rpms/exim/FC-5 exim-4.62-dlopen-localscan.patch, NONE, 1.1 exim-4.63-allow-filter.patch, NONE, 1.1 exim-4.63-localhost-is-local.patch, NONE, 1.1 exim-4.63-procmail.patch, NONE, 1.1 exim-4.33-cyrus.patch, 1.1, 1.2 exim-4.43-pamconfig.patch, 1.1, 1.2 exim-4.50-spamdconf.patch, 1.1, 1.2 exim.pam, 1.1, 1.2 exim.spec, 1.20, 1.21
David Woodhouse (dwmw2)
fedora-extras-commits at redhat.com
Mon Sep 4 04:45:27 UTC 2006
- Previous message: rpms/xpilot-ng/FC-5 xpilotd.fc, NONE, 1.1 xpilotd.if, NONE, 1.1 xpilotd.te, NONE, 1.1 xpilot-ng-server.init, 1.2, 1.3 xpilot-ng.spec, 1.6, 1.7
- Next message: rpms/exim-doc/devel needs.rebuild,1.1,NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwmw2
Update of /cvs/extras/rpms/exim/FC-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19813
Modified Files:
exim-4.33-cyrus.patch exim-4.43-pamconfig.patch
exim-4.50-spamdconf.patch exim.pam exim.spec
Added Files:
exim-4.62-dlopen-localscan.patch exim-4.63-allow-filter.patch
exim-4.63-localhost-is-local.patch exim-4.63-procmail.patch
Log Message:
sync with devel
exim-4.62-dlopen-localscan.patch:
--- NEW FILE exim-4.62-dlopen-localscan.patch ---
The initial version of this patch was originally posted David Woodhouse, and
dman gets the credit for first integrating it with SA-Exim.
I have since then maintained it by first making a few minor changes, and
later switching it to a major/minor number scheme to support upgrades in
the exim API that don't affect backward compatibility (you can rely on
a feature denoted by the minor number and be compatible with future versions
of exim until Philip has to break the API and increase the major number)
Marc MERLIN <marc_soft at merlins.org>
diff -urN exim-4.14-0/src/EDITME exim-4.14-1/src/EDITME
--- exim-4.14-0/src/EDITME Tue Mar 11 04:20:18 2003
+++ exim-4.14-1/src/EDITME Sun Mar 23 15:34:15 2003
@@ -388,6 +388,20 @@
#------------------------------------------------------------------------------
+# On systems which support dynamic loading of shared libraries, Exim can
+# load a local_scan function specified in its config file instead of having
+# to be recompiled with the desired local_scan function. For a full
+# description of the API to this function, see the Exim specification.
+
+DLOPEN_LOCAL_SCAN=yes
+
+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
+# linker flags. Without it, the loaded .so won't be able to access any
+# functions from exim.
+
+LFLAGS=-rdynamic -ldl
+
+#------------------------------------------------------------------------------
# The default distribution of Exim contains only the plain text form of the
# documentation. Other forms are available separately. If you want to install
# the documentation in "info" format, first fetch the Texinfo documentation
diff -urNad 50_localscan_dlopen.tmp/src/config.h.defaults 50_localscan_dlopen/src/config.h.defaults
--- 50_localscan_dlopen.tmp/src/config.h.defaults Sun Dec 29 11:55:42 2002
+++ 50_localscan_dlopen/src/config.h.defaults Sun Dec 29 11:56:44 2002
@@ -17,6 +17,8 @@
#define AUTH_PLAINTEXT
#define AUTH_SPA
+#define DLOPEN_LOCAL_SCAN
+
#define BIN_DIRECTORY
#define CONFIGURE_FILE
diff -urN exim-4.14-0/src/globals.c exim-4.14-1/src/globals.c
--- exim-4.14-0/src/globals.c Tue Mar 11 04:20:20 2003
+++ exim-4.14-1/src/globals.c Sun Mar 23 15:34:15 2003
@@ -103,6 +103,9 @@
uschar *tls_verify_hosts = NULL;
#endif
+#ifdef DLOPEN_LOCAL_SCAN
+uschar *local_scan_path = NULL;
+#endif
/* Input-reading functions for messages, so we can use special ones for
incoming TCP/IP. The defaults use stdin. We never need these for any
diff -urN exim-4.14-0/src/globals.h exim-4.14-1/src/globals.h
--- exim-4.14-0/src/globals.h Tue Mar 11 04:20:20 2003
+++ exim-4.14-1/src/globals.h Sun Mar 23 15:34:15 2003
@@ -67,6 +67,9 @@
extern uschar *tls_verify_hosts; /* Mandatory client verification */
#endif
+#ifdef DLOPEN_LOCAL_SCAN
+extern uschar *local_scan_path; /* Path to local_scan() library */
+#endif
/* Input-reading functions for messages, so we can use special ones for
incoming TCP/IP. */
diff -urN exim-4.14-0/src/local_scan.c exim-4.14-1/src/local_scan.c
--- exim-4.14-0/src/local_scan.c Tue Mar 11 04:20:20 2003
+++ exim-4.14-1/src/local_scan.c Sun Mar 23 15:34:15 2003
@@ -5,60 +5,131 @@
/* Copyright (c) University of Cambridge 1995 - 2003 */
/* See the file NOTICE for conditions of use and distribution. */
+#include "exim.h"
-/******************************************************************************
-This file contains a template local_scan() function that just returns ACCEPT.
