horok/exim4
1
0
Fork 0
Code Activity

Adding debian version 4.98.2-1.

Browse source 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
This commit is contained in:
Daniel Baumann 2025-06-21 14:27:17 +02:00
parent 802ab461a9
commit b6ead8c0a5
Signed by: daniel.baumann
GPG key ID: BCC918A2ABD66424
241 changed files with 63687 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

173
debian/EDITME.exim4-heavy.diff vendored Normal file
View file

@ -0,0 +1,173 @@
--- EDITME.exim4-light 2024-06-08 05:36:39.373059141 +0000
+++ EDITME.exim4-heavy 2024-06-08 05:36:39.377059089 +0000
@@ -324,7 +324,7 @@
# This one is very special-purpose, so is not included by default.
-# ROUTER_IPLOOKUP=yes
+ROUTER_IPLOOKUP=yes
#------------------------------------------------------------------------------
@@ -356,7 +356,7 @@
SUPPORT_MAILDIR=yes
SUPPORT_MAILSTORE=yes
-# SUPPORT_MBX=yes
+SUPPORT_MBX=yes
#------------------------------------------------------------------------------
@@ -418,18 +418,18 @@
LOOKUP_DSEARCH=yes
# LOOKUP_IBASE=yes
# LOOKUP_JSON=yes
-# LOOKUP_LDAP=yes
+LOOKUP_LDAP=yes
# LOOKUP_LMDB=yes
-# LOOKUP_MYSQL=yes
+LOOKUP_MYSQL=yes
# LOOKUP_MYSQL_PC=mariadb
LOOKUP_NIS=yes
# LOOKUP_NISPLUS=yes
# LOOKUP_ORACLE=yes
LOOKUP_PASSWD=yes
-# LOOKUP_PGSQL=yes
+LOOKUP_PGSQL=yes
# LOOKUP_REDIS=yes
-# LOOKUP_SQLITE=yes
+LOOKUP_SQLITE=yes
# LOOKUP_SQLITE_PC=sqlite3
# LOOKUP_WHOSON=yes
@@ -453,7 +453,7 @@
# with Solaris 7 onwards. Uncomment whichever of these you are using.
# LDAP_LIB_TYPE=OPENLDAP1
-# LDAP_LIB_TYPE=OPENLDAP2
+LDAP_LIB_TYPE=OPENLDAP2
# LDAP_LIB_TYPE=NETSCAPE
# LDAP_LIB_TYPE=SOLARIS
@@ -508,6 +508,9 @@
# LOOKUP_LIBS += -llmdb
+LOOKUP_INCLUDE=-I/usr/include/mysql -I`pg_config --includedir`
+LOOKUP_LIBS=-lldap -llber -lmysqlclient -lpq -lsqlite3
+
#------------------------------------------------------------------------------
# Compiling the Exim monitor: If you want to compile the Exim monitor, a
# program that requires an X11 display, then EXIM_MONITOR should be set to the
@@ -516,7 +519,7 @@
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
# local OS-specific make files.
-EXIM_MONITOR=eximon.bin
+# EXIM_MONITOR=eximon.bin
#------------------------------------------------------------------------------
@@ -526,7 +529,7 @@
# and the MIME ACL. Please read the documentation to learn more about these
# features.
-# WITH_CONTENT_SCAN=yes
+WITH_CONTENT_SCAN=yes
# If you have content scanning you may wish to only include some of the scanner
# interfaces. Uncomment any of these lines to remove that code.
@@ -799,8 +802,8 @@
# configuration to make use of the mechanism(s) selected.
AUTH_CRAM_MD5=yes
-# AUTH_CYRUS_SASL=yes
-# AUTH_DOVECOT=yes
+AUTH_CYRUS_SASL=yes
+AUTH_DOVECOT=yes
AUTH_EXTERNAL=yes
# AUTH_GSASL=yes
# AUTH_GSASL_PC=libgsasl
@@ -808,8 +811,8 @@
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
AUTH_PLAINTEXT=yes
-# AUTH_SPA=yes
-# AUTH_TLS=yes
+AUTH_SPA=yes
+AUTH_TLS=yes
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
# requires multiple pkg-config files to work with Exim, so the second example
@@ -822,7 +825,7 @@
# Similarly for GNU SASL, unless pkg-config is used via AUTH_GSASL_PC.
# Ditto for AUTH_HEIMDAL_GSSAPI(_PC).
-# AUTH_LIBS=-lsasl2
+AUTH_LIBS=-lsasl2
# AUTH_LIBS=-lgsasl
# AUTH_LIBS=-lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lroken -lcrypt
@@ -1034,7 +1037,7 @@
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
# Perl costs quite a lot of resources. Only do this if you really need it.
-# EXIM_PERL=perl.o
+EXIM_PERL=perl.o
#------------------------------------------------------------------------------
@@ -1044,7 +1047,7 @@
# that the local_scan API is made available by the linker. You may also need
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
-# EXPAND_DLFUNC=yes
+EXPAND_DLFUNC=yes
#------------------------------------------------------------------------------
@@ -1054,11 +1057,11 @@
# support, which is intended for use in conjunction with the SMTP AUTH
# facilities, is included only when requested by the following setting:
-# SUPPORT_PAM=yes
+SUPPORT_PAM=yes
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
-EXTRALIBS=-ldl
+EXTRALIBS=-lpam -export-dynamic
#------------------------------------------------------------------------------
@@ -1072,7 +1075,7 @@
# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
# uncomment the line below.
-# SUPPORT_PROXY=yes
+SUPPORT_PROXY=yes
#------------------------------------------------------------------------------
@@ -1096,9 +1099,9 @@
# installed on your system (www.libspf2.org). Depending on where it is installed
# you may have to edit the CFLAGS and LDFLAGS lines.
-# SUPPORT_SPF=yes
+SUPPORT_SPF=yes
# CFLAGS += -I/usr/local/include
-# LDFLAGS += -lspf2
+LDFLAGS += -lspf2
#------------------------------------------------------------------------------
@@ -1427,7 +1430,7 @@
# local part) can be increased by changing this value. It should be set to
# a multiple of 16.
-# MAX_NAMED_LIST=16
+MAX_NAMED_LIST=32
#------------------------------------------------------------------------------

278
debian/EDITME.exim4-light.diff vendored Normal file
View file

@ -0,0 +1,278 @@
--- src/EDITME 2024-06-08 05:36:36.000000000 +0000
+++ EDITME.exim4-light 2024-06-08 05:36:39.373059141 +0000
@@ -103,7 +103,7 @@
# /usr/local/sbin. The installation script will try to create this directory,
# and any superior directories, if they do not exist.
-BIN_DIRECTORY=/usr/exim/bin
+BIN_DIRECTORY=/usr/sbin
#------------------------------------------------------------------------------
@@ -119,7 +119,7 @@
# don't exist. It will also install a default runtime configuration if this
# file does not exist.
-CONFIGURE_FILE=/usr/exim/configure
+CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
# In this case, Exim will use the first of them that exists when it is run.
@@ -136,7 +136,7 @@
# deliveries. (Local deliveries run as various non-root users, typically as the
# owner of a local mailbox.) Specifying these values as root is not supported.
-EXIM_USER=
+EXIM_USER=ref:Debian-exim
# If you specify EXIM_USER as a name, this is looked up at build time, and the
# uid number is built into the binary. However, you can specify that this
@@ -158,6 +158,7 @@
# you want to use a group other than the default group for the given user.
# EXIM_GROUP=
+EXIM_GROUP=ref:Debian-exim
# Many sites define a user called "exim", with an appropriate default group,
# and use
@@ -178,7 +179,7 @@
# Almost all installations choose this:
-SPOOL_DIRECTORY=/var/spool/exim
+SPOOL_DIRECTORY=/var/spool/exim4
@@ -222,13 +223,13 @@
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
# Uncomment this if you are using GnuTLS
-# USE_GNUTLS=yes
+USE_GNUTLS=yes
# Uncomment one of these settings if you are using GnuTLS; pkg-config vs not
# and an optional location. If you disable SUPPORT_DANE below, you
# can remove the gnutls-dane references here. Earlier versions of GnuTLS
# required libtasn1 and libgrypt also; add if needed.
# USE_GNUTLS_PC=gnutls gnutls-dane
-# TLS_LIBS=-lgnutls -lgnutls-dane
+TLS_LIBS=-lgnutls -lgnutls-dane
# TLS_LIBS=-L/usr/local/gnu/lib -lgnutls -ltasn1 -lgcrypt -lgnutls-dane
# If using GnuTLS older than 2.10 and using pkg-config then note that Exim's
@@ -344,7 +345,7 @@
# This one is special-purpose, and commonly not required, so it is not
# included by default.
-# TRANSPORT_LMTP=yes
+TRANSPORT_LMTP=yes
#------------------------------------------------------------------------------
@@ -353,8 +354,8 @@
# MBX, is included only when requested. If you do not know what this is about,
# leave these settings commented out.
-# SUPPORT_MAILDIR=yes
-# SUPPORT_MAILSTORE=yes
+SUPPORT_MAILDIR=yes
+SUPPORT_MAILSTORE=yes
# SUPPORT_MBX=yes
@@ -413,8 +414,8 @@
LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes
-# LOOKUP_CDB=yes
-# LOOKUP_DSEARCH=yes
+LOOKUP_CDB=yes
+LOOKUP_DSEARCH=yes
# LOOKUP_IBASE=yes
# LOOKUP_JSON=yes
# LOOKUP_LDAP=yes
@@ -422,10 +423,10 @@
# LOOKUP_MYSQL=yes
# LOOKUP_MYSQL_PC=mariadb
-# LOOKUP_NIS=yes
+LOOKUP_NIS=yes
# LOOKUP_NISPLUS=yes
# LOOKUP_ORACLE=yes
-# LOOKUP_PASSWD=yes
+LOOKUP_PASSWD=yes
# LOOKUP_PGSQL=yes
# LOOKUP_REDIS=yes
# LOOKUP_SQLITE=yes
@@ -441,7 +442,7 @@
# Some platforms may need this for LOOKUP_NIS:
-# LIBS += -lnsl
+LIBS += -lnsl
#------------------------------------------------------------------------------
# If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
@@ -515,7 +516,7 @@
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
# local OS-specific make files.
-# EXIM_MONITOR=eximon.bin
+EXIM_MONITOR=eximon.bin
#------------------------------------------------------------------------------
@@ -590,7 +591,7 @@
# Uncomment the following lines to add SRS (Sender Rewriting Scheme) support
# using only native facilities.
-# SUPPORT_SRS=yes
+SUPPORT_SRS=yes
# Uncomment the following to remove support for the ESMTP extension "WELLKNOWN"
# DISABLE_WELLKNOWN=yes
@@ -749,7 +750,7 @@
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
+TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs
#------------------------------------------------------------------------------
@@ -785,6 +786,9 @@
# WHITELIST_D_MACROS=TLS:SPOOL
+# Mailscanner uses -DOUTGOING.
+WHITELIST_D_MACROS=OUTGOING
+
#------------------------------------------------------------------------------
# Exim has support for the AUTH (authentication) extension of the SMTP
# protocol, as defined by RFC 2554. If you don't know what SMTP authentication
@@ -794,16 +798,16 @@
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
-# AUTH_CRAM_MD5=yes
+AUTH_CRAM_MD5=yes
# AUTH_CYRUS_SASL=yes
# AUTH_DOVECOT=yes
-# AUTH_EXTERNAL=yes
+AUTH_EXTERNAL=yes
# AUTH_GSASL=yes
# AUTH_GSASL_PC=libgsasl
# AUTH_HEIMDAL_GSSAPI=yes
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
-# AUTH_PLAINTEXT=yes
+AUTH_PLAINTEXT=yes
# AUTH_SPA=yes
# AUTH_TLS=yes
@@ -832,7 +836,7 @@
# one that is set in the headers_charset option. The default setting is
# defined by this setting:
-HEADERS_CHARSET="ISO-8859-1"
+HEADERS_CHARSET="UTF-8"
# If you are going to make use of $header_xxx expansions in your configuration
# file, or if your users are going to use them in filter files, and the normal
@@ -919,6 +923,7 @@
# description of the API to this function, see the Exim specification.
DLOPEN_LOCAL_SCAN=yes
+HAVE_LOCAL_SCAN=yes
# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
# linker flags. Without it, the loaded .so won't be able to access any
@@ -957,6 +962,7 @@
# to form the final file names. Some installations may want something like this:
# LOG_FILE_PATH=/var/log/exim_%slog
+LOG_FILE_PATH=/var/log/exim4/%slog
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
@@ -1005,7 +1011,7 @@
# files. Both the name of the command and the suffix that it adds to files
# need to be defined here. See also the EXICYCLOG_MAX configuration.
-COMPRESS_COMMAND=/usr/bin/gzip
+COMPRESS_COMMAND=/bin/gzip
COMPRESS_SUFFIX=gz
@@ -1020,7 +1026,7 @@
# ZCAT_COMMAND=zcat
#
# Or specify the full pathname:
-ZCAT_COMMAND=/usr/bin/zcat
+ZCAT_COMMAND=zcat
#------------------------------------------------------------------------------
# Compiling in support for embedded Perl: If you want to be able to
@@ -1052,6 +1058,7 @@
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
+EXTRALIBS=-ldl
#------------------------------------------------------------------------------
@@ -1060,7 +1067,7 @@
# If you may want to use outbound (client-side) proxying, using Socks5,
# uncomment the line below.
-# SUPPORT_SOCKS=yes
+SUPPORT_SOCKS=yes
# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
# uncomment the line below.
@@ -1078,10 +1085,10 @@
# If you want IDNA2008 mappings per RFCs 5890, 6530 and 6533, you additionally
# need libidn2 and SUPPORT_I18N_2008.
-# SUPPORT_I18N=yes
+SUPPORT_I18N=yes
# LDFLAGS += -lidn
-# SUPPORT_I18N_2008=yes
-# LDFLAGS += -lidn -lidn2
+SUPPORT_I18N_2008=yes
+LDFLAGS += -lidn -lidn2
#------------------------------------------------------------------------------
@@ -1158,6 +1165,8 @@
# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
+# default in Debian's sasl2-bin
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
#------------------------------------------------------------------------------
# TCP wrappers: If you want to use tcpwrappers from within Exim, uncomment
@@ -1470,6 +1479,7 @@
# file can be specified here. Some installations may want something like this:
# PID_FILE_PATH=/var/lock/exim.pid
+PID_FILE_PATH=/run/exim4/exim.pid
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".
@@ -1503,6 +1513,7 @@
# messages become "invisible" to the normal management tools.
# SUPPORT_MOVE_FROZEN_MESSAGES=yes
+SUPPORT_MOVE_FROZEN_MESSAGES=yes
#------------------------------------------------------------------------------
@@ -1550,3 +1561,6 @@
# DISABLE_CLIENT_CMD_LOG=yes
# End of EDITME for Exim 4.
+
+# enable IPv6 support
+HAVE_IPV6=YES

10
debian/EDITME.eximon.diff vendored Normal file
View file

@ -0,0 +1,10 @@
--- exim_monitor/EDITME 2024-06-07 13:33:11.000000000 +0000
+++ EDITME.eximon 2024-06-08 05:36:39.373059141 +0000
@@ -1,6 +1,7 @@
##################################################
# The Exim Monitor #
##################################################
+# -*- makefile -*-
# Copyright (c) The Exim Maintainers 2022
# SPDX-License-Identifier: GPL-2.0-or-later

28
debian/EDITME.openssl.exim4-light.diff vendored Normal file
View file

@ -0,0 +1,28 @@
--- EDITME.exim4-light.gnutls 2024-06-08 05:43:21.695983021 +0000
+++ EDITME.exim4-light 2024-06-08 05:43:40.707745087 +0000
@@ -215,21 +215,21 @@
# If you are building with TLS, the library configuration must be done:
# Uncomment this if you are using OpenSSL
-# USE_OPENSSL=yes
+USE_OPENSSL=yes
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
# and an optional location.
# USE_OPENSSL_PC=openssl
-# TLS_LIBS=-lssl -lcrypto
+TLS_LIBS=-lssl -lcrypto
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
# Uncomment this if you are using GnuTLS
-USE_GNUTLS=yes
+# USE_GNUTLS=yes
# Uncomment one of these settings if you are using GnuTLS; pkg-config vs not
# and an optional location. If you disable SUPPORT_DANE below, you
# can remove the gnutls-dane references here. Earlier versions of GnuTLS
# required libtasn1 and libgrypt also; add if needed.
# USE_GNUTLS_PC=gnutls gnutls-dane
-TLS_LIBS=-lgnutls -lgnutls-dane
+# TLS_LIBS=-lgnutls -lgnutls-dane
# TLS_LIBS=-L/usr/local/gnu/lib -lgnutls -ltasn1 -lgcrypt -lgnutls-dane
# If using GnuTLS older than 2.10 and using pkg-config then note that Exim's

