pkgs/raven
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
raven/extras/exim/exim-4.95-config.patch
Raven f4c2fd5c67 initial commit
2024-02-21 13:47:54 +06:00

825 lines
28 KiB
Diff
Raw Permalink Blame History

diff -Naur exim-4.95_orig/scripts/Configure-Makefile exim-4.95/scripts/Configure-Makefile
--- exim-4.95_orig/scripts/Configure-Makefile 2021-09-28 14:24:46.000000000 +0600
+++ exim-4.95/scripts/Configure-Makefile 2022-02-25 16:29:37.940065186 +0600
@@ -297,7 +297,7 @@
mv $mft $mftt
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
- echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts`" >>$mft
+ echo "PERL_CCOPTS=`$PERL_COMMAND -MExtUtils::Embed -e ccopts` \$(CFLAGS)" >>$mft
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
echo "" >>$mft
cat $mftt >> $mft
diff -Naur exim-4.95_orig/src/configure.default exim-4.95/src/configure.default
--- exim-4.95_orig/src/configure.default 2021-09-28 14:24:46.000000000 +0600
+++ exim-4.95/src/configure.default 2022-02-25 17:51:49.979090483 +0600
@@ -67,7 +67,7 @@
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists:
-domainlist local_domains = @
+domainlist local_domains = @ : localhost : localhost.localdomain
domainlist relay_to_domains =
hostlist relay_from_hosts = localhost
# (We rely upon hostname resolution working for localhost, because the default
@@ -119,11 +119,13 @@
# manual for details. The lists above are used in the access control lists for
# checking incoming messages. The names of these ACLs are defined here:
+acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
.ifdef _HAVE_PRDR
acl_smtp_data_prdr = acl_check_prdr
.endif
acl_smtp_data = acl_check_data
+acl_smtp_mime = acl_check_mime
# You should not change those settings until you understand how ACLs work.
@@ -136,7 +138,7 @@
# of what to set for other virus scanners. The second modification is in the
# acl_check_data access control list (see below).
-# av_scanner = clamd:/tmp/clamd
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
# For spam scanning, there is a similar option that defines the interface to
@@ -157,7 +159,7 @@
# This is equivalent to the default.
-# tls_advertise_hosts = *
+tls_advertise_hosts = *
# Specify the location of the Exim server's TLS certificate and private key.
# The private key must not be encrypted (password protected). You can put
@@ -165,8 +167,8 @@
# need the first setting, or in separate files, in which case you need both
# options.
-# tls_certificate = /etc/ssl/exim.crt
-# tls_privatekey = /etc/ssl/exim.pem
+tls_certificate = /etc/pki/tls/certs/exim.pem
+tls_privatekey = /etc/pki/tls/private/exim.pem
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
.ifdef _HAVE_OPENSSL
@@ -189,8 +191,8 @@
# them you should also allow TLS-on-connect on the traditional but
# non-standard port 465.
-# daemon_smtp_ports = 25 : 465 : 587
-# tls_on_connect_ports = 465
+daemon_smtp_ports = 25 : 465 : 587
+tls_on_connect_ports = 465
# Specify the domain you want to be added to all unqualified addresses
@@ -248,6 +250,25 @@
host_lookup = *
+# This setting, if uncommented, allows users to authenticate using
+# their system passwords against saslauthd if they connect over a
+# secure connection. If you have network logins such as NIS or
+# Kerberos rather than only local users, then you possibly also want
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
+# allows them to relay through the system.
+#
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
+#
+# By default, we set this option to allow SMTP AUTH from nowhere
+# (Exim's default would be to allow it from anywhere, even on an
+# unencrypted connection).
+#
+# Comment this one out if you uncomment the above. Did you make sure
+# saslauthd is actually running first?
+#
+auth_advertise_hosts =
+
# The setting below causes Exim to try to initialize the system resolver
# library with DNSSEC support. It has no effect if your library lacks
@@ -378,8 +399,8 @@
# Note that TZ is handled separately by the timezone runtime option
# and TIMEZONE_DEFAULT buildtime option.
-# keep_environment = ^LDAP
-# add_environment = PATH=/usr/bin::/bin
+keep_environment = ^LDAP
+add_environment = PATH=/usr/bin::/bin
@@ -390,6 +411,29 @@
begin acl
+
+# This access control list is used for the MAIL command in an incoming
+# SMTP message.