-If you want to implement your own version, you should copy this file to, say
-Local/local_scan.c, and edit the copy. To use your version instead of the
-default, you must set
-
-LOCAL_SCAN_SOURCE=Local/local_scan.c
-
-in your Local/Makefile. This makes it easy to copy your version for use with
-subsequent Exim releases.
-
-For a full description of the API to this function, see the Exim specification.
-******************************************************************************/
-
-
-/* This is the only Exim header that you should include. The effect of
-including any other Exim header is not defined, and may change from release to
-release. Use only the documented interface! */
-
-#include "local_scan.h"
-
-
-/* This is a "do-nothing" version of a local_scan() function. The arguments
-are:
-
- fd The file descriptor of the open -D file, which contains the
- body of the message. The file is open for reading and
- writing, but modifying it is dangerous and not recommended.
-
- return_text A pointer to an unsigned char* variable which you can set in
- order to return a text string. It is initialized to NULL.
-
-The return values of this function are:
-
- LOCAL_SCAN_ACCEPT
- The message is to be accepted. The return_text argument is
- saved in $local_scan_data.
-
- LOCAL_SCAN_REJECT
- The message is to be rejected. The returned text is used
- in the rejection message.
-
- LOCAL_SCAN_TEMPREJECT
- This specifies a temporary rejection. The returned text
- is used in the rejection message.
-*/
+#ifdef DLOPEN_LOCAL_SCAN
+#include <dlfcn.h>
+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
+static int load_local_scan_library(void);
+#endif
int
local_scan(int fd, uschar **return_text)
{
fd = fd; /* Keep picky compilers happy */
return_text = return_text;
-return LOCAL_SCAN_ACCEPT;
+#ifdef DLOPEN_LOCAL_SCAN
+/* local_scan_path is defined AND not the empty string */
+if (local_scan_path && *local_scan_path)
+ {
+ if (!local_scan_fn)
+ {
+ if (!load_local_scan_library())
+ {
+ char *base_msg , *error_msg , *final_msg ;
+ int final_length = -1 ;
+
+ base_msg=US"Local configuration error - local_scan() library failure\n";
+ error_msg = dlerror() ;
+
+ final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
+ final_msg = (char*)malloc( final_length*sizeof(char) ) ;
+ *final_msg = '\0' ;
+
+ strcat( final_msg , base_msg ) ;
+ strcat( final_msg , error_msg ) ;
+
+ *return_text = final_msg ;
+ return LOCAL_SCAN_TEMPREJECT;
+ }
+ }
+ return local_scan_fn(fd, return_text);
+ }
+else
+#endif
+ return LOCAL_SCAN_ACCEPT;
+}
+
+#ifdef DLOPEN_LOCAL_SCAN
+
+static int load_local_scan_library(void)
+{
+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
+void *local_scan_lib = NULL;
+int (*local_scan_version_fn)(void);
+int vers_maj;
+int vers_min;
+
+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
+if (!local_scan_lib)
+ {
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
+ "message temporarily rejected");
+ return FALSE;
+ }
+
+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
+if (!local_scan_version_fn)
+ {
+ dlclose(local_scan_lib);
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+ "local_scan_version_major() function - message temporarily rejected");
+ return FALSE;
+ }
+
+/* The major number is increased when the ABI is changed in a non
+ backward compatible way. */
+vers_maj = local_scan_version_fn();
+
+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
+if (!local_scan_version_fn)
+ {
+ dlclose(local_scan_lib);
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+ "local_scan_version_minor() function - message temporarily rejected");
+ return FALSE;
+ }
+
+/* The minor number is increased each time a new feature is added (in a
+ way that doesn't break backward compatibility) -- Marc */
+vers_min = local_scan_version_fn();
+
+
+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
+ {
+ dlclose(local_scan_lib);
+ local_scan_lib = NULL;
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
+ "version number, you need to recompile your module for this version"
+ "of exim (The module was compiled for version %d.%d and this exim provides"
+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
+ LOCAL_SCAN_ABI_VERSION_MINOR);
+ return FALSE;
+ }
+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
+ {
+ dlclose(local_scan_lib);
+ local_scan_lib = NULL;
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
+ "version number, you need to recompile your module for this version"
+ "of exim (The module was compiled for version %d.%d and this exim provides"
+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
+ LOCAL_SCAN_ABI_VERSION_MINOR);
+ return FALSE;
+ }
+
+local_scan_fn = dlsym(local_scan_lib, "local_scan");
+if (!local_scan_fn)
+ {
+ dlclose(local_scan_lib);
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+ "local_scan() function - message temporarily rejected");
+ return FALSE;
+ }
+
+return TRUE;
}
+
+#endif /* DLOPEN_LOCAL_SCAN */
/* End of local_scan.c */
diff -urN exim-4.14-0/src/readconf.c exim-4.14-1/src/readconf.c