562
debian/NEWS vendored Normal file
View file

@ -0,0 +1,562 @@
exim4 (4.97-1) unstable; urgency=medium
exiqgrep now requires that at least one selection option or -c is
specified therefore "exiqgrep -i" to list all messages-ids
does not work anymore. Exim now offers a commandline switch (-bpi) to
accomplish this.
-- Andreas Metzler <ametzler@debian.org> Sat, 04 Nov 2023 18:28:43 +0100
exim4 (4.97~RC0-2) unstable; urgency=low
Changed format of the internal ID used for message identification.
- Upgrading should work seamlessly.
- Downgrading to 4.96 requires stopping the daemon and running
exim_id_update -d
before running the older daemon.
-- Andreas Metzler <ametzler@debian.org> Sun, 10 Sep 2023 14:04:49 +0200
exim4 (4.96-20) experimental; urgency=low
Drop support for configuring daemon startup by setting QUEUERUNNER in
/etc/default/exim4.
Also replace QFLAGS, QUEUEINTERVAL, COMMONOPTIONS, QUEUERUNNEROPTIONS and
SMTPLISTENEROPTIONS settings for init script/service file in
etc/default/exim4 with a combined EXIMSERVICE (for systemd) or
EXIMDAEMONOPTS (init script) directive.
Most of the previous functionality is available by different
means:
+ Disable running an exim daemon this way ('nodaemon'):
-> Use the native functionality of the init system you are using, e.g.
for systemd mask the service.
+ Start two separate daemon processes, one for listening on port 25 and
another for queue running ('separate')
-> Not supported anymore.
+ Run a daemon that both listens on port 25 and runs the queue.
-> default behavior ('-bdf -q30m' / '-bd -q30m')
+ Run a daemon that either listens on port 25 and runs the queue.
-> set to -bdf/-bd without -q30m or vice versa.
+ Only run queue when a ppp connection is made ('ppp'):
-> Disable queuerunner like noted above and remove the 'exit 0' from
the start of /etc/ppp/ip-up.d/exim4
-- Andreas Metzler <ametzler@debian.org> Wed, 16 Aug 2023 17:44:59 +0200
exim4 (4.96-1) unstable; urgency=low
The allow_insecure_tainted_data main config option and the "taint"
log_selector were removed. (See previous entry for exim4 4.94-18.)
Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects "pipe", "lmtp"
and "queryprogram" transport, transport-filter, and ETRN commands. The
${run} expansion is also affected: in "preexpand" mode no part of the
command line may be tainted, in default mode the executable name may not
be tainted.
Query-style lookups are now checked for quoting, if the query string is
built using untrusted data ("tainted"). For now lack of quoting is
merely logged; a future release will upgrade this to an error.
-- Andreas Metzler <ametzler@debian.org> Sun, 26 Jun 2022 14:11:00 +0200
exim4 (4.94-18) experimental; urgency=medium
Please consider exim 4.93/4.94 a *major* exim upgrade. It introduces the
concept of tainted data read from untrusted sources, like e.g. message
sender or recipient. This tainted data (e.g. $local_part or $domain)
cannot be used among other things as a file or directory name or command
name.
This WILL BREAK configurations which are not updated accordingly.
Old Debian exim configuration files also will not work unmodified, the new
configuration needs to be installed with local modifications merged in.
Typical nonworking examples include:
* Delivery to /var/mail/$local_part. Use $local_part_data in combination
with check_local_user.
* Using
data = ${lookup{$local_part}lsearch{/some/path/$domain/aliases}}
instead of
data = ${lookup{$local_part}lsearch{/some/path/$domain_data/aliases}}
for a virtual domain alias file.
The basic strategy for dealing with this change is to use the result of a
lookup in further processing instead of the original (remote provided)
value.
To ease upgrading there is a new main configuration option to temporarily
downgrade taint errors to warnings, letting the old configuration work with
the newer exim. To make use of this feature add
.ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
allow_insecure_tainted_data = yes
.endif
to the exim configuration (e.g. to /etc/exim4/exim4.conf.localmacros)
*before* upgrading to exim 4.93/4.94 and check the logfile for taint
warnings. This is a temporary workaround which is already marked for
removal on introduction.
-- Andreas Metzler <ametzler@debian.org> Sun, 25 Apr 2021 07:42:26 +0200
exim4 (4.94-16) unstable; urgency=medium
The configuration now enforces certificate verification against the
system trust store on encrypted connections using the
remote_smtp_smarthost transport (smarthost and satellite setups).
Delivery will therefore fail if the host certificates are not verifyable
and non TLS delivery is not available (e.g. because AUTH PLAIN is used).
-- Andreas Metzler <ametzler@debian.org> Wed, 17 Mar 2021 13:50:44 +0100
exim4 (4.87-3) unstable; urgency=medium
Starting with 4.87~RC1-1 exim will not accept or send out messages with
physical lines longer than 998 characters by SMTP DATA. Delivery of such
RFC-violating message might fail and subsequently cause routing errors and
loss of legitimate mail. See <https://bugs.exim.org/show_bug.cgi?id=1684>.
This limit can be disabled by setting the macro
IGNORE_SMTP_LINE_LENGTH_LIMIT.
-- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2016 14:03:10 +0200
exim4 (4.87-2) unstable; urgency=medium
exim4-daemon heavy does not support the "demime" ACL condition
(WITH_OLD_DEMIME) anymore. It was superceded by the acl_smtp_mime ACL and
will not be part of the next upstream release.
-- Andreas Metzler <ametzler@debian.org> Sat, 30 Apr 2016 13:38:29 +0200
exim4 (4.87~RC6-3) unstable; urgency=medium
As part of the fix for CVE-2016-1531 updated Exim versions clean
the complete execution environment by default, affecting Exim and
subprocesses such as routers calling other programs, and thus may break
existing installations. New configuration options (keep_environment,
add_environment) were introduced to adjust this behavior. Because of the
possible breakage Exim will show a runtime warning if keep_environment is
not set.
The Debian exim4 configuration does not rely on specific environment
variables and therefore sets 'keep_environment =' (i.e confirm empty
environment).
Users of custom Exim configurations will need to check whether their setup
continues to work with the abovementioned upstream change and modify the
Exim environment as needed otherwise. If the setup works fine with empty
environment it is still necessary to set the main configuration option
"keep_environment =" to quiet the runtime warning.
See <https://exim.org/static/doc/CVE-2016-1531.txt> for details.
-- Andreas Metzler <ametzler@debian.org> Wed, 23 Mar 2016 18:44:22 +0100
exim4 (4.80~rc6-1) experimental; urgency=low
Upstream's handling of GnuTLS DH parameters has changed, hardcoded
parameters (from RFCs are used by default. See
/usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping
/usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl
and /var/spool/exim4/gnutls-params-2236.
-- Andreas Metzler <ametzler@debian.org> Sun, 27 May 2012 18:46:48 +0200
exim4 (4.80~rc2-1) experimental; urgency=low
Ldap lookups returning multi-valued attributes now separate the attributes
with only a comma, not a comma-space sequence.
The GnuTLS support has been mostly rewritten. exim main configuration
options gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols,
are no longer supported. (They are ignored if present now, but will trigger
an error in later releases.) Their functionality is entirely subsumed into
tls_require_ciphers. In turn, tls_require_ciphers is no longer an Exim list
and is not parsed by Exim, but is instead given to gnutls_priority_init(3).
See /exim4-base/usr/share/doc/exim4-base/README.UPDATING.gz for details.
-- Andreas Metzler <ametzler@debian.org> Sat, 22 Oct 2011 19:16:58 +0200
exim4 (4.77~rc4-1) experimental; urgency=low
Exim no longer performs string expansion on the second string of
the match_* expansion conditions: "match_address", "match_domain",
"match_ip" & "match_local_part". Named lists can still be used.
The previous behavior made it too easy to create (remotely) vulnerable
configurations. A more detailed rationale and explanation can be found on
https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html
-- Andreas Metzler <ametzler@debian.org> Thu, 05 Oct 2011 19:22:52 +0200
exim4 (4.72-3) unstable; urgency=low
Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345.
This is a privilege escalation issue that allows the exim user to gain
root privileges by specifying an alternate configuration file using the -C
option. The macro override facility (-D) might also be misused for this
purpose.
In reaction to this security vulnerability upstream has made a number of
user visible changes. This package includes these changes.
---------------------------------------------------------
If exim is invoked with the -C or -D option the daemon will not regain
root privileges though re-execution. This is usually necessary for local
delivery, though. Therefore it is generally not possible anymore to run an
exim daemon with -D or -C options.
However this version of exim has been built with
TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST
defines a list of configuration files which are trusted; if a config file
is owned by root and matches a pathname in the list, then it may be
invoked by the Exim build-time user without Exim relinquishing root
privileges.
As a hotfix to not break existing installations of mailscanner we have
also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start
exim with -DOUTGOING while being able to do local deliveries.
If you previously were using -D switches you will need to change your
setup to use a separate configuration file. The ".include" mechanism
makes this easy.
---------------------------------------------------------
The system filter is run as exim_user instead of root by default. If your
setup requies root privileges when running the system filter you will
need to set the system_filter_user exim main configuration option.
---------------------------------------------------------
-- Andreas Metzler <ametzler@debian.org> Sat, 18 Dec 2010 18:57:16 +0100
exim4 (4.69-4) unstable; urgency=low
In reaction to #475194, the size of the Diffie-Hellman parameters
used by exim was increased to 2048, which is GnuTLS's default.
Since periodically regenerating the Diffie-Hellman parameters
doesn't increase security that much (they're sent in clear text in the
TLS handshake, and some protocols even have hardcoded them in the
standard document), and automatically generating 2048 bits
Diffie-Hellman parameters can take a long time, this has been disabled
in the Exim4 packages starting with 4.69-4. All exim installations
will thus run with the Diffie-Hellman parameters shipped in the
package by default.
Really, really paranoid people with sufficiently fast machines will
want to set up a cron job calling
/usr/share/exim4/exim4_refresh_gnutls-params manually - suggested
interval is weekly or monthly.
-- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 27 Apr 2008 09:14:32 +0200
exim4 (4.68-1) unstable; urgency=low
In order to fix #420217, the handling of incoming messages to
system accounts has been changed once again. To allow system
account mail addresses to be redirected via traditional
/etc/aliases, system accounts are now processed later in the
router chain.
This has made it necessary to change the default behavior of the
real- prefix. real-foo is now only accessible for locally
generated messages, such as the error message generated by the
userforward router. If you need the old behavior back, set the
macro COND_LOCAL_SUBMITTER=true. As a side-effect, you can
entirely switch off the real- processing by setting
COND_LOCAL_SUBMITTER=false.
-- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 04 Oct 2007 22:34:01 +0200
exim4 (4.67-6) unstable; urgency=low
acl_whitelist_local_deny was renamed to acl_local_deny_exceptions
to avoid confusion. This means changes to ACLs, file names in
/etc/exim4/conf.d/acl and the exception list file names themselves.
CONFDIR/local_host_whitelist and CONFDIR/local_sender_whitelist
have been renamed to CONFDIR/host_local_deny_exceptions and
CONFDIR/sender_local_deny_exceptions. The old files will continue
to be honored for a transition period.
The old file conf.d/acl/20_exim4-config_whitelist_local_deny will
get a .dpkg-bak suffix if it had local changes, and it will be
removed if there were no local changes. In the case of local changes,
you'll need to repeat these changes in the new file
conf.d/acl/20_exim4-config_local_deny_exceptions.
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 05 Sep 2007 21:22:22 +0200
exim4 (4.67-5) unstable; urgency=low
The macro generation in update-exim4.conf has been changed once
more. update-exim4.conf now looks for the (non-commented!)
definition of the exim configuration macro UPEX4CmacrosUPEX4C to
an arbitrary, non-empty value, and inserts the generated macro
definitions right after this line, without changing it.
update-exim4.conf looks for commented UPEX4CmacrosUPEX4C (which
used to be the place marker in earlier 4.67-x versions) and barfs
if it finds them anywhere in /etc/exim4/exim4.conf.template or
recursively /etc/exim4/conf.d. This check - as a feature - also
includes files that would normally be excluded by
update-exim4.conf, such as .dpkg-old and .dpkg-dist files.
If you insist on having a commented UPEX4CmacrosUPEX4C in your
exim configuration and don't want update-exim4.conf to barf, set
the exim macro UPEX4CmacrosOK_config_adapted to a non-empty value.
-- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 28 Jun 2007 08:29:36 +0200
exim4 (4.67-4) unstable; urgency=low
Since a lot of users did not read the docs while upgrading and
filed bug reports about exim4-config failing to install due to a
"malformed macro definition", update-exim4.conf.conf now checks
for DEBCONFsomethingDEBCONF strings anywhere in
/etc/exim4/exim4.conf.template or recursively /etc/exim4/conf.d
and barfs if such strings are found. This check - as a feature - also
includes files that would normally be excluded by
update-exim4.conf.
It _is_ necessary to either accept the offered configuration file
change _or_ to manually check a manually changed exim config. Exim
will _NOT_ run if a configuration file of an older version is
being used with a more recent exim4-config.
If you insist on having DEBCONFsomethingDEBCONF strings in your
exim configuration and don't want update-exim4.conf to barf, set
the exim macro DEBCONFstringOK_config_adapted to a non-empty
value.
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 22 Jun 2007 12:50:38 +0200
exim4 (4.67-2) experimental; urgency=low
The symlink /etc/exim4/email-addresses caused data loss for people
who had a local file named /etc/exim4/email-addresses. The Debian
tools do not handle symlinks in /etc which are contained in
packages very well, so we decided to simply remove it. Please
submit a tested patch if you think that it would be a more elegant
way to handle the transition from /etc/exim4/email-addresses to
/etc/email-addresses.
There is now a possibility to modify handling of incoming messages
to system accounts, identified by their UID (see
conf.d/router/250_exim4-config_lowuid). If you want this, set the
macro FIRST_USER_ACCOUNT_UID (which defaults to 0) to the UID of
your first "real" user account. Incoming messages for an account
with an UID below that value get routed according to the extra
alias file /etc/exim4/lowuid-aliases. If an account does not have
an alias there, it gets routed to the value of the macro
DEFAULT_SYSTEM_ACCOUNT_ALIAS, which defaults to ":fail: no mail to
system accounts" and gets the message rejected. You can use this
mechanism to route all messages for system accounts to a single
address, with exceptions. Locally generated messages are not
processed by this facility.
Generation of the final exim configuration has changed. The
configuration no longer has the DEBCONFsomethingDEBCONF
placeholders. All data from Debconf are put into exim
configuration macros by update-exim4.conf, which are then
appropriately picked up by the configuration itself. There should
be no visible change to people who have not modified their
configuration, but customized configurations need to adapt.
We now do basic sanitizing of input read from
update-exim4.conf.conf. If your update-exim4.conf complains about
non-ascii values, you have found a bug. Please report it.
-- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 11 Jun 2007 14:09:24 +0200
exim4 (4.62-7) unstable; urgency=low
Bug #392993 says that 4.63-5 and -6 have overwritten manual
setting of dc_local_delivery with one of the default versions if
you have set dc_local_delivery to a value that is not either
mail_spool or maildir_home. Please verify that your
dc_local_delivery does still point to the transport you have
chosen.
Please note that the debconf configuration only supports plain
lists. Advanced features like "dsearch;" entered there may work
today, but are not guaranteed to continue working in the future.
If you want to use such features, please use the macros made
available for use in the configuration or edit the configuration
itself.
This allows us to use semicolons as list delimiters consistently
while still being backwards compatible to colon-separated lists
without driving code complexity up too high.
Starting with this version, update-exim4.conf will print a warning
if a dsearch lookup is found in the list of local domains,
dc_local_domains since there is a HOWTO on the Internet that
recommends doing this kind of things and this will _not_ work any
more.
-- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 15 Oct 2006 10:00:15 +0000
exim4 (4.62-4) unstable; urgency=low
exim4-config has had its debconf templates re-worked. Basic
functionality is unchanged, so you shouldn't expect a real
difference. The priority of most questions has been lowered to
medium, so that the Installer can install exim4 with no questions
being asked. The default is local delivery only. Mail messages for
root and postmaster are delivered to an mbox file in
/var/mail/mail, make sure to read them.
You can do the full exim4 configuration by calling
dpkg-reconfigure exim4-config as root.
It is now finally possible to configure exim4 to deliver outgoing
mail to a smarthost on a port number different from 25 via debconf.
-- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 9 Oct 2006 14:12:25 +0000
exim4 (4.62-3) unstable; urgency=low
A template for SPF support is now provided. It is disabled by
default, and relies on external calls to spfquery(1) from the
libmail-spf-query-perl package. For details, check README.Debian,
and conf.d/acl/30_exim4-config_check_rcpt.
-- Robert Millan <rmh@aybabtu.com> Fri, 28 Jul 2006 22:43:56 +0200
exim4 (4.62-1) unstable; urgency=low
Please note that the handling of update-exim4.conf.conf has
changed with regard to dc_local_interfaces and dc_relay_nets: If
the strings given there contain a semicolon, the string "<;" is
now prepended to the value written to the configuration file to
consider ; a list separator. This significantly helps writing down
IPv6 addresses, but means that if you use complex things like
lookups in update-exim4.conf.conf, you'll have to change your
configuration to use the macros that directly interfere with the
configuration.
127.0.0.1 and ::1 have been removed from the default hostlist
relay_from_hosts - these addresses are now added by
update-exim4.conf with the appropriate separator. If you set
MAIN_RELAY_NETS manually, you'll need to add these two addresses
to your local host list.
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 29 Apr 2006 22:36:31 +0000
exim4 (4.60-2) unstable; urgency=low
The exim4 daemon packages now include a symlink from
/usr/sbin/exim4 to /usr/sbin/exim. This can break exim 3 cron and
init scripts if the last exim 3 you had installed was any earlier
than 3.36-5 and the conffiles from your exim 3 package are still
around. Be sure to have any exim 4 earlier than 3.36-5 _purged_
(not removed) before installing this package.
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 24 Jan 2006 14:58:08 +0100
exim4 (4.50-5) unstable; urgency=low
mailname, the local name of the system used to qualify senders and
recipients is no longer a local domain by default. Having local
delivery for that host name used to break satellite and smarthost
setups where no local delivery was expected.
/etc/exim4/update-exim4.conf.conf is modified automatically on
upgrade from the appropriate earlier versions, so if you don't do any
funky things with /etc/exim4/update-exim4.conf.conf, you should be fine.
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 2 Apr 2005 20:31:27 +0200
exim4 (4.43-3) unstable; urgency=low
/etc/exim4/email-addresses is ignored now, please use /etc/email-addresses!
The last version of exim4 that shipped this file was uploaded on the
19th of May 2003, and I really do not want to start sarge with cruft like
that.
-- Andreas Metzler <ametzler@debian.org> Mon, 10 Jan 2004 10:05:34 +0100
exim4 (4.34-1) unstable; urgency=low
Debconf will not ask for relay_domains if configuring smarthost or
satellite-type systems. - This functionality was untested and could
generate mail-loops.
-- Andreas Metzler <ametzler@debian.org> Wed, 12 May 2004 13:42:23 +0200
exim4 (4.31-2) unstable; urgency=low
The local_scan perl-plugin has been removed because upstream
development has stopped. (am)
-- Andreas Metzler <ametzler@debian.org> Mon, 5 Apr 2004 15:55:12 +0200
exim4 (4.30-5) unstable; urgency=low
(Re)introduce /etc/exim4/exim4.conf.template as alternative to the
multiple small files in /etc/exim4/conf.d/ and make it the default choice
for fresh installations. This trades in a loss of comfort (you will again
need to merge in each small change manually) for increased stability.
-- Andreas Metzler <ametzler@debian.org> Sun, 11 Jan 2004 13:03:43 +0100
exim4 (4.30-1) unstable; urgency=low
* Exim now runs under its own uid (Debian-exim) instead of using mail:mail.
WARNING: You cannot downgrade this version to an older one without
manual chown|chrgrp all files owned by Debian-exim to mail.
Securitywise this is a tradeoff:
- if exim is SUID root and runs without deliver_drop_privilege you win:
exim's internal data in /var/spool/exim4 is not open to attacks by
bugs in programs SGID mail (mail delivery agents like deliver or
procmail, or MUAs like pine) anymore. This is Debian's default setup.
- OTOH if you need to be able to make local deliveries to /var/mail and
want to run exim with reduced priviledge you have some additional work
to do:
* Use an SGID MDA for the actual delivery (I suggest maildrop.)
* Make changes to run exim4 under group mail:
- exim_group=mail.
- Hack: make Debian-exim a group with gid=8, i.e. an alias for
the mail group, _before_ you make the upgrade. (groupadd -o -g 8
Debian-exim)
-- Andreas Metzler <ametzler@debian.org> Sun, 7 Dec 2003 13:59:46 +0100
exim4 (4.24-1) unstable; urgency=low
* This version of exim cannot run deliveries as root anymore, see change
5a for exim 4.23 in /usr/share/doc/exim4-base/changelog.gz. If you
don't redirect mail for root via /etc/aliases to a nonpriviledged
account the mail will be delivered to /var/mail/mail with permissions
0600 and owner mail:mail.
-- Andreas Metzler <ametzler@debian.org> Fri, 3 Oct 2003 18:11:17 +0200
exim4 (4.22-2) unstable; urgency=low
Include exiscan-acl patch http://duncanthrax.net/exiscan-acl/ in
-heavy and -custom for easy integration of content-scanning and
invoking spamassassin at SMTP time.
-- Andreas Metzler <ametzler@debian.org> Wed, 27 Aug 2003 12:50:59 +0200
exim4 (4.22-1) unstable; urgency=low
* The way that the $h_ (and $header_) expansions work has been changed
by the addition of RFC 2047 decoding. See the main documentation (the
NewStuff file until release 4.30, then the manual) for full details.
Exim shipped with Debian defaults to HEADER_DECODE_TO="UTF-8"
-- Andreas Metzler <ametzler@debian.org> Mon, 18 Aug 2003 16:51:47 +0200
exim4 (4.20-2) unstable; urgency=low
Rewriting now uses /etc/email-addresses instead of
/etc/exim4/email-addresses like exim v3 did. Please move the contents to
the new file and delete the old one, when you have time to spare.
-- Andreas Metzler <ametzler@debian.org> Tue, 15 Jul 2003 10:20:15 +0200

2073
debian/README.Debian.xml vendored Normal file
View file

File diff suppressed because it is too large Load diff

7445
debian/changelog vendored Normal file
View file

File diff suppressed because it is too large Load diff

1128
debian/changelog.Debian.old vendored Normal file
View file

File diff suppressed because it is too large Load diff

71
debian/config-custom/create-custom-config-package vendored Executable file
View file

@ -0,0 +1,71 @@
#!/bin/bash
if [ -n "$1" ]; then
PACKAGESUFFIX="$1"
else
PACKAGESUFFIX="custom"
fi
TARGETDIR="../exim4-config-$PACKAGESUFFIX"
#DEBUG=1
# copy over -changelog, generating a proper changelog entry
# copy over ip-up.d, email-addresses
dh_testdir
set -e
copytextreplace() {
FILE="$1"
DSTFILE="$2"
DIR="${FILE%/*}"
FILE="${FILE##*/}"
if [ -z "$DSTFILE" ]; then
DSTFILE="$FILE"
fi
[ $DEBUG ] && echo >&2 "DBG: source $DIR/$FILE"
[ $DEBUG ] && echo >&2 "DBG: dst $TARGETDIR/$DIR/$DSTFILE"
mkdir -p $TARGETDIR/$DIR
if ! [ -e "$TARGETDIR/$DIR/$FILE" ]; then
< $DIR/$FILE \
sed -e "s/exim4-config/exim4-config-$PACKAGESUFFIX/g" \
-e "s/orig-exim4-config-$PACKAGESUFFIX/exim4-config/g" \
> $TARGETDIR/$DIR/$DSTFILE
chmod --reference=$DIR/$FILE $TARGETDIR/$DIR/$DSTFILE
else
echo >&2 "ERR: can't write to $TARGETDIR/$DIR/$DSTFILE, file exists"
exit 1
fi
}
for file in manpages config templates postinst postrm dirs; do
copytextreplace debian/exim4-config.$file exim4-config-$PACKAGESUFFIX.$file
done
for file in `cat debian/exim4-config.manpages` \
`find debian/debconf \( -path '*/.svn/*' -prune \) -or \( -type f -print \)`; do
copytextreplace $file
done
for file in compat control copyright rules install; do
copytextreplace debian/config-custom/debian/$file
done
for file in ip-up.d email-addresses; do
copytextreplace debian/$file
done
# manual corrections in target directory
mv $TARGETDIR/debian/config-custom/debian/* $TARGETDIR/debian
rm -rf $TARGETDIR/debian/config-custom
chmod 775 $TARGETDIR/debian/rules
# hack changelog
< debian/changelog sed -n "/^exim4/{s/exim4/exim4-config-$PACKAGESUFFIX/p;q;}" > $TARGETDIR/debian/changelog
echo -e "\n * automatically generated changelog" >> $TARGETDIR/debian/changelog
< debian/changelog sed -n '/^ --/{p;q;}' >> $TARGETDIR/debian/changelog
cd $TARGETDIR
dch --append "generated source package by create-custom-package"

1
debian/config-custom/debian/compat vendored Normal file
View file

@ -0,0 +1 @@
4

18
debian/config-custom/debian/control vendored Normal file
View file

@ -0,0 +1,18 @@
Source: exim4-config
Section: mail
Priority: optional
Maintainer: locally built <root@localhost>
Standards-Version: 3.6.1.0
Build-Depends-Indep: debhelper (>= 4.0.1)
Package: exim4-config
Architecture: all
Priority: important
Conflicts: orig-exim4-config
Replaces: orig-exim4-config
Provides: orig-exim4-config, orig-exim4-config-2
Depends: ${shlibs:Depends}, ${misc:Depends}, exim4-base
Description: exim4-config locally modified Debian configuration for exim4
This package provides the configuration for the exim4 daemon
packages. It is a locally built special version derived from
orig-exim4-config.

15
debian/config-custom/debian/copyright vendored Normal file
View file

@ -0,0 +1,15 @@
This is a custom made configuration package for Debian GNU/Linux's
prepackaged version of exim4, a powerful yet easy to configure mail
transport agent.
This package was originally made by create-custom-package, a script
written by Marc Haber <mh+debian-packages@zugschlus.de> using work
provided by Andreas Metzler <ametzler@downhill.at.eu.org>.
create-custom-package uses the exim4 source package to build this
source package.
The files in this package are free software; you can redistribute them
and/or modify them under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2, or (at
your option) any later version. Full text of the license can be found
at /usr/share/common-licenses/GPL

2
debian/config-custom/debian/install vendored Normal file
View file

@ -0,0 +1,2 @@
debian/debconf/update-exim4.conf.template usr/sbin
debian/debconf/exim4.conf.template etc/exim4

93
debian/config-custom/debian/rules vendored Executable file
View file

@ -0,0 +1,93 @@
#!/usr/bin/make -f
# debian/rules for exim4-config-custom
# This file is public domain software, originally written by Joey Hess.
#
# Uncomment this to turn on verbose mode.
export DH_VERBOSE=1
buildname=$${build:-`$(SHELL) scripts/os-type`-`$(SHELL) scripts/arch-type`}
DEBIAN:=$(shell pwd)/debian
configure: configure-stamp
# the patches might change src/EDITME.
configure-stamp:
dh_testdir
touch configure-stamp
build-indep: build-indep-stamp
build-indep-stamp:
dh_testdir
touch build-indep-stamp
build: build-indep
clean: cleanfiles
cleanfiles:
dh_testdir
dh_testroot
rm -f build-indep-stamp configure-stamp install-stamp debian/files
rm -f debian/debconf/exim4.conf.template
# Add here commands to clean up after the build process.
dh_clean
install: install-stamp
install-stamp: build
dh_testdir
dh_testroot
dh_clean -k
dh_installdirs
install -m 755 debian/debconf/update-exim4.conf debian/exim4-config/usr/sbin
# install -m644 debian/debconf/exim4.conf.template debian/exim4-config/etc/exim4
# ship a copy in examples
# install -m644 debian/debconf/exim4.conf.template debian/exim4-config/usr/share/doc/exim4-config/examples/exim4.conf.template.debconf
install -m644 debian/email-addresses debian/exim4-config/etc
install -m755 debian/ip-up.d debian/exim4-config/etc/ppp/ip-up.d/exim4
cd $(DEBIAN)/debconf/conf.d && \
tar cf - `find \( -path '*/.svn/*' -prune \) -or \( -type f -print \)` | \
{ cd $(DEBIAN)/exim4-config/etc/exim4/conf.d/ && \
tar xf - ; }
chmod 755 debian/debconf/update-exim4.conf.template
CONFDIR=$(DEBIAN)/debconf debian/debconf/update-exim4.conf.template --nobackup --run
# dh_movefiles
touch install-stamp
# Build architecture-independent files here.
binary-indep: build install
dh_testdir -i
dh_testroot -i
dh_installchangelogs -i
dh_installdocs -i
dh_installexamples -i
dh_installmenu -i
dh_installdebconf -i
dh_installlogrotate -i
# dh_installemacsen -i
dh_installpam -i
dh_installmime -i
# dh_installinit -i
dh_installcron -i
# dh_installinfo -i
# dh_undocumented -i
dh_installman -i
dh_install -i
dh_strip -i
dh_link -i
dh_compress -i
dh_fixperms -i
# dh_makeshlibs -i
dh_installdeb -i
# dh_perl -i
dh_shlibdeps -i
dh_gencontrol -i
dh_md5sums -i
dh_builddeb -i
binary: binary-indep
.PHONY: build clean binary-indep binary-arch binary install

341
debian/control vendored Normal file
View file

@ -0,0 +1,341 @@
# * -base and daemon of the same upstream version enforced by a Breaks
# in -base and a versioned Depends of the daemon-packages on -base
# * -base depends on -config, without automatic versioning.
Source: exim4
Section: mail
Priority: standard
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Uploaders:
Andreas Metzler <ametzler@debian.org>,
Homepage: https://www.exim.org/
Standards-Version: 4.7.2
Rules-Requires-Root: binary-targets
Vcs-Git: https://salsa.debian.org/exim-team/exim4.git
Vcs-Browser: https://salsa.debian.org/exim-team/exim4
Build-Depends:
debhelper-compat (= 13),
default-libmysqlclient-dev,
docbook-xml,
docbook-xsl,
libdb5.3-dev,
libfile-fcntllock-perl,
libgnutls28-dev (>= 3.5.7),
libident-dev,
libidn-dev,
libidn2-dev,
libldap2-dev,
libnsl-dev,
libpam0g-dev,
libpcre2-dev,
libperl-dev,
libpq-dev,
libsasl2-dev,
libspf2-dev,
libsqlite3-dev,
libx11-dev,
libxaw7-dev,
libxext-dev,
libxmu-dev,
libxt-dev,
lynx,
po-debconf,
xsltproc,
Package: exim4-base
Architecture: any
Priority: optional
Breaks:
exim4-daemon-custom (<<${Upstream-Version}),
exim4-daemon-heavy (<<${Upstream-Version}),
exim4-daemon-light (<<${Upstream-Version}),
Conflicts:
exim,
exim-tls,
Replaces:
exim,
exim-tls,
exim4-daemon-custom,
exim4-daemon-heavy,
exim4-daemon-light,
Depends:
adduser,
cron | cron-daemon | anacron | systemd-sysv,
exim4-config (>=4.94) | exim4-config-2,
libfile-fcntllock-perl,
netbase,
${misc:Depends},
${perl:Depends},
${shlibs:Depends},
# psmisc just for exiwhat.
# mailx for cronjob
Recommends:
bsd-mailx | mailx,
psmisc,
Suggests:
exim4-doc-html | exim4-doc-info,
eximon4,
file,
gnutls-bin | openssl,
mail-reader,
spf-tools-perl,
swaks,
Description: support files for all Exim MTA (v4) packages
Exim (v4) is a mail transport agent. exim4-base provides the support
files needed by all exim4 daemon packages. You need an additional package
containing the main executable. The available packages are:
.
exim4-daemon-light
exim4-daemon-heavy
.
If you build exim4 from the source package locally, you can also
build an exim4-daemon-custom package tailored to your own feature set.
.
The Debian exim4 packages have their own web page,
http://wiki.debian.org/PkgExim4. There is also a Debian-specific
FAQ list. Information about the way the Debian packages are
configured can be found in
/usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
information about the way the Debian binary packages are built. The
very extensive upstream documentation is shipped in
/usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
configuration process in a standard setup, invoke dpkg-reconfigure
exim4-config. There is a Debian-centered mailing list,
pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
questions there, and only write to the upstream exim-users mailing
list if you are sure that your question is not Debian-specific. You
can find the subscription web page on
http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
Package: exim4-config
Architecture: all
Priority: optional
Breaks:
exim4-daemon-heavy (<< 4.94),
exim4-daemon-light (<< 4.94),
Provides:
exim4-config-2,
Conflicts:
exim,
exim-tls,
exim4-config,
exim4-config-2,
${MTA-Conflicts},
Depends:
adduser,
${misc:Depends},
${shlibs:Depends},
Recommends:
ca-certificates,
Description: configuration for the Exim MTA (v4)
Exim (v4) is a mail transport agent. exim4-config provides the configuration
for the exim4 daemon packages. The configuration framework has been split
off the main package to allow sites to replace the configuration scheme
with their own without having to change the actual exim4 packages.
.
Sites with special configuration needs (having a lot of identically
configured machines for example) can use this to distribute their own
custom configuration via the packaging system, using the magic
available with dpkg's conffile handling, without having to do local
changes on all of these machines.
.
The Debian exim4 packages have their own web page,
http://wiki.debian.org/PkgExim4. There is also a Debian-specific
FAQ list. Information about the way the Debian packages are
configured can be found in
/usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
information about the way the Debian binary packages are built. The
very extensive upstream documentation is shipped in
/usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
configuration process in a standard setup, invoke dpkg-reconfigure
exim4-config. There is a Debian-centered mailing list,
pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
questions there, and only write to the upstream exim-users mailing
list if you are sure that your question is not Debian-specific. You
can find the subscription web page on
http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
Package: exim4-daemon-light
Architecture: any
Priority: optional
Provides:
mail-transport-agent,
${dist:Provides:exim4-daemon-light},
${localscanabiversion},
Conflicts:
mail-transport-agent,
Replaces:
exim4-base (<= 4.61-1),
mail-transport-agent,
Depends:
exim4-base (>= ${Upstream-Version}),
${misc:Depends},
${shlibs:Depends},
Description: lightweight Exim MTA (v4) daemon
Exim (v4) is a mail transport agent. This package contains the exim4
daemon with only basic features enabled. It works well with the
standard setups that are provided by Debian and includes support for
TLS encryption and the dlopen patch to allow dynamic loading of a
local_scan function.
.
The Debian exim4 packages have their own web page,
http://wiki.debian.org/PkgExim4. There is also a Debian-specific
FAQ list. Information about the way the Debian packages are
configured can be found in
/usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
information about the way the Debian binary packages are built. The
very extensive upstream documentation is shipped in
/usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
configuration process in a standard setup, invoke dpkg-reconfigure
exim4-config. There is a Debian-centered mailing list,
pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
questions there, and only write to the upstream exim-users mailing
list if you are sure that your question is not Debian-specific. You
can find the subscription web page on
http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
Package: exim4
Architecture: all
Priority: optional
Depends:
debconf (>= 1.4.69) | cdebconf (>= 0.39),
exim4-base (<< ${source:Version}.1),
exim4-base (>= ${source:Version}),
exim4-daemon-light (>= ${source:Version}) | exim4-daemon-heavy (>= ${source:Version}) | exim4-daemon-custom (>= ${source:Version}),
${misc:Depends},
Description: metapackage to ease Exim MTA (v4) installation
Exim (v4) is a mail transport agent. exim4 is the metapackage depending
on the essential components for a basic exim4 installation.
.
The Debian exim4 packages have their own web page,
http://wiki.debian.org/PkgExim4. There is also a Debian-specific
FAQ list. Information about the way the Debian packages are
configured can be found in
/usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
information about the way the Debian binary packages are built. The
very extensive upstream documentation is shipped in
/usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
configuration process in a standard setup, invoke dpkg-reconfigure
exim4-config. There is a Debian-centered mailing list,
pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
questions there, and only write to the upstream exim-users mailing
list if you are sure that your question is not Debian-specific. You
can find the subscription web page on
http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
Package: exim4-daemon-heavy
Architecture: any
Priority: optional
Provides:
mail-transport-agent,
${localscanabiversion},
Conflicts:
mail-transport-agent,
Replaces:
exim4-base (<= 4.61-1),
mail-transport-agent,
Depends:
exim4-base (>= ${Upstream-Version}),
${misc:Depends},
${shlibs:Depends},
Breaks:
clamav-daemon (<< 0.95),
Description: Exim MTA (v4) daemon with extended features, including exiscan-acl
Exim (v4) is a mail transport agent. This package contains the exim4
daemon with extended features. In addition to the features already
supported by exim4-daemon-light, exim4-daemon-heavy includes LDAP,
sqlite, PostgreSQL and MySQL data lookups, SASL and SPA SMTP authentication,
embedded Perl interpreter, and the content scanning extension
(formerly known as "exiscan-acl") for integration of virus scanners
and spamassassin.
.
The Debian exim4 packages have their own web page,
http://wiki.debian.org/PkgExim4. There is also a Debian-specific
FAQ list. Information about the way the Debian packages are
configured can be found in
/usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
information about the way the Debian binary packages are built. The
very extensive upstream documentation is shipped in
/usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
configuration process in a standard setup, invoke dpkg-reconfigure
exim4-config. There is a Debian-centered mailing list,
pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
questions there, and only write to the upstream exim-users mailing
list if you are sure that your question is not Debian-specific. You
can find the subscription web page on
http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
#Package: exim4-daemon-custom
#Architecture: any
#Priority: optional
#Provides: ${localscanabiversion}, mail-transport-agent
#Conflicts: mail-transport-agent
#Replaces: exim4-base (<= 4.61-1), mail-transport-agent
#Depends:
# exim4-base (>= ${Upstream-Version}),
# ${misc:Depends},
# ${shlibs:Depends}
#Description: custom Exim MTA (v4) daemon with locally set features
# Exim (v4) is a mail transport agent. This package contains a
# custom-configured exim4 daemon compiled to local needs. This package
# is not part of official Debian, but can easily be built from the
# Debian source package. For information about the feature set compiled in,
# and for bug reports, please find out who built your package.
# .
# The Debian exim4 packages have their own web page,
# http://wiki.debian.org/PkgExim4. There is also a Debian-specific
# FAQ list. Information about the way the Debian packages are
# configured can be found in
# /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
# information about the way the Debian binary packages are built. The
# very extensive upstream documentation is shipped in
# /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
# configuration process in a standard setup, invoke dpkg-reconfigure
# exim4-config. There is a Debian-centered mailing list,
# pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
# questions there, and only write to the upstream exim-users mailing
# list if you are sure that your question is not Debian-specific. You
# can find the subscription web page on
# http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
Package: eximon4
Architecture: any
Priority: optional
Conflicts:
eximon,
Replaces:
eximon,
Depends:
exim4-base (>= 4.10),
${misc:Depends},
${shlibs:Depends},
Description: monitor application for the Exim MTA (v4) (X11 interface)
Eximon is a helper program for the Exim MTA (v4). It allows
administrators to view the mail queue and logs, and perform a variety
of actions on queued messages, such as freezing, bouncing and thawing
messages.
Package: exim4-dev
Architecture: any
Priority: optional
Depends:
${misc:Depends},
Description: header files for the Exim MTA (v4) packages
Exim (v4) is a mail transport agent. This package contains header
files that can be used to compile code that is then dynamically linked
to exim's local_scan interface.
.
The Debian exim4 packages have their own web page,
http://wiki.debian.org/PkgExim4. There is also a Debian-specific
FAQ list. Information about the way the Debian packages are
configured can be found in
/usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
information about the way the Debian binary packages are built. The
very extensive upstream documentation is shipped in
/usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
configuration process in a standard setup, invoke dpkg-reconfigure
exim4-config. There is a Debian-centered mailing list,
pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
questions there, and only write to the upstream exim-users mailing
list if you are sure that your question is not Debian-specific. You
can find the subscription web page on
http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

