTA smtpd smtpdaemon server(smtp)
Requires(post): /sbin/restorecon %{_sbindir}/alternatives systemd
Requires(post): /sbin/chkconfig /sbin/service /sbin/restorecon %{_sbindir}/alternatives systemd systemd-sysv
Requires(preun): %{_sbindir}/alternatives systemd
Requires(postun): %{_sbindir}/alternatives systemd
Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
%if %{with clamav}
BuildRequires: clamd
%if 0%{?fedora} < 23
Requires: initscripts
%endif
Source: https://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz
Source1: https://ftp.exim.org/pub/exim/exim4/%{name}-%{version}.tar.xz.asc
Source2: https://downloads.exim.org/Exim-Maintainers-Keyring.asc
BuildRequires: clamav-devel
%endif
Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz
Source2: exim.init
Source3: exim.sysconfig
Source4: exim.logrotate
Source5: exim-tidydb.sh
@ -42,57 +46,35 @@ Source24: exim.service
Source25: exim-gen-cert
Source26: clamd.exim.service
Patch0: exim-4.96-config.patch
Patch1: exim-4.94-libdir.patch
Patch2: exim-4.96-dlopen-localscan.patch
Patch3: exim-4.96-pic.patch
# https://bugs.exim.org/show_bug.cgi?id=2728
Patch4: exim-4.96-opendmarc-1.4-build-fix.patch
# https://bugs.exim.org/show_bug.cgi?id=2899
Patch5: exim-4.96-build-fix.patch
Patch4: exim-4.90.1-rhl.patch
Patch6: exim-4.90.1-config.patch
Patch8: exim-4.82-libdir.patch
Patch12: exim-4.90.1-cyrus.patch
Patch13: exim-4.90.1-pamconfig.patch
Patch14: exim-4.90.1-spamdconf.patch
Patch18: exim-4.90.1-dlopen-localscan.patch
Patch19: exim-4.90.1-procmail.patch
Patch20: exim-4.90.1-allow-filter.patch
Patch21: exim-4.87-localhost-is-local.patch
Patch22: exim-4.90.1-greylist-conf.patch
Patch23: exim-4.90.1-smarthost-config.patch
Patch25: exim-4.90.1-dynlookup-config.patch
Patch26: exim-4.85-pic.patch
Patch27: exim-4.90.1-environment.patch
Patch28: exim-4.90.1-dec64table-read-fix.patch
Requires: /etc/pki/tls/certs /etc/pki/tls/private
Requires: /etc/aliases
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Recommends: publicsuffix-list
BuildRequires: gcc
BuildRequires: libdb-devel
BuildRequires: openssl-devel
BuildRequires: openldap-devel
BuildRequires: pam-devel
BuildRequires: pcre2-devel
BuildRequires: sqlite-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: libspf2-devel
BuildRequires: libopendmarc-devel
BuildRequires: openldap-devel
BuildRequires: openssl-devel
BuildRequires: mariadb-connector-c-devel
BuildRequires: libpq-devel
BuildRequires: libXaw-devel
BuildRequires: libXmu-devel
BuildRequires: libXext-devel
BuildRequires: libX11-devel
BuildRequires: libSM-devel
BuildRequires: libdb-devel openssl-devel openldap-devel pam-devel
BuildRequires: pcre-devel sqlite-devel tcp_wrappers-devel cyrus-sasl-devel
BuildRequires: openldap-devel openssl-devel mysql-devel postgresql-devel
BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
BuildRequires: perl-devel
BuildRequires: perl-generators
BuildRequires: libICE-devel
BuildRequires: libXpm-devel
BuildRequires: libXt-devel
BuildRequires: perl(ExtUtils::Embed)
BuildRequires: libICE-devel libXpm-devel libXt-devel perl(ExtUtils::Embed)
# mariadb-devel for mariadb pkgconfig
BuildRequires: systemd-units
BuildRequires: libgsasl-devel
BuildRequires: mariadb-devel
# Workaround for NIS removal from glibc, bug 1534920
BuildRequires: libnsl2-devel
BuildRequires: libtirpc-devel
BuildRequires: gnupg2
BuildRequires: grep
%if 0%{?rhel} == 8
BuildRequires: epel-rpm-macros >= 8-5
%endif
BuildRequires: make
BuildRequires: systemd-units libgsasl-devel mariadb-devel
%description
Exim is a message transfer agent (MTA) developed at the University of
@ -104,8 +86,22 @@ routed, and there are extensive facilities for checking incoming
mail. Exim can be installed in place of sendmail, although the
configuration of exim is quite different to that of sendmail.