--- exim-4.14-0/src/readconf.c Tue Mar 11 04:20:22 2003
+++ exim-4.14-1/src/readconf.c Sun Mar 23 15:34:15 2003
@@ -182,6 +182,9 @@
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
{ "local_interfaces", opt_stringptr, &local_interfaces },
+#ifdef DLOPEN_LOCAL_SCAN
+ { "local_scan_path", opt_stringptr, &local_scan_path },
+#endif
{ "local_scan_timeout", opt_time, &local_scan_timeout },
{ "local_sender_retain", opt_bool, &local_sender_retain },
{ "localhost_number", opt_stringptr, &host_number_string },
exim-4.63-allow-filter.patch:
--- NEW FILE exim-4.63-allow-filter.patch ---
--- exim-4.63/src/configure.default~ 2006-09-03 15:02:28.000000000 -0700
+++ exim-4.63/src/configure.default 2006-09-03 15:46:53.000000000 -0700
@@ -672,7 +672,7 @@ userforward:
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
-# allow_filter
+ allow_filter
no_verify
no_expn
check_ancestor
exim-4.63-localhost-is-local.patch:
--- NEW FILE exim-4.63-localhost-is-local.patch ---
--- exim-4.63/src/configure.default~ 2006-09-03 19:31:28.000000000 -0700
+++ exim-4.63/src/configure.default 2006-09-03 19:37:42.000000000 -0700
@@ -56,7 +56,7 @@
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists:
-domainlist local_domains = @
+domainlist local_domains = @ : localhost : localhost.localdomain
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1
exim-4.63-procmail.patch:
--- NEW FILE exim-4.63-procmail.patch ---
--- exim-4.63/src/configure.default~ 2006-09-03 15:02:28.000000000 -0700
+++ exim-4.63/src/configure.default 2006-09-03 15:46:53.000000000 -0700
@@ -680,6 +680,12 @@ userforward:
pipe_transport = address_pipe
reply_transport = address_reply
+procmail:
+ driver = accept
+ check_local_user
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+ transport = procmail
+ no_verify
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
@@ -717,6 +723,16 @@ begin transports
remote_smtp:
driver = smtp
+# This transport invokes procmail to deliver mail
+procmail:
+ driver = pipe
+ command = "/usr/bin/procmail -d $local_part"
+ return_path_add
+ delivery_date_add
+ envelope_to_add
+ user = $local_part
+ initgroups
+ return_output
# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
exim-4.33-cyrus.patch:
Index: exim-4.33-cyrus.patch
===================================================================
RCS file: /cvs/extras/rpms/exim/FC-5/exim-4.33-cyrus.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- exim-4.33-cyrus.patch 19 Apr 2005 04:06:04 -0000 1.1
+++ exim-4.33-cyrus.patch 4 Sep 2006 04:45:27 -0000 1.2
@@ -5,9 +5,9 @@
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
-+# socket.
++# socket. You'll need to configure the 'localuser' router above to use it.
+#
-+#local_delivery:
++#lmtp_delivery:
+# driver = lmtp
+# command = "/usr/lib/cyrus-imapd/deliver -l"
+# batch_max = 20
exim-4.43-pamconfig.patch:
Index: exim-4.43-pamconfig.patch
===================================================================
RCS file: /cvs/extras/rpms/exim/FC-5/exim-4.43-pamconfig.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- exim-4.43-pamconfig.patch 19 Apr 2005 04:06:04 -0000 1.1
+++ exim-4.43-pamconfig.patch 4 Sep 2006 04:45:27 -0000 1.2
@@ -1,25 +1,40 @@
--- exim-4.43/src/configure.default.pam 2004-12-16 13:27:55.000000000 +0000
+++ exim-4.43/src/configure.default 2004-12-16 15:41:34.000000000 +0000
-@@ -238,6 +238,40 @@
+@@ -160,7 +160,7 @@ acl_smtp_data = acl_check_data
- timeout_frozen_after = 7d
+ # Allow any client to use TLS.
-+# This option, if uncommented, allows Exim to listen on ports other than
-+# just the default port 25. For example, you may wish Exim to sldo listen
-+# on the 'message submission' port 587 for roaming clients which cannot
-+# use port 25 directly from their current location. (cf. RFC 2476).
-+#
-+# daemon_smtp_ports = smtp : msa
-+
-+# This option instructs Exim to advertise the availability of encrypted
-+# connections to all hosts, and uses the certificate which is automatically
-+# generated when the RPM is installed. You can disable TLS, should you need
-+# to do so, by commenting out the three lines below.
-+
+-# tls_advertise_hosts = *
+tls_advertise_hosts = *
-+tls_certificate = /usr/share/ssl/certs/exim.pem
-+tls_privatekey = /usr/share/ssl/private/exim.pem
-+
+
+ # Specify the location of the Exim server's TLS certificate and private key.
+ # The private key must not be encrypted (password protected). You can put
+@@ -168,8 +168,8 @@ acl_smtp_data = acl_check_data
+ # need the first setting, or in separate files, in which case you need both
+ # options.
+
+-# tls_certificate = /etc/ssl/exim.crt
+-# tls_privatekey = /etc/ssl/exim.pem
++tls_certificate = /etc/pki/tls/certs/exim.pem
++tls_privatekey = /etc/pki/tls/private/exim.pem
+
+ # In order to support roaming users who wish to send email from anywhere,
+ # you may want to make Exim listen on other ports as well as port 25, in
+@@ -180,8 +180,8 @@ acl_smtp_data = acl_check_data
+ # them you should also allow TLS-on-connect on the traditional but
+ # non-standard port 465.