229
debian/copyright vendored Normal file
View file

@ -0,0 +1,229 @@
This is Debian GNU/Linux's prepackaged version of exim, a powerful yet easy
to configure mail transport agent.
-----------------------------------------------------------------
This package was put together from the original sources which are
maintained by Philip Hazel <ph10@cus.cam.ac.uk>, and which were
obtained from
https://downloads.exim.org/exim4/
Some modifications to the Makefiles have been made to fit with the Linux
FHS.
-----------------------------------------------------------------
-----------------------------------------------------------------
The exim content filtering extension, formally known as the
exiscan-acl patch, and which is included in exim4-daemon-heavy,
was written by Tom Kistner <tom@duncanthrax.net>.
/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003-???? */
/* License: GPL */
-----------------------------------------------------------------
-----------------------------------------------------------------
Debian Maintainer history:
- The Debian package for exim was originally made by Tim Cutts
<timc@chiark.greenend.org.uk>.
- Mark Baker <mbaker@iee.org> took over until exim version 3 and is
still involved with packaging.
- Steve Haslam, Hilko Bengen and Marc Haber generated the initial
packages of Exim v4.
- The exim4 packages are currently maintained by
- Core Team
- (mh) Marc Haber <mh+debian-packages@zugschlus.de> (team leader)
- (am) Andreas Metzler <ametzler@downhill.at.eu.org> (uploader)
- Commit Privileges
- (hb) Hilko Bengen <bengen@debian.org> (documentation, hacks etc)
- (cb) Christian Perrier <bubulle@debian.org> (translations)
The following people helped in preparing the exim4 packages and gave
important feedback:
- Marc Merlin provides the dlopen patch, making it possible to load
local_scan-routines for a external shared object.
The original patch was written by David Woodhouse, it was modified first
by Derrick 'dman' Hudson and afterwards by Marc Merlin.
- Sander Smeenk provided the TLS-docs and the script to generate the
self-signed certificates.
- The people on the exim4debian list that submitted bug-reports and -fixes,
and helped with design issues: Matthias Klose, Alexander Koch, Ola
Lundqvist, Andrew Mulholland, David Pashley, Andreas Piesk, Nick Phillips
and whoever I forgot to mention.
- syslog2eximlog script by Martin Godisch.
- Hilko Bengen converted the Debian documentation from plain-text to XML
format.
-----------------------------------------------------------------
-----------------------------------------------------------------
exim is Copyright (c) 1995 - 2018 University of Cambridge.
Copyright (c) 2006-2024 The Exim Maintainers
The original license is as follows (from the file NOTICE in the upstream
distribution); a copy of the GNU GPL version 2 is available in
/usr/share/common-licenses/GPL-2 on Debian systems.
_________________________________________________________________________
THE EXIM MAIL TRANSFER AGENT
----------------------------
Copyright (c) 2004 University of Cambridge
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
In addition, for the avoidance of any doubt, permission is granted to
link this program with OpenSSL or any other library package and to
(re)distribute the binaries produced as the result of such linking.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
UNSOLICITED EMAIL
-----------------
The use, supply or promotion of Exim for the purpose of sending bulk,
unsolicited electronic mail is incompatible with the basic aims of the program,
which revolve around the free provision of a service that enhances the quality
of personal communications. The author of Exim regards indiscriminate
mass-mailing as an antisocial, irresponsible abuse of the Internet.
INCORPORATED CODE
-----------------
A number of pieces of external code are included in the Exim distribution.
. Support for the cdb (Constant DataBase) lookup method is provided by code
contributed by Nigel Metheringham of Planet Online Ltd. which contains
the following statements:
_________________________________________________________________________
Copyright (c) 1998 Nigel Metheringham, Planet Online Ltd
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
This code implements Dan Bernstein's Constant DataBase (cdb) spec.
Information, the spec and sample code for cdb can be obtained from
http://www.pobox.com/~djb/cdb.html. This implementation borrows some code
from Dan Bernstein's implementation (which has no license restrictions
applied to it).
_________________________________________________________________________
The implementation is completely contained within the code of Exim. It
does not link against an external cdb library.
. Client support for Microsoft's "Secure Password Authentication" is pro-
vided by code contributed by Marc Prud'hommeaux. Server support was
contributed by Tom Kistner. This includes code taken from the Samba
project, which is released under the Gnu GPL.
. Support for calling the Cyrus "pwcheck" and "saslauthd" daemons is
provided by code taken from the Cyrus-SASL library and adapted by
Alexander S. Sabourenkov. The permission notice appears below, in
accordance with the conditions expressed therein.
_________________________________________________________________________
Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name 'Carnegie Mellon University' must not be used to endorse or
promote products derived from this software without prior written
permission. For permission or any other legal details, please
contact
Office of Technology Transfer
Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, PA 15213-3890
(412) 268-4387, fax: (412) 268-7395
tech-transfer@andrew.cmu.edu
4. Redistributions of any form whatsoever must retain the following
acknowledgment:
This product includes software developed by Computing Services at
Carnegie Mellon University (http://www.cmu.edu/computing/).
CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY
SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
_________________________________________________________________________
. The Exim Monitor program, which is an X-Window application, includes
modified versions of the Athena StripChart and TextPop widgets. This code
is copyright by DEC and MIT, and their permission notice appears below,
in accordance with the conditions expressed therein.
_________________________________________________________________________
Copyright 1987, 1988 by Digital Equipment Corporation, Maynard,
Massachusetts, and the Massachusetts Institute of Technology, Cambridge,
Massachusetts.
All Rights Reserved
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted, provided
that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting documen-
tation, and that the names of Digital or MIT not be used in advertising
or publicity pertaining to distribution of the software without specific,
written prior permission.
DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
_________________________________________________________________________
. Some of the code to support the use of maildirsize files for maildir
deliveries is taken from the Courier Imapd source code. This code is
released under the GPL.
_________________________________________________________________________
--
Philip Hazel University of Cambridge Computing Service,
-----------------------------------------------------------------
src/pdkim/*
PDKIM - a RFC4871 (DKIM) implementation
http://duncanthrax.net/pdkim/
Copyright (c) The Exim Maintainers 1995 - 2024
Copyright (C) 2009 - 2016 Tom Kistner <tom@duncanthrax.net>
Copyright (C) 2016 - 2020 Jeremy Harris <jgh@exim.org>
This copy of PDKIM is included with Exim. For a standalone distribution,
visit http://duncanthrax.net/pdkim/.
-----------------------------------------------------------------

95
debian/create-custom-package vendored Executable file
View file

@ -0,0 +1,95 @@
#!/bin/bash
set -e
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
dh_testdir
if [ -z "$(command -v grep-dctrl)" ] || ! [ -x "$(command -v grep-dctrl)" ]; then
echo >&2 "ERR: no grep-dctrl binary"
exit 1
fi
fakeroot debian/rules clean
if [ -n "$1" ]; then
PACKAGESUFFIX="$1"
fi
#DEBUG=1
dh_testdir
cd debian
replacepkgname() {
sed -e "s/exim4-daemon-custom/exim4-daemon-$PACKAGESUFFIX/g;\
s/exim4-custom/exim4-$PACKAGESUFFIX/g"
}
copytextreplace() {
FILE="$1"
DSTFILE="$2"
if [ -z "$DSTFILE" ]; then
echo >&2 "no destination file given to copytextreplace $FILE"
exit 1
fi
[ $DEBUG ] && echo >&2 "DBG: source $FILE"
[ $DEBUG ] && echo >&2 "DBG: dst $DSTFILE"
if ! [ -e "$DSTFILE" ]; then
< $FILE replacepkgname > $DSTFILE
chmod --reference=$FILE $DSTFILE
else
echo >&2 "ERR: can't write to $DSTFILE, file exists"
exit 1
fi
}
NEEDEDFILES="exim4-daemon-custom.* rules control"
for file in $NEEDEDFILES; do
if ! [ -e $file ]; then
echo >&2 "ERR: $file does not exist, not starting"
exit 1
fi
done
# the grep-dctrl|grep construct is necessary on woody,
# since woody grep-dctrl does not give sensible return values.
if grep-dctrl --field=Package exim4-daemon-$PACKAGESUFFIX control | \
grep -q '^Package:'; then
echo >&2 "ERR: there is already a debian/control entry for exim4-daemon-$PACKAGESUFFIX, not starting"
exit 1
fi
if grep -q exim4-daemon-$PACKAGESUFFIX rules; then
echo >&2 "ERR: exim4-daemon-$PACKAGESUFFIX already mentioned in debian/rules, not starting"
exit 1
fi
for file in exim4-daemon-custom.* ; do
copytextreplace $file ${file/exim4-daemon-custom/exim4-daemon-$PACKAGESUFFIX}
done
echo >> control
grep-dctrl --field=Package exim4-daemon-custom control | \
replacepkgname >> control
< rules sed "/^builddaemonpackages/ \
{s/^builddaemonpackages=/builddaemonpackages=exim4-daemon-$PACKAGESUFFIX /; \
}" > rules.new
echo >> rules.new
< rules sed -n "\
/^build-exim4-daemon-custom/,/^[^[:space:]]/ \
{ \
s/exim4-daemon-custom/exim4-daemon-$PACKAGESUFFIX/; \
s/exim4-custom/exim4-$PACKAGESUFFIX/; \
/^build-exim4-daemon-$PACKAGESUFFIX/p;
/^[^[:space:]]/d; \
p; \
}" \
>> rules.new
chmod --reference=rules rules.new
mv rules.new rules

8
debian/debconf/conf.d/acl/00_exim4-config_header vendored Normal file
View file

@ -0,0 +1,8 @@
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl

49
debian/debconf/conf.d/acl/20_exim4-config_local_deny_exceptions vendored Normal file
View file

@ -0,0 +1,49 @@
### acl/20_exim4-config_local_deny_exceptions
#################################
# This is used to determine whitelisted senders and hosts.
# It checks for CONFDIR/host_local_deny_exceptions and
# CONFDIR/sender_local_deny_exceptions.
#
# It is meant to be used from some other acl entry.
#
# See exim4-config_files(5) for details.
#
# If the files do not exist, the white list never matches, which is
# the desired behaviour.
#
# The old file names CONFDIR/local_host_whitelist and
# CONFDIR/local_sender_whitelist will continue to be honored for a
# transition period. Their use is deprecated.
acl_local_deny_exceptions:
accept
hosts = ${if exists{CONFDIR/host_local_deny_exceptions}\
{CONFDIR/host_local_deny_exceptions}\
{}}
accept
senders = ${if exists{CONFDIR/sender_local_deny_exceptions}\
{CONFDIR/sender_local_deny_exceptions}\
{}}
accept
hosts = ${if exists{CONFDIR/local_host_whitelist}\
{CONFDIR/local_host_whitelist}\
{}}
accept
senders = ${if exists{CONFDIR/local_sender_whitelist}\
{CONFDIR/local_sender_whitelist}\
{}}
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
.include LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
.endif
# this is still supported for a transition period and is deprecated.
.ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.endif

11
debian/debconf/conf.d/acl/30_exim4-config_check_mail vendored Normal file
View file

@ -0,0 +1,11 @@
### acl/30_exim4-config_check_mail
#################################
# This access control list is used for every MAIL command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_mail:
accept

358
debian/debconf/conf.d/acl/30_exim4-config_check_rcpt vendored Normal file
View file

@ -0,0 +1,358 @@
### acl/30_exim4-config_check_rcpt
#################################
# define macros to be used below in this file to check recipient
# local parts for strange characters. Documentation below.
# This blocks local parts that begin with a dot or contain a quite
# broad range of non-alphanumeric characters.
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif
.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
.endif
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept
hosts = :
control = dkim_disable_verify
# Do not try to verify DKIM signatures of incoming mail if DC_minimaldns
# or DISABLE_DKIM_VERIFY are set.
.ifdef DC_minimaldns
warn
control = dkim_disable_verify
.else
.ifdef DISABLE_DKIM_VERIFY
warn
control = dkim_disable_verify
.endif
.endif
# The following section of the ACL is concerned with local parts that contain
# certain non-alphanumeric characters. Dots in unusual places are
# handled by this ACL as well.
#
# Non-alphanumeric characters other than dots are rarely found in genuine
# local parts, but are often tried by people looking to circumvent
# relaying restrictions. Therefore, although they are valid in local
# parts, these rules disallow certain non-alphanumeric characters, as
# a precaution.
#
# Empty components (two dots in a row) are not valid in RFC 2822, but Exim
# allows them because they have been encountered. (Consider local parts
# constructed as "firstinitial.secondinitial.familyname" when applied to
# a name without a second initial.) However, a local part starting
# with a dot or containing /../ can cause trouble if it is used as part of a
# file name (e.g. for a mailing list). This is also true for local parts that
# contain slashes. A pipe symbol can also be troublesome if the local part is
# incorporated unthinkingly into a shell command line.
#
# These ACL components will block recipient addresses that are valid
# from an RFC5322 point of view. We chose to have them blocked by
# default for security reasons.
#
# If you feel that your site should have less strict recipient
# checking, please feel free to change the default values of the macros
# defined in main/01_exim4-config_listmacrosdefs or override them from a
# local configuration file.
#
# Two different rules are used. The first one has a quite strict
# default, and is applied to messages that are addressed to one of the
# local domains handled by this host.
# The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined
# at the top of this file.
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
# The second rule applies to all other domains, and its default is
# considerably less strict.
# The default value of CHECK_RCPT_REMOTE_LOCALPARTS is defined in
# main/01_exim4-config_listmacrosdefs:
# CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
# It allows local users to send outgoing messages to sites
# that use slashes and vertical bars in their local parts. It blocks
# local parts that begin with a dot, slash, or vertical bar, but allows
# these characters within the local part. However, the sequence /../ is
# barred. The use of some other non-alphanumeric characters is blocked.
# Single quotes might probably be dangerous as well, but they're
# allowed by the default regexps to avoid rejecting mails to Ireland.
# The motivation here is to prevent local users (or local users' malware)
# from mounting certain kinds of attack on remote sites.
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
#
accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains : +relay_to_domains
# Deny unless the sender address can be verified.
#
# This is disabled by default so that DNSless systems don't break. If
# your system can do DNS lookups without delay or cost, you might want
# to enable this feature.
#
# This feature does not work in smarthost and satellite setups as
# with these setups all domains pass verification. See spec.txt section
# "Access control lists" subsection "Address verification" with the added
# information that a smarthost/satellite setup routes all non-local e-mail
# to the smarthost.
.ifdef CHECK_RCPT_VERIFY_SENDER
deny
!acl = acl_local_deny_exceptions
!verify = sender
message = Sender verification failed
.endif
# Verify senders listed in local_sender_callout with a callout.
#
# In smarthost and satellite setups, this causes the callout to be
# done to the smarthost. Verification will thus only be reliable if the
# smarthost does reject illegal addresses in the SMTP dialog.
deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout
.ifndef CHECK_RCPT_NO_FAIL_TOO_MANY_BAD_RCPT
# Reject all RCPT commands after too many bad recipients
# This is partly a defense against spam abuse and partly attacker abuse.
# Real senders should manage, by the time they get to 10 RCPT directives,
# to have had at least half of them be real addresses.
#
# This is a lightweight check and can protect you against repeated
# invocations of more heavy-weight checks which would come after it.
deny condition = ${if and {\
{>{$rcpt_count}{10}}\
{<{$recipients_count}{${eval:$rcpt_count/2}}} }}
message = Rejected for too many bad recipients
logwrite = REJECT [$sender_host_address]: bad recipient count high [${eval:$rcpt_count-$recipients_count}]
.endif
# Accept if the message comes from one of the hosts for which we are an
# outgoing relay. It is assumed that such hosts are most likely to be MUAs,
# so we set control=submission to make Exim treat the message as a
# submission. It will fix up various errors in the message, for example, the
# lack of a Date: header line. If you are actually relaying out out from
# MTAs, you may want to disable this. If you are handling both relaying from
# MTAs and submissions from MUAs you should probably split them into two
# lists, and handle them differently.
# Recipient verification is omitted here, because in many cases the clients
# are dumb MUAs that don't cope well with SMTP error responses. If you are
# actually relaying out from MTAs, you should probably add recipient
# verification here.
# Note that, by putting this test before any DNS black list checks, you will
# always accept from these hosts, even if they end up on a black list. The
# assumption is that they are your friends, and if they get onto black
# list, it is a mistake.
accept
hosts = +relay_from_hosts
control = submission/sender_retain
control = dkim_disable_verify
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted, and submission mode is set. And again, we do this
# check before any black list tests.
accept
authenticated = *
control = submission/sender_retain
control = dkim_disable_verify
# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
# relaying. Any other domain is rejected as being unacceptable for relaying.
require
message = relay not permitted
domains = +local_domains : +relay_to_domains
# We also require all accepted addresses to be verifiable. This check will
# do local part verification for local domains, but only check the domain
# for remote domains.
require
verify = recipient
# Verify recipients listed in local_rcpt_callout with a callout.
# This is especially handy for forwarding MX hosts (secondary MX or
# mail hubs) of domains that receive a lot of spam to non-existent
# addresses. The only way to check local parts for remote relay
# domains is to use a callout (add /callout), but please read the
# documentation about callouts before doing this.
deny
!acl = acl_local_deny_exceptions
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout
# CONFDIR/local_sender_blacklist holds a list of envelope senders that
# should have their access denied to the local host. Incoming messages
# with one of these senders are rejected at RCPT time.
#
# The explicit white lists are honored as well as negative items in
# the black list. See exim4-config_files(5) for details.
deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
log_message = sender envelope address is locally blacklisted.
# deny bad sites (IP address)
# CONFDIR/local_host_blacklist holds a list of host names, IP addresses
# and networks (CIDR notation) that should have their access denied to
# The local host. Messages coming in from a listed host will have all
# RCPT statements rejected.
#
# The explicit white lists are honored as well as negative items in
# the black list. See exim4-config_files(5) for details.
deny
!acl = acl_local_deny_exceptions
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
log_message = sender IP address is locally blacklisted.
# Warn if the sender host does not have valid reverse DNS.
#
# If your system can do DNS lookups without delay or cost, you might want
# to enable this.
# If sender_host_address is defined, it's a remote call. If
# sender_host_name is not defined, then reverse lookup failed. Use
# this instead of !verify = reverse_host_lookup to catch deferrals
# as well as outright failures.
.ifdef CHECK_RCPT_REVERSE_DNS
warn
condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
{yes}{no}}
add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
.endif
.ifdef CHECK_RCPT_SPF
.ifdef _HAVE_SPF
deny
!acl = acl_local_deny_exceptions
spf = fail
message = [SPF] $sender_host_address is not allowed to send mail from \
${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.
log_message = SPF check failed.
defer
!acl = acl_local_deny_exceptions
spf = temperror
message = Temporary DNS error while checking SPF record. Try again later.
warn
spf = pass:softfail:neutral:permerror
add_header = :at_start:$spf_received
.endif
.endif
# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
warn
dnslists = CHECK_RCPT_IP_DNSBLS
add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
# Check against DNSBLs which list sender domains, with an option to locally
# whitelist certain domains that might be blacklisted.
#
# Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append
# "/$sender_address_domain" after each domain. For example:
# CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \
# : rhsbl.bar.org/$sender_address_domain
.ifdef CHECK_RCPT_DOMAIN_DNSBLS
warn
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
{CONFDIR/local_domain_dnsbl_whitelist}\
{}}
dnslists = CHECK_RCPT_DOMAIN_DNSBLS
add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_RCPT_LOCAL_ACL_FILE
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif
#############################################################################
# This check is commented out because it is recognized that not every
# sysadmin will want to do it. If you enable it, the check performs
# Client SMTP Authorization (csa) checks on the sending host. These checks
# do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
# an Internet draft. You can, of course, add additional conditions to this
# ACL statement to restrict the CSA checks to certain hosts only.
#
# require verify = csa
#############################################################################
# Accept if the address is in a domain for which we are an incoming relay,
# but again, only if the recipient can be verified.
accept
domains = +relay_to_domains
endpass
verify = recipient
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
accept

96
debian/debconf/conf.d/acl/40_exim4-config_check_data vendored Normal file
View file

@ -0,0 +1,96 @@
### acl/40_exim4-config_check_data
#################################
# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.
acl_check_data:
# Deny if the message contains an overlong line. Per the standards
# we should never receive one such via SMTP.
#
.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
deny
condition = ${if > {$max_received_linelength}{998}}
message = maximum allowed line length is 998 octets, \
got $max_received_linelength
.endif
# Deny if the headers contain badly-formed addresses.
#
.ifndef NO_CHECK_DATA_VERIFY_HEADER_SYNTAX
deny
!acl = acl_local_deny_exceptions
!verify = header_syntax
message = header syntax
log_message = header syntax ($acl_verify_message)
.endif
# require that there is a verifiable sender address in at least
# one of the "Sender:", "Reply-To:", or "From:" header lines.
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
!acl = acl_local_deny_exceptions
!verify = header_sender
message = No verifiable sender address in message headers
.endif
# Deny if the message contains malware. Before enabling this check, you
# must install a virus scanner and set the av_scanner option in the
# main configuration.
#
# exim4-daemon-heavy must be used for this section to work.
#
# deny
# malware = *
# message = This message was detected as possible malware ($malware_name).
# Add headers to a message if it is judged to be spam. Before enabling this,
# you must install SpamAssassin. You may also need to set the spamd_address
# option in the main configuration.
#
# exim4-daemon-heavy must be used for this section to work.
#
# Please note that this is only suiteable as an example. See
# /usr/share/doc/exim4-base/README.Debian.gz
#
# See the exim docs and the exim wiki for more suitable examples.
#
# # Remove internal headers
# warn
# remove_header = X-Spam_score: X-Spam_score_int : X-Spam_bar : \
# X-Spam_report
#
# warn
# condition = ${if <{$message_size}{120k}{1}{0}}
# # ":true" to add headers/acl variables even if not spam
# spam = nobody:true
# add_header = X-Spam_score: $spam_score
# add_header = X-Spam_bar: $spam_bar
# # Do not enable this unless you have shorted SpamAssassin's report
# #add_header = X-Spam_report: $spam_report
#
# Reject spam messages (score >15.0).
# This breaks mailing list and forward messages.
# deny
# condition = ${if <{$message_size}{120k}{1}{0}}
# condition = ${if >{$spam_score_int}{150}{true}{false}}
# message = Classified as spam (score $spam_score)
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif
# accept otherwise
accept