%if 0%{?fedora} < 23
%package sysvinit
Summary: SysV initscript for Exim
Group: System Environment/Daemons
BuildArch: noarch
Requires: %{name} = %{version}-%{release}
Requires(preun): chkconfig
Requires(post): chkconfig
%description sysvinit
This package contains the SysV initscript for Exim.
%endif
%package mysql
Summary: MySQL lookup support for Exim
Group: System Environment/Daemons
Requires: exim = %{version}-%{release}
%description mysql
@ -113,6 +109,7 @@ This package contains the MySQL lookup module for Exim
%package pgsql
Summary: PostgreSQL lookup support for Exim
Group: System Environment/Daemons
Requires: exim = %{version}-%{release}
%description pgsql
@ -120,6 +117,7 @@ This package contains the PostgreSQL lookup module for Exim
%package mon
Summary: X11 monitor application for Exim
Group: Applications/System
%description mon
The Exim Monitor is an optional supplement to the Exim package. It
@ -130,8 +128,11 @@ interface.
%if %{with clamav}
%package clamav
Summary: Clam Antivirus scanner dæmon configuration for use with Exim
Requires: clamd exim
Group: System Environment/Daemons
Requires: clamav-server exim
Obsoletes: clamav-exim <= 0.86.2
Requires(post): /sbin/chkconfig /sbin/service
Requires(preun): /sbin/chkconfig /sbin/service
%description clamav
This package contains configuration files which invoke a copy of the
@ -150,10 +151,23 @@ For further details of Exim content scanning, see chapter 41 of the Exim
specification:
http://www.exim.org/exim-html-%{version}/doc/html/spec_html/ch41.html
%if 0%{?fedora} < 23
%package clamav-sysvinit
Summary: SysV initscript for Clam Antivirus scanner for Exim
Group: System Environment/Daemons
BuildArch: noarch
Requires: exim-clamav = %{version}-%{release}
Requires(preun): chkconfig
Requires(post): chkconfig
%description clamav-sysvinit
This package contains the SysV initscript.
%endif
%endif
%package greylist
Summary: Example configuration for greylisting using Exim
Group: System Environment/Daemons
Requires: sqlite exim
Requires: crontabs
@ -178,20 +192,31 @@ greylisting for whatever 'offences' you can dream of, or even to make
greylisting unconditional.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1
%setup -q
%patch4 -p1 -b .rhl
%patch6 -p1 -b .config
%patch8 -p1 -b .libdir
%patch12 -p1 -b .cyrus
%patch13 -p1 -b .pam
%patch14 -p1 -b .spamd
%patch18 -p1 -b .dl
%patch19 -p1 -b .procmail
%patch20 -p1 -b .filter
%patch21 -p1 -b .localhost
%patch22 -p1 -b .grey
%patch23 -p1 -b .smarthost
%patch25 -p1 -b .dynconfig
%patch26 -p1 -b .fpic
%patch27 -p1 -b .environment
# Backported from upstream
%patch28 -p1 -b .dec64table-read-fix
cp src/EDITME Local/Makefile
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
sed -i 's@^# AUTH_LIBS=-lsasl2@AUTH_LIBS=-lsasl2@' Local/Makefile
cp exim_monitor/EDITME Local/eximon.conf
# Workaround for rhbz#1791878
pushd doc
for f in $(ls -dp cve-* | grep -v '/\|\(\.txt\)$'); do
mv "$f" "$f.txt"
done
popd
%build
%ifnarch s390 s390x sparc sparcv9 sparcv9v sparc64 sparc64v
@ -201,11 +226,11 @@ popd
export PIE=-fPIE
export PIC=-fPIC
%endif
export LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now}"
make _lib=%{_lib} FULLECHO=
make _lib=%{_lib} FULLECHO= LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now}"
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT%{_bindir}
mkdir -p $RPM_BUILD_ROOT%{_libdir}
@ -267,6 +292,11 @@ pod2man --center=EXIM --section=8 \
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
install -m 644 %SOURCE3 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/exim
%if 0%{?fedora} < 23
mkdir -p $RPM_BUILD_ROOT%{_initrddir}
install %SOURCE2 $RPM_BUILD_ROOT%{_initrddir}/exim
%endif
# Systemd
mkdir -p %{buildroot}%{_unitdir}
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
@ -291,23 +321,25 @@ chmod 600 $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