+
+acl_check_mail:
+
+ # Hosts are required to say HELO (or EHLO) before sending mail.
+ # So don't allow them to use the MAIL command if they haven't
+ # done so.
+
+ deny condition = ${if eq{$sender_helo_name}{} {1}}
+ message = Nice boys say HELO first
+
+ # Use the lack of reverse DNS to trigger greylisting. Some people
+ # even reject for it but that would be a little excessive.
+
+ warn condition = ${if eq{$sender_host_name}{} {1}}
+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
+
+ accept
+
+
+
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
@@ -401,6 +445,7 @@
accept hosts = :
control = dkim_disable_verify
+ control = dmarc_disable_verify
#############################################################################
# The following section of the ACL is concerned with local parts that contain
@@ -454,7 +499,8 @@
accept local_parts = postmaster
domains = +local_domains
- # Deny unless the sender address can be verified.
+ # Deny unless the sender address can be routed. For proper verification of the
+ # address, read the documentation on callouts and add the /callout modifier.
require verify = sender
@@ -494,6 +540,7 @@
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
+ control = dmarc_disable_verify
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
@@ -503,6 +550,7 @@
accept authenticated = *
control = submission
control = dkim_disable_verify
+ control = dmarc_disable_verify
# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
@@ -523,7 +571,8 @@
# There are no default checks on DNS black lists because the domains that
# contain these lists are changing all the time. However, here are two
# examples of how you can get Exim to perform a DNS black list lookup at this
- # point. The first one denies, whereas the second just warns.
+ # point. The first one denies, whereas the second just warns. The third
+ # triggers greylisting for any host in the blacklist
#
# deny dnslists = black.list.example
# message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
@@ -531,6 +580,10 @@
# warn dnslists = black.list.example
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
# log_message = found in $dnslist_domain
+ #
+ # warn dnslists = black.list.example
+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
+ #
#############################################################################
#############################################################################
@@ -556,6 +609,10 @@
# condition = ${if > {0}{$recipients_count}}
# set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
#############################################################################
+ # Alternatively, greylist for it:
+ # warn !verify = csa
+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
+
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
@@ -606,21 +663,33 @@
message = header syntax
log_message = header syntax ($acl_verify_message)
+ # Put simple tests first. A good one is to check for the presence of a
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
+ # or misconfigured mailer software occasionally omits this from genuine
+ # messages too, though -- although it's not hard for the offender to fix
+ # after they receive a bounce because of it.
+ #
+ # deny condition = ${if !def:h_Message-ID: {1}}
+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
+ # Most messages without it are spam, so your mail has been rejected.
+ #
+ # Alternatively if we're feeling more lenient we could just use it to
+ # trigger greylisting instead:
+
+ warn condition = ${if !def:h_Message-ID: {1}}
+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
+
+
# Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above.
#
# deny malware = *
# message = This message contains a virus ($malware_name).
- # Add headers to a message if it is judged to be spam. Before enabling this,
- # you must install SpamAssassin. You may also need to set the spamd_address
- # option above.
- #
- # warn spam = nobody
- # add_header = X-Spam_score: $spam_score\n\
- # X-Spam_score_int: $spam_score_int\n\
- # X-Spam_bar: $spam_bar\n\
- # X-Spam_report: $spam_report
+ # Bypass SpamAssassin checks if the message is too large.
+ #
+ # accept condition = ${if >={$message_size}{100000} {1}}
+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
#############################################################################
# No more tests if PRDR was actively used.
@@ -633,13 +702,64 @@
# deny set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
# condition = ...
#############################################################################
+
+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
+ # score exceeds the SA system threshold.