8
debian/debconf/conf.d/auth/00_exim4-config_header vendored Normal file
View file

@ -0,0 +1,8 @@
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators

285
debian/debconf/conf.d/auth/30_exim4-config_examples vendored Normal file
View file

@ -0,0 +1,285 @@
### auth/30_exim4-config_examples
#################################
# The examples below are for server side authentication, when the
# local exim is SMTP server and clients authenticate to the local exim.
# They allow two styles of plain-text authentication against an
# CONFDIR/passwd file whose syntax is described in exim4_passwd(5).
# Hosts that are allowed to use AUTH are defined by the
# auth_advertise_hosts option in the main configuration. The default is
# "*", which allows authentication to all hosts over all kinds of
# connections if there is at least one authenticator defined here.
# Authenticators which rely on unencrypted clear text passwords don't
# advertise on unencrypted connections by default. Thus, it might be
# wise to set up TLS to allow encrypted connections. If TLS cannot be
# used for some reason, you can set AUTH_SERVER_ALLOW_NOTLS_PASSWORDS to
# advertise unencrypted clear text password based authenticators on all
# connections. As this is severely reducing security, using TLS is
# preferred over allowing clear text password based authenticators on
# unencrypted connections.
# PLAIN authentication has no server prompts. The client sends its
# credentials in one lump, containing an authorization ID (which we do not
# use), an authentication ID, and a password. The latter two appear as
# $auth2 and $auth3 in the configuration and should be checked against a
# valid username and password. In a real configuration you would typically
# use $auth2 as a lookup key, and compare $auth3 against the result of the
# lookup, perhaps using the crypteq{}{} condition.
# plain_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# LOGIN authentication has traditional prompts and responses. There is no
# authorization ID in this mechanism, so unlike PLAIN the username and
# password are $auth1 and $auth2. Apart from that you can use the same
# server_condition setting for both authenticators.
# login_server:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
#
# cram_md5_server:
# driver = cram_md5
# public_name = CRAM-MD5
# server_secret = ${extract{2}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}fail}}}
# server_set_id = $auth1
# Here is an example of CRAM-MD5 authentication against PostgreSQL:
#
# psqldb_auth_server:
# driver = cram_md5
# public_name = CRAM-MD5
# server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$auth1}'}{$value}fail}
# server_set_id = $auth1
# Authenticate against local passwords using sasl2-bin
# Requires exim_uid to be a member of sasl group, see README.Debian.gz
# plain_saslauthd_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
# server_set_id = $auth2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
#
# login_saslauthd_server:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# # don't send system passwords over unencrypted connections
# server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
#
# ntlm_sasl_server:
# driver = cyrus_sasl
# public_name = NTLM
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
#
# digest_md5_sasl_server:
# driver = cyrus_sasl
# public_name = DIGEST-MD5
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# Authentcate against cyrus-sasl
# This is mainly untested, please report any problems to
# pkg-exim4-users@lists.alioth.debian.org.
# cram_md5_sasl_server:
# driver = cyrus_sasl
# public_name = CRAM-MD5
# server_realm = <short main hostname>
# server_set_id = $auth1
#
# plain_sasl_server:
# driver = cyrus_sasl
# public_name = PLAIN
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
#
# login_sasl_server:
# driver = cyrus_sasl
# public_name = LOGIN
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# Authenticate against courier authdaemon
# This is now the (working!) example from
# http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730
# Possible pitfall: access rights on /run/courier/authdaemon/socket.
# plain_courier_authdaemon:
# driver = plaintext
# public_name = PLAIN
# server_condition = \
# ${extract {ADDRESS} \
# {${readsocket{/run/courier/authdaemon/socket} \
# {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \
# {yes} \
# fail}
# server_set_id = $auth2
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# login_courier_authdaemon:
# driver = plaintext
# public_name = LOGIN
# server_prompts = Username:: : Password::
# server_condition = \
# ${extract {ADDRESS} \
# {${readsocket{/run/courier/authdaemon/socket} \
# {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \
# {yes} \
# fail}
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# This one is a bad hack to support the broken version 4.xx of
# Microsoft Outlook Express which violates the RFCs by demanding
# "250-AUTH=" instead of "250-AUTH ".
# If your list of offered authenticators is other than PLAIN and LOGIN,
# you need to adapt the public_name line manually.
# It has to be the last authenticator to work and has not been tested
# well. Use at your own risk.
# See the thread entry point from
# http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050214/msg00213.html
# for the related discussion on the exim-users mailing list.
# Thanks to Fred Viles for this great work.
# support_broken_outlook_express_4_server:
# driver = plaintext
# public_name = "\r\n250-AUTH=PLAIN LOGIN"
# server_prompts = User Name : Password
# server_condition = no
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# Use dovecot as authentication backend
# Requires changes to dovecot configuration:
# 8X---------------------
# --- /etc/dovecot/conf.d/10-master.conf 2020-12-22 13:26:52.000000000 +0000
# +++ /etc/dovecot/conf.d/10-master.conf 2022-07-13 11:17:02.479100984 +0000
# @@ -108,6 +108,14 @@
# # mode = 0666
# #}
#
# +### SASL listener for exim start
# + # SASL exim
# + unix_listener /var/spool/exim4/dovecot.auth-client {
# + mode = 0660
# + group = Debian-exim
# + }
# +### SASL listener for exim end
# +
# # Auth process is run as this user.
# #user = $default_internal_user
# }
# 8X---------------------
#
# dovecot_plain_server:
# driver = dovecot
# public_name = PLAIN
# server_socket = /var/spool/exim4/dovecot.auth-client
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
##############
# See /usr/share/doc/exim4-base/README.Debian.gz
##############
# These examples below are the equivalent for client side authentication.
# They get the passwords from CONFDIR/passwd.client, whose format is
# defined in exim4_passwd_client(5)
# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
# only allow these mechanisms over encrypted connections by default.
# You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted
# clear text password authentication on all connections.
cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
# this returns the matching line from passwd.client and doubles all ^
PASSWDLINE=${sg{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
}\
{\\N[\\^]\\N}\
{^^}\
}
plain:
driver = plaintext
public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "<; ${if !eq{$tls_out_cipher}{}\
{^${extract{1}{:}{PASSWDLINE}}\
^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
}fail}"
.else
client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif
login:
driver = plaintext
public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
# Return empty string if not non-TLS AND looking up $host in passwd-file
# yields a non-empty string; fail otherwise.
client_send = "<; ${if and{\
{!eq{$tls_out_cipher}{}}\
{!eq{PASSWDLINE}{}}\
}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.else
# Return empty string if looking up $host in passwd-file yields a
# non-empty string; fail otherwise.
client_send = "<; ${if !eq{PASSWDLINE}{}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif

81
debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs vendored Normal file
View file

@ -0,0 +1,81 @@
######################################################################
# Runtime configuration file for Exim 4 (Debian Packaging) #
######################################################################
######################################################################
# /etc/exim4/exim4.conf.template is only used with the non-split
# configuration scheme.
# /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs is only used
# with the split configuration scheme.
# If you find this comment anywhere else, somebody copied it there.
# Documentation about the Debian exim4 configuration scheme can be
# found in /usr/share/doc/exim4-base/README.Debian.gz.
######################################################################
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# Just for reference and scripts.
# On Debian systems, the main binary is installed as exim4 to avoid
# conflicts with the exim 3 packages.
exim_path = /usr/sbin/exim4
# Macro defining the main configuration directory.
# We do not use absolute paths.
.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif
# debconf-driven macro definitions get inserted after this line
UPEX4CmacrosUPEX4C = 1
# Create domain and host lists for relay control
# '@' refers to 'the name of the local host'
# List of domains considered local for exim. Domains not listed here
# need to be deliverable remotely.
domainlist local_domains = MAIN_LOCAL_DOMAINS
# List of recipient domains to relay _to_. Use this list if you're -
# for example - fallback MX or mail gateway for domains.
domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
# List of sender networks (IP addresses) to _unconditionally_ relay
# _for_. If you intend to be SMTP AUTH server, you do not need to enter
# anything here.
hostlist relay_from_hosts = MAIN_RELAY_NETS
# Decide which domain to use to add to all unqualified addresses.
# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary
# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value
# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined,
# the first line of /etc/mailname is used.
.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
.ifndef MAIN_QUALIFY_DOMAIN
qualify_domain = ETC_MAILNAME
.else
qualify_domain = MAIN_QUALIFY_DOMAIN
.endif
.endif
# listen on all all interfaces?
.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.endif
.ifndef LOCAL_DELIVERY
# The default transport, set in /etc/exim4/update-exim4.conf.conf,
# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities
LOCAL_DELIVERY=mail_spool
.endif
# The gecos field in /etc/passwd holds not only the name. see passwd(5).
gecos_pattern = ^([^,:]*)
gecos_name = $1
# always log tls_peerdn as we use TLS for outgoing connects by default
.ifndef MAIN_LOG_SELECTOR
MAIN_LOG_SELECTOR = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn
.endif

233
debian/debconf/conf.d/main/02_exim4-config_options vendored Normal file
View file

@ -0,0 +1,233 @@
### main/02_exim4-config_options
#################################
# Defines the access control list that is run when an
# SMTP MAIL command is received.
#
.ifndef MAIN_ACL_CHECK_MAIL
MAIN_ACL_CHECK_MAIL = acl_check_mail
.endif
acl_smtp_mail = MAIN_ACL_CHECK_MAIL
# Defines the access control list that is run when an
# SMTP RCPT command is received.
#
.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
# Defines the access control list that is run when an
# SMTP DATA command is received.
#
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA
# Message size limit. The default (used when MESSAGE_SIZE_LIMIT
# is unset) is 50 MB
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif
# If you are running exim4-daemon-heavy or a custom version of Exim that
# was compiled with the content-scanning extension, you can cause incoming
# messages to be automatically scanned for viruses. You have to modify the
# configuration in two places to set this up. The first of them is here,
# where you define the interface to your scanner. This example is typical
# for ClamAV; see the manual for details of what to set for other virus
# scanners. The second modification is in the acl_check_data access
# control list.
# av_scanner = clamd:/run/clamav/clamd.ctl
# For spam scanning, there is a similar option that defines the interface to
# SpamAssassin. You do not need to set this if you are using the default, which
# is shown in this commented example. As for virus scanning, you must also
# modify the acl_check_data access control list to enable spam scanning.
# spamd_address = 127.0.0.1 783
# Domain used to qualify unqualified recipient addresses
# If this option is not set, the qualify_domain value is used.
# qualify_recipient = <value of qualify_domain>
# Allow Exim to recognize addresses of the form "user@[10.11.12.13]",
# where the domain part is a "domain literal" (an IP address) instead
# of a named domain. The RFCs require this facility, but it is disabled
# in the default config since it is rarely used and frequently abused.
# Domain literal support also needs a special router, which is automatically
# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS.
# Additionally, you might want to make your local IP addresses (or @[])
# local domains.
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif
# Do a reverse DNS lookup on all incoming IP calls, in order to get the
# true host name. If you feel this is too expensive, the networks for
# which a lookup is done can be listed here.
.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif
# The setting below causes Exim to try to initialize the system resolver
# library with DNSSEC support. It has no effect if your library lacks
# DNSSEC support.
dns_dnssec_ok = 1
# In a minimaldns setup, update-exim4.conf guesses the hostname and
# dumps it here to avoid DNS lookups being done at Exim run time.
.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
.endif
# The settings below cause Exim to make RFC 1413 (ident) callbacks
# for all incoming SMTP calls. You can limit the hosts to which these
# calls are made, and/or change the timeout that is used. If you set
# the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls
# are cheap and can provide useful information for tracing problem
# messages, but some hosts and firewalls have problems with them.
# This can result in a timeout instead of an immediate refused
# connection, leading to delays on starting up SMTP sessions.
# (The default was reduced from 30s to 5s for release 4.61. and to
# disabled for release 4.86)
#
#rfc1413_hosts = *
#rfc1413_query_timeout = 5s
# Enable an efficiency feature. We advertise the feature; clients
# may request to use it. For multi-recipient mails we then can
# reject or accept per-user after the message is received.
# This supports recipient-dependent content filtering; without it
# you have to temp-reject any recipients after the first that have
# incompatible filtering, and do the filtering in the data ACL.
# Even with this enabled, you must support the old style for peers
# not flagging support for PRDR (visible via $prdr_requested).
prdr_enable = true
# When using an external relay tester (such as rt.njabl.org and/or the
# currently defunct relay-test.mail-abuse.org, the test may be aborted
# since exim complains about "too many nonmail commands". If you want
# the test to complete, add the host from where "your" relay tester
# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro.
# Please note that a non-empty setting may cause extra DNS lookups to
# happen, which is the reason why this option is commented out in the
# default settings.
# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org
.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
.endif
# By default, exim forces a Sender: header containing the local
# account name at the local host name in all locally submitted messages
# that don't have the local account name at the local host name in the
# From: header, deletes any Sender: header present in the submitted
# message and forces the envelope sender of all locally submitted
# messages to the local account name at the local host name.
# The following settings allow local users to specify their own envelope sender
# in a locally submitted message. Sender: headers existing in a locally
# submitted message are not removed, and no automatic Sender: headers
# are added. These settings are fine for most hosts.
# If you run exim on a classical multi-user systems where all users
# have local mailboxes that can be reached via SMTP from the Internet
# with the local FQDN as the domain part of the address, you might want
# to disable the following three lines for traceability reasons.
.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif
# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. Configure exim
# to accept unqualified addresses from certain hosts. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).
# sender_unqualified_hosts = <unset>
# recipient_unqualified_hosts = <unset>
# Configure Exim to support the "percent hack" for certain domains.
# The "percent hack" is the feature by which mail addressed to x%y@z
# (where z is one of the domains listed) is locally rerouted to x@y
# and sent on. If z is not one of the "percent hack" domains, x%y is
# treated as an ordinary local part. The percent hack is rarely needed
# nowadays but frequently abused. You should not enable it unless you
# are sure that you really need it.
# percent_hack_domains = <unset>
# Bounce handling
.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL
# Define spool directory
.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR
# trusted users can set envelope-from to arbitrary values
.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif
# users in admin group can do many other things
# admin_groups = <unset>
# SMTP Banner. The example includes the Debian version in the SMTP dialog
# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}"
# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
.ifdef MAIN_KEEP_ENVIRONMENT
keep_environment = MAIN_KEEP_ENVIRONMENT
.else
# set option to empty value to avoid warning.
keep_environment =
.endif
.ifdef MAIN_ADD_ENVIRONMENT
add_environment = MAIN_ADD_ENVIRONMENT
.endif
.ifdef _OPT_MAIN_SMTPUTF8_ADVERTISE_HOSTS
.ifndef MAIN_SMTPUTF8_ADVERTISE_HOSTS
MAIN_SMTPUTF8_ADVERTISE_HOSTS =
.endif
smtputf8_advertise_hosts = MAIN_SMTPUTF8_ADVERTISE_HOSTS
.endif

79
debian/debconf/conf.d/main/03_exim4-config_tlsoptions vendored Normal file
View file

@ -0,0 +1,79 @@
### main/03_exim4-config_tlsoptions
#################################
# TLS/SSL configuration for exim as an SMTP server.
# See /usr/share/doc/exim4-base/README.Debian.gz for explanations.
.ifdef MAIN_TLS_ENABLE
# Full paths to Certificate and Private Key. The Private Key file
# must be kept 'secret' and should be owned by root.Debian-exim mode
# 640 (-rw-r-----). exim-gencert takes care of these prerequisites.
# Normally, exim4 looks for certificate and key in different files:
# MAIN_TLS_CERTIFICATE - path to certificate file,
# CONFDIR/exim.crt if unset
# MAIN_TLS_PRIVATEKEY - path to private key file
# CONFDIR/exim.key if unset
# You can also configure exim to look for certificate and key in the
# same file, set MAIN_TLS_CERTKEY to that file to enable. This takes
# precedence over all other settings regarding certificate and key file.
.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE
.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.endif
# Pointer to the CA Certificates against which client certificates are
# checked. This is controlled by the `tls_verify_hosts' and
# `tls_try_verify_hosts' lists below.
# If you want to check server certificates, you need to add an
# tls_verify_certificates statement to the smtp transport.
# /etc/ssl/certs/ca-certificates.crt is generated by
# the "ca-certificates" package's update-ca-certificates(8) command.
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
{/etc/ssl/certs/ca-certificates.crt}\
{/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
# A list of hosts which are constrained by `tls_verify_certificates'. A host
# that matches `tls_verify_host' must present a certificate that is
# verifyable through `tls_verify_certificates' in order to be accepted as an
# SMTP client. If it does not, the connection is aborted.
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif
# A weaker form of checking: if a client matches `tls_try_verify_hosts' (but
# not `tls_verify_hosts'), request a certificate and check it against
# `tls_verify_certificates' but do not abort the connection if there is no
# certificate or if the certificate presented does not match. (This
# condition can be tested for in ACLs through `verify = certificate')
# By default, this check is done for all hosts. It is known that some
# clients (including incredimail's version downloadable in February
# 2008) choke on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an
# empty value.
.ifdef MAIN_TLS_TRY_VERIFY_HOSTS
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.endif
.else
# Use upstream defaults
.endif
# Defines what hosts to 'advertise' STARTTLS functionality to. The
# upstream default, *, will advertise to all hosts that connect with EHLO.
.ifdef MAIN_TLS_ADVERTISE_HOSTS
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
.endif

10
debian/debconf/conf.d/main/90_exim4-config_log_selector vendored Normal file
View file

@ -0,0 +1,10 @@
### main/90_exim4-config_log_selector
#################################
# uncomment this for debugging
# MAIN_LOG_SELECTOR == MAIN_LOG_SELECTOR +all -subject -arguments
.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR
.endif

7
debian/debconf/conf.d/retry/00_exim4-config_header vendored Normal file
View file

@ -0,0 +1,7 @@
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry

18
debian/debconf/conf.d/retry/30_exim4-config vendored Normal file
View file

@ -0,0 +1,18 @@
### retry/30_exim4-config
#################################
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.
# Please note that these rules only limit the frequency of retries, the
# effective retry-time depends on the frequency of queue-running, too.
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h

7
debian/debconf/conf.d/rewrite/00_exim4-config_header vendored Normal file
View file

@ -0,0 +1,7 @@
######################################################################
# REWRITE CONFIGURATION #
######################################################################
begin rewrite

16
debian/debconf/conf.d/rewrite/31_exim4-config_rewriting vendored Normal file
View file

@ -0,0 +1,16 @@
### rewrite/31_exim4-config_rewriting
#################################
# This rewriting rule is particularly useful for dialup users who
# don't have their own domain, but could be useful for anyone.
# It looks up the real address of all local users in a file
.ifndef NO_EAA_REWRITE_REWRITE
*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail}" Ffrs
# identical rewriting rule for /etc/mailname
*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail}" Ffrs
.endif

11
debian/debconf/conf.d/router/00_exim4-config_header vendored Normal file
View file

@ -0,0 +1,11 @@
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers

18
debian/debconf/conf.d/router/100_exim4-config_domain_literal vendored Normal file
View file

@ -0,0 +1,18 @@
### router/100_exim4-config_domain_literal
#################################
# This router handles e-mail addresses in "domain literal" form like
# <user@[10.11.12.13]>. The RFCs require this facility, but it is disabled
# in the default config since it is rarely used and frequently abused.
# Domain literal support also needs to be enabled in the main config,
# which is automatically done if you use the enable macro
# MAIN_ALLOW_DOMAIN_LITERALS.
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
domain_literal:
debug_print = "R: domain_literal for $local_part@$domain"
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
.endif

18
debian/debconf/conf.d/router/150_exim4-config_hubbed_hosts vendored Normal file
View file

@ -0,0 +1,18 @@
# router/150_exim4-config_hubbed_hosts
#################################
# route specific domains manually.
#
# see exim4-config_files(5) and spec.txt chapter 20.3 through 20.7 for
# more detailed documentation.
hubbed_hosts:
debug_print = "R: hubbed_hosts for $domain"
driver = manualroute
domains = "${if exists{CONFDIR/hubbed_hosts}\
{partial-lsearch;CONFDIR/hubbed_hosts}\
fail}"
same_domain_copy_routing = yes
route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
transport = remote_smtp

92
debian/debconf/conf.d/router/200_exim4-config_primary vendored Normal file
View file

@ -0,0 +1,92 @@
### router/200_exim4-config_primary
#################################
# This file holds the primary router, responsible for nonlocal mails
.ifdef DCconfig_internet
# configtype=internet
#
# deliver mail to the recipient if recipient domain is a domain we
# relay for. We do not ignore any target hosts here since delivering to
# a site local or even a link local address might be wanted here, and if
# such an address has found its way into the MX record of such a domain,
# the local admin is probably in a place where that broken MX record
# could be fixed.
dnslookup_relay_to_domains:
debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more
# ignore private rfc1918, loopback, APIPA/link-local, local broadcast, unspecified, unique local, linked-scoped unicast and discard-Only
.ifndef ROUTER_DNSLOOKUP_IGNORE_TARGET_HOSTS
ROUTER_DNSLOOKUP_IGNORE_TARGET_HOSTS = <; 0.0.0.0 ; 127.0.0.0/8 ; 192.168.0.0/16 ; 172.16.0.0/12 ; 10.0.0.0/8 ; 169.254.0.0/16 ; 255.255.255.255 ; ::/128 ; ::1/128 ; fc00::/7 ; fe80::/10 ; 100::/64
.endif
# deliver mail directly to the recipient. This router is only reached
# for domains that we do not relay for. Since we most probably can't
# have broken MX records pointing to site local or link local IP
# addresses fixed, we ignore target hosts pointing to these addresses.
dnslookup:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes
ignore_target_hosts = ROUTER_DNSLOOKUP_IGNORE_TARGET_HOSTS
no_more
.endif
.ifdef DCconfig_local
# configtype=local
#
# Stand-alone system, so generate an error for mail to a non-local domain
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
.endif
.ifdef DCconfig_smarthost DCconfig_satellite
# configtype=smarthost or configtype=satellite
#
# Send all non-local mail to a single other machine (smarthost).
#
# This means _ALL_ non-local mail goes to the smarthost. This will most
# probably not do what you want for domains that are listed in
# relay_domains. The most typical use for relay_domains is to control
# relaying for incoming e-mail on secondary MX hosts. In that case,
# it doesn't make sense to send the mail to the smarthost since the
# smarthost will probably send the message right back here, causing a
# loop.
#
# If you want to use a smarthost while being secondary MX for some
# domains, you'll need to copy the dnslookup_relay_to_domains router
# here so that mail to relay_domains is handled separately.
smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = ignore
same_domain_copy_routing = yes
no_more
.endif
# The "no_more" above means that all later routers are for
# domains in the local_domains list, i.e. just like Exim 3 directors.

22
debian/debconf/conf.d/router/300_exim4-config_real_local vendored Normal file
View file

@ -0,0 +1,22 @@
### router/300_exim4-config_real_local
#################################
# This router allows reaching a local user while avoiding local
# processing. This can be used to inform a user of a broken .forward
# file, for example. The userforward router does this.
COND_LOCAL_SUBMITTER = "\
${if match_ip{$sender_host_address}{:@[]}\
{1}{0}\
}"
real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
domains = +local_domains
condition = COND_LOCAL_SUBMITTER
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY

44
debian/debconf/conf.d/router/400_exim4-config_system_aliases vendored Normal file
View file

@ -0,0 +1,44 @@
### router/400_exim4-config_system_aliases
#################################
# This router handles aliasing using a traditional /etc/aliases file.
#
##### NB You must ensure that /etc/aliases exists. It used to be the case
##### NB that every Unix had that file, because it was the Sendmail default.
##### NB These days, there are systems that don't have it. Your aliases
##### NB file should at least contain an alias for "postmaster".
#
# This router handles the local part in a case-insensitive way which
# satisfies the RFCs requirement that postmaster be reachable regardless
# of case. If you decide to handle /etc/aliases in a caseful way, you
# need to make arrangements for a caseless postmaster.
#
# Delivery to arbitrary directories, files, and piping to programs in
# /etc/aliases is disabled per default.
# If that is a problem for you, see
# /usr/share/doc/exim4-base/README.Debian.gz
# for explanation and some workarounds.
system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
domains = +local_domains
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
.ifdef SYSTEM_ALIASES_USER
user = SYSTEM_ALIASES_USER
.endif
.ifdef SYSTEM_ALIASES_GROUP
group = SYSTEM_ALIASES_GROUP
.endif
.ifdef SYSTEM_ALIASES_FILE_TRANSPORT
file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
.endif

31
debian/debconf/conf.d/router/500_exim4-config_hubuser vendored Normal file
View file

@ -0,0 +1,31 @@
### router/500_exim4-config_hubuser
#################################
.ifdef DCconfig_satellite
# This router is only used for configtype=satellite.
# It takes care to route all mail targeted to <somelocaluser@this.machine>
# to the host where we read our mail
#
hub_user:
debug_print = "R: hub_user for $local_part@$domain"
driver = redirect
domains = +local_domains
data = ${local_part}@DCreadhost
check_local_user
# Grab the redirected mail and deliver it.
# This is a duplicate of the smarthost router, needed because
# DCreadhost might end up as part of +local_domains
hub_user_smarthost:
debug_print = "R: hub_user_smarthost for $local_part@$domain"
driver = manualroute
domains = DCreadhost
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = ignore
same_domain_copy_routing = yes
check_local_user
.endif

51
debian/debconf/conf.d/router/600_exim4-config_userforward vendored Normal file
View file

@ -0,0 +1,51 @@
### router/600_exim4-config_userforward
#################################
# This router handles forwarding using traditional .forward files in users'
# home directories. It also allows mail filtering with a forward file
# starting with the string "# Exim filter" or "# Sieve filter".
#
# The no_verify setting means that this router is skipped when Exim is
# verifying addresses. Similarly, no_expn means that this router is skipped if
# Exim is processing an EXPN command.
#
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A.
#
# The four transports specified at the end are those that are used when
# forwarding generates a direct delivery to a directory, or a file, or to a
# pipe, or sets up an auto-reply, respectively.
#
userforward:
debug_print = "R: userforward for $local_part@$domain"
driver = redirect
domains = +local_domains
check_local_user
file = $home/.forward
require_files = $local_part_data:$home/.forward
no_verify
no_expn
check_ancestor
allow_filter
forbid_smtp_code = true
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
skip_syntax_errors
syntax_errors_to = real-$local_part@$domain
syntax_errors_text = \
This is an automatically generated message. An error has\n\
been found in your .forward file. Details of the error are\n\
reported below. While this error persists, you will receive\n\
a copy of this message for every message that is addressed\n\
to you. If your .forward file is a filter file, or if it is\n\
a non-filter file containing no valid forwarding addresses,\n\
a copy of each incoming message will be put in your normal\n\
mailbox. If a non-filter file contains at least one valid\n\
forwarding address, forwarding to the valid addresses will\n\
happen, and those will be the only deliveries that occur.