# generate alternatives ghosts
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
for i in %{_sbindir}/sendmail %{_bindir}/{mailq,runq,rsmtp,rmail,newaliases} \
/usr/lib/sendmail %{_sysconfdir}/pam.d/smtp
/usr/lib/sendmail %{_sysconfdir}/pam.d/smtp %{_mandir}/man1/mailq.1.gz
do
touch $RPM_BUILD_ROOT$i
done
gzip < /dev/null > $RPM_BUILD_ROOT%{_mandir}/man1/mailq.1.gz
%if %{with clamav}
# Munge the clamav init and config files from clamav-devel. This really ought
# to be a subpackage of clamav, but this hack will have to do for now.
function clamsubst() {
sed -e "s!<SERVICE>!$3!g;s!<USER>!$4!g;""$5" %{_docdir}/clamd/"$1" >"$RPM_BUILD_ROOT$2"
sed -e "s!<SERVICE>!$3!g;s!<USER>!$4!g;""$5" %{_datadir}/clamav/template/"$1" >"$RPM_BUILD_ROOT$2"
}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/clamd.d
clamsubst clamd.conf %{_sysconfdir}/clamd.d/exim.conf exim exim \
's!^##*\(\(LogFile\|LocalSocket\|PidFile\|User\)\s\|\(StreamSaveToDisk\|ScanMail\|LogTime\|ScanArchive\)$\)!\1!;s!^Example!#Example!;'
%if 0%{?fedora} < 23
clamsubst clamd.init %{_initrddir}/clamd.exim exim exim ''
%endif
clamsubst clamd.logrotate %{_sysconfdir}/logrotate.d/clamd.exim exim exim ''
cat <<EOF > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/clamd.exim
CLAMD_CONFIG='%_sysconfdir/clamd.d/exim.conf'
@ -331,8 +363,8 @@ install -m755 %{SOURCE22} $RPM_BUILD_ROOT/%_sysconfdir/cron.daily/greylist-tidy.
install -m644 %{SOURCE23} $RPM_BUILD_ROOT/%_sysconfdir/exim/trusted-configs
touch $RPM_BUILD_ROOT/%_var/spool/exim/db/greylist.db
%check
build-`scripts/os-type`-`scripts/arch-type`/exim -C src/configure.default -bV
%clean
rm -rf $RPM_BUILD_ROOT
%pre
%{_sbindir}/groupadd -g 93 exim 2>/dev/null
@ -375,6 +407,29 @@ if [ $1 -ge 1 ]; then
fi
fi
%triggerun -- exim < %{sysv2systemdnvr}
%{_bindir}/systemd-sysv-convert --save exim >/dev/null 2>&1 ||:
/bin/systemctl enable exim.service >/dev/null 2>&1
/sbin/chkconfig --del exim >/dev/null 2>&1 || :
/bin/systemctl try-restart exim.service >/dev/null 2>&1 || :
%if 0%{?fedora} < 23
%triggerpostun -n exim-sysvinit -- exim < %{sysv2systemdnvr}
/sbin/chkconfig --add exim >/dev/null 2>&1 || :
%post sysvinit
/sbin/chkconfig --add exim >/dev/null 2>&1 ||:
%preun sysvinit
if [ "$1" = 0 ]; then
%{_initrddir}/exim stop >/dev/null 2>&1 ||:
/sbin/chkconfig --del exim >/dev/null 2>&1 ||:
fi
%postun sysvinit
[ "$1" -ge "1" ] && %{_initrddir}/exim condrestart >/dev/null 2>&1 ||:
%endif
%post greylist
if [ ! -r %{_var}/spool/exim/db/greylist.db ]; then
sqlite3 %{_var}/spool/exim/db/greylist.db < %{_sysconfdir}/exim/mk-greylist-db.sql
@ -383,6 +438,7 @@ if [ ! -r %{_var}/spool/exim/db/greylist.db ]; then
fi
%files
%defattr(-,root,root)
%attr(4755,root,root) %{_sbindir}/exim
%{_sbindir}/exim_dumpdb
%{_sbindir}/exim_fixdb
@ -446,13 +502,22 @@ fi
%ghost %{_sysconfdir}/pam.d/smtp
%ghost %{_mandir}/man1/mailq.1.gz
%if 0%{?fedora} < 23
%files sysvinit
%defattr(-,root,root,-)
%{_initrddir}/exim
%endif
%files mysql
%defattr(-,root,root,-)
%{_libdir}/exim/%{version}-%{release}/lookups/mysql.so
%files pgsql
%defattr(-,root,root,-)
%{_libdir}/exim/%{version}-%{release}/lookups/pgsql.so
%files mon
%defattr(-,root,root)
%{_sbindir}/eximon
%{_sbindir}/eximon.bin
@ -479,7 +544,29 @@ if [ $1 -ge 1 ] ; then
/bin/systemctl try-restart clamd.exim.service >/dev/null 2>&1 || :
fi
%triggerun -- clamav < %{sysv2systemdnvr}
%{_bindir}/systemd-sysv-convert --save clamd.exim >/dev/null 2>&1 ||:
/bin/systemctl enable clamd.exim.service >/dev/null 2>&1
/sbin/chkconfig --del clamd.exim >/dev/null 2>&1 || :
/bin/systemctl try-restart clamd.exim.service >/dev/null 2>&1 || :
%if 0%{?fedora} < 23
%triggerpostun -n exim-clamav-sysvinit -- exim < %{sysv2systemdnvr}
/sbin/chkconfig --add clamd.exim >/dev/null 2>&1 ||:
%post clamav-sysvinit
/sbin/chkconfig --add clamd.exim >/dev/null 2>&1 ||:
%preun clamav-sysvinit
test "$1" != 0 || %{_initrddir}/clamd.exim stop >/dev/null 2>&1 || :
test "$1" != 0 || /sbin/chkconfig --del clamd.exim >/dev/null 2>&1 || :
%postun clamav-sysvinit
test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
%endif
%files clamav
%defattr(-,root,root,-)
%{_sbindir}/clamd.exim