+ #
+ # warn spam = nobody/defer_ok
+ # add_header = X-Spam-Flag: YES
+ #
+ # accept condition = ${if !def:spam_score_int {1}}
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
+ #
+
+ # Unconditionally add score and report headers
+ #
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
+ # X-Spam-Report: $spam_report
+
+ # And reject if the SpamAssassin score is greater than ten
+ #
+ # deny condition = ${if >{$spam_score_int}{100} {1}}
+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
+ # $spam_report
+
+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
+ #
+ # warn condition = ${if >{$spam_score_int}{5} {1}}
+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
- # Accept the message.
+ # If you want to greylist _all_ mail rather than only mail which looks like there
+ # might be something wrong with it, then you can do this...
+ #
+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
+
+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist
+ # package which contains this subroutine, and you need to uncomment the bit below
+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
+ # greylisting will kick in and will defer the mail to check if the sender is a
+ # proper mail which which retries, or whether it's a zombie. For more details, see
+ # the exim-greylist.conf.inc file itself.
+ #
+ # require acl = greylist_mail
accept
+# To enable the greylisting, also uncomment this line:
+# .include /etc/exim/exim-greylist.conf.inc
+
+acl_check_mime:
+ # File extension filtering.
+ deny message = Blacklisted file extension detected
+ condition = ${if match \
+ {${lc:$mime_filename}} \
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
+ {1}{0}}
+
+ accept
######################################################################
# ROUTERS CONFIGURATION #
@@ -740,7 +860,7 @@
driver = redirect
allow_fail
allow_defer
- data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe
@@ -778,7 +898,7 @@
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
-# allow_filter
+ allow_filter
no_verify
no_expn
check_ancestor
@@ -786,6 +906,12 @@
pipe_transport = address_pipe
reply_transport = address_reply
+procmail:
+ driver = accept
+ check_local_user
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+ transport = procmail
+ no_verify
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
@@ -826,6 +952,25 @@
tls_resumption_hosts = *
.endif
+# This transport is used for delivering messages over SMTP using the
+# "message submission" port (RFC4409).
+
+remote_msa:
+ driver = smtp
+ port = 587
+ hosts_require_auth = *
+
+
+# This transport invokes procmail to deliver mail
+procmail:
+ driver = pipe
+ command = "/usr/bin/procmail -d $local_part"
+ return_path_add
+ delivery_date_add
+ envelope_to_add
+ user = $local_part
+ initgroups
+ return_output
# This transport is used for delivering messages to a smarthost, if the
# smarthost router is enabled. This starts from the same basis as
@@ -880,8 +1025,8 @@
delivery_date_add
envelope_to_add
return_path_add
-# group = mail
-# mode = 0660
+ group = mail
+ mode = 0660
# This transport is used for handling pipe deliveries generated by alias or
@@ -914,6 +1059,16 @@
driver = autoreply
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
+# socket. You'll need to configure the 'localuser' router above to use it.
+#
+#lmtp_delivery:
+# home_directory = /var/spool/imap
+# driver = lmtp
+# command = "/usr/lib/cyrus-imapd/deliver -l"
+# batch_max = 20
+# user = cyrus
+
######################################################################
# RETRY CONFIGURATION #
@@ -954,6 +1109,21 @@
# AUTHENTICATION CONFIGURATION #
######################################################################
+begin authenticators
+
+# This authenticator supports CRAM-MD5 username/password authentication
+# with Exim acting as a _client_, as it might when sending its outgoing
+# mail to a smarthost rather than directly to the final recipient.
+# Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
+
+#client_auth:
