1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
|
--- src/EDITME 2022-04-24 16:09:23.000000000 +0000
+++ EDITME.exim4-light 2022-04-24 16:10:21.182203632 +0000
@@ -99,7 +99,7 @@
# /usr/local/sbin. The installation script will try to create this directory,
# and any superior directories, if they do not exist.
-BIN_DIRECTORY=/usr/exim/bin
+BIN_DIRECTORY=/usr/sbin
#------------------------------------------------------------------------------
@@ -115,7 +115,7 @@
# don't exist. It will also install a default runtime configuration if this
# file does not exist.
-CONFIGURE_FILE=/usr/exim/configure
+CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
# In this case, Exim will use the first of them that exists when it is run.
@@ -132,7 +132,7 @@
# deliveries. (Local deliveries run as various non-root users, typically as the
# owner of a local mailbox.) Specifying these values as root is not supported.
-EXIM_USER=
+EXIM_USER=ref:Debian-exim
# If you specify EXIM_USER as a name, this is looked up at build time, and the
# uid number is built into the binary. However, you can specify that this
@@ -154,6 +154,7 @@
# you want to use a group other than the default group for the given user.
# EXIM_GROUP=
+EXIM_GROUP=ref:Debian-exim
# Many sites define a user called "exim", with an appropriate default group,
# and use
@@ -174,7 +175,7 @@
# Almost all installations choose this:
-SPOOL_DIRECTORY=/var/spool/exim
+SPOOL_DIRECTORY=/var/spool/exim4
@@ -218,13 +219,13 @@
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
# Uncomment this if you are using GnuTLS
-# USE_GNUTLS=yes
+USE_GNUTLS=yes
# Uncomment one of these settings if you are using GnuTLS; pkg-config vs not
# and an optional location. If you disable SUPPORT_DANE below, you
# can remove the gnutls-dane references here. Earlier versions of GnuTLS
# required libtasn1 and libgrypt also; add if needed.
# USE_GNUTLS_PC=gnutls gnutls-dane
-# TLS_LIBS=-lgnutls -lgnutls-dane
+TLS_LIBS=-lgnutls -lgnutls-dane
# TLS_LIBS=-L/usr/local/gnu/lib -lgnutls -ltasn1 -lgcrypt -lgnutls-dane
# If using GnuTLS older than 2.10 and using pkg-config then note that Exim's
@@ -340,7 +341,7 @@
# This one is special-purpose, and commonly not required, so it is not
# included by default.
-# TRANSPORT_LMTP=yes
+TRANSPORT_LMTP=yes
#------------------------------------------------------------------------------
@@ -349,8 +350,8 @@
# MBX, is included only when requested. If you do not know what this is about,
# leave these settings commented out.
-# SUPPORT_MAILDIR=yes
-# SUPPORT_MAILSTORE=yes
+SUPPORT_MAILDIR=yes
+SUPPORT_MAILSTORE=yes
# SUPPORT_MBX=yes
@@ -409,8 +410,8 @@
LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes
-# LOOKUP_CDB=yes
-# LOOKUP_DSEARCH=yes
+LOOKUP_CDB=yes
+LOOKUP_DSEARCH=yes
# LOOKUP_IBASE=yes
# LOOKUP_JSON=yes
# LOOKUP_LDAP=yes
@@ -418,10 +419,10 @@
# LOOKUP_MYSQL=yes
# LOOKUP_MYSQL_PC=mariadb
-# LOOKUP_NIS=yes
+LOOKUP_NIS=yes
# LOOKUP_NISPLUS=yes
# LOOKUP_ORACLE=yes
-# LOOKUP_PASSWD=yes
+LOOKUP_PASSWD=yes
# LOOKUP_PGSQL=yes
# LOOKUP_REDIS=yes
# LOOKUP_SQLITE=yes
@@ -437,7 +438,7 @@
# Some platforms may need this for LOOKUP_NIS:
-# LIBS += -lnsl
+LIBS += -lnsl
#------------------------------------------------------------------------------
# If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
@@ -511,7 +512,7 @@
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
# local OS-specific make files.
-# EXIM_MONITOR=eximon.bin
+EXIM_MONITOR=eximon.bin
#------------------------------------------------------------------------------
@@ -586,7 +587,7 @@
# Uncomment the following lines to add SRS (Sender Rewriting Scheme) support
# using only native facilities.
-# SUPPORT_SRS=yes
+SUPPORT_SRS=yes
#------------------------------------------------------------------------------
@@ -709,7 +710,7 @@
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
+TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs
#------------------------------------------------------------------------------
@@ -745,6 +746,9 @@
# WHITELIST_D_MACROS=TLS:SPOOL
+# Mailscanner uses -DOUTGOING.
