rpms/exim/devel exim-4.63-allow-filter.patch, NONE, 1.1 exim-4.63-localhost-is-local.patch, NONE, 1.1 exim-4.63-procmail.patch, NONE, 1.1 exim-4.33-cyrus.patch, 1.1, 1.2 exim-4.43-pamconfig.patch, 1.2, 1.3 exim-4.50-spamdconf.patch, 1.1, 1.2 exim.spec, 1.25, 1.26 needs.rebuild, 1.1, NONE
David Woodhouse (dwmw2)
fedora-extras-commits at redhat.com
Mon Sep 4 02:51:36 UTC 2006
Author: dwmw2
Update of /cvs/extras/rpms/exim/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13242
Modified Files:
exim-4.33-cyrus.patch exim-4.43-pamconfig.patch
exim-4.50-spamdconf.patch
Tag: 1
exim.spec
Added Files:
exim-4.63-allow-filter.patch
exim-4.63-localhost-is-local.patch exim-4.63-procmail.patch
Removed Files:
needs.rebuild
Log Message:
* Sun Sep 3 2006 David Woodhouse <dwmw2 at infradead.org> - 4.63-2
- Add procmail router and transport (#146848)
- Add localhost and localhost.localdomain as local domains (#198511)
- Fix mispatched authenticators (#204591)
- Other cleanups of config file and extra examples
- Add exim-clamav subpackage
exim-4.63-allow-filter.patch:
--- NEW FILE exim-4.63-allow-filter.patch ---
--- exim-4.63/src/configure.default~ 2006-09-03 15:02:28.000000000 -0700
+++ exim-4.63/src/configure.default 2006-09-03 15:46:53.000000000 -0700
@@ -672,7 +672,7 @@ userforward:
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
-# allow_filter
+ allow_filter
no_verify
no_expn
check_ancestor
exim-4.63-localhost-is-local.patch:
--- NEW FILE exim-4.63-localhost-is-local.patch ---
--- exim-4.63/src/configure.default~ 2006-09-03 19:31:28.000000000 -0700
+++ exim-4.63/src/configure.default 2006-09-03 19:37:42.000000000 -0700
@@ -56,7 +56,7 @@
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists:
-domainlist local_domains = @
+domainlist local_domains = @ : localhost : localhost.localdomain
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1
exim-4.63-procmail.patch:
--- NEW FILE exim-4.63-procmail.patch ---
--- exim-4.63/src/configure.default~ 2006-09-03 15:02:28.000000000 -0700
+++ exim-4.63/src/configure.default 2006-09-03 15:46:53.000000000 -0700
@@ -680,6 +680,12 @@ userforward:
pipe_transport = address_pipe
reply_transport = address_reply
+procmail:
+ driver = accept
+ check_local_user
+ require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+ transport = procmail
+ no_verify
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
@@ -717,6 +723,16 @@ begin transports
remote_smtp:
driver = smtp
+# This transport invokes procmail to deliver mail
+procmail:
+ driver = pipe
+ command = "/usr/bin/procmail -d $local_part"
+ return_path_add
+ delivery_date_add
+ envelope_to_add
+ user = $local_part
+ initgroups
+ return_output
# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
exim-4.33-cyrus.patch:
Index: exim-4.33-cyrus.patch
===================================================================
RCS file: /cvs/extras/rpms/exim/devel/exim-4.33-cyrus.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- exim-4.33-cyrus.patch 19 Apr 2005 04:06:04 -0000 1.1
+++ exim-4.33-cyrus.patch 4 Sep 2006 02:51:36 -0000 1.2
@@ -5,9 +5,9 @@
+# This transport is used to deliver local mail to cyrus IMAP server via UNIX
-+# socket.
++# socket. You'll need to configure the 'localuser' router above to use it.
+#
-+#local_delivery:
++#lmtp_delivery:
+# driver = lmtp
+# command = "/usr/lib/cyrus-imapd/deliver -l"
+# batch_max = 20
exim-4.43-pamconfig.patch:
Index: exim-4.43-pamconfig.patch
===================================================================
RCS file: /cvs/extras/rpms/exim/devel/exim-4.43-pamconfig.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- exim-4.43-pamconfig.patch 27 Jul 2006 07:05:24 -0000 1.2
+++ exim-4.43-pamconfig.patch 4 Sep 2006 02:51:36 -0000 1.3
@@ -1,25 +1,40 @@
--- exim-4.43/src/configure.default.pam 2004-12-16 13:27:55.000000000 +0000
+++ exim-4.43/src/configure.default 2004-12-16 15:41:34.000000000 +0000
-@@ -238,6 +238,40 @@
+@@ -160,7 +160,7 @@ acl_smtp_data = acl_check_data
- timeout_frozen_after = 7d
+ # Allow any client to use TLS.