15
debian/debconf/conf.d/router/700_exim4-config_procmail vendored Normal file
View file

@ -0,0 +1,15 @@
procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = procmail_pipe
# emulate OR with "if exists"-expansion
require_files = ${local_part_data}:\
${if exists{/etc/procmailrc}\
{/etc/procmailrc}{${home}/.procmailrc}}:\
+/usr/bin/procmail
no_verify
no_expn

14
debian/debconf/conf.d/router/800_exim4-config_maildrop vendored Normal file
View file

@ -0,0 +1,14 @@
### router/800_exim4-config_maildrop
#################################
maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = maildrop_pipe
require_files = ${local_part_data}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn

29
debian/debconf/conf.d/router/850_exim4-config_lowuid vendored Normal file
View file

@ -0,0 +1,29 @@
### router/850_exim4-config_lowuid
#################################
.ifndef FIRST_USER_ACCOUNT_UID
FIRST_USER_ACCOUNT_UID = 0
.endif
.ifndef DEFAULT_SYSTEM_ACCOUNT_ALIAS
DEFAULT_SYSTEM_ACCOUNT_ALIAS = :fail: Unrouteable address
.endif
COND_SYSTEM_USER_AND_REMOTE_SUBMITTER = "\
${if and{{! match_ip{$sender_host_address}{:@[]}}\
{<{$local_user_uid}{FIRST_USER_ACCOUNT_UID}}}\
{1}{0}\
}"
lowuid_aliases:
debug_print = "R: lowuid_aliases for $local_part@$domain (UID $local_user_uid)"
check_local_user
driver = redirect
allow_fail
domains = +local_domains
condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
data = ${if exists{CONFDIR/lowuid-aliases}\
{${lookup{$local_part}lsearch{CONFDIR/lowuid-aliases}\
{$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}\
{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}

15
debian/debconf/conf.d/router/900_exim4-config_local_user vendored Normal file
View file

@ -0,0 +1,15 @@
### router/900_exim4-config_local_user
#################################
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY
cannot_route_message = Unknown user

17
debian/debconf/conf.d/router/mmm_mail4root vendored Normal file
View file

@ -0,0 +1,17 @@
### router/mmm_mail4root
#################################
# deliver mail addressed to root to /var/mail/mail as user mail:mail
# if it was not redirected in /etc/aliases or by other means
# Exim cannot deliver as root since 4.24 (FIXED_NEVER_USERS)
mail4root:
debug_print = "R: mail4root for $local_part@$domain"
driver = redirect
domains = +local_domains
data = /var/mail/mail
file_transport = address_file
local_parts = root
user = mail
group = mail

13
debian/debconf/conf.d/transport/00_exim4-config_header vendored Normal file
View file

@ -0,0 +1,13 @@
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a router that successfully
# handles an address.
begin transports

20
debian/debconf/conf.d/transport/10_exim4-config_transport-macros vendored Normal file
View file

@ -0,0 +1,20 @@
### transport/10_exim4-config_transport-macros
#################################
.ifdef HIDE_MAILNAME
REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains $1@DCreadhost frs : *@ETC_MAILNAME $1@DCreadhost frs
REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}}
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
.ifdef REMOTE_SMTP_HELO_DATA
REMOTE_SMTP_HELO_DATA==${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
.else
REMOTE_SMTP_HELO_DATA=${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
.endif
.endif
.ifndef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *
.endif

11
debian/debconf/conf.d/transport/30_exim4-config_address_file vendored Normal file
View file

@ -0,0 +1,11 @@
# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.
#
address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

10
debian/debconf/conf.d/transport/30_exim4-config_address_pipe vendored Normal file
View file

@ -0,0 +1,10 @@
# This transport is used for handling pipe deliveries generated by
# .forward files. If the commands fails and produces any output on standard
# output or standard error streams, the output is returned to the sender
# of the message as a delivery error.
address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
return_fail_output

8
debian/debconf/conf.d/transport/30_exim4-config_address_reply vendored Normal file
View file

@ -0,0 +1,8 @@
# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.
#
address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply

17
debian/debconf/conf.d/transport/30_exim4-config_mail_spool vendored Normal file
View file

@ -0,0 +1,17 @@
### transport/30_exim4-config_mail_spool
# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format.
#
mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part_data
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false

41
debian/debconf/conf.d/transport/30_exim4-config_maildir_home vendored Normal file
View file

@ -0,0 +1,41 @@
### transport/30_exim4-config_maildir_home
#################################
# Use this instead of mail_spool if you want to to deliver to Maildir in
# home-directory - change the definition of LOCAL_DELIVERY
#
maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
.ifdef MAILDIR_HOME_MAILDIR_LOCATION
directory = MAILDIR_HOME_MAILDIR_LOCATION
.else
directory = $home/Maildir
.endif
.ifdef MAILDIR_HOME_CREATE_DIRECTORY
create_directory
.endif
.ifdef MAILDIR_HOME_CREATE_FILE
create_file = MAILDIR_HOME_CREATE_FILE
.endif
delivery_date_add
envelope_to_add
return_path_add
maildir_format
.ifdef MAILDIR_HOME_DIRECTORY_MODE
directory_mode = MAILDIR_HOME_DIRECTORY_MODE
.else
directory_mode = 0700
.endif
.ifdef MAILDIR_HOME_MODE
mode = MAILDIR_HOME_MODE
.else
mode = 0600
.endif
mode_fail_narrower = false
# This transport always chdirs to $home before trying to deliver. If
# $home is not accessible, this chdir fails and prevents delivery.
# If you are in a setup where home directories might not be
# accessible, uncomment the current_directory line below.
# current_directory = /

12
debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe vendored Normal file
View file

@ -0,0 +1,12 @@
maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
message_prefix =
message_suffix =
return_path_add
delivery_date_add
envelope_to_add

10
debian/debconf/conf.d/transport/30_exim4-config_procmail_pipe vendored Normal file
View file

@ -0,0 +1,10 @@
procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add

65
debian/debconf/conf.d/transport/30_exim4-config_remote_smtp vendored Normal file
View file

@ -0,0 +1,65 @@
### transport/30_exim4-config_remote_smtp
#################################
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef REMOTE_SMTP_INTERFACE
interface = REMOTE_SMTP_INTERFACE
.endif
.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_IDENTITY
dkim_identity = DKIM_IDENTITY
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
.ifdef DKIM_TIMESTAMPS
dkim_timestamps = DKIM_TIMESTAMPS
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
.ifdef REMOTE_SMTP_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_PRIVATEKEY
.endif
.ifdef REMOTE_SMTP_HOSTS_REQUIRE_TLS
hosts_require_tls = REMOTE_SMTP_HOSTS_REQUIRE_TLS
.endif
.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
.endif
.ifdef IGNORE_SMTP_LINE_LENGTH_LIMIT
# If overlong mails are accepted on incoming mail send them out, too.
message_linelength_limit = 1G
.endif

58
debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost vendored Normal file
View file

@ -0,0 +1,58 @@
### transport/30_exim4-config_remote_smtp_smarthost
#################################
# This transport is used for delivering messages over SMTP connections
# to a smarthost. The local host tries to authenticate.
# This transport is used for smarthost and satellite configurations.
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
multi_domain
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
}\
{} \
}
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
.endif
.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
.endif
.ifdef IGNORE_SMTP_LINE_LENGTH_LIMIT
# If overlong mails are accepted on incoming mail send them out, too.
message_linelength_limit = 1G
.endif
.ifdef REMOTE_SMTP_SMARTHOST_PROTOCOL
protocol = REMOTE_SMTP_SMARTHOST_PROTOCOL
.endif

14
debian/debconf/conf.d/transport/35_exim4-config_address_directory vendored Normal file
View file

@ -0,0 +1,14 @@
# This transport is used for handling file addresses generated by alias
# or .forward files if the path ends in "/", which causes it to be treated
# as a directory name rather than a file name.
address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
check_string = ""
escape_string = ""
maildir_format

484
debian/debconf/update-exim4.conf vendored Normal file
View file

@ -0,0 +1,484 @@
#!/bin/sh
# update-exim4.conf(8) - Generate /var/lib/exim4/config.autogenerated
set -e
set -C
set -f
UPEX4C_confdir="/etc/exim4"
UPEX4C_sections="main acl router transport retry rewrite auth"
# list of ue4cc options that need to support both colons and
# semicolons as separators. dc_other_hostnames and dc_smarthost
# has special handling.
UPEX4C_semicolon="dc_local_interfaces dc_relay_nets dc_relay_domains"
EXIM="/usr/sbin/exim4"
UPEX4C_verbose=no
UPEX4C_autoconfigfile=/var/lib/exim4/config.autogenerated
UPEX4C_outputfile="${UPEX4C_autoconfigfile}"
UPEX4C_version=""
usage() {
cat <<EOF
$0 - Generate exim4 configuration files
Options:
-v|--verbose - Enable verbose mode, tell about ignored files
-h|--help - Show this message
--keepcomments - Do not remove comment lines
--removecomments - Remove comment lines
-o|--output file - write output to file instead of ${UPEX4C_outputfile}
-d|--confdir directory - read input from given directory instead of ${UPEX4C_confdir}
--check - Test generated file for validity and remove it again.
EOF
}
## Parse commandline
TEMP=$(getopt -n update-exim4.conf \
-l check,keepcomments,removecomments,output:,confdir:,help,verbose -- \
+o:d:vh "$@")
if test "$?" != 0; then
echo "Terminating..." >&2
exit 1
fi
eval set -- ${TEMP}
while test "$1" != "--"; do
case $1 in
-h|--help)
usage
exit 0
;;
-v|--verbose)
UPEX4C_verbose=yes
;;
--keepcomments)
UPEX4C_comments=yes
;;
--removecomments)
UPEX4C_comments=no
;;
--check)
UPEX4C_check=yes
;;
-o|--output)
shift
UPEX4C_outputfile="$1"
;;
-d|--confdir)
shift
UPEX4C_confdir="$1"
;;
esac
shift
done
shift
# No non-option arguments allowed.
if [ "$#" -ne 0 ]; then
echo "No non option arguments ($@) allowed" >&2
usage >&2
exit 1
fi
# exit immediately if /etc/exim4/exim4.conf exists and -o was not specified
if [ -e /etc/exim4/exim4.conf ] && \
[ "${UPEX4C_outputfile}" = "${UPEX4C_autoconfigfile}" ] ; then
exit 0
fi
UE4CC="$UPEX4C_confdir/update-exim4.conf.conf"
UPEX4C_confd="$UPEX4C_confdir/conf.d"
[ -d "$(dirname "$UPEX4C_outputfile")" ] || \
{ printf "$0: Error, missing $(dirname "$UPEX4C_outputfile"), exiting.\n" 1>&2 ; exit 1 ; }
if [ -f "$UE4CC" ]; then
. "$UE4CC"
else
echo >&2 "$0: Error, no $UE4CC, exiting."
exit 1
fi
UPEX4C_autoconfigfile=/var/lib/exim4/config.autogenerated
if [ "$(dirname ${UPEX4C_outputfile})" = "/var/lib/exim4" ] ; then
UPEX4C_tmp="${UPEX4C_outputfile}.tmp"
else
UPEX4C_tmp="$(mktemp)"
fi
lowerpipe() {
tr 'A-Z' 'a-z'
}
lowercase() {
echo "$*" | lowerpipe
}
check_ascii_pipe() {
IN="$(cat)"
# Use "abcdef... instead of a a-z or [:alnum:] here since the alternatives
# will also match non-ascii characters.
OUT="$(echo $IN | sed 's/[^-0-9ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\/\.!*@_~:;< \[\]]/_/g')"
if [ "$OUT" != "$IN" ]; then
echo >&2 "$0: non-ascii value $IN read from $UE4CC, sanitizing to $OUT"
fi
echo $OUT
}
[ "${CFILEMODE}" = "" ] && CFILEMODE=644
[ "${dc_use_split_config}" = "" ] && dc_use_split_config='false'
[ "${dc_localdelivery}" = "" ] && dc_localdelivery='mail_spool'
[ "${UPEX4C_comments:-}" = "" ] && UPEX4C_comments="${ue4c_keepcomments:-no}"
TEMPLATEFILE="${UPEX4C_confdir}/exim4.conf.template"
dc_use_split_config="$(lowercase $dc_use_split_config)"
UPEX4C_verbose="$(lowercase $UPEX4C_verbose)"
if [ "${dc_use_split_config}" = "true" ]; then
[ "${UPEX4C_verbose}" = "yes" ] && \
echo "using split configuration scheme from ${UPEX4C_confd}"
if ! [ -d "${UPEX4C_confd}" ]; then
printf >&2 "$0: Error, no ${UPEX4C_confd}, exiting.\n"
exit 1
fi
else
[ "${UPEX4C_verbose}" = "yes" ] && \
echo "using non-split configuration scheme from ${TEMPLATEFILE}"
fi
# take only the first word from /etc/mailname
mailname="$(< /etc/mailname sed -n 's/\([-[:alnum:]@\.]\+\).*/\1/;p;q' | lowerpipe | check_ascii_pipe)"
# barf if lookups are found. They have never been supported here.
if echo " ${dc_other_hostnames} ${dc_smarthost} ${dc_local_interfaces} ${dc_relay_nets} ${dc_relay_domains}"| grep -q '[[:space:]]\(partial-\)\?\(cdb\|dbm\|dbmnz\|\(d\|ipl\|\(n\?wild\)\?l\)search\|nis\)\([\*@]\)\?[[:space:]]*;'; then
echo >&2 "WARNING: using 'lookup;' constructs in $UE4CC has never been supported! See /usr/share/doc/exim4-config/NEWS.Debian.gz for details."
fi
dc_other_hostnames="$(lowercase $dc_other_hostnames | check_ascii_pipe)"
# add localhost, get rid of spaces, trailing (semi)colons and make the list
# colon separated
local_domains="$(echo @:localhost:"${dc_other_hostnames}" | \
sed -e 's/[;: ]*$//' -e 's/ *//' -e 's/;/:/g')"
# run-parts emulation, stolen from Branden's /etc/X11/Xsession
# Addition: Use file.rul instead if file if it exists.
run_parts () {
# reset LC_COLLATE
unset LANG LC_COLLATE LC_ALL
if [ -z "$1" ]; then
errormessage "$0: internal run_parts called without an argument"
fi
if [ ! -d "$1" ]; then
errormessage "$0: internal run_parts called, but $1 does not exist or is not a directory."
fi
for F in $(ls $1); do
if expr "$F" : '[[:alnum:]_-]\+$' > /dev/null 2>&1; then
if [ -f "$1/$F" ] ; then
if [ -f "$1/${F}.rul" ] ; then
echo "$1/${F}.rul"
else
echo "$1/$F"
fi
fi
else
if [ "${UPEX4C_verbose}" = "yes" ] && \
[ -f "$1/$F" ] && \
! expr "$F" : '[[:alnum:]_-]\+\.rul'> /dev/null 2>&1 ; then
echo \
"internal run-parts: ignoring file: $1/$F" 1>&2
fi
fi
done;
}
# also from Branden
errormessage () {
# pretty-print messages of arbitrary length (no trailing newline)
echo "$*" | fold -s -w ${COLUMNS:-80} >&2;
}
cat_parts() {
if [ -z "$1" ]; then
errormessage "$0: internal cat_parts called without an argument"
fi
if [ ! -d "$1" ]; then
errormessage "$0: internal cat_parts called, but $1 does not exist or is not a directory."
fi
for file in $(run_parts $1); do
echo "#####################################################"
echo "### $file"
echo "#####################################################"
cat "$file"
echo
echo "#####################################################"
echo "### end $file"
echo "#####################################################"
done
}
gentmpconf() {
rm -f "${UPEX4C_tmp}"
touch "${UPEX4C_tmp}"
# this can be removed by the end of 2007
#chown --reference=${TEMPLATEFILE} \
# ${UPEX4C_tmp} ${UPEX4C_outputfile}
#chmod --reference=${TEMPLATEFILE} \
# ${UPEX4C_tmp} ${UPEX4C_outputfile}
if [ "$(id -u)" = "0" ]; then
chown root:Debian-exim "${UPEX4C_tmp}"
[ -e "${UPEX4C_outputfile}" ] && \
chown root:Debian-exim "${UPEX4C_outputfile}"
fi
chmod 640 "${UPEX4C_tmp}"
if [ -e "${UPEX4C_outputfile}" ]; then
chmod 640 "${UPEX4C_outputfile}"
fi
}
removecomments(){
if [ "${UPEX4C_comments}" = "no" ] ; then
grep -E -v '^[[:space:]]*#' | sed -e '/^$/N;/\n$/D' ;
else
cat
fi
}
gentmpconf
cat << EOF >> "${UPEX4C_tmp}"
#########
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# This file was generated dynamically from
EOF
if [ "${dc_use_split_config}" = "true" ] ; then
cat << EOF >> "${UPEX4C_tmp}"
# split config files in the $UPEX4C_confd/ directory.
EOF
else
cat << EOF >> "${UPEX4C_tmp}"
# non-split config ($UPEX4C_confdir/exim4.conf.localmacros
# and $UPEX4C_confdir/exim4.conf.template).
EOF
fi
cat << EOF >> "${UPEX4C_tmp}"
# The config files are supplemented with package installation/configuration
# settings managed by debconf. This data is stored in
# $UPEX4C_confdir/update-exim4.conf.conf
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
#########
EOF
# handle ";" in input values as separator change
for field in $UPEX4C_semicolon; do
if eval echo \$$field | grep -q ";"; then
eval temp=\$$field
if ! echo $temp | grep -q "^<"; then
temp="<; $temp"
eval "$field='$temp'"
fi
fi
done
# fix up smarthost line: change semicolons into single colons
dc_smarthost="$(lowercase $dc_smarthost | check_ascii_pipe | sed 's/;/:/g')"
dc_relay_nets="$(lowercase $dc_relay_nets | check_ascii_pipe)"
if echo "$dc_relay_nets" | grep -q '^<;'; then
dc_relay_nets="$dc_relay_nets ; 127.0.0.1 ; ::1"
else
dc_relay_nets="$dc_relay_nets : 127.0.0.1 : ::::1"
fi
dc_eximconfig_configtype="$(lowercase $dc_eximconfig_configtype | check_ascii_pipe)"
dc_hide_mailname="$(lowercase $dc_hide_mailname | check_ascii_pipe)"
dc_readhost="$(lowercase $dc_readhost | check_ascii_pipe)"
case "$dc_eximconfig_configtype" in
satellite|smarthost)
if [ "${dc_hide_mailname}" = "true" ] && [ -n "${dc_readhost}" ] ; then
hide_mailname=1
fi
;;
local)
;;
internet)
;;
none|*)
if [ "${dc_use_split_config}" = "true" ] ; then
for i in ${UPEX4C_sections} ; do
cat_parts "${UPEX4C_confd}/$i"
done | \
removecomments \
>> "${UPEX4C_tmp}"
else
LOCALMACROS=""
if [ -e "/etc/exim4/exim4.conf.localmacros" ]; then
LOCALMACROS="/etc/exim4/exim4.conf.localmacros"
fi
cat "${LOCALMACROS:-/dev/null}" "${TEMPLATEFILE:-/dev/null}" | \
removecomments \
>> "${UPEX4C_tmp}"
fi
mv -f "${UPEX4C_tmp}" "${UPEX4C_outputfile}"
chmod "${CFILEMODE}" "${UPEX4C_outputfile}"
[ "${UPEX4C_verbose}" = "yes" ] && \
echo "Not substituting variables since conftype is none (or other)"
exit 0
;;
esac
UPEX4C_macros="##############################################\n"
UPEX4C_macros="${UPEX4C_macros}# the following macro definitions were created\n"
UPEX4C_macros="${UPEX4C_macros}# dynamically by $0\n"
preprocess_macro() {
macroname="${1:-}"
shift
contents="$(lowercase ${@} | check_ascii_pipe)"
printf "%s" ".ifndef $macroname\n$macroname=$contents\n.endif\n"
}
seed_macro() {
UPEX4C_macros="${UPEX4C_macros}$(preprocess_macro "$1" "$2")"
}
file2macros() {
file="$1"
< $1 \
sed -n '/^[[:upper:]]/p;' | \
grep -v '^CFILEMODE=' | \
while read line; do
errormessage "undocumented line $line found in $1, generating exim macro"
left="$(echo $line | sed 's/\([^=]*\).*/\1/')"
right="$(echo $line | sed 's/[^=]*=\(.*\)/\1/')"
preprocess_macro "$left" "$right"
done
}
if [ "${dc_local_interfaces}" != "" ] ; then
seed_macro "MAIN_LOCAL_INTERFACES" "${dc_local_interfaces}"
fi
if [ "${dc_minimaldns}" = "true" ] ; then
seed_macro "DC_minimaldns" "1"
if guessed_name="$(hostname --fqdn | lowerpipe | check_ascii_pipe | grep '\.')" ; then
seed_macro "MAIN_HARDCODE_PRIMARY_HOSTNAME" "$guessed_name"
else
errormessage "hostname --fqdn did not return a fully qualified name, dc_minimaldns will not work. Please fix your /etc/hosts setup."
fi
fi
if [ -n "${hide_mailname:-}" ]; then
seed_macro "HIDE_MAILNAME" "${hide_mailname:-}"
fi
seed_macro "MAIN_PACKAGE_VERSION" "$UPEX4C_version"
seed_macro "MAIN_LOCAL_DOMAINS" "${local_domains}"
seed_macro "MAIN_RELAY_TO_DOMAINS" "${dc_relay_domains}"
seed_macro "ETC_MAILNAME" "$mailname"
seed_macro "LOCAL_DELIVERY" "${dc_localdelivery}"
seed_macro "MAIN_RELAY_NETS" "${dc_relay_nets}"
seed_macro "DCreadhost" "${dc_readhost}"
seed_macro "DCsmarthost" "${dc_smarthost}"
seed_macro "DC_eximconfig_configtype" "${dc_eximconfig_configtype}"
seed_macro "DCconfig_${dc_eximconfig_configtype}" "1"
# dump everything starting with a capital into macros as well
# this is going to stay undocumented, but fixes PEBCAK where people write
# macros into ue4cc.
UPEX4C_macros="${UPEX4C_macros}$(file2macros $UE4CC)"
UPEX4C_macros="${UPEX4C_macros}##############################################\n"
case "${dc_use_split_config}" in
true)
for i in ${UPEX4C_sections} ; do
echo "# begin processing $i #####"
cat_parts "${UPEX4C_confd}/$i"
echo "# end of $i #####"
done \
| removecomments \
| sed "s|^\(UPEX4CmacrosUPEX4C.*\)$|\1\n$UPEX4C_macros|" \
>> "${UPEX4C_tmp}"
RELEVANTTEMPLATE="$UPEX4C_confd"
;;
false)
if [ ! -r "$TEMPLATEFILE" ] ; then
echo "Error: Unsplit config selected and $TEMPLATEFILE missing ... exiting" 1>&2
exit 1
fi
LOCALMACROS=""
if [ -e "/etc/exim4/exim4.conf.localmacros" ]; then
LOCALMACROS="${UPEX4C_confdir}/exim4.conf.localmacros"
fi
cat "${LOCALMACROS:-/dev/null}" "${TEMPLATEFILE:-/dev/null}" \
| removecomments \
| sed "s|^\(UPEX4CmacrosUPEX4C.*\)$|\1\n$UPEX4C_macros|" \
>> "${UPEX4C_tmp}"
RELEVANTTEMPLATE="$TEMPLATEFILE"
;;
*)
errormessage "Invalid value for dc_use_split_config: \"${dc_use_split_config}\", exiting."
rm -f "${UPEX4C_tmp}"
exit 1
;;
esac
# check for left-over DEBCONF strings that may cause installation trouble
# (fix PEBCAK for people who don't accept conffile changes and don't
# read docs)
if grep -qr '^[^#]*DEBCONF[[:lower:]_]\+DEBCONF' $RELEVANTTEMPLATE \
&& ! grep -qr '^[[:space:]]*DEBCONFstringOK_config_adapted[[:space:]]*=' $RELEVANTTEMPLATE; then
errormessage "DEBCONFsomethingDEBCONF found in exim configuration. This is most probably caused by you upgrading to exim4 4.67-3 or later without accepting the suggested conffile changes. Please read /usr/share/doc/exim4-config/NEWS.Debian.gz for 4.67-2 and 4.67-4"
fi
# check for left-over UPEX4CmacrosUPEX4C comment string that may cause
# installation trouble (fix PEBCAK for people who don't accept conffile
# changes and don't read docs)
if grep -qr '# UPEX4CmacrosUPEX4C' $RELEVANTTEMPLATE \
&& ! grep -qr '^[[:space:]]*UPEX4CmacrosOK_config_adapted[[:space:]]*=' $RELEVANTTEMPLATE; then
errormessage "UPEX4CmacrosUPEX4C found in an exim configuration comment. This is most probably caused by you upgrading to exim4 4.67-5 or later without accepting the suggested conffile changes. Please read /usr/share/doc/exim4-config/NEWS.Debian.gz for 4.67-5"
fi
# test validity if called without -o or if --check was supplied
if [ "${UPEX4C_outputfile}" = "${UPEX4C_autoconfigfile}" ] || \
[ "x${UPEX4C_check}" = "xyes" ]; then
if [ -x "${EXIM}" ] ; then
if ! "${EXIM}" -C "${UPEX4C_tmp}" -bV > /dev/null ; then
# we have an error in the configuration file. Do not install
# and activate. However, errors in string expansions inside
# the configuration file are not detected by this check!
errormessage "Invalid new configfile ${UPEX4C_tmp}, not installing ${UPEX4C_tmp} to ${UPEX4C_outputfile}"
exit 1
fi
fi
fi
if [ "x${UPEX4C_check}" = "xyes" ]; then
rm -f "${UPEX4C_tmp}"
exit 0
fi
mv -f "${UPEX4C_tmp}" "${UPEX4C_outputfile}"
chmod "${CFILEMODE}" "${UPEX4C_outputfile}"
# end of file