+WHITELIST_D_MACROS=OUTGOING
+
#------------------------------------------------------------------------------
# Exim has support for the AUTH (authentication) extension of the SMTP
# protocol, as defined by RFC 2554. If you don't know what SMTP authentication
@@ -754,16 +758,16 @@
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
-# AUTH_CRAM_MD5=yes
+AUTH_CRAM_MD5=yes
# AUTH_CYRUS_SASL=yes
# AUTH_DOVECOT=yes
-# AUTH_EXTERNAL=yes
+AUTH_EXTERNAL=yes
# AUTH_GSASL=yes
# AUTH_GSASL_PC=libgsasl
# AUTH_HEIMDAL_GSSAPI=yes
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
-# AUTH_PLAINTEXT=yes
+AUTH_PLAINTEXT=yes
# AUTH_SPA=yes
# AUTH_TLS=yes
@@ -792,7 +796,7 @@
# one that is set in the headers_charset option. The default setting is
# defined by this setting:
-HEADERS_CHARSET="ISO-8859-1"
+HEADERS_CHARSET="UTF-8"
# If you are going to make use of $header_xxx expansions in your configuration
# file, or if your users are going to use them in filter files, and the normal
@@ -879,6 +883,7 @@
# description of the API to this function, see the Exim specification.
DLOPEN_LOCAL_SCAN=yes
+HAVE_LOCAL_SCAN=yes
# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
# linker flags. Without it, the loaded .so won't be able to access any
@@ -917,6 +922,7 @@
# to form the final file names. Some installations may want something like this:
# LOG_FILE_PATH=/var/log/exim_%slog
+LOG_FILE_PATH=/var/log/exim4/%slog
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
@@ -965,7 +971,7 @@
# files. Both the name of the command and the suffix that it adds to files
# need to be defined here. See also the EXICYCLOG_MAX configuration.
-COMPRESS_COMMAND=/usr/bin/gzip
+COMPRESS_COMMAND=/bin/gzip
COMPRESS_SUFFIX=gz
@@ -980,7 +986,7 @@
# ZCAT_COMMAND=zcat
#
# Or specify the full pathname:
-ZCAT_COMMAND=/usr/bin/zcat
+ZCAT_COMMAND=zcat
#------------------------------------------------------------------------------
# Compiling in support for embedded Perl: If you want to be able to
@@ -1012,6 +1018,7 @@
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
+EXTRALIBS=-ldl
#------------------------------------------------------------------------------
@@ -1020,7 +1027,7 @@
# If you may want to use outbound (client-side) proxying, using Socks5,
# uncomment the line below.
-# SUPPORT_SOCKS=yes
+SUPPORT_SOCKS=yes
# If you may want to use inbound (server-side) proxying, using Proxy Protocol,
# uncomment the line below.
@@ -1038,10 +1045,10 @@
# If you want IDNA2008 mappings per RFCs 5890, 6530 and 6533, you additionally
# need libidn2 and SUPPORT_I18N_2008.
-# SUPPORT_I18N=yes
+SUPPORT_I18N=yes
# LDFLAGS += -lidn
-# SUPPORT_I18N_2008=yes
-# LDFLAGS += -lidn -lidn2
+SUPPORT_I18N_2008=yes
+LDFLAGS += -lidn -lidn2
#------------------------------------------------------------------------------
@@ -1118,6 +1125,8 @@
# CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
+# default in Debian's sasl2-bin
+CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
#------------------------------------------------------------------------------
# TCP wrappers: If you want to use tcpwrappers from within Exim, uncomment
@@ -1430,6 +1439,7 @@
# file can be specified here. Some installations may want something like this:
# PID_FILE_PATH=/var/lock/exim.pid
+PID_FILE_PATH=/run/exim4/exim.pid
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".
@@ -1463,6 +1473,7 @@
# messages become "invisible" to the normal management tools.
# SUPPORT_MOVE_FROZEN_MESSAGES=yes
+SUPPORT_MOVE_FROZEN_MESSAGES=yes
#------------------------------------------------------------------------------
@@ -1510,3 +1521,6 @@
# DISABLE_CLIENT_CMD_LOG=yes
# End of EDITME for Exim 4.
+
+# enable IPv6 support
+HAVE_IPV6=YES
|