-+# This option, if uncommented, allows Exim to listen on ports other than
-+# just the default port 25. For example, you may wish Exim to sldo listen
-+# on the 'message submission' port 587 for roaming clients which cannot
-+# use port 25 directly from their current location. (cf. RFC 2476).
-+#
-+# daemon_smtp_ports = smtp : msa
-+
-+# This option instructs Exim to advertise the availability of encrypted
-+# connections to all hosts, and uses the certificate which is automatically
-+# generated when the RPM is installed. You can disable TLS, should you need
-+# to do so, by commenting out the three lines below.
-+
+-# tls_advertise_hosts = *
+tls_advertise_hosts = *
+
+ # Specify the location of the Exim server's TLS certificate and private key.
+ # The private key must not be encrypted (password protected). You can put
+@@ -168,8 +168,8 @@ acl_smtp_data = acl_check_data
+ # need the first setting, or in separate files, in which case you need both
+ # options.
+
+-# tls_certificate = /etc/ssl/exim.crt
+-# tls_privatekey = /etc/ssl/exim.pem
+tls_certificate = /etc/pki/tls/certs/exim.pem
+tls_privatekey = /etc/pki/tls/private/exim.pem
-+
+
+ # In order to support roaming users who wish to send email from anywhere,
+ # you may want to make Exim listen on other ports as well as port 25, in
+@@ -180,8 +180,8 @@ acl_smtp_data = acl_check_data
+ # them you should also allow TLS-on-connect on the traditional but
+ # non-standard port 465.
+
+-# daemon_smtp_ports = 25 : 465 : 587
+-# tls_on_connect_ports = 465
++daemon_smtp_ports = 25 : 465 : 587
++tls_on_connect_ports = 465
+
+
+ # Specify the domain you want to be added to all unqualified addresses
+@@ -238,6 +238,24 @@
+
+ timeout_frozen_after = 7d
+
+# This setting, if uncommented, allows users to authenticate using
+# their system passwords against saslauthd if they connect over a
+# secure connection. If you have network logins such as NIS or
@@ -41,23 +56,21 @@
######################################################################
-@@ -657,6 +691,19 @@
+@@ -850,7 +837,7 @@ begin authenticators
+ # driver = plaintext
+ # server_set_id = $auth2
+ # server_prompts = :
+-# server_condition = Authentication is not yet configured
++# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
+ # server_advertise_condition = ${if def:tls_cipher }
+
+ # LOGIN authentication has traditional prompts and responses. There is no
+@@ -862,7 +849,7 @@ begin authenticators
+ # driver = plaintext
+ # server_set_id = $auth1
+ # server_prompts = <| Username: | Password:
+-# server_condition = Authentication is not yet configured
++# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
+ # server_advertise_condition = ${if def:tls_cipher }
- begin authenticators
-+plain:
-+ driver = plaintext
-+ public_name = PLAIN
-+ server_prompts = :
-+ server_condition = "${if saslauthd{{$2}{$3}{smtp}} {1}}"
-+ server_set_id = $2
-+
-+login:
-+ driver = plaintext
-+ public_name = LOGIN
-+ server_prompts = "Username:: : Password::"
-+ server_condition = "${if saslauthd{{$1}{$2}{smtp}} {1}}"
-+ server_set_id = $1
-
-
- ######################################################################
exim-4.50-spamdconf.patch:
Index: exim-4.50-spamdconf.patch
===================================================================
RCS file: /cvs/extras/rpms/exim/devel/exim-4.50-spamdconf.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- exim-4.50-spamdconf.patch 19 Apr 2005 04:06:04 -0000 1.1
+++ exim-4.50-spamdconf.patch 4 Sep 2006 02:51:36 -0000 1.2
@@ -1,86 +1,102 @@
--- exim-4.50/src/configure.default.orig 2005-02-22 19:49:15.000000000 +0000
+++ exim-4.50/src/configure.default 2005-02-22 19:46:55.000000000 +0000
-@@ -108,6 +108,26 @@
+@@ -108,6 +108,7 @@
- # You should not change that setting until you understand how ACLs work.
+ acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
++acl_smtp_mime = acl_check_mime
-+# The following ACL entries are used if you want to do content scanning with
-+# the exiscan-acl patch. When you uncomment one of these lines, you must also
-+# review the respective entries in the ACL section further below.
-+
-+# acl_smtp_mime = acl_check_mime
-+# acl_smtp_data = acl_check_content
-+
-+# This configuration variable defines the virus scanner that is used with
-+# the 'malware' ACL condition of the exiscan acl-patch. If you do not use
-+# virus scanning, leave it commented. Please read doc/exiscan-acl-readme.txt
-+# for a list of supported scanners.
-+
-+# av_scanner = sophie:/var/run/sophie
-+
-+# The following setting is only needed if you use the 'spam' ACL condition
-+# of the exiscan-acl patch. It specifies on which host and port the SpamAssassin
-+# "spamd" daemon is listening. If you do not use this condition, or you use
-+# the default of "127.0.0.1 783", you can omit this option.
-+
-+# spamd_address = 127.0.0.1 783
+ # You should not change that setting until you understand how ACLs work.
- # Specify the domain you want to be added to all unqualified addresses
- # here. An unqualified address is one that does not contain an "@" character
-@@ -376,6 +396,56 @@
- deny message = relay not permitted
+@@ -120,7 +120,7 @@ acl_smtp_mime = acl_check_mime
+ # of what to set for other virus scanners. The second modification is in the
+ # acl_check_data access control list (see below).
+
+-# av_scanner = clamd:/tmp/clamd
++av_scanner = clamd:/var/run/clamd.exim/clamd.sock
+
+
+ # For spam scanning, there is a similar option that defines the interface to
+@@ -365,7 +365,8 @@ acl_check_rcpt:
+ accept local_parts = postmaster
+ domains = +local_domains
+
+- # Deny unless the sender address can be verified.
++ # Deny unless the sender address can be routed. For proper verification of the
++ # address, read the documentation on callouts and add the /callout modifier.
+
+ require verify = sender
+
+@@ -455,26 +456,62 @@ acl_check_rcpt:
+
+ acl_check_data:
+
++ # Put simple tests first. A good one is to check for the presence of a
++ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
++ # or misconfigured mailer software occasionally omits this from genuine
++ # messages too, though -- although it's not hard for the offender to fix
++ # after they receive a bounce because of it.
++ #
++ # deny condition = ${if !def:h_Message-ID: {1}}
++ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
++ # Most messages without it are spam, so your mail has been rejected.
++
+ # Deny if the message contains a virus. Before enabling this check, you
+ # must install a virus scanner and set the av_scanner option above.
+ #
+ # deny malware = *
+ # message = This message contains a virus ($malware_name).
+
+- # Add headers to a message if it is judged to be spam. Before enabling this,
+- # you must install SpamAssassin. You may also need to set the spamd_address
+- # option above.
+- #
+- # warn spam = nobody
+- # add_header = X-Spam_score: $spam_score\n\
+- # X-Spam_score_int: $spam_score_int\n\
+- # X-Spam_bar: $spam_bar\n\
+- # X-Spam_report: $spam_report
++ # Bypass SpamAssassin checks if the message is too large.
++ #
++ # accept condition = ${if >={$message_size}{100000} {1}}
++ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
+
+- # Accept the message.
++ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
++ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
++ # score exceeds the SA system threshold.
++ #
++ # warn spam = nobody/defer_ok
++ # add_header = X-Spam-Flag: YES
++ #
++ # accept condition = ${if !def:spam_score_int {1}}
++ # add_header = X-Spam-Note: SpamAssassin invocation failed
++ #
++
++ # Unconditionally add score and report headers
++ #
++ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
++ # X-Spam-Report: $spam_report
++
++ # And reject if the SpamAssassin score is greater than ten
++ #
++ # deny condition = ${if >{$spam_score_int}{100} {1}}
++ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
++ # $spam_report
+ accept
-+# These access control lists are used for content scanning with the exiscan-acl
-+# patch. You must also uncomment the entries for acl_smtp_data and acl_smtp_mime
-+# (scroll up), otherwise the ACLs will not be used. IMPORTANT: the default entries here
-+# should be treated as EXAMPLES. You MUST read the file doc/exiscan-acl-spec.txt
-+# to fully understand what you are doing ...
+
+acl_check_mime:
+
-+ # Decode MIME parts to disk. This will support virus scanners later.