+
+-# daemon_smtp_ports = 25 : 465 : 587
+-# tls_on_connect_ports = 465
++daemon_smtp_ports = 25 : 465 : 587
++tls_on_connect_ports = 465
+
+
+ # Specify the domain you want to be added to all unqualified addresses
+@@ -238,6 +238,24 @@
+
+ timeout_frozen_after = 7d
+
+# This setting, if uncommented, allows users to authenticate using
+# their system passwords against saslauthd if they connect over a
+# secure connection. If you have network logins such as NIS or
@@ -41,23 +56,21 @@
######################################################################
-@@ -657,6 +691,19 @@
-
- begin authenticators
+@@ -850,7 +837,7 @@ begin authenticators
+ # driver = plaintext
+ # server_set_id = $auth2
+ # server_prompts = :
+-# server_condition = Authentication is not yet configured
++# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
+ # server_advertise_condition = ${if def:tls_cipher }
+
+ # LOGIN authentication has traditional prompts and responses. There is no
+@@ -862,7 +849,7 @@ begin authenticators
+ # driver = plaintext
+ # server_set_id = $auth1
+ # server_prompts = <| Username: | Password:
+-# server_condition = Authentication is not yet configured
++# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
+ # server_advertise_condition = ${if def:tls_cipher }
-+plain:
-+ driver = plaintext
-+ public_name = PLAIN
-+ server_prompts = :
-+ server_condition = "${if saslauthd{{$2}{$3}{smtp}} {1}}"
-+ server_set_id = $2
-+
-+login:
-+ driver = plaintext
-+ public_name = LOGIN
-+ server_prompts = "Username:: : Password::"
-+ server_condition = "${if saslauthd{{$1}{$2}{smtp}} {1}}"
-+ server_set_id = $1
-
- ######################################################################
exim-4.50-spamdconf.patch:
Index: exim-4.50-spamdconf.patch
===================================================================
RCS file: /cvs/extras/rpms/exim/FC-5/exim-4.50-spamdconf.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- exim-4.50-spamdconf.patch 19 Apr 2005 04:06:04 -0000 1.1
+++ exim-4.50-spamdconf.patch 4 Sep 2006 04:45:27 -0000 1.2
@@ -1,86 +1,102 @@
--- exim-4.50/src/configure.default.orig 2005-02-22 19:49:15.000000000 +0000
+++ exim-4.50/src/configure.default 2005-02-22 19:46:55.000000000 +0000
-@@ -108,6 +108,26 @@
+@@ -108,6 +108,7 @@
- # You should not change that setting until you understand how ACLs work.
+ acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
++acl_smtp_mime = acl_check_mime
-+# The following ACL entries are used if you want to do content scanning with
-+# the exiscan-acl patch. When you uncomment one of these lines, you must also
-+# review the respective entries in the ACL section further below.
-+
-+# acl_smtp_mime = acl_check_mime
-+# acl_smtp_data = acl_check_content
-+
-+# This configuration variable defines the virus scanner that is used with
-+# the 'malware' ACL condition of the exiscan acl-patch. If you do not use
-+# virus scanning, leave it commented. Please read doc/exiscan-acl-readme.txt
-+# for a list of supported scanners.
-+
-+# av_scanner = sophie:/var/run/sophie
-+
-+# The following setting is only needed if you use the 'spam' ACL condition
-+# of the exiscan-acl patch. It specifies on which host and port the SpamAssassin
-+# "spamd" daemon is listening. If you do not use this condition, or you use
-+# the default of "127.0.0.1 783", you can omit this option.
-+
-+# spamd_address = 127.0.0.1 783
+ # You should not change that setting until you understand how ACLs work.
- # Specify the domain you want to be added to all unqualified addresses
- # here. An unqualified address is one that does not contain an "@" character
-@@ -376,6 +396,56 @@
- deny message = relay not permitted
+@@ -120,7 +120,7 @@ acl_smtp_mime = acl_check_mime
+ # of what to set for other virus scanners. The second modification is in the
+ # acl_check_data access control list (see below).
+
+-# av_scanner = clamd:/tmp/clamd
++av_scanner = clamd:/var/run/clamd.exim/clamd.sock
+
+
+ # For spam scanning, there is a similar option that defines the interface to
+@@ -365,7 +365,8 @@ acl_check_rcpt:
+ accept local_parts = postmaster
+ domains = +local_domains
+
+- # Deny unless the sender address can be verified.
++ # Deny unless the sender address can be routed. For proper verification of the
++ # address, read the documentation on callouts and add the /callout modifier.
+
+ require verify = sender
+
+@@ -455,26 +456,62 @@ acl_check_rcpt:
+
+ acl_check_data:
+
++ # Put simple tests first. A good one is to check for the presence of a
++ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
++ # or misconfigured mailer software occasionally omits this from genuine
++ # messages too, though -- although it's not hard for the offender to fix
++ # after they receive a bounce because of it.
++ #
++ # deny condition = ${if !def:h_Message-ID: {1}}
++ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
++ # Most messages without it are spam, so your mail has been rejected.
++
+ # Deny if the message contains a virus. Before enabling this check, you
+ # must install a virus scanner and set the av_scanner option above.
+ #
+ # deny malware = *
+ # message = This message contains a virus ($malware_name).
+
+- # Add headers to a message if it is judged to be spam. Before enabling this,
+- # you must install SpamAssassin. You may also need to set the spamd_address
+- # option above.
+- #
+- # warn spam = nobody
+- # add_header = X-Spam_score: $spam_score\n\
+- # X-Spam_score_int: $spam_score_int\n\
+- # X-Spam_bar: $spam_bar\n\
+- # X-Spam_report: $spam_report
++ # Bypass SpamAssassin checks if the message is too large.