+# driver = cram_md5
+# public_name = CRAM-MD5
+# client_name = SMTPAUTH_USERNAME
+# client_secret = SMTPAUTH_PASSWORD
+
+#
+
# The following authenticators support plaintext username/password
# authentication using the standard PLAIN mechanism and the traditional
# but non-standard LOGIN mechanism, with Exim acting as the server.
@@ -969,7 +1139,7 @@
# The default RCPT ACL checks for successful authentication, and will accept
# messages from authenticated users from anywhere on the Internet.
-begin authenticators
+#
# PLAIN authentication has no server prompts. The client sends its
# credentials in one lump, containing an authorization ID (which we do not
@@ -983,7 +1153,7 @@
# driver = plaintext
# server_set_id = $auth2
# server_prompts = :
-# server_condition = Authentication is not yet configured
+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
# server_advertise_condition = ${if def:tls_in_cipher }
# LOGIN authentication has traditional prompts and responses. There is no
@@ -995,7 +1165,7 @@
# driver = plaintext
# server_set_id = $auth1
# server_prompts = <| Username: | Password:
-# server_condition = Authentication is not yet configured
+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
# server_advertise_condition = ${if def:tls_in_cipher }
diff -Naur exim-4.95_orig/src/EDITME exim-4.95/src/EDITME
--- exim-4.95_orig/src/EDITME 2021-09-28 14:24:46.000000000 +0600
+++ exim-4.95/src/EDITME 2022-02-25 17:09:01.505085519 +0600
@@ -99,7 +99,7 @@
# /usr/local/sbin. The installation script will try to create this directory,
# and any superior directories, if they do not exist.
-BIN_DIRECTORY=/usr/exim/bin
+BIN_DIRECTORY=/usr/sbin
#------------------------------------------------------------------------------
@@ -115,7 +115,7 @@
# don't exist. It will also install a default runtime configuration if this
# file does not exist.
-CONFIGURE_FILE=/usr/exim/configure
+CONFIGURE_FILE=/etc/exim/exim.conf
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
# In this case, Exim will use the first of them that exists when it is run.
@@ -132,7 +132,7 @@
# deliveries. (Local deliveries run as various non-root users, typically as the
# owner of a local mailbox.) Specifying these values as root is not supported.
-EXIM_USER=
+EXIM_USER=93
# If you specify EXIM_USER as a name, this is looked up at build time, and the
# uid number is built into the binary. However, you can specify that this
@@ -153,7 +153,7 @@
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
# you want to use a group other than the default group for the given user.
-# EXIM_GROUP=
+EXIM_GROUP=93
# Many sites define a user called "exim", with an appropriate default group,
# and use
@@ -210,10 +210,10 @@
# If you are building with TLS, the library configuration must be done:
# Uncomment this if you are using OpenSSL
-# USE_OPENSSL=yes
+USE_OPENSSL=yes
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
# and an optional location.
-# USE_OPENSSL_PC=openssl
+USE_OPENSSL_PC=openssl
# TLS_LIBS=-lssl -lcrypto
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
@@ -340,7 +340,7 @@
# This one is special-purpose, and commonly not required, so it is not
# included by default.
-# TRANSPORT_LMTP=yes
+TRANSPORT_LMTP=yes
#------------------------------------------------------------------------------
@@ -349,9 +349,9 @@
# MBX, is included only when requested. If you do not know what this is about,
# leave these settings commented out.
-# SUPPORT_MAILDIR=yes
-# SUPPORT_MAILSTORE=yes
-# SUPPORT_MBX=yes
+SUPPORT_MAILDIR=yes
+SUPPORT_MAILSTORE=yes
+SUPPORT_MBX=yes
#------------------------------------------------------------------------------
@@ -409,22 +409,24 @@
LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes
-# LOOKUP_CDB=yes
-# LOOKUP_DSEARCH=yes
+LOOKUP_CDB=yes
+LOOKUP_DSEARCH=yes
# LOOKUP_IBASE=yes
-# LOOKUP_JSON=yes
-# LOOKUP_LDAP=yes
+LOOKUP_JSON=yes
+LOOKUP_LDAP=yes
# LOOKUP_LMDB=yes
-# LOOKUP_MYSQL=yes
+LOOKUP_MYSQL=2
# LOOKUP_MYSQL_PC=mariadb
-# LOOKUP_NIS=yes
-# LOOKUP_NISPLUS=yes
+LOOKUP_NIS=yes
+LOOKUP_NISPLUS=yes
+CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc
+LIBS+=-L/usr/$(_lib)/nsl
# LOOKUP_ORACLE=yes
-# LOOKUP_PASSWD=yes
-# LOOKUP_PGSQL=yes
-# LOOKUP_REDIS=yes
-# LOOKUP_SQLITE=yes
+LOOKUP_PASSWD=yes
+LOOKUP_PGSQL=yes
+LOOKUP_REDIS=yes
+LOOKUP_SQLITE=yes
# LOOKUP_SQLITE_PC=sqlite3
# LOOKUP_WHOSON=yes
@@ -437,7 +439,7 @@
# Some platforms may need this for LOOKUP_NIS:
-# LIBS += -lnsl
+LIBS += -lnsl
#------------------------------------------------------------------------------
# If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
@@ -448,10 +450,12 @@
# with Solaris 7 onwards. Uncomment whichever of these you are using.
# LDAP_LIB_TYPE=OPENLDAP1
-# LDAP_LIB_TYPE=OPENLDAP2
+LDAP_LIB_TYPE=OPENLDAP2
# LDAP_LIB_TYPE=NETSCAPE
# LDAP_LIB_TYPE=SOLARIS
+LOOKUP_LIBS=-lldap -llber -lsqlite3
+
# If you don't set any of these, Exim assumes the original University of
# Michigan (OpenLDAP 1) library.
@@ -504,7 +508,7 @@
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
# local OS-specific make files.
-# EXIM_MONITOR=eximon.bin
+EXIM_MONITOR=eximon.bin
#------------------------------------------------------------------------------
@@ -514,7 +518,7 @@
# and the MIME ACL. Please read the documentation to learn more about these
# features.
-# WITH_CONTENT_SCAN=yes
+WITH_CONTENT_SCAN=yes
# If you have content scanning you may wish to only include some of the scanner
# interfaces. Uncomment any of these lines to remove that code.
@@ -590,7 +590,7 @@
# Uncomment the following lines to add SRS (Sender Rewriting Scheme) support
# using only native facilities.
-# SUPPORT_SRS=yes
+SUPPORT_SRS=yes
#------------------------------------------------------------------------------
@@ -607,12 +611,12 @@
# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken;
# 1.3.2-3 works. I seems that the OpenDMARC project broke their API.
-# SUPPORT_DMARC=yes
+SUPPORT_DMARC=yes
# CFLAGS += -I/usr/local/include
-# LDFLAGS += -lopendmarc
+LDFLAGS += -lopendmarc
# Uncomment the following if you need to change the default. You can
# override it at runtime (main config option dmarc_tld_file)
-# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
+DMARC_TLD_FILE=/usr/share/publicsuffix/public_suffix_list.dat
# Uncomment the following line to add ARC (Authenticated Received Chain)
# support. You must have SPF and DKIM support enabled also.
@@ -712,7 +716,7 @@
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
+TRUSTED_CONFIG_LIST=/etc/exim/trusted-configs
#------------------------------------------------------------------------------
@@ -764,18 +768,18 @@
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
-# AUTH_CRAM_MD5=yes
-# AUTH_CYRUS_SASL=yes
-# AUTH_DOVECOT=yes
+AUTH_CRAM_MD5=yes
+AUTH_CYRUS_SASL=yes
+AUTH_DOVECOT=yes
# AUTH_EXTERNAL=yes
-# AUTH_GSASL=yes
-# AUTH_GSASL_PC=libgsasl
+AUTH_GSASL=yes
+AUTH_GSASL_PC=libgsasl
# AUTH_HEIMDAL_GSSAPI=yes
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
-# AUTH_PLAINTEXT=yes
-# AUTH_SPA=yes
-# AUTH_TLS=yes
+AUTH_PLAINTEXT=yes
+AUTH_SPA=yes
+AUTH_TLS=yes
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
# requires multiple pkg-config files to work with Exim, so the second example
@@ -802,7 +806,7 @@
# one that is set in the headers_charset option. The default setting is
# defined by this setting:
-HEADERS_CHARSET="ISO-8859-1"
+HEADERS_CHARSET="UTF-8"