-+ warn decode = default
-+
+ # File extension filtering.
+ deny message = Blacklisted file extension detected
+ condition = ${if match \
+ {${lc:$mime_filename}} \
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
+ {1}{0}}
-+
-+# # Reject messages that carry chinese character sets.
-+# # WARNING: This is an EXAMPLE.
-+# deny message = Sorry, noone speaks chinese here
-+# condition = ${if eq{$mime_charset}{gb2312}{1}{0}}
+
+ accept
-+
-+acl_check_content:
-+
-+ # Reject virus infested messages.
-+ deny message = This message contains malware ($malware_name)
-+ malware = *
-+
-+ # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings
-+ # (user "nobody"), no matter if over threshold or not.
-+ warn message = X-Spam-Score: $spam_score ($spam_bar)
-+ spam = nobody:true
-+ warn message = X-Spam-Report: $spam_report
-+ spam = nobody:true
-+
-+ # Add X-Spam-Flag if spam is over system-wide threshold
-+ warn message = X-Spam-Flag: YES
-+ spam = nobody
-+
-+ # Reject spam messages with score over 10, using an extra condition.
-+ deny message = This message scored $spam_score points. Congratulations!
-+ spam = nobody:true
-+ condition = ${if >{$spam_score_int}{100}{1}{0}}
-+
-+ # finally accept all the rest
-+ accept
-+
######################################################################
# ROUTERS CONFIGURATION #
Index: exim.spec
===================================================================
RCS file: /cvs/extras/rpms/exim/devel/exim.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- exim.spec 26 Aug 2006 09:30:05 -0000 1.25
+++ exim.spec 4 Sep 2006 02:51:36 -0000 1.26
@@ -1,11 +1,18 @@
# SA-Exim has long since been obsoleted by the proper built-in ACL support
# from exiscan. Disable it for FC6 unless people scream.
-# %define buildsa 1
+%if 0%{?fedora} < 6
+%define buildsa 1
+%endif
+
+# Build clamav subpackage for FC5 and above.
+%if 0%{?fedora} >= 5
+%define buildclam 1
+%endif
Summary: The exim mail transfer agent
Name: exim
Version: 4.63
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPL
Url: http://www.exim.org/
Group: System Environment/Daemons
@@ -15,6 +22,9 @@
Requires(post): /sbin/chkconfig /sbin/service %{_sbindir}/alternatives
Requires(preun): /sbin/chkconfig /sbin/service %{_sbindir}/alternatives
Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
+%if 0%{?buildclam}
+BuildRequires: clamav-devel
+%endif
Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
Source2: exim.init
Source3: exim.sysconfig
@@ -32,6 +42,9 @@
Patch15: exim-4.52-dynamic-pcre.patch
Patch17: exim-4.61-ldap-deprecated.patch
Patch18: exim-4.62-dlopen-localscan.patch
+Patch19: exim-4.63-procmail.patch
+Patch20: exim-4.63-allow-filter.patch
+Patch21: exim-4.63-localhost-is-local.patch
Requires: /etc/aliases
BuildRequires: db4-devel openssl-devel openldap-devel pam-devel
@@ -70,6 +83,31 @@
Allows running of SA on incoming mail and rejection at SMTP time as
well as other nasty things like teergrubing.
+%package clamav
+Summary: Clam Antivirus scanner dæmon configuration for use with Exim
+Group: System Environment/Daemons
+Requires: clamav-server
+Obsoletes: clamav-exim <= 0.86.2
+Requires(post): /sbin/chkconfig /sbin/service
+Requires(preun): /sbin/chkconfig /sbin/service
+
+%description clamav
+This package contains configuration files which invoke a copy of the
+clamav dæmon for use with Exim. It can be activated by adding (or
+uncommenting)
+
+ av_scanner = clamd:%{_var}/run/clamd.exim/clamd.sock
+
+in your exim.conf, and using the 'malware' condition in the DATA ACL,
+as follows:
+
+ deny message = This message contains malware ($malware_name)
+ malware = *
+
+For further details of Exim content scanning, see chapter 40 of the Exim
+specification:
+http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch40.html#SECTscanvirus
+
%prep
%setup -q
%if 0%{?buildsa}
@@ -87,6 +125,9 @@
%patch15 -p1 -b .pcre
%patch17 -p1 -b .ldap
%patch18 -p1 -b .dl
+%patch19 -p1 -b .procmail
+%patch20 -p1 -b .filter
+%patch21 -p1 -b .localhost
%build
%ifnarch s390 s390x
@@ -159,8 +200,8 @@
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
install -m 644 %SOURCE3 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/exim
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
-install %SOURCE2 $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/exim
+mkdir -p $RPM_BUILD_ROOT%{_initrddir}
+install %SOURCE2 $RPM_BUILD_ROOT%{_initrddir}/exim
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
install -m 0644 %SOURCE4 $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/exim
@@ -179,12 +220,41 @@
touch $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
chmod 600 $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
+%if 0%{?buildclam}
+# Munge the clamav init and config files from clamav-devel. This really ought
+# to be a subpackage of clamav, but this hack will have to do for now.