141
debian/debconf/update-exim4.conf.template vendored Executable file
View file

@ -0,0 +1,141 @@
#!/bin/bash
set -e
CONFDIR="${CONFDIR:-/etc/exim4}"
DONOTRUN='true'
UPEX4CT_outputfile="${CONFDIR}/exim4.conf.template"
usage() {
cat <<EOF
$0 - Generate exim4 configuration file template
Options:
-n|--nobackup - Overwrite old template, do not take backup.
-o|--output file - write output to file instead of ${UPEX4CT_outputfile}
-h|--help - This message.
-r|--run - Actually do something
EOF
}
## Parse commandline
TEMP=$(getopt -n update-exim4.conf.template \
-l nobackup,output:,help,run -- \
+no:hr "$@")
if test "$?" != 0; then
echo "Terminating..." >&2
exit 1
fi
eval set -- ${TEMP}
while test "$1" != "--"; do
case $1 in
-h|--help)
usage
exit 0
;;
-o|--output)
shift
UPEX4CT_outputfile="$1"
;;
-n|--nobackup)
NOBACKUP=1
;;
-r|--run)
DONOTRUN='false'
;;
esac
shift
done
shift
# No non-option arguments allowed.
if [ "$#" -ne 0 ]; then
echo "No non option arguments ($@) allowed" >&2
usage >&2
exit 1
fi
# run-parts emulation, stolen from Branden's /etc/X11/Xsession
# Addition: Use file.rul instead if file if it exists.
run_parts () {
# reset LC_COLLATE
unset LANG LC_COLLATE LC_ALL
if [ -z "$1" ]; then
errormessage "$0: internal run_parts called without an argument"
fi
if [ ! -d "$1" ]; then
errormessage "$0: internal run_parts called, but $1 does not exist or is not a directory."
fi
for F in $(ls $1 | grep -v /.svn); do
if expr "$F" : '[[:alnum:]_-]\+$' > /dev/null 2>&1; then
if [ -f "$1/$F" ] ; then
if [ -f "$1/${F}.rul" ] ; then
echo "$1/${F}.rul"
else
echo "$1/$F"
fi
fi
fi
done;
}
# also from Branden
errormessage () {
# pretty-print messages of arbitrary length (no trailing newline)
echo "$*" | fold -s -w ${COLUMNS:-80} >&2;
}
cat_parts() {
if [ -z "$1" ]; then
errormessage "$0: internal cat_parts called without an argument"
fi
if [ ! -d "$1" ]; then
errormessage "$0: internal cat_parts called, but $1 does not exist or is not a directory."
fi
for file in $(run_parts $1); do
echo "#####################################################"
echo "### $file"
echo "#####################################################"
cat $file
echo "#####################################################"
echo "### end $file"
echo "#####################################################"
done
}
if [ "$DONOTRUN" = "true" ]; then
errormessage "This program overwrites conffiles. Do not run unless you have consulted the manpage." >&2
echo "Terminating..." >&2
exit 1
fi
if [ -e "${UPEX4CT_outputfile}" ] && [ -z "$NOBACKUP" ]; then
if [ -e "${UPEX4CT_outputfile}.bak.$$" ]; then
echo >&2 "ERR: ${UPEX4CT_outputfile}.bak.$$ already exists, aborting"
exit 1
fi
fi
NEWTEMPLATE=$(mktemp)
if [ -f "${UPEX4CT_outputfile}" ] ; then
chmod --reference="${UPEX4CT_outputfile}" "$NEWTEMPLATE"
else
chmod 0644 "$NEWTEMPLATE"
fi
# generate .template. Ugly - better alternative?
SAVEWD="$(pwd)"
cd ${CONFDIR}/conf.d
for i in main acl router transport retry rewrite auth ; do
cat_parts $i
done > "$NEWTEMPLATE"
cd "$SAVEWD"
if [ -e "${UPEX4CT_outputfile}" ] && [ -z "$NOBACKUP" ] ; then
mv "${UPEX4CT_outputfile}" \
"${UPEX4CT_outputfile}.bak.$$"
fi
mv "$NEWTEMPLATE" "${UPEX4CT_outputfile}"

37
debian/e-n-if-up vendored Normal file
View file

@ -0,0 +1,37 @@
#!/bin/bash
# put this file in /etc/network/if-up.d/exim4-smarthost
# add an exim4-smarthost smtp.server.example.com::587 line to your interface
# stanza in /etc/network/interfaces
# this will only work for split config, since in non-split config we
# only have a single file which is included and which would need more
# serious string processing to alter. With split config, we can blindly
# overwrite our previous file.
# Environment:
# MODE = { start | stop }
# IF_EXIM4_SMARTHOST = hostname[::port]
SMARTHOSTFILE="/etc/exim4/conf.d/main/00_local_DCsmarthost"
if [ -z "$IF_EXIM4_SMARTHOST" ]; then
exit 0
fi
if [ "$MODE" = 'stop' ]; then
rm -f $SMARTHOSTFILE
invoke exim4 reload > /dev/null || true
exit 0
fi
if [ "$IF_EXIM4_SMARTHOST" = "none" ]; then
rm -f $SMARTHOSTFILE
invoke exim4 reload > /dev/null || true
exit 0
fi
echo "DCsmarthost = ${IF_EXIM4_SMARTHOST}" > $SMARTHOSTFILE
invoke exim4 reload > /dev/null || true
/usr/sbin/exim4 -qqf

9
debian/email-addresses vendored Normal file
View file

@ -0,0 +1,9 @@
# This is /etc/email-addresses. It is part of the exim package
#
# This file contains email addresses to use for outgoing mail. Any local
# part not in here will be qualified by the system domain as normal.
#
# It should contain lines of the form:
#
#user: someone@isp.com
#otheruser: someoneelse@anotherisp.com

1
debian/example.conf.md5 vendored Normal file
View file

@ -0,0 +1 @@
3202b2bec8c1a8597ab1eee87028d736 -

52
debian/exim-adduser vendored Executable file
View file

@ -0,0 +1,52 @@
#!/usr/bin/perl
# Stitched together by Andreas Metzler, really too trivial to be copyrightable.
use strict;
use warnings;
my $user;
my $passwd;
my $file;
my $rand;
if (@ARGV == 0) {
$file="/etc/exim4/passwd";
} else {
$file=$ARGV[0];
}
open(PWDFILE,">>$file") || die("Couldn't append to file '$file': $!");
print "User: ";
chop($user = <STDIN>);
print "Password: ";
chop($passwd = <STDIN>);
$rand = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64];
print PWDFILE $user . ":" . crypt($passwd, q{$1$} . $rand . q{$}) . ":" . $passwd . "\n";
close(PWDFILE);
__END__
=head1 NAME
exim-adduser - Add username/password to exim password-file.
=head1 USAGE
exim-adduser [filename]
exim-adduser prompts for username and password and adds
username:crypted-password:cleartext-password
to the given file, if no filename is given /etc/exim4/passwd is used.
=head1 BUGS
Probably many, this really is just example code.
=head1 SEE ALSO
/usr/share/doc/exim4-base/*,
exim4(8)

78
debian/exim-gencert vendored Executable file
View file

@ -0,0 +1,78 @@
#!/bin/sh -e
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
DIR=/etc/exim4
CERT=$DIR/exim.crt
KEY=$DIR/exim.key
# This exim binary was built with GnuTLS which does not support dhparams
# from a file. See /usr/share/doc/exim4-base/README.Debian.gz
#DH=$DIR/exim.dhparam
if ! command -v openssl > /dev/null ;then
echo "$0: openssl is not installed, exiting" 1>&2
exit 1
fi
# valid for three years
DAYS=1095
if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
echo "[*] $CERT and $KEY exists!"
echo " Use \"$0 --force\" to force generation!"
exit 0
fi
if [ "$1" = "--force" ]; then
shift
fi
#SSLEAY=/tmp/exim.ssleay.$$.cnf
SSLEAY="$(mktemp)"
cat > $SSLEAY <<EOM
RANDFILE = $HOME/.rnd
[ req ]
default_bits = 2048
default_keyfile = exim.key
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country Code (2 letters)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company; recommended)
organizationName_max = 64
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_max = 64
commonName = Server name (eg. ssl.domain.tld; required!!!)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
EOM
echo "[*] Creating a self signed SSL certificate for Exim!"
echo " This may be sufficient to establish encrypted connections but for"
echo " secure identification you need to buy a real certificate!"
echo " "
echo " Please enter the hostname of your MTA at the Common Name (CN) prompt!"
echo " "
openssl req -config $SSLEAY -x509 -newkey rsa:2048 -keyout $KEY -out $CERT -days $DAYS -nodes
#see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH
rm -f $SSLEAY
chown root:Debian-exim $KEY $CERT $DH
chmod 640 $KEY $CERT $DH
echo "[*] Done generating self signed certificates for exim!"
echo " Refer to the documentation and example configuration files"
echo " over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS"
echo " support in your mail transfer agent."

15
debian/exim4-base.config vendored Normal file
View file

@ -0,0 +1,15 @@
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
if [ "reconfigure" = "$1" ]; then
db_beginblock
db_input low exim4-base/drec || [ "$?" = "30" ]
db_go
fi

120
debian/exim4-base.cron.daily vendored Normal file
View file

@ -0,0 +1,120 @@
#!/bin/sh
EX4SYSTEMDTIMER=$1
# skip in favour of systemd timer if called from cron.daily
if [ -d /run/systemd/system ] && [ "$EX4SYSTEMDTIMER" != "systemd-timer" ]; then
exit 0
fi
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
# set this to some other value if you don't want the panic log to be
# watched by this script, for example when you're using your own log
# checking mechanisms or don't care.
E4BCD_DAILY_REPORT_TO=""
E4BCD_DAILY_REPORT_OPTIONS=""
E4BCD_WATCH_PANICLOG="yes"
# Number of lines of paniclog quoted in warning email.
E4BCD_PANICLOG_LINES="10"
E4BCD_PANICLOG_NOISE=""
E4BCD_PANICLOG_REPORT_TO=root
# Only do anything if exim4 is actually installed
if [ ! -x /usr/lib/exim4/exim4 ]; then
exit 0
fi
[ -f /etc/default/exim4 ] && . /etc/default/exim4
SPOOLDIR="$(exim4 -bP spool_directory | sed 's/.*=[[:space:]]\(.*\)/\1/')"
if [ -n "$E4BCD_DAILY_REPORT_TO" ] || [ "$E4BCD_WATCH_PANICLOG" != "no" ] ; then
# Only needed for mail subject.
if ! HOSTNAME=$(/usr/sbin/exim4 -be '${primary_hostname}'); then
HOSTNAME="$(hostname)"
fi
fi
# The log processing code used in this cron script is not very
# sophisticated. It relies on this cron job being executed earlier than
# the log rotation job, and will have false results if the log is not
# rotated exactly once daily in the daily cron processing. Even in the
# default configuration, it will ignore log entries made between this
# cron job and the log rotation job.
# Patches for more sophisticated processing are appreciated via the
# Debian BTS.
E4BCD_MAINLOG_NOISE="^[[:digit:][:space:]:-]\{20\}\(\(Start\|End\) queue run: pid=[[:digit:]]\+\|exim [[:digit:]\.]\+ daemon started: pid=[[:digit:]]\+, .*\)$"
if [ -n "$E4BCD_DAILY_REPORT_TO" ]; then
if [ -x "$(command -v eximstats)" ] && [ -x "$(command -v mail)" ]; then
if [ "$(< /var/log/exim4/mainlog grep -v "$E4BCD_MAINLOG_NOISE" | wc -l)" -gt "0" ]; then
< /var/log/exim4/mainlog grep -v "$E4BCD_MAINLOG_NOISE" \
| eximstats $E4BCD_DAILY_REPORT_OPTIONS \
| mail -s"${HOSTNAME} Daily e-mail activity report" \
$E4BCD_DAILY_REPORT_TO
else
echo "no mail activity in this interval" \
| mail -s"${HOSTNAME} Daily e-mail activity report" \
$E4BCD_DAILY_REPORT_TO
fi
else
echo "The exim4 cron job is configured to send a daily report, but eximstats"
echo "and/or mail cannot be found. Please check and make sure that these two"
echo "binaries are available"
fi
fi
log_this() {
TEXT="$@"
if ! logger -t exim4 -p mail.alert $TEXT; then
RET="$?"
echo >&2 "ALERT: could not syslog $TEXT, logger return value $RET"
fi
}
if [ "$E4BCD_WATCH_PANICLOG" != "no" ]; then
if [ -s "/var/log/exim4/paniclog" ]; then
if [ -x "/usr/local/lib/exim4/nonzero_paniclog_hook" ]; then
/usr/local/lib/exim4/nonzero_paniclog_hook
fi
if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then
log_this "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken"
if ! printf "Subject: exim paniclog on %s has non-zero size\nTo: %s\n\nexim paniclog /var/log/exim4/paniclog on %s has non-zero size, mail system might be broken. Up to ${E4BCD_PANICLOG_LINES} lines are quoted below.\n\n%s\n" \
"${HOSTNAME}" "${E4BCD_PANICLOG_REPORT_TO}" "${HOSTNAME}" \
"$(if [ -z "$E4BCD_PANICLOG_NOISE" ] ; then tail -n "${E4BCD_PANICLOG_LINES}" /var/log/exim4/paniclog ; else grep -v "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog | tail -n "${E4BCD_PANICLOG_LINES}" ; fi)" \
| exim4 "${E4BCD_PANICLOG_REPORT_TO}"; then
log_this "PANIC: sending out e-mail warning has failed, exim has non-zero return code"
fi
if [ "$E4BCD_WATCH_PANICLOG" = "once" ]; then
logrotate -f /etc/logrotate.d/exim4-paniclog
fi
fi
fi
fi
# run tidydb as Debian-exim:Debian-exim.
if [ -x /usr/sbin/exim_tidydb ]; then
cd $SPOOLDIR/db || exit 1
if ! find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
-or -type f -printf '%f\0' | \
xargs -0r -n 1 \
start-stop-daemon --start --exec /usr/sbin/exim_tidydb \
--chuid Debian-exim:Debian-exim -- $SPOOLDIR > /dev/null; then
# if we reach this, invoking exim_tidydb from start-stop-daemon has
# failed, most probably because of libpam-tmpdir being in use
# (see #373786 and #376165)
find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
-or -type f -printf '%f\0' | \
runuser --shell=/bin/bash \
--command="xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > /dev/null" \
Debian-exim
fi
fi

7
debian/exim4-base.dirs vendored Normal file
View file

@ -0,0 +1,7 @@
/etc/cron.daily
/etc/logrotate.d
/usr/bin
/usr/sbin
/usr/share/doc/exim4-base/examples
/usr/share/man/man1
/usr/share/man/man8

9
debian/exim4-base.doc-base.debian vendored Normal file
View file

@ -0,0 +1,9 @@
Document: exim4-readme-debian
Title: Debian-specific documentation for Exim 4
Author: Various
Abstract: This file documents specific details of the Exim4 Debian packages.
Section: Network/Communication
Format: html
Index: /usr/share/doc/exim4-base/README.Debian.html
Files: /usr/share/doc/exim4-base/README.Debian.html

8
debian/exim4-base.doc-base.filter vendored Normal file
View file

@ -0,0 +1,8 @@
Document: exim4-filter-txt
Title: Exim's interface to mail filtering
Author: Various
Abstract: Description of the user interface to Exim's in-built mail filtering facility. This is the text version.
Section: Network/Communication
Format: text
Files: /usr/share/doc/exim4-base/filter.txt.gz

8
debian/exim4-base.doc-base.spec vendored Normal file
View file

@ -0,0 +1,8 @@
Document: exim4-spec-txt
Title: Exim specification
Author: Various
Abstract: Exim reference manual. This is the text version.
Section: Network/Communication
Format: text
Files: /usr/share/doc/exim4-base/spec.txt.gz

15
debian/exim4-base.docs vendored Normal file
View file

@ -0,0 +1,15 @@
b-exim4-daemon-light/ACKNOWLEDGMENTS
b-exim4-daemon-light/NOTICE
b-exim4-daemon-light/README.UPDATING
b-exim4-daemon-light/doc/Exim3.upgrade
b-exim4-daemon-light/doc/Exim4.upgrade
b-exim4-daemon-light/doc/GnuTLS-FAQ.txt
b-exim4-daemon-light/doc/NewStuff
b-exim4-daemon-light/doc/OptionLists.txt
b-exim4-daemon-light/doc/README
b-exim4-daemon-light/doc/README.SIEVE
b-exim4-daemon-light/doc/dbm.discuss.txt
b-exim4-daemon-light/doc/filter.txt
b-exim4-daemon-light/doc/spec.txt
debian/README.Debian.html
debian/changelog.Debian.old

5
debian/exim4-base.examples vendored Normal file
View file

@ -0,0 +1,5 @@
b-exim4-daemon-light/util/cramtest.pl
b-exim4-daemon-light/util/logargs.sh
b-exim4-daemon-light/util/unknownuser.sh
debian/exim-adduser
debian/exim-gencert

10
debian/exim4-base.exim4-paniclog.logrotate vendored Normal file
View file

@ -0,0 +1,10 @@
/var/log/exim4/paniclog {
size 10M
missingok
rotate 10
compress
delaycompress
notifempty
nocreate
}

199
debian/exim4-base.exim4.init vendored Normal file
View file

@ -0,0 +1,199 @@
#! /bin/sh
# /etc/init.d/exim4
#
# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
# Modified for exim by Tim Cutts <timc@chiark.greenend.org.uk>
# Modified for exim4 by Andreas Metzler <ametzler@debian.org>
# and Marc Haber <mh+debian-packages@zugschlus.de>
### BEGIN INIT INFO
# Provides: exim4
# Required-Start: $remote_fs $syslog $named $network $time
# Required-Stop: $remote_fs $syslog $named $network
# Should-Start: postgresql mysql clamav-daemon greylist spamassassin
# Should-Stop: postgresql mysql clamav-daemon greylist spamassassin
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: exim Mail Transport Agent
# Description: exim is a Mail Transport agent
### END INIT INFO
set -e
test -x /usr/lib/exim4/exim4 || exit 0
. /lib/lsb/init-functions
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
LANG=C
export LANG
#read default file
EXIMDAEMONOPTS='-bd -q30m'
UPEX4OPTS=''
[ -f /etc/default/exim4 ] && . /etc/default/exim4
PIDFILE="/run/exim4/exim.pid"
upex4conf() {
UPEX4CONF="update-exim4.conf"
OLDIFS="$IFS"
IFS=:
for p in $PATH; do
if [ -x "$p/$UPEX4CONF" ]; then
IFS="$OLDIFS"
$p/$UPEX4CONF $UPEX4OPTS $1
return 0
fi
done
IFS="$OLDIFS"
}
DAEMON="/usr/sbin/exim4"
NAME="exim4"
# this is from madduck on IRC, 2006-07-06
# There should be a better possibility to give daemon error messages
# and/or to log things
log()
{
case "$1" in
[[:digit:]]*) success=$1; shift;;
*) :;;
esac
log_action_begin_msg "$1"; shift
log_action_end_msg ${success:-0} "$*"
}
start_exim()
{
[ -e /run/exim4 ] || \
install -d -oDebian-exim -gDebian-exim -m750 /run/exim4
start_daemon -p "$PIDFILE" \
"$DAEMON" $EXIMDAEMONOPTS
log_progress_msg "exim4"
}
stop_exim()
{
if [ -f "$PIDFILE" ]; then
start-stop-daemon --stop --retry 5 --quiet --oknodo --remove-pidfile \
--pidfile "$PIDFILE" \
--exec "$DAEMON"
# exim does not remove the pidfile
if [ $? -eq 2 ] ; then rm -f "$PIDFILE" ; fi
log_progress_msg "exim4_listener"
fi
}
reload_exim()
{
start-stop-daemon --stop --signal HUP --quiet --oknodo \
--pidfile "$PIDFILE" \
--exec "$DAEMON"
log_progress_msg "exim4"
}
kill_all_exims()
{ SIG="${1:-TERM}"
for pid in $(pidof $NAME); do
if [ "$(readlink /proc/$pid/root)" = "/" ]; then
kill -$SIG $pid
fi
done
}
status()
{
log_action_begin_msg "checking $NAME"
if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then
log_action_end_msg 0 "running"
exit 0
else
if [ -e "$PIDFILE" ]; then
log_action_end_msg 1 "$NAME failed"
exit 1
else
log_action_end_msg 0 "not running"
exit 3
fi
fi
}
# check for valid configuration file
isconfigvalid()
{
if ! $DAEMON -bV > /dev/null ; then
log 1 "Warning! Invalid configuration file for $NAME. Exiting."
exit 1
fi
}
# check for non-empty paniclog
warn_paniclog()
{
if [ -s "/var/log/exim4/paniclog" ]; then
if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then
echo "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken" 1>&2
fi
fi
}
case "$1" in
start)
log_daemon_msg "Starting MTA"
# regenerate exim4.conf
upex4conf
isconfigvalid
start_exim
log_end_msg 0
warn_paniclog
;;
stop)
log_daemon_msg "Stopping MTA"
stop_exim
log_end_msg 0
warn_paniclog
;;
restart)
# check whether newly generated config would work
upex4conf --check
log_daemon_msg "Stopping MTA for restart"
stop_exim
# regenerate exim4.conf
upex4conf
isconfigvalid
log_end_msg 0
sleep 2
log_daemon_msg "Restarting MTA"
start_exim
log_end_msg 0
warn_paniclog
;;
reload|force-reload)
log_daemon_msg "Reloading $NAME configuration files"
# regenerate exim4.conf
upex4conf
isconfigvalid
reload_exim
log_end_msg 0
warn_paniclog
;;
status)
status
;;
force-stop)
kill_all_exims $2
;;
*)
echo "Usage: $0 {start|stop|restart|reload|status|force-stop}"
exit 1
;;
esac
exit 0
# vim:tabstop=2:expandtab:shiftwidth=2

1
debian/exim4-base.install vendored Normal file
View file

@ -0,0 +1 @@
debian/script usr/share/bug/exim4-base

3
debian/exim4-base.links vendored Normal file
View file

@ -0,0 +1,3 @@
usr/share/man/man8/exim_db.8.gz usr/share/man/man8/exim_dumpdb.8.gz
usr/share/man/man8/exim_db.8.gz usr/share/man/man8/exim_fixdb.8.gz
usr/share/man/man8/exim_db.8.gz usr/share/man/man8/exim_tidydb.8.gz

7
debian/exim4-base.lintian-overrides vendored Normal file
View file

@ -0,0 +1,7 @@
# false positives, inline perl invocation.
exim4-base: bash-term-in-posix-shell *usr/sbin/exim_checkaccess*
exim4-base: bash-term-in-posix-shell *usr/sbin/exinext*
# explicitly set
exim4-base: bash-term-in-posix-shell *HOSTNAME*cron.daily/exim4-base*
# systemd service file is shipped in daemon packages
exim4-base: omitted-systemd-service-for-init.d-script exim4 [etc/init.d/exim4]

9
debian/exim4-base.logrotate vendored Normal file
View file

@ -0,0 +1,9 @@
/var/log/exim4/mainlog /var/log/exim4/rejectlog {
daily
missingok
rotate 10
compress
delaycompress
notifempty
nocreate
}

13
debian/exim4-base.manpages vendored Normal file
View file

@ -0,0 +1,13 @@
b-exim4-daemon-light/doc/exim.8
debian/manpages/exicyclog.8
debian/manpages/exigrep.8
debian/manpages/exim_checkaccess.8
debian/manpages/exim_convert4r4.8
debian/manpages/exim_db.8
debian/manpages/exim_dbmbuild.8
debian/manpages/exim_id_update.8
debian/manpages/exim_lock.8
debian/manpages/exinext.8
debian/manpages/exiqgrep.8
debian/manpages/exiqsumm.8
debian/manpages/exiwhat.8

94
debian/exim4-base.postinst vendored Normal file
View file

@ -0,0 +1,94 @@
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
db_version 2.0
BDBVERSION=5.3
case "$1" in
configure)
if ! getent passwd Debian-exim > /dev/null ; then
echo 'Adding system-user for exim (v4)' 1>&2
adduser --system --group --quiet --home /var/spool/exim4 \
--no-create-home --disabled-login \
--allow-bad-names Debian-exim
fi
# Create directories for log etc
# install also fixes permissions.
install -d -oDebian-exim -gadm -m2750 /var/log/exim4
install -d -oDebian-exim -gDebian-exim -m750 /run/exim4
install -d -oDebian-exim -gDebian-exim -m750 /var/spool/exim4
install -d -oDebian-exim -gDebian-exim -m750 /var/spool/exim4/db \
/var/spool/exim4/input /var/spool/exim4/msglog
# Paranoia check: On any db upgrade throw away hints
# databases.
if test -r /var/lib/exim4/berkeleydbvers.txt ; then
OLDBDB=`head -n1 /var/lib/exim4/berkeleydbvers.txt`
else
OLDBDB="unknown"
fi
if [ "$BDBVERSION" != "$OLDBDB" ] ; then
echo exim: DB upgrade, deleting hints-db 1>&2
rm -f /var/spool/exim4/db/misc-* /var/spool/exim4/db/wait-* \
/var/spool/exim4/db/callout* \
/var/spool/exim4/db/retry* \
/var/spool/exim4/db/ratelimit* \
/var/spool/exim4/db/__db.retry \
/var/spool/exim4/db/__db.misc* \
/var/spool/exim4/db/__db.callout \
/var/spool/exim4/db/__db.ratelimit \
/var/spool/exim4/db/__db.wait* \
/var/spool/exim4/db/log.*
echo "$BDBVERSION" > /var/lib/exim4/berkeleydbvers.txt
fi
# Check that db files are readable by this Exim's db library
dbfiles=""
for f in /var/spool/exim4/db/misc-* /var/spool/exim4/db/wait-* \
/var/spool/exim4/db/callout* /var/spool/exim4/db/retry* \
/var/spool/exim4/db/ratelimit* ; do
if [ -f "$f" ]; then
if echo $f | grep \.lockfile\$ >/dev/null 2>&1; then
: # ignore lock files
else
dbfiles="$dbfiles $(basename $f)"
fi
fi
done
for dbfile in $dbfiles; do
if exim_dumpdb /var/spool/exim4 $dbfile >/dev/null 2>&1; then
: # File OK
else
echo "Resetting invalid $dbfile hints db" 1>&2
rm -f /var/spool/exim4/db/$dbfile \
/var/spool/exim4/db/$dbfile.* \
/var/spool/exim4/db/__db.${dbfile}.* \
/var/spool/exim4/db/log.*
fi
done
if [ -x "/etc/init.d/exim4" ]; then
update-rc.d exim4 defaults >/dev/null
fi
# honor dpkg-statoverride settings for files not managed with dpkg
for pat in /var/\*/exim4 /var/\*/exim4/\*; do
[ $EX4DEBUG ] && eval echo "evaluate statoverride $pat"
eval dpkg-statoverride --list $pat | while read USER GROUP MODE FILE; do
[ $EX4DEBUG ] && echo "statoverride $USER $GROUP $MODE $FILE"
chown ${USER}:${GROUP} $FILE
chmod $MODE $FILE
done
done
;;
esac
#DEBHELPER#

67
debian/exim4-base.postrm vendored Normal file
View file

@ -0,0 +1,67 @@
#!/bin/sh
set -e
if [ -e /usr/share/debconf/confmodule ] ; then
. /usr/share/debconf/confmodule
export debconfavailable="yes"
fi
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
case "$1" in
remove)
# work around apt purging -base before even removing -daemon #261994.
# postrm is good enough, we just need the init-script which is a conffile.
if [ -x /etc/init.d/exim4 ] && \
! [ -d /run/systemd/system ] ; then
if [ -n "$EX4DEBUG" ]; then
netstat -tulpen
ls -al /run/exim4/
cat /run/exim4/exim.pid
pidof exim4
fi
invoke-rc.d exim4 stop
if [ -n "$EX4DEBUG" ]; then
netstat -tulpen
ls -al /run/exim4/
cat /run/exim4/exim.pid
pidof exim4
if pidof exim4; then
echo >&2 "WARN: There are some exim4 processes still running after stopping exim"
fi
fi
fi
rm -f /var/lib/exim4/berkeleydbvers.txt \
/var/spool/exim4/gnutls-params-2048
;;
purge)
update-rc.d exim4 remove > /dev/null
# ask about purging mailqueue if debconf is available, keep it
# otherwise
if [ -e /var/spool/exim4/input ] \
&& ! rmdir /var/spool/exim4/input 2>/dev/null \
&& [ "$debconfavailable" = "yes" ]; then
db_version 2.0
db_input medium exim4/purge_spool || true
db_go || true
db_get exim4/purge_spool
purge_spool="$RET"
if [ "${purge_spool}" = "true" ] ; then
rm -rf /var/spool/exim4/input
fi
fi
# remove logs and pid-dir.
rm -rf /run/exim4 /var/log/exim4 /var/spool/exim4/msglog \
/var/spool/exim4/db /var/spool/exim4/exim-process.info \
/var/spool/exim4/gnutls-params*
rmdir /var/spool/exim4 /var/lib/exim4 2> /dev/null || true
;;
esac
#DEBHELPER#

14
debian/exim4-base.service vendored Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=exim4-base housekeeping
Documentation=man:exim4(8)
ConditionACPower=true
Before=logrotate.service
[Service]
Type=oneshot
ExecStart=/etc/cron.daily/exim4-base systemd-timer
# performance options
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7

17
debian/exim4-base.templates vendored Normal file
View file

@ -0,0 +1,17 @@
Template: exim4/purge_spool
Type: boolean
Default: false
_Description: Remove undelivered messages in spool directory?
There are e-mail messages in the Exim spool directory
/var/spool/exim4/input/ which have not yet been delivered. Removing
Exim will cause them to remain undelivered until Exim is re-installed.
.
If this option is not chosen, the spool directory is kept, allowing
the messages in the queue to be delivered at a later date after
Exim is re-installed.
Template: exim4-base/drec
Type: error
_Description: Reconfigure exim4-config instead of this package
Exim4 has its configuration factored out into a dedicated package,
exim4-config. To reconfigure Exim4, use 'dpkg-reconfigure exim4-config'.