++ #
++ # accept condition = ${if >={$message_size}{100000} {1}}
++ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
+
+- # Accept the message.
++ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
++ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
++ # score exceeds the SA system threshold.
++ #
++ # warn spam = nobody/defer_ok
++ # add_header = X-Spam-Flag: YES
++ #
++ # accept condition = ${if !def:spam_score_int {1}}
++ # add_header = X-Spam-Note: SpamAssassin invocation failed
++ #
++
++ # Unconditionally add score and report headers
++ #
++ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
++ # X-Spam-Report: $spam_report
++
++ # And reject if the SpamAssassin score is greater than ten
++ #
++ # deny condition = ${if >{$spam_score_int}{100} {1}}
++ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
++ # $spam_report
+ accept
-+# These access control lists are used for content scanning with the exiscan-acl
-+# patch. You must also uncomment the entries for acl_smtp_data and acl_smtp_mime
-+# (scroll up), otherwise the ACLs will not be used. IMPORTANT: the default entries here
-+# should be treated as EXAMPLES. You MUST read the file doc/exiscan-acl-spec.txt
-+# to fully understand what you are doing ...
+
+acl_check_mime:
+
-+ # Decode MIME parts to disk. This will support virus scanners later.
-+ warn decode = default
-+
+ # File extension filtering.
+ deny message = Blacklisted file extension detected
+ condition = ${if match \
+ {${lc:$mime_filename}} \
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
+ {1}{0}}
-+
-+# # Reject messages that carry chinese character sets.
-+# # WARNING: This is an EXAMPLE.
-+# deny message = Sorry, noone speaks chinese here
-+# condition = ${if eq{$mime_charset}{gb2312}{1}{0}}
+
+ accept
-+
-+acl_check_content:
-+
-+ # Reject virus infested messages.
-+ deny message = This message contains malware ($malware_name)
-+ malware = *
-+
-+ # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings
-+ # (user "nobody"), no matter if over threshold or not.
-+ warn message = X-Spam-Score: $spam_score ($spam_bar)
-+ spam = nobody:true
-+ warn message = X-Spam-Report: $spam_report
-+ spam = nobody:true
-+
-+ # Add X-Spam-Flag if spam is over system-wide threshold
-+ warn message = X-Spam-Flag: YES
-+ spam = nobody
-+
-+ # Reject spam messages with score over 10, using an extra condition.
-+ deny message = This message scored $spam_score points. Congratulations!
-+ spam = nobody:true
-+ condition = ${if >{$spam_score_int}{100}{1}{0}}
-+
-+ # finally accept all the rest
-+ accept
-+
######################################################################
# ROUTERS CONFIGURATION #
Index: exim.pam
===================================================================
RCS file: /cvs/extras/rpms/exim/FC-5/exim.pam,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- exim.pam 19 Apr 2005 04:06:04 -0000 1.1
+++ exim.pam 4 Sep 2006 04:45:27 -0000 1.2
@@ -1,2 +1,3 @@
-auth required pam_stack.so service=system-auth
-account required pam_stack.so service=system-auth
+#%PAM-1.0
+auth include system-auth
+account include system-auth
Index: exim.spec
===================================================================
RCS file: /cvs/extras/rpms/exim/FC-5/exim.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- exim.spec 2 May 2006 11:30:43 -0000 1.20
+++ exim.spec 4 Sep 2006 04:45:27 -0000 1.21
@@ -1,23 +1,38 @@
+# SA-Exim has long since been obsoleted by the proper built-in ACL support
+# from exiscan. Disable it for FC6 unless people scream.
+%if 0%{?fedora} < 6
+%define buildsa 1
+%endif
+
+# Build clamav subpackage for FC5 and above.
+%if 0%{?fedora} >= 5
+%define buildclam 1
+%endif
+
Summary: The exim mail transfer agent
Name: exim
-Version: 4.62
-Release: 2%{?dist}
+Version: 4.63
+Release: 3%{?dist}
License: GPL
Url: http://www.exim.org/
Group: System Environment/Daemons
-Buildroot: %{_tmppath}/%{name}-build.root
+Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Provides: MTA smtpd smtpdaemon /usr/bin/newaliases
Provides: /usr/sbin/sendmail /usr/bin/mailq /usr/bin/rmail
-PreReq: /sbin/chkconfig
-PreReq: /sbin/service
-PreReq: %{_sbindir}/alternatives
-PreReq: %{_sbindir}/groupadd, %{_sbindir}/useradd
+Requires(post): /sbin/chkconfig /sbin/service %{_sbindir}/alternatives
+Requires(preun): /sbin/chkconfig /sbin/service %{_sbindir}/alternatives
+Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
+%if 0%{?buildclam}
+BuildRequires: clamav-devel
+%endif
Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
Source2: exim.init
Source3: exim.sysconfig
Source4: exim.logrotate
Source11: exim.pam
+%if 0%{?buildsa}
Source13: http://marc.merlins.org/linux/exim/files/sa-exim-4.2.tar.gz
+%endif
Patch4: exim-rhl.patch
Patch6: exim-4.50-config.patch
Patch8: exim-4.24-libdir.patch
@@ -26,29 +41,32 @@
Patch14: exim-4.50-spamdconf.patch
Patch15: exim-4.52-dynamic-pcre.patch
Patch17: exim-4.61-ldap-deprecated.patch
+Patch18: exim-4.62-dlopen-localscan.patch
+Patch19: exim-4.63-procmail.patch
+Patch20: exim-4.63-allow-filter.patch
+Patch21: exim-4.63-localhost-is-local.patch
Requires: /etc/aliases
BuildRequires: db4-devel openssl-devel openldap-devel pam-devel
-BuildRequires: lynx pcre-devel sqlite-devel
+BuildRequires: lynx pcre-devel sqlite-devel tcp_wrappers
BuildRequires: cyrus-sasl-devel openldap-devel openssl-devel mysql-devel postgresql-devel
BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
BuildRequires: libICE-devel libXpm-devel libXt-devel
-PreReq: cyrus-sasl openldap openssl
-%description
-Exim is a mail transport agent (MTA) developed at the University of
-Cambridge for use on Unix systems connected to the Internet. In style
-it is similar to Smail 3, but its facilities are more extensive, and
-in particular it has options for verifying incoming sender and
-recipient addresses, for refusing mail from specified hosts, networks,
-or senders, and for controlling mail relaying. Exim is in production
-use at quite a few sites, some of which move hundreds of thousands of
-messages per day.
