1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
--- src/EDITME 2019-04-16 15:52:53.000000000 +0000
+++ EDITME.exim4-light 2019-04-16 15:54:51.009790678 +0000
@@ -98,7 +98,7 @@
# /usr/local/sbin. The installation script will try to create this directory,
# and any superior directories, if they do not exist.
-BIN_DIRECTORY=/usr/exim/bin
+BIN_DIRECTORY=/usr/sbin
#------------------------------------------------------------------------------
@@ -114,7 +114,7 @@
# don't exist. It will also install a default runtime configuration if this
# file does not exist.
-CONFIGURE_FILE=/usr/exim/configure
+CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
# In this case, Exim will use the first of them that exists when it is run.
@@ -131,7 +131,7 @@
# deliveries. (Local deliveries run as various non-root users, typically as the
# owner of a local mailbox.) Specifying these values as root is not supported.
-EXIM_USER=
+EXIM_USER=ref:Debian-exim
# If you specify EXIM_USER as a name, this is looked up at build time, and the
# uid number is built into the binary. However, you can specify that this
@@ -153,6 +153,7 @@
# you want to use a group other than the default group for the given user.
# EXIM_GROUP=
+EXIM_GROUP=ref:Debian-exim
# Many sites define a user called "exim", with an appropriate default group,
# and use
@@ -173,7 +174,7 @@
# Almost all installations choose this:
-SPOOL_DIRECTORY=/var/spool/exim
+SPOOL_DIRECTORY=/var/spool/exim4
@@ -237,7 +238,7 @@
# This one is special-purpose, and commonly not required, so it is not
# included by default.
-# TRANSPORT_LMTP=yes
+TRANSPORT_LMTP=yes
#------------------------------------------------------------------------------
@@ -246,8 +247,8 @@
# MBX, is included only when requested. If you do not know what this is about,
# leave these settings commented out.
-# SUPPORT_MAILDIR=yes
-# SUPPORT_MAILSTORE=yes
+SUPPORT_MAILDIR=yes
+SUPPORT_MAILSTORE=yes
# SUPPORT_MBX=yes
@@ -306,16 +307,16 @@
LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes
-# LOOKUP_CDB=yes
-# LOOKUP_DSEARCH=yes
+LOOKUP_CDB=yes
+LOOKUP_DSEARCH=yes
# LOOKUP_IBASE=yes
# LOOKUP_LDAP=yes
# LOOKUP_MYSQL=yes
# LOOKUP_MYSQL_PC=mariadb
-# LOOKUP_NIS=yes
+LOOKUP_NIS=yes
# LOOKUP_NISPLUS=yes
# LOOKUP_ORACLE=yes
-# LOOKUP_PASSWD=yes
+LOOKUP_PASSWD=yes
# LOOKUP_PGSQL=yes
# LOOKUP_REDIS=yes
# LOOKUP_SQLITE=yes
@@ -367,7 +368,7 @@
# Uncomment the following line to add DANE support
# Note: Enabling this unconditionally overrides DISABLE_DNSSEC
# For DANE under GnuTLS we need an additional library. See TLS_LIBS below.
-# SUPPORT_DANE=yes
+SUPPORT_DANE=yes
#------------------------------------------------------------------------------
# Additional libraries and include directories may be required for some
@@ -595,7 +596,7 @@
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
+TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs
#------------------------------------------------------------------------------
@@ -631,6 +632,9 @@
# WHITELIST_D_MACROS=TLS:SPOOL
+# Mailscanner uses -DOUTGOING.