# If you are going to make use of $header_xxx expansions in your configuration
# file, or if your users are going to use them in filter files, and the normal
@@ -822,7 +826,7 @@
# the Sieve filter support. For those OS where iconv() is known to be installed
# as standard, the file in OS/Makefile-xxxx contains
#
-# HAVE_ICONV=yes
+HAVE_ICONV=yes
#
# If you are not using one of those systems, but have installed iconv(), you
# need to uncomment that line above. In some cases, you may find that iconv()
@@ -898,7 +902,7 @@
# Once you have done this, "make install" will build the info files and
# install them in the directory you have defined.
-# INFO_DIRECTORY=/usr/share/info
+INFO_DIRECTORY=/usr/share/info
#------------------------------------------------------------------------------
@@ -911,7 +915,7 @@
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
# to form the final file names. Some installations may want something like this:
-# LOG_FILE_PATH=/var/log/exim_%slog
+LOG_FILE_PATH=/var/log/exim/%s.log
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
@@ -983,7 +987,7 @@
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
# Perl costs quite a lot of resources. Only do this if you really need it.
-# EXIM_PERL=perl.o
+EXIM_PERL=perl.o
#------------------------------------------------------------------------------
@@ -993,7 +997,7 @@
# that the local_scan API is made available by the linker. You may also need
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
-# EXPAND_DLFUNC=yes
+EXPAND_DLFUNC=yes
#------------------------------------------------------------------------------
@@ -1003,7 +1007,7 @@
# support, which is intended for use in conjunction with the SMTP AUTH
# facilities, is included only when requested by the following setting:
-# SUPPORT_PAM=yes
+SUPPORT_PAM=yes
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
@@ -1015,12 +1019,12 @@
# If you may want to use outbound (client-side) proxying, using Socks5,
# uncomment the line below.
-# SUPPORT_SOCKS=yes
+SUPPORT_SOCKS=yes
# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
# uncomment the line below.
-# SUPPORT_PROXY=yes
+SUPPORT_PROXY=yes
#------------------------------------------------------------------------------
@@ -1044,9 +1048,9 @@
# installed on your system (www.libspf2.org). Depending on where it is installed
# you may have to edit the CFLAGS and LDFLAGS lines.
-# SUPPORT_SPF=yes
+SUPPORT_SPF=yes
# CFLAGS += -I/usr/local/include
-# LDFLAGS += -lspf2
+LDFLAGS += -lspf2
#------------------------------------------------------------------------------
@@ -1111,7 +1115,7 @@
# group. Once you have installed saslauthd, you should arrange for it to be
# started by root at boot time.
-# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
#------------------------------------------------------------------------------
@@ -1125,8 +1129,8 @@
# library for TCP wrappers, so you probably need something like this:
#
# USE_TCP_WRAPPERS=yes
-# CFLAGS=-O -I/usr/local/include
-# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
+EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
#
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
# as well.
@@ -1178,7 +1182,7 @@
# is "yes", as well as supporting line editing, a history of input lines in the
# current run is maintained.
-# USE_READLINE=yes
+USE_READLINE=yes
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
# Note that this option adds to the size of the Exim binary, because the
@@ -1195,7 +1199,7 @@
#------------------------------------------------------------------------------
# Uncomment this setting to include IPv6 support.
-# HAVE_IPV6=yes
+HAVE_IPV6=yes
###############################################################################
# THINGS YOU ALMOST NEVER NEED TO MENTION #
@@ -1216,13 +1220,13 @@
# haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities.
-# CHOWN_COMMAND=/usr/bin/chown
-# CHGRP_COMMAND=/usr/bin/chgrp
-# CHMOD_COMMAND=/usr/bin/chmod
-# MV_COMMAND=/bin/mv
-# RM_COMMAND=/bin/rm
-# TOUCH_COMMAND=/usr/bin/touch
-# PERL_COMMAND=/usr/bin/perl
+CHOWN_COMMAND=/bin/chown
+CHGRP_COMMAND=/bin/chgrp
+CHMOD_COMMAND=/bin/chmod
+MV_COMMAND=/bin/mv
+RM_COMMAND=/bin/rm
+TOUCH_COMMAND=/bin/touch
+PERL_COMMAND=/usr/bin/perl
#------------------------------------------------------------------------------
@@ -1424,7 +1428,7 @@
# (process id) to a file so that it can easily be identified. The path of the
# file can be specified here. Some installations may want something like this:
-# PID_FILE_PATH=/var/lock/exim.pid
+PID_FILE_PATH=/var/run/exim.pid
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".
Reference in New Issue View Git Blame Copy Permalink