+%description
+Exim is a message transfer agent (MTA) developed at the University of
+Cambridge for use on Unix systems connected to the Internet. It is
+freely available under the terms of the GNU General Public Licence. In
+style it is similar to Smail 3, but its facilities are more
+general. There is a great deal of flexibility in the way mail can be
+routed, and there are extensive facilities for checking incoming
+mail. Exim can be installed in place of sendmail, although the
+configuration of exim is quite different to that of sendmail.
%package mon
Summary: X11 monitor application for exim
Group: Applications/System
-License: Free
+License: GPL
%description mon
The Exim Monitor is an optional supplement to the Exim package. It
@@ -59,17 +77,42 @@
%package sa
Summary: Exim SpamAssassin at SMTP time - d/l plugin
Group: System Environment/Daemons
-Requires: exim
+Requires: exim = %{version}-%{release}
%description sa
Allows running of SA on incoming mail and rejection at SMTP time as
well as other nasty things like teergrubing.
+%package clamav
+Summary: Clam Antivirus scanner dæmon configuration for use with Exim
+Group: System Environment/Daemons
+Requires: clamav-server exim
+Obsoletes: clamav-exim <= 0.86.2
+Requires(post): /sbin/chkconfig /sbin/service
+Requires(preun): /sbin/chkconfig /sbin/service
+
+%description clamav
+This package contains configuration files which invoke a copy of the
+clamav dæmon for use with Exim. It can be activated by adding (or
+uncommenting)
+
+ av_scanner = clamd:%{_var}/run/clamd.exim/clamd.sock
+
+in your exim.conf, and using the 'malware' condition in the DATA ACL,
+as follows:
+
+ deny message = This message contains malware ($malware_name)
+ malware = *
+
+For further details of Exim content scanning, see chapter 40 of the Exim
+specification:
+http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch40.html#SECTscanvirus
+
%prep
%setup -q
+%if 0%{?buildsa}
%setup -q -T -D -a 13
-# patch sa
-cat sa-exim*/localscan_dlopen_exim_4.20_or_better.patch | patch -p1
+%endif
cp src/EDITME Local/Makefile
cp exim_monitor/EDITME Local/eximon.conf
@@ -81,19 +124,24 @@
%patch14 -p1 -b .spamd
%patch15 -p1 -b .pcre
%patch17 -p1 -b .ldap
+%patch18 -p1 -b .dl
+%patch19 -p1 -b .procmail
+%patch20 -p1 -b .filter
+%patch21 -p1 -b .localhost
%build
%ifnarch s390 s390x
- make CFLAGS="$RPM_OPT_FLAGS -fpie" LFLAGS=-pie _lib=%{_lib}
+ make CFLAGS="$RPM_OPT_FLAGS -fpie" LFLAGS=-pie _lib=%{_lib}
%else
- make CFLAGS="$RPM_OPT_FLAGS -fPIE" LFLAGS=-pie _lib=%{_lib}
+ make CFLAGS="$RPM_OPT_FLAGS -fPIE" LFLAGS=-pie _lib=%{_lib}
%endif
+%if 0%{?buildsa}
# build sa-exim
cd sa-exim*
perl -pi -e 's|\@lynx|HOME=/ /usr/bin/lynx|g;' Makefile
make SACONF=%{_sysconfdir}/exim/sa-exim.conf CFLAGS="$RPM_OPT_FLAGS -fPIC"
-
+%endif
%install
rm -rf $RPM_BUILD_ROOT
@@ -112,13 +160,13 @@
exigrep eximstats exipick exiqgrep exiqsumm \
exim_checkaccess convert4r4
do
- install -m 0775 $i $RPM_BUILD_ROOT%{_sbindir}
+ install -m 0755 $i $RPM_BUILD_ROOT%{_sbindir}
done
cd ..