+WHITELIST_D_MACROS=OUTGOING
+
#------------------------------------------------------------------------------
# Exim has support for the AUTH (authentication) extension of the SMTP
# protocol, as defined by RFC 2554. If you don't know what SMTP authentication
@@ -640,7 +644,7 @@
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
-# AUTH_CRAM_MD5=yes
+AUTH_CRAM_MD5=yes
# AUTH_CYRUS_SASL=yes
# AUTH_DOVECOT=yes
# AUTH_GSASL=yes
@@ -648,7 +652,7 @@
# AUTH_HEIMDAL_GSSAPI=yes
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
-# AUTH_PLAINTEXT=yes
+AUTH_PLAINTEXT=yes
# AUTH_SPA=yes
# AUTH_TLS=yes
@@ -674,7 +678,7 @@
# one that is set in the headers_charset option. The default setting is
# defined by this setting:
-HEADERS_CHARSET="ISO-8859-1"
+HEADERS_CHARSET="UTF-8"
# If you are going to make use of $header_xxx expansions in your configuration
# file, or if your users are going to use them in filter files, and the normal
@@ -763,7 +767,7 @@
# leave these settings commented out.
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
-# SUPPORT_TLS=yes
+SUPPORT_TLS=yes
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
# USE_OPENSSL_PC=openssl
@@ -771,9 +775,9 @@
# Uncomment the first and either the second or the third of these if you
# are using GnuTLS. If you have pkg-config, then the second, else the third.
-# USE_GNUTLS=yes
+USE_GNUTLS=yes
# USE_GNUTLS_PC=gnutls
-# TLS_LIBS=-lgnutls -ltasn1 -lgcrypt
+TLS_LIBS=-lgnutls
# If using GnuTLS older than 2.10 and using pkg-config then note that Exim's
# build process will require libgcrypt-config to exist in your $PATH. A
@@ -809,7 +813,7 @@
# TLS_LIBS=-L/opt/gnu/lib -lgnutls -ltasn1 -lgcrypt
# For DANE under GnuTLS we need an additional library.
-# TLS_LIBS += -lgnutls-dane
+TLS_LIBS += -lgnutls-dane
# TLS_LIBS is included only on the command for linking Exim itself, not on any
# auxiliary programs. If the include files are not in a standard place, you can
@@ -830,6 +834,7 @@
# description of the API to this function, see the Exim specification.
DLOPEN_LOCAL_SCAN=yes
+HAVE_LOCAL_SCAN=yes
# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
# linker flags. Without it, the loaded .so won't be able to access any
@@ -868,6 +873,7 @@
# to form the final file names. Some installations may want something like this:
# LOG_FILE_PATH=/var/log/exim_%slog
+LOG_FILE_PATH=/var/log/exim4/%slog
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
@@ -916,7 +922,7 @@
# files. Both the name of the command and the suffix that it adds to files
# need to be defined here. See also the EXICYCLOG_MAX configuration.
-COMPRESS_COMMAND=/usr/bin/gzip
+COMPRESS_COMMAND=/bin/gzip
COMPRESS_SUFFIX=gz
@@ -931,7 +937,7 @@
# ZCAT_COMMAND=zcat
#
# Or specify the full pathname:
-ZCAT_COMMAND=/usr/bin/zcat
+ZCAT_COMMAND=zcat
#------------------------------------------------------------------------------
# Compiling in support for embedded Perl: If you want to be able to
@@ -963,6 +969,7 @@
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
+EXTRALIBS=-ldl
#------------------------------------------------------------------------------
@@ -971,7 +978,7 @@
# If you may want to use outbound (client-side) proxying, using Socks5,
# uncomment the line below.
-# SUPPORT_SOCKS=yes
+SUPPORT_SOCKS=yes
# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
# uncomment the line below.
@@ -1069,6 +1076,8 @@
# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
+# default in Debian's sasl2-bin
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
#------------------------------------------------------------------------------
# TCP wrappers: If you want to use tcpwrappers from within Exim, uncomment
@@ -1381,6 +1390,7 @@
# file can be specified here. Some installations may want something like this:
# PID_FILE_PATH=/var/lock/exim.pid
+PID_FILE_PATH=/run/exim4/exim.pid
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".
@@ -1414,6 +1424,7 @@
# messages become "invisible" to the normal management tools.
# SUPPORT_MOVE_FROZEN_MESSAGES=yes
+SUPPORT_MOVE_FROZEN_MESSAGES=yes
#------------------------------------------------------------------------------
@@ -1452,3 +1463,6 @@
# ENABLE_DISABLE_FSYNC=yes
# End of EDITME for Exim 4.
+
+# enable IPv6 support
+HAVE_IPV6=YES
|