12
debian/exim4-base.timer vendored Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=Daily exim4-base housekeeping
Documentation=man:exim4(8)
Before=logrotate.timer
[Timer]
OnCalendar=daily
AccuracySec=12h
Persistent=true
[Install]
WantedBy=timers.target

1
debian/exim4-base.tmpfiles vendored Normal file
View file

@ -0,0 +1 @@
d /run/exim4 0750 Debian-exim Debian-exim - -

812
debian/exim4-config.config vendored Normal file
View file

@ -0,0 +1,812 @@
#!/bin/sh
set -e
alias stripwhitespace="sed -e 's/^[[:blank:]]*//' -e 's/[[:blank:]]*$//'"
installeddebconfversion="$(dpkg -s debconf | sed -ne '/^Version/s/^Version: //p')"
if [ "reconfigure" != "$1" ] && \
dpkg --compare-versions "${installeddebconfversion}" "le" "1.4" && \
[ "$exim4postinstisrunning" != "true" ] ; then
echo "exim4-config.postinst: [WARN] Installed debconf version is broken. Aborting preconfigure." 1>&2
exit 0
fi
. /usr/share/debconf/confmodule
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
UE4CC="/etc/exim4/update-exim4.conf.conf"
convert_to_long ()
{
case "$1" in
internet)
echo -n "internet site; mail is sent and received directly using SMTP"
;;
smarthost)
echo -n "mail sent by smarthost; received via SMTP or fetchmail"
;;
satellite)
echo -n "mail sent by smarthost; no local mail"
;;
local)
echo -n "local delivery only; not on a network"
;;
none)
echo -n "no configuration at this time"
;;
esac
}
convert_to_short ()
{
case "$1" in
"internet site; mail is sent and received directly using SMTP")
echo -n "internet"
;;
"mail sent by smarthost; received via SMTP or fetchmail")
echo -n "smarthost"
;;
"mail sent by smarthost; no local mail")
echo -n "satellite"
;;
"local delivery only; not on a network")
echo -n "local"
;;
"no configuration at this time")
echo -n "none"
;;
esac
}
convert_transport_to_long ()
{
case "$1" in
maildir_home)
echo -n "Maildir format in home directory"
;;
mail_spool)
echo -n "mbox format in /var/mail/"
;;
*)
echo -n "locally customized"
;;
esac
}
convert_transport_to_short ()
{
case "$1" in
"Maildir format in home directory")
echo -n "maildir_home"
;;
"mbox format in /var/mail/")
echo -n "mail_spool"
;;
*)
echo -n "custom"
;;
esac
}
# store environment variables in debconf db.
storevar2db() {
dc_eximconfig_configtype="$(printf '%s\n' "${dc_eximconfig_configtype}" | stripwhitespace)"
dc_local_interfaces="$(printf '%s\n' "${dc_local_interfaces}" | stripwhitespace)"
dc_other_hostnames="$(printf '%s\n' "${dc_other_hostnames}" | stripwhitespace)"
dc_readhost="$(printf '%s\n' "${dc_readhost}" | stripwhitespace)"
dc_relay_domains="$(printf '%s\n' "${dc_relay_domains}" | stripwhitespace)"
dc_relay_nets="$(printf '%s\n' "${dc_relay_nets}" | stripwhitespace)"
dc_smarthost="$(printf '%s\n' "${dc_smarthost}" | stripwhitespace)"
dc_minimaldns="$(printf '%s\n' "${dc_minimaldns}" | stripwhitespace)"
dc_use_split_config="$(printf '%s\n' "${dc_use_split_config}" | stripwhitespace)"
dc_hide_mailname="$(printf '%s\n' "${dc_hide_mailname}" | stripwhitespace)"
# store externally changed values to debconf.db
db_set exim4/dc_eximconfig_configtype \
"$(convert_to_long ${dc_eximconfig_configtype})"
db_set exim4/dc_local_interfaces "${dc_local_interfaces}"
db_set exim4/dc_other_hostnames "${dc_other_hostnames}"
db_set exim4/dc_readhost "${dc_readhost}"
db_set exim4/dc_relay_domains "${dc_relay_domains}"
db_set exim4/dc_relay_nets "${dc_relay_nets}"
db_set exim4/dc_smarthost "${dc_smarthost}"
if [ "${dc_minimaldns}" != "" ]; then
db_set exim4/dc_minimaldns "${dc_minimaldns}"
fi
db_set exim4/use_split_config "${dc_use_split_config}"
db_set exim4/hide_mailname "${dc_hide_mailname}"
# do not store "locally customized" in debconf db, otherwise simply
# removing the custom dc_localdelivery from ue4cc won't work.
if [ "${dc_localdelivery}" != "" ] &&
[ "$(convert_transport_to_long ${dc_localdelivery})" != "locally customized" ] ; then
db_set exim4/dc_localdelivery \
"$(convert_transport_to_long ${dc_localdelivery})"
fi
db_fset "exim4/dc_other_hostnames" mailname "${dc_mailname_in_oh:-false}"
}
# ipv6: replace double colons in colon-separated host lists with umlaut-o
# replace ':' with ' : ', add leading and ending whitespace.
# return empty string if custom delimiter was used:
# local_domains = <; 172.16.0.0/12; 3ffe:ffff:836f::/48
# e.g: 'localhost : 172.16.0.1 :3ffe::ffff::836f::::: foo.org'
# ===> ' localhost : 172.16.0.1 : 3ffeöffffö836föö : foo.org '
alias coloncolon2oe="env -u LC_ALL LC_CTYPE=C sed -e 's/[[:blank:]]*//g' -e '/^</d' -e 's/:::::/:öö/g' -e 's/::::/öö/g' -e 's/:::/:ö/g' -e 's/::/ö/g' -e 's/:/ : /g' -e 's/^/ /' -e 's/$/ /'"
# try to parse exim3 configuration file - works only if it was generated
# with eximconfig.
parseexim3() {
dc_mailname="$(head -n 1 /etc/mailname | stripwhitespace)" || true
# get the .... entries from
# host_accept_relay = 127.0.0.1 : ::::1 : ......
# if they exist, ie. parse list, and remove "127.0.0.1", "::::1"
# and "localhost" from it.
#
dc_relay_nets="$(cat $1 | grep -h '^host_accept_relay[[:blank:]]*=' | sed -e 's/^host_accept_relay[[:blank:]]*=//' | coloncolon2oe | env -u LC_ALL LC_CTYPE=C sed -e 's/ 127\.0\.0\\.1 //g' -e 's/ localhost //g' -e 's/ öö1//g' -e 's/[[:blank:]]*//g' -e 's/::/:/g' -e 's/^://' -e 's/:$//' -e 's/ö/::/g')"
# 'local_domains = $colonhostnames', including mailname and "localhost"
#
dc_other_hostnames="$(cat $1 | grep -h '^local_domains[[:blank:]]*=' | sed -e 's/^local_domains[[:blank:]]*=//' | coloncolon2oe | env -u LC_ALL LC_CTYPE=C sed -e 's/ localhost //g' -e "s/ ${dc_mailname} //g" -e 's/[[:blank:]]*//g' -e 's/::/:/g' -e 's/^://' -e 's/:$//' -e 's/ö/::/g')"
# relay_domains = some.domain
dc_relay_domains="$(cat $1 | grep -h '^relay_domains = ' | sed -e 's/^relay_domains[[:blank:]]*=[[:blank:]]*//' -e 's/[[:blank:]]*$//')"
# lookuphost router exist ---> dc_eximconfig_configtype=internet
#
if cat $1 | grep -h -A2 '^lookuphost:' | \
grep -h -A1 '[[:blank:]]*driver = lookuphost' | \
grep -h -q '[[:blank:]]*transport = remote_smtp' ; then
dc_eximconfig_configtype=internet
else
# smart:-director exists ---> dc_eximconfig_configtype=satellite
#
# Later we need the new_address directive to find dc_readhost.
# ' || true' is required for "set -e"
dc_readhost="$(cat $1 | grep -h -A2 '^smart:' | grep -h -A1 '^[[:blank:]]*driver = smartuser' | grep -h '^[[:blank:]]*new_address' || true)"
# smarthost router exists --> dc_eximconfig_configtype is satellite or smarthost
#
# we need the route_list directive to find dc_smarthost
# ' || true' is required for "set -e"
dc_smarthost="$(< $1 grep -A3 '^smarthost:' | grep -A2 '[[:blank:]]*driver = domainlist' | grep -A1 '^[[:blank:]]*transport = remote_smtp' | grep '^[[:blank:]]*route_list = ".*"' || true)"
if [ ! -z "${dc_readhost}" ] ; then
dc_eximconfig_configtype=satellite
elif [ ! -z "${dc_smarthost}" ] ; then
dc_eximconfig_configtype=smarthost
elif ! cat "$1" | grep -h -q '^remote_smtp:'; then
# dc_eximconfig_configtype=local has no remote_smtp transport.
dc_eximconfig_configtype=local
else
# handcrafted config. We probably misparsed, reset values
# and exit.
dc_eximconfig_configtype=''
dc_local_interfaces='notset'
dc_other_hostnames=''
dc_readhost=''
dc_relay_domains=''
dc_relay_nets=''
dc_smarthost=''
dc_hide_mailname=''
return 1
fi
fi
case ${dc_eximconfig_configtype} in
internet|local)
#paranoia
dc_readhost=''
dc_smarthost=''
dc_hide_mailname='false'
;;
satellite)
# new_address = ${local_part}@$readhost
dc_readhost="$(printf '%s\n' "${dc_readhost}" | sed -e 's/^.*@//' -e 's/[[:blank:]]*$//')"
# route_list = "* $smtphost bydns_a"
dc_smarthost="$(printf '%s\n' "${dc_smarthost}" | \
sed -e 's/^ *route_list = "\* //' -e 's/ bydns_a"//' -e 's/[[:blank:]]*$//')"
dc_hide_mailname='true'
dc_relay_domains=''
;;
smarthost)
# route_list = "* $smtphost bydns_a"
dc_smarthost="$(printf '%s\n' "${dc_smarthost}" | \
sed -e 's/^ *route_list = "\* //' -e 's/ bydns_a"//' -e 's/[[:blank:]]*$//')"
dc_hide_mailname='false'
dc_relay_domains=''
;;
esac
}
##########
mailname2otherhostnames() {
# u-ex4.conf no longer includes mailname in local domains,
# insert it once into other_hostnames.
# The debconf script might run twice, we need to store the result
# in a file to pass it to postinst..
[ -d /var/lib/exim4 ] || \
install -d -oroot -groot -m755 /var/lib/exim4
dc_mailname="$(head -n 1 /etc/mailname | stripwhitespace)" || true
if [ -z "${dc_other_hostnames}" ] ; then
dc_other_hostnames="${dc_mailname}"
else
dc_other_hostnames="$(printf '%s\n' "${dc_other_hostnames}" | stripwhitespace)":${dc_mailname}
fi
printf '%s\n' dc_other_hostnames="'""${dc_other_hostnames}""'" > \
/var/lib/exim4/addmailname2oh
db_fset "exim4/dc_other_hostnames" mailname true
dc_mailname_in_oh="true"
}
mailname2otherhostnamesdcloop() {
# append mailname to other_hostnames, once. on fresh installations.
if [ "${dc_mailname_in_oh}" != "true" ] ;then
db_get exim4/mailname
dc_mailname="$(printf '%s\n' "$RET"| stripwhitespace)"
db_get "exim4/dc_other_hostnames"
dc_other_hostnames="$(printf '%s\n' "$RET"| stripwhitespace)"
if [ -z "${dc_other_hostnames}" ] ; then
dc_other_hostnames="${dc_mailname}"
else
dc_other_hostnames="${dc_other_hostnames}:${dc_mailname}"
fi
db_set exim4/dc_other_hostnames "${dc_other_hostnames}"
db_fset "exim4/dc_other_hostnames" mailname true
dc_mailname_in_oh="true"
fi
}
##########
# set to dummy value, so we can differ between unset vs (seen or set outside debconf)
dc_local_interfaces=notset
db_settitle exim4/exim4-config-title
db_get exim4/dc_eximconfig_configtype
dc_eximconfig_configtype="$(convert_to_short "$RET")"
db_get exim4/use_split_config
dc_use_split_config="$RET"
# Did we append mailname to other_hostnames yet?
db_fget "exim4/dc_other_hostnames" mailname || true
dc_mailname_in_oh="$RET"
if [ -e $UE4CC ] ; then
. $UE4CC || true
# on upgrades _once_ add mailname to other_hostnames
if [ -n "$2" ] && [ "$1" = "configure" ] && \
[ "${dc_mailname_in_oh}" != "true" ] ; then
mailname2otherhostnames
fi
# set defaults using these values
storevar2db
else
# If there are no debconf answers (running first time) and we are
# making a cross upgrade from exim3, try to parse its config file
# to seed debconf db.
if [ "${dc_eximconfig_configtype}" = "" ] && [ -r /etc/exim/exim.conf ] ; then
# parse old configfile
#
# first do unfolding of lines continued with backslash, by:
# 1. remove comment lines
# 2. remove blank lines
# 3. remove "\<optional space><newline><optional space>"
exim3confunfolded="$(mktemp)"
perl -e \
'undef $/;
while (<>) {
s/^[[:space:]]*#[^\n]*\n//mg;
s/^\n//mg;
s/\\[[:space:]]*\n[[:space:]]*//g;
} continue {
print or die "blah";
}' < /etc/exim/exim.conf > "$exim3confunfolded"
if parseexim3 "$exim3confunfolded" ; then
# set defaults using these values
storevar2db
fi
rm -f "$exim3confunfolded"
fi
fi
## set up default values, we cannot do this in templates file because
## config script is called two times before update-exim4.conf.conf exists.
[ "${dc_eximconfig_configtype}" = "" ] && \
dc_eximconfig_configtype="local" && \
db_set exim4/dc_eximconfig_configtype "$(convert_to_long ${dc_eximconfig_configtype})"
if [ -e /etc/mailname ] ; then
dc_mailname="$(head -n 1 /etc/mailname | stripwhitespace)" || true
# store values
db_set exim4/mailname "${dc_mailname}"
else
db_get exim4/mailname
dc_mailname="$RET"
fi
#Set default mailname
if [ "${dc_mailname}" = "" ] ; then
dc_mailname="$(hostname --fqdn 2>/dev/null)" || dc_mailname="$(hostname)" && \
dc_mailname="$(printf '%s\n' "${dc_mailname}" | stripwhitespace)" && \
db_set exim4/mailname "${dc_mailname}"
fi
fqdn="$(hostname --fqdn 2>/dev/null)" || fqdn=''
db_subst exim4/dc_other_hostnames fqdn "$fqdn"
# initialize env-vars from debconf_db, if they haven't been set yet either by
# parseexim3() or by sourcing $UE4CC
if [ "${dc_readhost}" = "" ] ; then
db_get exim4/dc_readhost
dc_readhost="$RET"
fi
if [ "${dc_smarthost}" = "" ] ; then
db_get exim4/dc_smarthost
dc_smarthost="$RET"
fi
# Tricky! An empty value for this option is significant, therefore both
# envvar and debconf-value default to "nonset" instead of "", the
# following line will only change then envvars value if the config-script
# runs the second time without existing $UE4CC or
# if the debconf-db has been preseeded by other means.
if [ "${dc_local_interfaces}" = "notset" ]; then
db_get exim4/dc_local_interfaces
dc_local_interfaces="$RET"
fi
if [ "${dc_minimaldns}" = "" ] ; then
db_get exim4/dc_minimaldns
dc_minimaldns="$RET"
fi
if [ "${dc_use_split_config}" = "" ] ; then
if [ "${2}" = "" ] ; then
# fresh installation
db_set exim4/use_split_config false
dc_use_split_config="false"
else
db_set exim4/use_split_config true
dc_use_split_config="true"
fi
fi
if [ "${dc_localdelivery}" = "" ] ; then
db_get exim4/dc_localdelivery
dc_localdelivery="$(convert_transport_to_short "$RET")"
elif [ "$(convert_transport_to_long ${dc_localdelivery})" = "locally customized" ] ; then
dc_localdelivery="custom"
fi
db_version 2.0
db_capb backup
# initial state
STATE=1
# state to continue for all values
CONTSTATE=50
# last valid state
STATELIMIT=51
EX4QUESTION=""
while [ "$STATE" != 0 ] && [ "$STATE" -le "$STATELIMIT" ]; do
case "$STATE" in
1)
# this is now empty
EX4QUESTION=""
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
;;
2)
EX4QUESTION="exim4/dc_eximconfig_configtype"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
CONFIGTYPEQUESTION=2
db_input medium "$EX4QUESTION" || true
;;
3)
EX4QUESTION=""
db_get exim4/dc_eximconfig_configtype
dc_eximconfig_configtype="$(convert_to_short "$RET")"
BACKSTATE=$(($STATE - 1))
case "${dc_eximconfig_configtype}" in
none)
# dont ask more questions
#FORWSTATE=$(($STATELIMIT + 1))
FORWSTATE=4
;;
internet)
FORWSTATE=8
;;
smarthost)
FORWSTATE=20
;;
satellite)
FORWSTATE=30
;;
local)
FORWSTATE=40
;;
*)
# Should not happen. Break loop
FORWSTATE=$(($STATELIMIT + 1))
;;
esac
;;
4)
# show additional info for type=none
EX4QUESTION="exim4/no_config"
BACKSTATE=$CONFIGTYPEQUESTION
FORWSTATE=$(($STATE + 1))
# same priority as configtype because of danger of loop?
db_input medium "$EX4QUESTION" || true
;;
5)
EX4QUESTION=""
BACKSTATE=$CONFIGTYPEQUESTION
db_get exim4/no_config || true
if [ "$RET" = "false" ]; then
FORWSTATE=$CONFIGTYPEQUESTION
else
#break loop
FORWSTATE=$CONTSTATE
fi
;;
8)
# internet site
EX4QUESTION="exim4/mailname"
db_input medium "$EX4QUESTION" || true
BACKSTATE=$CONFIGTYPEQUESTION
FORWSTATE=$(($STATE + 1))
;;
9)
EX4QUESTION="exim4/dc_local_interfaces"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
if [ "${dc_local_interfaces}" = "notset" ] ; then
dc_local_interfaces=''
db_set exim4/dc_local_interfaces ''
fi
db_input medium "$EX4QUESTION" || true
;;
10)
EX4QUESTION="exim4/dc_other_hostnames"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
mailname2otherhostnamesdcloop
db_input medium "$EX4QUESTION" || true
;;
11)
EX4QUESTION="exim4/dc_relay_domains"
db_input medium "$EX4QUESTION" || true
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
;;
12)
EX4QUESTION="exim4/dc_relay_nets"
db_input medium "$EX4QUESTION" || true
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
;;
13)
EX4QUESTION="exim4/dc_minimaldns"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
db_input low "$EX4QUESTION" || true
;;
14)
EX4QUESTION="exim4/dc_localdelivery"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$CONTSTATE
# do not ask question if user has set a different transport
# than maildir or mailspool
if [ "${dc_localdelivery}" != "custom" ] ; then
db_input low "$EX4QUESTION" || true
fi
;;
20)
# internet site with smarthost
EX4QUESTION="exim4/mailname"
db_input medium "$EX4QUESTION" || true
BACKSTATE=$CONFIGTYPEQUESTION
FORWSTATE=$(($STATE + 1))
;;
21)
EX4QUESTION="exim4/dc_local_interfaces"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
if [ "${dc_local_interfaces}" = "notset" ] ; then
dc_local_interfaces='127.0.0.1 ; ::1'
db_set exim4/dc_local_interfaces '127.0.0.1 ; ::1'
fi
db_input medium "$EX4QUESTION" || true
;;
22)
EX4QUESTION="exim4/dc_other_hostnames"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
mailname2otherhostnamesdcloop
db_input medium "$EX4QUESTION" || true
;;
23)
EX4QUESTION="exim4/dc_relay_domains"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
db_get "$EX4QUESTION" || true
dc_relay_domains="$RET"
# Only ask for relay domains if non-empty, since this only
# really works for internet site hosts. (See comment near
# smarthost router definition in configuration file.)
if [ "${dc_relay_domains}" != "" ] ; then
db_input medium "$EX4QUESTION" || true
fi
;;
24)
EX4QUESTION="exim4/dc_relay_nets"
db_input medium "$EX4QUESTION" || true
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
;;
25)
EX4QUESTION="exim4/dc_smarthost"
if [ "${dc_smarthost}" = "" ] ; then
# default to mail.mailname
dc_smarthost="mail.${dc_mailname}"
db_set exim4/dc_smarthost "${dc_smarthost}"
fi
db_input medium "$EX4QUESTION" || true
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
;;
26)
EX4QUESTION="exim4/hide_mailname"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
db_get exim4/mailname || true
dc_mailname="$RET"
db_get exim4/dc_other_hostnames || true
dc_other_hostnames="$RET"
db_subst exim4/hide_mailname mailname ${dc_mailname}
db_subst exim4/hide_mailname dc_other_hostnames \
${dc_other_hostnames}
db_get $EX4QUESTION || true
dc_hide_mailname="$RET"
if [ "${dc_hide_mailname}" = "" ] ; then
dc_hide_mailname='false'
db_set exim4/hide_mailname "${dc_hide_mailname}"
fi
db_input medium "$EX4QUESTION" || true
;;
27)
EX4QUESTION="exim4/dc_readhost"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
db_get exim4/hide_mailname
dc_hide_mailname="$RET"
if [ "${dc_hide_mailname}" = "true" ];then
if [ "${dc_readhost}" = "" ] ; then
# default to mailname
dc_readhost="${dc_mailname}"
db_set exim4/dc_readhost "${dc_readhost}"
fi
db_input medium "$EX4QUESTION" || true
else
EX4QUESTION=""
fi
;;
28)
EX4QUESTION="exim4/dc_minimaldns"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
db_input low "$EX4QUESTION" || true
;;
29)
EX4QUESTION="exim4/dc_localdelivery"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$CONTSTATE
# do not ask question if user has set a different transport
# than maildir or mailspool
if [ "${dc_localdelivery}" != "custom" ] ; then
db_input low "$EX4QUESTION" || true
fi
;;
30)
# satellite
EX4QUESTION="exim4/mailname"
db_input medium "$EX4QUESTION" || true
BACKSTATE=$CONFIGTYPEQUESTION
FORWSTATE=$(($STATE + 1))
;;
31)
EX4QUESTION="exim4/dc_local_interfaces"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
if [ "${dc_local_interfaces}" = "notset" ] ; then
dc_local_interfaces='127.0.0.1 ; ::1'
db_set exim4/dc_local_interfaces '127.0.0.1 ; ::1'
fi
db_input medium "$EX4QUESTION" || true
;;
32)
EX4QUESTION="exim4/dc_other_hostnames"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
mailname2otherhostnamesdcloop
db_input medium "$EX4QUESTION" || true
;;
33)
EX4QUESTION="exim4/dc_readhost"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
# satellite requires a mail-hub, no use asking whether there
# is one.
db_set exim4/hide_mailname "true"
dc_hide_mailname="true"
if [ "${dc_readhost}" = "" ] ; then
# default to domain of mailname
dc_readhost="${dc_mailname}"
db_set exim4/dc_readhost "${dc_readhost}"
fi
db_input medium "$EX4QUESTION" || true
;;
34)
EX4QUESTION="exim4/dc_smarthost"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
db_get exim4/dc_readhost
dc_readhost="$RET"
if [ "${dc_smarthost}" = "" ] ; then
# default to read_host
dc_smarthost="${dc_readhost}"
db_set exim4/dc_smarthost "${dc_smarthost}"
fi
db_input medium "$EX4QUESTION" || true
;;
35)
EX4QUESTION="exim4/dc_relay_domains"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
db_get "$EX4QUESTION" || true
dc_relay_domains="$RET"
# Only ask for relay domains if non-empty, since this only
# really works for internet site hosts. (See comment near
# smarthost router definition in configuration file.)
if [ "${dc_relay_domains}" != "" ] ; then
db_input medium "$EX4QUESTION" || true
fi
;;
36)
EX4QUESTION=""
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
# satellite-system! Only ask for relay_nets if they are
# nonempty - we cannot distinguish whether they were set outside debconf
# or whether the user switched dc_eximconfig_configtype
db_get exim4/dc_relay_nets || true
dc_relay_nets="$RET"
if [ "${dc_relay_nets}" != "" ] ; then
db_input medium exim4/dc_relay_nets || true
FORWSTATE=$(($STATE + 1))
fi
;;
37)
EX4QUESTION="exim4/dc_minimaldns"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
db_input low "$EX4QUESTION" || true
;;
38)
EX4QUESTION="exim4/dc_localdelivery"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$CONTSTATE
# Only ask question if it is set to a value that is both supported
# by debconf (maildir_home and mail_spool) and is not set to the
# default value (maildir_home) since this is only used for
# real-*.
if [ "${dc_localdelivery}" = "maildir_home" ] ; then
db_input low "$EX4QUESTION" || true
fi
;;
40)
# local mail only
EX4QUESTION="exim4/mailname"
db_input medium "$EX4QUESTION" || true
BACKSTATE=$CONFIGTYPEQUESTION
FORWSTATE=$(($STATE + 1))
;;
41)
EX4QUESTION=""
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
if [ "${dc_local_interfaces}" = "notset" ] ; then
dc_local_interfaces='127.0.0.1 ; ::1'
db_set exim4/dc_local_interfaces '127.0.0.1 ; ::1'
fi
db_input medium exim4/dc_local_interfaces || true
;;
42)
EX4QUESTION="exim4/dc_other_hostnames"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
mailname2otherhostnamesdcloop
db_input medium "$EX4QUESTION" || true
;;
43)
EX4QUESTION=""
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
# local mail only -system! Only ask for relay_nets/relay_domains if they are
# nonempty - we cannot distinguish whether they were set outside debconf
# or whether the user switched dc_eximconfig_configtype
db_get exim4/dc_relay_nets || true
dc_relay_nets="$RET"
db_get exim4/dc_relay_domains || true
dc_relay_domains="$RET"
if [ "${dc_relay_nets}" != "" ] ; then
db_input medium exim4/dc_relay_nets || true
fi
if [ "${dc_relay_domains}" != "" ] ; then
db_input medium exim4/dc_relay_domains || true
fi
;;
44)
EX4QUESTION="exim4/dc_minimaldns"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$(($STATE + 1))
db_input low "$EX4QUESTION" || true
;;
45)
EX4QUESTION="exim4/dc_localdelivery"
BACKSTATE=$(($STATE - 1))
FORWSTATE=$CONTSTATE
# do not ask question if user has set a different transport
# than maildir or mailspool
if [ "${dc_localdelivery}" != "custom" ] ; then
db_input low "$EX4QUESTION" || true
fi
;;
50)
EX4QUESTION="exim4/use_split_config"
BACKSTATE=$PREVSTATE
FORWSTATE=$(($STATELIMIT + 1))
db_input medium "$EX4QUESTION" || true
;;
esac
PREVSTATE=$STATE
if db_go; then
STATE=$FORWSTATE
else
STATE=$BACKSTATE
fi
done
if [ "$STATE" = 0 ] ; then
# User pressed back on the first question, go back to previous
# package if run by base-config 2.0. #222773.
exit 30
fi
# make sure dc_local_interfaces is set to sane value
if [ "${dc_local_interfaces}" = "notset" ] ; then
dc_local_interfaces=''
db_set exim4/dc_local_interfaces ''
fi
if [ ! -e /etc/aliases ] || \
! grep -q '^root:[[:space:]]*[[:alnum:]]' /etc/aliases ; then
db_get exim4/dc_postmaster
if [ -z "$RET" ] && db_get passwd/username; then
db_set exim4/dc_postmaster "${RET}"
fi
db_input medium exim4/dc_postmaster || true
db_go || true
fi
db_get exim4/dc_postmaster || true
dc_postmaster="$(printf '%s\n' "$RET" | stripwhitespace)"