install -m 0644 src/configure.default $RPM_BUILD_ROOT%{_sysconfdir}/exim/exim.conf
-install -m 0644 $RPM_SOURCE_DIR/exim.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/exim
+install -m 0644 %SOURCE11 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/exim
mkdir -p $RPM_BUILD_ROOT/usr/lib
pushd $RPM_BUILD_ROOT/usr/lib
@@ -146,29 +194,53 @@
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
install -m644 doc/exim.8 $RPM_BUILD_ROOT%{_mandir}/man8/exim.8
pod2man --center=EXIM --section=8 \
- $RPM_BUILD_ROOT/usr/sbin/eximstats \
- $RPM_BUILD_ROOT%{_mandir}/man8/eximstats.8
+ $RPM_BUILD_ROOT/usr/sbin/eximstats \
+ $RPM_BUILD_ROOT%{_mandir}/man8/eximstats.8
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
-install -m 644 $RPM_SOURCE_DIR/exim.sysconfig $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/exim
+install -m 644 %SOURCE3 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/exim
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
-install $RPM_SOURCE_DIR/exim.init $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/exim
+mkdir -p $RPM_BUILD_ROOT%{_initrddir}
+install %SOURCE2 $RPM_BUILD_ROOT%{_initrddir}/exim
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
-install -m 0644 $RPM_SOURCE_DIR/exim.logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/exim
+install -m 0644 %SOURCE4 $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/exim
+%if 0%{?buildsa}
# install sa
cd sa-exim*
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/exim
install *.so $RPM_BUILD_ROOT%{_libexecdir}/exim
install -m 644 *.conf $RPM_BUILD_ROOT%{_sysconfdir}/exim
ln -s sa-exim*.so $RPM_BUILD_ROOT%{_libexecdir}/exim/sa-exim.so
+%endif
# generate ghost .pem file
-mkdir -p $RPM_BUILD_ROOT/%{_datadir}/ssl/{certs,private}
-touch $RPM_BUILD_ROOT/%{_datadir}/ssl/{certs,private}/exim.pem
-chmod 600 $RPM_BUILD_ROOT/%{_datadir}/ssl/{certs,private}/exim.pem
+mkdir -p $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}
+touch $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
+chmod 600 $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
+
+%if 0%{?buildclam}
+# Munge the clamav init and config files from clamav-devel. This really ought
+# to be a subpackage of clamav, but this hack will have to do for now.
+function clamsubst() {
+ sed -e "s!<SERVICE>!$3!g;s!<USER>!$4!g;""$5" %{_datadir}/clamav/template/"$1" >"$RPM_BUILD_ROOT$2"
+}
+
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/clamd.d
+clamsubst clamd.conf %{_sysconfdir}/clamd.d/exim.conf exim exim \
+ 's!^##*\(\(LogFile\|LocalSocket\|PidFile\|User\)\s\|\(StreamSaveToDisk\|ScanMail\|LogTime\|ScanArchive\)$\)!\1!;s!^Example!#Example!;'
+
+clamsubst clamd.init %{_initrddir}/clamd.exim exim exim ''
+clamsubst clamd.logrotate %{_sysconfdir}/logrotate.d/clamd.exim exim exim ''
+cat <<EOF > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/clamd.exim
+CLAMD_CONFIG='%_sysconfdir/clamd.d/exim.conf'
+CLAMD_SOCKET=%{_var}/run/clamd.exim/clamd.sock
+EOF
+ln -sf clamd $RPM_BUILD_ROOT/usr/sbin/clamd.exim
+
+mkdir -p $RPM_BUILD_ROOT%{_var}/run/clamd.exim
+%endif
%clean
@@ -176,6 +248,13 @@
%pre
%{_sbindir}/useradd -d %{_var}/spool/exim -s /sbin/nologin -G mail -M -r -u 93 exim 2>/dev/null
+# Copy TLS certs from old location to new -- don't move them, because the
+# config file may be modified and may be pointing to the old location.
+if [ ! -f /etc/pki/tls/certs/exim.pem -a -f %{_datadir}/ssl/certs/exim.pem ] ; then
+ cp %{_datadir}/ssl/certs/exim.pem /etc/pki/tls/certs/exim.pem
+ cp %{_datadir}/ssl/private/exim.pem /etc/pki/tls/private/exim.pem
+fi
+
exit 0
%post
@@ -192,13 +271,15 @@
--slave %{_mandir}/man1/mailq.1.gz mta-mailqman %{_mandir}/man8/exim.8.gz \
--initscript exim
-if [ ! -f %{_datadir}/ssl/certs/exim.pem ] ; then
- umask 077
- FQDN=`hostname`
- if [ "x${FQDN}" = "x" ]; then
- FQDN=localhost.localdomain
- fi
- cat << EOF | openssl req -new -x509 -days 365 -nodes -out %{_datadir}/ssl/certs/exim.pem -keyout %{_datadir}/ssl/private/exim.pem &>/dev/null
+if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
+ umask 077
+ FQDN=`hostname`
+ if [ "x${FQDN}" = "x" ]; then
+ FQDN=localhost.localdomain
+ fi
+ cat << EOF | openssl req -new -x509 -days 365 -nodes \
+ -out /etc/pki/tls/certs/exim.pem \
+ -keyout /etc/pki/tls/private/exim.pem &>/dev/null
--
SomeState
SomeCity
@@ -207,8 +288,8 @@
${FQDN}
root@${FQDN}
EOF
-chown exim.exim %{_datadir}/ssl/{private,certs}/exim.pem