+function clamsubst() {
+ sed -e "s!<SERVICE>!$3!g;s!<USER>!$4!g;""$5" %{_datadir}/clamav/template/"$1" >"$RPM_BUILD_ROOT$2"
+}
+
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/clamd.d
+clamsubst clamd.conf %{_sysconfdir}/clamd.d/exim.conf exim exim \
+ 's!^##*\(\(LogFile\|LocalSocket\|PidFile\|User\)\s\|\(StreamSaveToDisk\|ScanMail\|LogTime\|ScanArchive\)$\)!\1!;s!^Example!#Example!;'
+
+clamsubst clamd.init %{_initrddir}/clamd.exim exim exim ''
+clamsubst clamd.logrotate %{_sysconfdir}/logrotate.d/clamd.exim exim exim ''
+cat <<EOF > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/clamd.exim
+CLAMD_CONFIG='%_sysconfdir/clamd.d/exim.conf'
+CLAMD_SOCKET=%{_var}/run/clamd.exim/clamd.sock
+EOF
+ln -sf clamd $RPM_BUILD_ROOT/usr/sbin/clamd.exim
+
+mkdir -p $RPM_BUILD_ROOT%{_var}/run/clamd.exim
+%endif
+
%clean
rm -rf $RPM_BUILD_ROOT
%pre
%{_sbindir}/useradd -d %{_var}/spool/exim -s /sbin/nologin -G mail -M -r -u 93 exim 2>/dev/null
+# Copy TLS certs from old location to new -- don't move them, because the
+# config file may be modified and may be pointing to the old location.
+if [ ! -f /etc/pki/tls/certs/exim.pem -a -f %{_datadir}/ssl/certs/exim.pem ] ; then
+ cp %{_datadir}/ssl/certs/exim.pem /etc/pki/tls/certs/exim.pem
+ cp %{_datadir}/ssl/private/exim.pem /etc/pki/tls/private/exim.pem
+fi
+
exit 0
%post
@@ -301,7 +371,35 @@
%doc sa-exim*/{ACKNOWLEDGEMENTS,INSTALL,LICENSE,TODO}
%endif
+%if 0%{?buildclam}
+%post clamav
+/sbin/chkconfig --add clamd.exim
+
+%preun clamav
+test "$1" != 0 || %{_initrddir}/clamd.exim stop &>/dev/null || :
+test "$1" != 0 || /sbin/chkconfig --del clamd.exim
+
+%postun clamav
+test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null || :
+
+%files clamav
+%defattr(0644,root,root,-)
+%attr(0755,root,root)%{_sbindir}/clamd.exim
+%config %{_initrddir}/clamd.exim
+%config(noreplace) %verify(not mtime) %{_sysconfdir}/clamd.d/exim.conf
+%config(noreplace) %verify(not mtime) %{_sysconfdir}/sysconfig/clamd.exim
+%config(noreplace) %verify(not mtime) %{_sysconfdir}/logrotate.d/clamd.exim
+%attr(0750,exim,exim) %dir %{_var}/run/clamd.exim
+%endif
+
%changelog
+* Sun Sep 3 2006 David Woodhouse <dwmw2 at infradead.org> - 4.63-2
+- Add procmail router and transport (#146848)
+- Add localhost and localhost.localdomain as local domains (#198511)
+- Fix mispatched authenticators (#204591)
+- Other cleanups of config file and extra examples
+- Add exim-clamav subpackage
+
* Sat Aug 26 2006 David Woodhouse <dwmw2 at infradead.org> - 4.63-1
- Update to 4.63
- Disable sa-exim, but leave the dlopen patch in
--- needs.rebuild DELETED ---
More information about the fedora-extras-commits
mailing list