6
debian/exim4-config.dirs vendored Normal file
View file

@ -0,0 +1,6 @@
/etc/exim4/conf.d
/etc/ppp/ip-up.d
/usr/sbin
/usr/share/doc/exim4-config
/usr/share/man/man8
/var/lib/exim4

1
debian/exim4-config.docs vendored Normal file
View file

@ -0,0 +1 @@
debian/README.Debian

1
debian/exim4-config.examples vendored Normal file
View file

@ -0,0 +1 @@
debian/e-n-if-up

16
debian/exim4-config.exim4.ppp.ip-up vendored Normal file
View file

@ -0,0 +1,16 @@
#!/bin/sh
# disabled by default, remove following line to enable.
exit 0
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
[ -x /usr/lib/exim4/exim4 ] || exit 0
[ -f /etc/default/exim4 ] && . /etc/default/exim4
# Flush exim queue
/usr/sbin/exim4 -qqf

3
debian/exim4-config.install vendored Normal file
View file

@ -0,0 +1,3 @@
debian/debconf/exim4.conf.template etc/exim4
debian/debconf/update-exim4.conf.template usr/sbin
debian/script usr/share/bug/exim4-config

15
debian/exim4-config.links vendored Normal file
View file

@ -0,0 +1,15 @@
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/etc-aliases.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/etc-email-addresses.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_exim_crt.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_exim_key.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_host_local_deny_exceptions.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_hubbed_hosts.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_domain_dnsbl_whitelist.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_host_blacklist.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_rcpt_callout.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_sender_blacklist.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_sender_callout.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_passwd.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_passwd_client.5.gz
usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_sender_local_deny_exceptions.5.gz
usr/share/man/man8/update-exim4.conf.8.gz usr/share/man/man5/update-exim4.conf.conf.5.gz

1
debian/exim4-config.lintian-overrides vendored Normal file
View file

@ -0,0 +1 @@
exim4-config: non-standard-file-perm 0640 != 0644 [etc/exim4/passwd.client]

3
debian/exim4-config.manpages vendored Normal file
View file

@ -0,0 +1,3 @@
debian/manpages/exim4-config_files.5
debian/manpages/update-exim4.conf.8
debian/manpages/update-exim4.conf.template.8

371
debian/exim4-config.postinst vendored Normal file
View file

@ -0,0 +1,371 @@
#!/bin/sh
set -e
export exim4postinstisrunning=true
. /usr/share/debconf/confmodule
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
UE4CC="/etc/exim4/update-exim4.conf.conf"
db_version 2.0
get_value() {
db_get $1
code="$?"
if [ "$code" -eq "0" ]; then
:
else
echo "Error getting debconf answer $1: debconf code=$code" >&2
exit $code
fi
}
write_header() {
cat <<EOF > $UE4CC
# $UE4CC
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
EOF
}
addrootalias() {
# remove leading and ending whitespace, shrink multiple whitespace, separate
# entries with commas
poma="$(echo "$1" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' -e 's/[[:space:];][[:space:]]*/,/g')"
if [ "none" != "$poma" ] && [ "" != "$poma" ]; then
echo "root: ${poma}" >> /etc/aliases
fi
}
#initialize /etc/aliases
writealiases() {
echo '# /etc/aliases' > /etc/aliases.tmp
echo 'mailer-daemon: postmaster' >> /etc/aliases.tmp
for i in postmaster nobody hostmaster usenet news webmaster www ftp abuse noc security ; do
echo "${i}: root"
done >> /etc/aliases.tmp
mv /etc/aliases.tmp /etc/aliases
}
alias stripwhitespace="sed -e 's/^[[:blank:]]*//' -e 's/[[:blank:]]*$//'"
# return success if md5sum matches file
unmodified() {
[ "$#" -eq 1 ] || return 1
[ -f "$1" ] || return 1
# first line, without the leading '# '.
checksum_current="$(sed -n -e '1s/^# //' -e '1p;1q' "$1")"
# md5sum over the rest of the file.
# some versions of md5sum produce
# '68b329da9893e34099c7d8ad5cb9c940 -' others don't add the dash.
# '68b329da9893e34099c7d8ad5cb9c940'
checksum_new="$(sed -n '2,$p' "$1" | md5sum | cut -d\ -f1)"
if [ "${checksum_current}" = "${checksum_new}" ] ; then
return 0
else
return 1
fi
}
convert_to_long ()
{
case "$1" in
internet)
echo -n "internet site; mail is sent and received directly using SMTP"
;;
smarthost)
echo -n "mail sent by smarthost; received via SMTP or fetchmail"
;;
satellite)
echo -n "mail sent by smarthost; no local mail"
;;
local)
echo -n "local delivery only; not on a network"
;;
none)
echo -n "no configuration at this time"
;;
esac
}
convert_to_short ()
{
case "$1" in
"internet site; mail is sent and received directly using SMTP")
echo -n "internet"
;;
"mail sent by smarthost; received via SMTP or fetchmail")
echo -n "smarthost"
;;
"mail sent by smarthost; no local mail")
echo -n "satellite"
;;
"local delivery only; not on a network")
echo -n "local"
;;
"no configuration at this time")
echo -n "none"
;;
esac
}
convert_transport_to_long ()
{
case "$1" in
maildir_home)
echo -n "Maildir format in home directory"
;;
mail_spool)
echo -n "mbox format in /var/mail/"
;;
*)
echo -n "locally customized"
;;
esac
}
convert_transport_to_short ()
{
case "$1" in
"Maildir format in home directory")
echo -n "maildir_home"
;;
"mbox format in /var/mail/")
echo -n "mail_spool"
;;
*)
echo -n "custom"
;;
esac
}
geneximdefaults () {
# generate /etc/default/exim4
cat > /etc/default/exim4 << EOF
# /etc/default/exim4
# Options/arguments for exim daemon when run from systemd service
# EXIMSERVICE='-bdf -q30m'
# Options/arguments for exim daemon when run from init script
# EXIMDAEMONOPTS='-bd -q30m'
# Additional options for update-exim4.conf(8)
# UPEX4OPTS=''
EOF
chmod 0644 /etc/default/exim4
}
if [ "$1" = "configure" ] &&\
! getent passwd Debian-exim > /dev/null ; then
echo 'Adding system-user for exim (v4)' 1>&2
adduser --system --group --quiet --home /var/spool/exim4 \
--no-create-home --disabled-login \
--allow-bad-names Debian-exim
fi
# fix permissions of /etc/exim4/passwd.client
if [ "$1" = "configure" ] ; then
if ! dpkg-statoverride --list /etc/exim4/passwd.client > /dev/null 2>&1
then
dpkg-statoverride --update --add root Debian-exim 0640 \
/etc/exim4/passwd.client
fi
fi
case "$1" in
configure)
# Configure Exim##############################
##############################################
# valid config directives
dc_directives="dc_eximconfig_configtype dc_other_hostnames dc_local_interfaces dc_readhost dc_relay_domains dc_minimaldns dc_relay_nets dc_smarthost CFILEMODE dc_use_split_config dc_hide_mailname dc_mailname_in_oh dc_localdelivery"
# Generate config-file if it does not yet exist
if [ ! -e $UE4CC ] ; then
write_header
for variable in ${dc_directives} ; do
echo "${variable}="
done >> $UE4CC
fi
# generate /etc/default/exim4 on fresh installations.
if test -z "$2" && test ! -e /etc/default/exim4 ; then
geneximdefaults
fi
# Related to #1053788 - removed misnamed unused file:
if test -n "$2" && \
test -e /etc/default/exim &&
dpkg --compare-versions "$2" "gt" "4.96-20" &&
dpkg --compare-versions "$2" "lt" "4.97~RC1-3" &&
[ "1f9796bd64d5abb3418f507f0b6969ab" = \
$(md5sum /etc/default/exim | cut -f1 -d' ') ]; then
rm /etc/default/exim
if test ! -e /etc/default/exim4 ; then
geneximdefaults
fi
fi
# source $UE4CC - needed for not
# debconf-managed values in there.
. $UE4CC
# Substitute values from debconf db
db_get exim4/dc_eximconfig_configtype || true
dc_eximconfig_configtype="$(convert_to_short "$RET")"
db_get exim4/dc_local_interfaces || true
dc_local_interfaces="$(printf '%s\n' "$RET" | stripwhitespace)"
db_get exim4/dc_other_hostnames || true
dc_other_hostnames="$(printf '%s\n' "$RET" | stripwhitespace)"
db_get exim4/dc_readhost || true
dc_readhost="$(printf '%s\n' "$RET" | stripwhitespace)"
db_get exim4/dc_relay_domains || true
dc_relay_domains="$(printf '%s\n' "$RET" | stripwhitespace)"
db_get exim4/dc_relay_nets || true
dc_relay_nets="$(printf '%s\n' "$RET" | stripwhitespace)"
db_get exim4/dc_smarthost || true
dc_smarthost="$(printf '%s\n' "$RET" | stripwhitespace)"
db_get exim4/dc_minimaldns || true
dc_minimaldns="$(printf '%s\n' "$RET" | stripwhitespace)"
db_get exim4/mailname || true
mailname="$(printf '%s\n' "$RET" | stripwhitespace)"
db_get exim4/use_split_config || true
dc_use_split_config="$(printf '%s\n' "$RET" | stripwhitespace)"
db_get exim4/hide_mailname || true
dc_hide_mailname="$(printf '%s\n' "$RET" | stripwhitespace)"
# overwrite dc_localdelivery with value stored in debconf db unless
# it is set to something else than maildir_home or mail_spool.
if [ "${dc_localdelivery}" = "" ] ||
[ "$(convert_transport_to_long ${dc_localdelivery})" != "locally customized" ] ; then
db_get exim4/dc_localdelivery || true
dc_localdelivery="$(convert_transport_to_short "$RET")"
fi
if [ -r /var/lib/exim4/addmailname2oh ] ; then
# .config added mailname to other hostnames, 2nd run of config script
# will have overwritten this change in debcond-db, therefore we need
# to store this externally, too.
. /var/lib/exim4/addmailname2oh
rm -f /var/lib/exim4/addmailname2oh
fi
db_fget "exim4/dc_other_hostnames" mailname || true
dc_mailname_in_oh="$RET"
[ "${CFILEMODE}" = "" ] && CFILEMODE=644
db_get exim4/dc_postmaster
dc_postmaster="$(printf '%s\n' "$RET" | stripwhitespace)"
if [ ! -e /etc/aliases ] ; then
writealiases
fi
if ! grep -q '^root:[[:space:]]*[[:alnum:]]' /etc/aliases && \
[ "${dc_postmaster}" != "none" ]; then
addrootalias "${dc_postmaster}"
fi
### write configuration to files #
# add missing items
for variable in ${dc_directives} ; do
if ! grep -E -q "^[[:space:]]*${variable}=" $UE4CC ; then
echo "${variable}=''" >> $UE4CC
fi
done
# insert new values, remove outdated ones.
# Use environment variables to communicate data to awk, to
# avoid shell (or awk or sed) string expansion which may
# expand escape sequences. Note that the variables named in
# ${dc_directives} (but not the variable names themselves) may
# contain escaped characters like \N.
export dc_directives ${dc_directives}
awk '
BEGIN {
split( ENVIRON["dc_directives"], directives, "[ \t]" );
}
{
written = 0;
for ( i in directives )
{
regex = "^[ \t]*" directives[i] "=";
if ( ( $0 ~ regex ) && ( ! written ) )
{
# Add single quotes (\0x27) around the value.
print directives[i] "=\x27" ENVIRON[directives[i]] "\x27";
written = 1;
break;
}
}
if ( ! written )
print $0;
}' < ${UE4CC} > ${UE4CC}.tmp
mv ${UE4CC}.tmp $UE4CC
echo $mailname > /etc/mailname
### configuration files written ##
if [ "${dc_eximconfig_configtype}" != "none" ]; then
update-exim4.conf
fi
# If dpkg-reconfigure was used implement the changes by restarting
# the daemon.
if [ "${DEBCONF_RECONFIGURE}" = "1" ] ; then
if [ -x /etc/init.d/exim4 ]; then
# use restart instead of reload, as changing listening
# interfaces cannot be done with HUP.
db_stop
if [ -n "$EX4DEBUG" ]; then
netstat -tulpen
ls -al /run/exim4/
cat /run/exim4/exim.pid
pidof exim4
fi
if [ "$dc_eximconfig_configtype" = "none" ]; then
# we may have broken config here, ignore errors
invoke-rc.d exim4 restart || true
else
# we must have working config here, honor errors
invoke-rc.d exim4 restart
fi
if [ -n "$EX4DEBUG" ]; then
netstat -tulpen
ls -al /run/exim4/
cat /run/exim4/exim.pid
pidof exim4
if pidof exim4; then
echo >&2 "WARN: There are some exim4 processes still running after stopping exim"
fi
fi
fi
fi
;;
esac
#DEBHELPER#

30
debian/exim4-config.postrm vendored Normal file
View file

@ -0,0 +1,30 @@
#!/bin/sh
set -e
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
case "$1" in
purge)
dpkg-statoverride --remove /etc/exim4/passwd.client || true
rm -f /etc/exim4/update-exim4.conf.conf
rm -f /var/lib/exim4/config.autogenerated
rm -f /etc/exim4/conf.d/main/03_exim4-config_neverusers \
/etc/exim4/conf.d/rewrite/30_exim4-config_email-addresses \
/etc/exim4/conf.d/rewrite/35_exim4-config_masquerade
# remove empty directories in /etc/exim4
rmdir /etc/exim4/conf.d/auth /etc/exim4/conf.d/acl \
/etc/exim4/conf.d/transport /etc/exim4/conf.d/main \
/etc/exim4/conf.d/retry /etc/exim4/conf.d/rewrite \
/etc/exim4/conf.d/router /etc/exim4/conf.d \
/etc/exim4 /var/lib/exim4 2> /dev/null || true
rm -f /etc/default/exim4
# remove user
#deluser --quiet Debian-exim > /dev/null || true
;;
esac
#DEBHELPER#

196
debian/exim4-config.templates vendored Normal file
View file

@ -0,0 +1,196 @@
Template: exim4/dc_eximconfig_configtype
Type: select
# Translators beware! the following six strings form a single
# Choices menu. - Every one of these strings has to fit in a standard
# 80 characters console, as the fancy screen setup takes up some space
# try to keep below ~71 characters.
# DO NOT USE commas (,) in Choices translations otherwise
# this will break the choices shown to users
__Choices: internet site; mail is sent and received directly using SMTP, mail sent by smarthost; received via SMTP or fetchmail, mail sent by smarthost; no local mail, local delivery only; not on a network, no configuration at this time
Default: local delivery only; not on a network
_Description: General type of mail configuration:
Please select the mail server configuration type that best meets your needs.
.
Systems with dynamic IP addresses, including dialup systems, should generally
be configured to send outgoing mail to another machine, called a 'smarthost'
for delivery because many receiving systems on the Internet block
incoming mail from dynamic IP addresses as spam protection.
.
A system with a dynamic IP address can receive its own mail, or local
delivery can be disabled entirely (except mail for root and postmaster).
Template: exim4/no_config
Type: boolean
Default: true
_Description: Really leave the mail system unconfigured?
Until the mail system is configured, it will be broken and cannot be
used. Configuration at a later time can be done either by hand or by
running 'dpkg-reconfigure exim4-config' as root.
Template: exim4/mailname
Type: string
_Description: System mail name:
The 'mail name' is the domain name used to 'qualify' mail addresses
without a domain name.
.
This name will also be used by other programs. It should be the
single, fully qualified domain name (FQDN).
.
Thus, if a mail address on the local host is foo@example.org,
the correct value for this option would be example.org.
.
This name won't appear on From: lines of outgoing messages if rewriting
is enabled.
Template: exim4/dc_other_hostnames
Type: string
Default:
_Description: Other destinations for which mail is accepted:
Please enter a semicolon-separated list of recipient domains for
which this machine should consider itself the final destination.
These domains are commonly called 'local domains'. The local hostname
(${fqdn}) and 'localhost' are always added to the list given here.
.
By default all local domains will be treated identically. If both
a.example and b.example are local domains, acc@a.example and
acc@b.example will be delivered to the same final destination. If
different domain names should be treated differently, it is
necessary to edit the config files afterwards.
Template: exim4/dc_relay_domains
Type: string
Default:
_Description: Domains to relay mail for:
Please enter a semicolon-separated list of recipient domains for
which this system will relay mail, for example as a fallback MX or
mail gateway. This means that this system will accept mail for these
domains from anywhere on the Internet and deliver them according to
local delivery rules.
.
Do not mention local domains here. Wildcards may be used.
Template: exim4/dc_relay_nets
Type: string
Default:
_Description: Machines to relay mail for:
Please enter a semicolon-separated list of IP address ranges for
which this system will unconditionally relay mail, functioning as a
smarthost.
.
You should use the standard address/prefix format (e.g. 194.222.242.0/24
or 5f03:1200:836f::/48).
.
If this system should not be a smarthost for any other host, leave
this list blank.
Template: exim4/dc_readhost
Type: string
_Description: Visible domain name for local users:
The option to hide the local mail name in outgoing mail was enabled.
It is therefore necessary to specify the domain name this system
should use for the domain part of local users' sender addresses.
Template: exim4/dc_smarthost
Type: string
_Description: IP address or host name of the outgoing smarthost:
Please enter the IP address or the host name of a mail server that
this system should use as outgoing smarthost. If the smarthost only
accepts your mail on a port different from TCP/25, append two colons
and the port number (for example smarthost.example::587 or
192.168.254.254::2525). Colons in IPv6 addresses need to be doubled.
.
If the smarthost requires authentication, please refer to
the Debian-specific README files in /usr/share/doc/exim4-base for
notes about setting up SMTP authentication.
Template: exim4/dc_postmaster
Type: string
_Description: Root and postmaster mail recipient:
Mail for the 'postmaster', 'root', and other system accounts needs to
be redirected to the user account of the actual system administrator.
.
If this value is left empty, such mail will be saved in /var/mail/mail,
which is not recommended.
.
Note that postmaster's mail should be read on the system to which it is
directed, rather than being forwarded elsewhere, so (at least one of)
the users listed here should not redirect their mail off this machine.
A 'real-' prefix can be used to force local delivery.
.
Multiple user names need to be separated by spaces.
Template: exim4/dc_local_interfaces
Type: string
Default: notset
_Description: IP-addresses to listen on for incoming SMTP connections:
Please enter a semicolon-separated list of IP addresses. The Exim SMTP
listener daemon will listen on all IP addresses listed here.
.
An empty value will cause Exim to listen for connections on all
available network interfaces.
.
If this system only receives mail directly from local services
(and not from other hosts), it is suggested to prohibit external
connections to the local Exim daemon. Such services include e-mail
programs (MUAs) which talk to localhost only as well as fetchmail.
External connections are impossible when 127.0.0.1 is entered here,
as this will disable listening on public network interfaces.
Template: exim4/dc_minimaldns
Type: boolean
Default: false
_Description: Keep number of DNS-queries minimal (Dial-on-Demand)?
In normal mode of operation Exim does DNS lookups at startup, and when
receiving or delivering messages. This is for logging purposes and
allows keeping down the number of hard-coded values in the
configuration.
.
If this system does not have a DNS full service resolver available at
all times (for example if its Internet access is a dial-up line using
dial-on-demand), this might have unwanted consequences. For example,
starting up Exim or running the queue (even with no messages waiting)
might trigger a costly dial-up-event.
.
This option should be selected if this system is using Dial-on-Demand.
If it has always-on Internet access, this option should be disabled.
Template: exim4/exim4-config-title
Type: title
_Description: Mail Server configuration
Template: exim4/use_split_config
Type: boolean
_Description: Split configuration into small files?
The Debian exim4 packages can either use 'unsplit configuration', a
single monolithic file (/etc/exim4/exim4.conf.template) or 'split
configuration', where the actual Exim configuration files are built
from about 50 smaller files in /etc/exim4/conf.d/.
.
Unsplit configuration is better suited for large modifications and is
generally more stable, whereas split configuration offers a comfortable
way to make smaller modifications but is more fragile and might break
if modified carelessly.
.
A more detailed discussion of split and unsplit configuration can be
found in the Debian-specific README files in /usr/share/doc/exim4-base.
Template: exim4/hide_mailname
Type: boolean
_Description: Hide local mail name in outgoing mail?
The headers of outgoing mail can be rewritten to make it appear to have been
generated on a different system. If this option is chosen,
'${mailname}', 'localhost' and '${dc_other_hostnames}' in From, Reply-To,
Sender and Return-Path are rewritten.
Template: exim4/dc_localdelivery
Type: select
__Choices: mbox format in /var/mail/, Maildir format in home directory
Default: mbox format in /var/mail/
_Description: Delivery method for local mail:
Exim is able to store locally delivered email in different formats.
The most commonly used ones are mbox and Maildir. mbox uses a single
file for the complete mail folder stored in /var/mail/. With Maildir
format every single message is stored in a separate file in ~/Maildir/.
.
Please note that most mail tools in Debian expect the local delivery
method to be mbox in their default.

3
debian/exim4-daemon-custom.dirs vendored Normal file
View file

@ -0,0 +1,3 @@
/usr/lib/exim4
/usr/sbin
/usr/share/man/man8

1
debian/exim4-daemon-custom.docs vendored Normal file
View file

@ -0,0 +1 @@
EDITME.exim4-custom

1
debian/exim4-daemon-custom.install vendored Normal file
View file

@ -0,0 +1 @@
debian/script usr/share/bug/exim4-daemon-custom

Some files were not shown because too many files have changed in this diff Show more