-chmod 600 %{_datadir}/ssl/{private,certs}/exim.pem
+ chown exim.exim /etc/pki/tls/{private,certs}/exim.pem
+ chmod 600 /etc/pki/tls/{private,certs}/exim.pem
fi
%preun
@@ -221,10 +302,10 @@
%postun
if [ "$1" -ge "1" ]; then
/sbin/service exim condrestart > /dev/null 2>&1
- mta=`readlink /etc/alternatives/mta`
- if [ "$mta" == "%{_sbindir}/sendmail.exim" ]; then
- /usr/sbin/alternatives --set mta %{_sbindir}/sendmail.exim
- fi
+ mta=`readlink /etc/alternatives/mta`
+ if [ "$mta" == "%{_sbindir}/sendmail.exim" ]; then
+ /usr/sbin/alternatives --set mta %{_sbindir}/sendmail.exim
+ fi
fi
%files
@@ -265,30 +346,86 @@
%config(noreplace) %{_sysconfdir}/exim/exim.conf
%defattr(-,root,root)
-%config %{_sysconfdir}/sysconfig/exim
-%config %{_sysconfdir}/rc.d/init.d/exim
-%config %{_sysconfdir}/logrotate.d/exim
-%config %{_sysconfdir}/pam.d/exim
+%config(noreplace) %{_sysconfdir}/sysconfig/exim
+%{_sysconfdir}/rc.d/init.d/exim
+%config(noreplace) %{_sysconfdir}/logrotate.d/exim
+%config(noreplace) %{_sysconfdir}/pam.d/exim
%doc ACKNOWLEDGMENTS LICENCE NOTICE README.UPDATING README
%doc doc util/unknownuser.sh
-%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{_datadir}/ssl/certs/exim.pem
-%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{_datadir}/ssl/private/exim.pem
+%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) /etc/pki/tls/certs/exim.pem
+%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) /etc/pki/tls/private/exim.pem
%files mon
%defattr(-,root,root)
%{_sbindir}/eximon
%{_sbindir}/eximon.bin
+%if 0%{?buildsa}
%files sa
%defattr(-,root,root)
%{_libexecdir}/exim
%config(noreplace) %{_sysconfdir}/exim/sa-*.conf
%doc sa-exim*/*.html
%doc sa-exim*/{ACKNOWLEDGEMENTS,INSTALL,LICENSE,TODO}
+%endif
+
+%if 0%{?buildclam}
+%post clamav
+/sbin/chkconfig --add clamd.exim
+
+%preun clamav
+test "$1" != 0 || %{_initrddir}/clamd.exim stop &>/dev/null || :
+test "$1" != 0 || /sbin/chkconfig --del clamd.exim
+
+%postun clamav
+test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null || :
+
+%files clamav
+%defattr(-,root,root,-)
+%{_sbindir}/clamd.exim
+%attr(0755,root,root) %config %{_initrddir}/clamd.exim
+%config(noreplace) %verify(not mtime) %{_sysconfdir}/clamd.d/exim.conf
+%config(noreplace) %verify(not mtime) %{_sysconfdir}/sysconfig/clamd.exim
+%config(noreplace) %verify(not mtime) %{_sysconfdir}/logrotate.d/clamd.exim
+%attr(0750,exim,exim) %dir %{_var}/run/clamd.exim
+%endif
%changelog
+* Sun Sep 3 2006 David Woodhouse <dwmw2 at infradead.org> - 4.63-3
+- chmod +x /etc/init.d/clamd.exim
+- Make exim-clamav package require exim (since it uses the same uid)
+
+* Sun Sep 3 2006 David Woodhouse <dwmw2 at infradead.org> - 4.63-2
+- Add procmail router and transport (#146848)
+- Add localhost and localhost.localdomain as local domains (#198511)
+- Fix mispatched authenticators (#204591)
+- Other cleanups of config file and extra examples
+- Add exim-clamav subpackage
+- Use existing TLS cert on upgrade, even though it moved
+
+* Sat Aug 26 2006 David Woodhouse <dwmw2 at infradead.org> - 4.63-1
+- Update to 4.63
+- Disable sa-exim, but leave the dlopen patch in
+
+* Wed Jul 19 2006 Thomas Woerner <twoerner at redhat.com> - 4.62-6
+- final version
+- changed permissions of /etc/pki/tls/*/exim.pem to 0600
+- config(noreplace) for /etc/logrotate.d/exim, /etc/pam.d/exim and
+ /etc/sysconfig/exim
+
+* Mon Jul 17 2006 Thomas Woerner <twoerner at redhat.com> - 4.62-5
+- fixed certs path
+- fixed permissions for some binaries
+- fixed pam file to use include instead of pam_stack
+
+* Fri Jul 4 2006 David Woodhouse <dwmw2 at redhat.com> 4.62-4
+- Package review
+
+* Wed Jun 28 2006 David Woodhouse <dwmw2 at redhat.com> 4.62-3
+- BR tcp_wrappers
+
* Tue May 2 2006 David Woodhouse <dwmw2 at redhat.com> 4.62-2
- Bump release to work around 'make tag' error
@@ -649,7 +786,7 @@
- Fixed wrong filenames in logrotate entry.
* Sun Jul 11 1999 Mark Bergsma <mark at mbergsma.demon.nl>
-- Now using the '%changelog' tag.
+- Now using the '%%changelog' tag.
- Removed the SysV init links - let chkconfig handle them.
- Replaced install -d with mkdir -p
- Previous message: rpms/xpilot-ng/FC-5 xpilotd.fc, NONE, 1.1 xpilotd.if, NONE, 1.1 xpilotd.te, NONE, 1.1 xpilot-ng-server.init, 1.2, 1.3 xpilot-ng.spec, 1.6, 1.7
- Next message: rpms/exim-doc/devel needs.rebuild,1.1,NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list