%{_unitdir}/clamd.exim.service
%config(noreplace) %verify(not mtime) %{_sysconfdir}/clamd.d/exim.conf
@ -488,195 +575,24 @@ fi
%{_tmpfilesdir}/exim-clamav.conf
%ghost %attr(0750,exim,exim) %dir %{_var}/run/clamd.exim
%ghost %attr(0644,exim,exim) %{_var}/log/clamd.exim
%if 0%{?fedora} < 23
%files clamav-sysvinit
%defattr(-,root,root,-)
%attr(0755,root,root) %config %{_initrddir}/clamd.exim
%endif
%endif
%files greylist
%defattr(-,root,root,-)
%config %{_sysconfdir}/exim/exim-greylist.conf.inc
%ghost %{_var}/spool/exim/db/greylist.db
%{_sysconfdir}/exim/mk-greylist-db.sql
%{_sysconfdir}/cron.daily/greylist-tidy.sh
%changelog
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.96-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 28 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 4.96-1
- New version
Resolves: rhbz#2101104
* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 4.95-4
- Perl 5.36 rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.95-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Nov 12 2021 Björn Esser <besser82@fedoraproject.org> - 4.95-2
- Rebuild(libnsl2)
- Drop support for NISPLUS, as libnsl2 >= 2.0.0 does not support it anymore
* Mon Oct 4 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.95-1
- New version
Resolves: rhbz#2008452
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 4.94.2-4
- Rebuilt with OpenSSL 3.0.0
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.94.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4.94.2-2
- Perl 5.34 rebuild
* Tue May 4 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94.2-1
- New version
Resolves: rhbz#1956859
* Thu Mar 25 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-7
- Fixed cname handling in TLS certificate verification
Resolves: rhbz#1942582
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.94-6
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 4.94-5
- rebuild for libpq ABI fix rhbz#1908268
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.94-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.94-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 4.94-2
- Perl 5.32 rebuild
* Mon Jun 1 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-1
- New version
Resolves: rhbz#1842590
- Used Exim maintainers keyring for GPG verification
- Dropped CVE-2020-12783 patch (upstreamed)
- Used better workaround for rhbz#1791878
Resolves: rhbz#1842633
* Fri May 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-8
- Fixed out-of-bounds read in the SPA authenticator
Resolves: CVE-2020-12783
* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-7
- Improved the spec file not to override LDFLAGS
* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-6
- Updated config to explictly link with spf2 and opendmarc
- Fixed bogus date in changelog
* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-5
- Bump for rebuild with the fixed clamd requirement
Resolves: rhbz#1801329
* Fri Mar 20 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-4
- Workaround for upgrade conflict
Resolves: rhbz#1791878
* Thu Feb 20 2020 Tom Hughes <tom@compton.nu> - 4.93-3
- Enable SPF and DMARC support
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.93-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sun Jan 12 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-1
- New version
Resolves: rhbz#1782320
- Consolidated and simplified patches
- Dropped dane-enable patch (not needed)
* Thu Jan 2 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-5
- Fixed FTBFS due to changes in clamav package
Resolves: rhbz#1787285
* Fri Nov 22 2019 Felix Schwarz <fschwarz@fedoraproject.org> - 4.92.3-4
- enable GPG-based source file verification
* Thu Oct 10 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-3
- Enabled local_scan
* Thu Oct 10 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-2
- Dropped sysvinit artifacts
* Mon Sep 30 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-1
- New version
Resolves: rhbz#1756656
Resolves: CVE-2019-16928
* Fri Sep 6 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.2-1
- New version
Resolves: CVE-2019-15846
* Tue Aug 20 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.1-1
- New version
Resolves: rhbz#1742312
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.92-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4.92-8
- Perl 5.30 rebuild
* Wed Mar 27 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-7
- Enabled DANE support
Resolves: rhbz#1693202
* Wed Mar 20 2019 Peter Robinson <pbrobinson@fedoraproject.org> 4.92-6
- Drop F-23 conditionals, and related obsolete bits
* Tue Mar 19 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-5
- Processed greylist.db by cron job only if it has non zero size
Resolves: rhbz#1689211
* Mon Mar 4 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-4
- Fixed greylist-conf patch
Related: rhbz#1679274
* Sat Mar 2 2019 Tim Landscheidt <tim@tim-landscheidt.de> - 4.92-3
- Fix syntax error in exim.conf (#1679274)
- Use properly compressed empty mailq.1.gz as ghost file
- Add basic check that configuration file is valid
* Wed Feb 20 2019 Marcel Härry <mh+fedora@scrit.ch> - 4.92-2
- Enable proxy and socks support
Resolves: rhbz#1542870
* Mon Feb 11 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-1
- New version
Resolves: rhbz#1674282
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.91-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 4.91-5
- Rebuilt for libcrypt.so.2 (#1666033)
* Fri Jul 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.91-4
- Fixed FTBFS by adding gcc requirement
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.91-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 4.91-2
- Perl 5.28 rebuild
* Thu Apr 19 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.91-1
- New version
Resolves: rhbz#1567670
- Dropped dec64table-read-fix patch (already upstream)
- De-fuzzified patches
* Wed Mar 14 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-4
* Wed Mar 14 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-3
- Fixed dec64table OOB read in b64decode
- De-fuzzified nsl-fix patch
* Fri Feb 16 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-3
- Dropped dynlookup-config patch (merged into config patch)
* Fri Feb 16 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-2
- Fixed mysql module
@ -691,32 +607,14 @@ fi
- Dropped CVE-2017-1000369, calloutsize, CVE-2017-16943,
CVE-2017-16944 patches (all upstreamed)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.89-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.89-11
- Rebuilt for switch to libxcrypt
* Wed Jan 17 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-10
- Fixed FTBFS due to NIS removal from glibc
Resolves: rhbz#1534920
* Fri Dec 1 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-9
* Fri Dec 1 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-7
- Fixed denial of service
Resolves: CVE-2017-16944
* Thu Nov 30 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-8
- Dropped tcp_wrappers support
Resolves: rhbz#1518763
* Mon Nov 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-7
* Mon Nov 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-6
- Fixed use-after-free
Resolves: CVE-2017-16943
* Fri Nov 10 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-6
- Used mariadb-connector-c-devel instead of mysql-devel
Resolves: rhbz#1494094
* Fri Aug 18 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-5
- Fixed compilation with the mariadb-10.2
Resolves: rhbz#1467312

2
greylist-tidy.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
if [ -s /var/spool/exim/db/greylist.db ]; then
if [ -r /var/spool/exim/db/greylist.db ]; then
sqlite3 /var/spool/exim/db/greylist.db <<EOF
.timeout 5000
DELETE FROM greylist WHERE expire < $((`date +%s` - 604800));

3
sources
View File

@ -1,2 +1 @@
SHA512 (exim-4.96.tar.xz) = 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
SHA512 (exim-4.96.tar.xz.asc) = a231c97e44a7365ac5961f2827b89d8cdf6ad94964633814f31e44d94ada9900f76664c45c2f55e378245e44739a0ef323786ca29b4093e44ce2b008eca4ad64
SHA512 (exim-4.90.1.tar.xz) = b4830a2e03023b2bafc9e62535f467bb61b0f1398b6b3af0a7ef6f49e6cba60a9496e6762d0898b7ac1c2823db8cf96ed9f37e26b05809b4ba01725d9e72b806