You are not logged in.

Pages: 1

#1 2007-03-25 20:52:11

Namru
Member
From: Hamburg (Germany)
Registered: 2006-10-18
Posts: 13

request: exim with TLS (openssl)

Please add by default TLS support with openssl in the exim package.

I know that the arch philosophy is only dependence to permit which are needed for the base functionality. but for me a mail server without encrypting does not fulfill the base functionality of a modern email server.

Here is a feature already request without answer to however unfortunately place is. http://bugs.archlinux.org/task/6004

And BTW. why postfix and courier-mta are encrypting dependence permitted?

Offline

#2 2007-03-26 01:59:07

nogoma
Member
From: Cranston, RI
Registered: 2006-03-01
Posts: 217

Re: request: exim with TLS (openssl)

I actually roll my own package for this. Here's the diff from the PKGBUILD in abs:

15c15
< source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d)
---
> source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d exim-4.66-openssl-0.9.8e.patch)
18c18
<          'd788c26f86a9d72a0aebb3b849fe74f2' 'b75fe4c6e960a59a25b5f51e8f61ba3a')
---
>          'd788c26f86a9d72a0aebb3b849fe74f2' 'b75fe4c6e960a59a25b5f51e8f61ba3a' '2b384258dcdcb4a7ec7267b5718931ed')
35a36
>   patch -p1 < ../exim-4.66-openssl-0.9.8e.patch
54a56,58
>   sed 's|^# SUPPORT_TLS.*$|SUPPORT_TLS=yes|' | \
>   sed 's|^# TLS_LIBS.*$|TLS_LIBS=-L/usr/lib -lssl -lcrypto|' | \
>   sed 's|^# TLS_INCLUDE.*$|TLS_INCLUDE=-I/usr/include/openssl|' | \

Also, you need an additional patch against the exim sources to work with openssl 0.9.8e (save as exim-4.66-openssl-0.9.8e.patch):

--- exim-4.66/src/tls-openssl.c.orig    2007-03-07 11:38:23.000000000 +0200
+++ exim-4.66/src/tls-openssl.c    2007-03-07 12:01:07.000000000 +0200
@@ -343,8 +343,7 @@
 /* Set up the information callback, which outputs if debugging is at a suitable
 level. */
 
-if (!(SSL_CTX_set_info_callback(ctx, (void (*)())info_callback)))
-  return tls_error(US"SSL_CTX_set_info_callback", host);
+SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
 
 /* The following patch was supplied by Robert Roselius */

So, 'cp -R' the /var/abs/daemons/exim directory, apply my PKGBUILD patch, and drop the second patch, makepkg, and you should be good to go. NB: Copy 'n' pasting the patch file might end up in generating a different md5sum; I'm assuming you know how to generate a new one...

-nogoma
---
Code Happy, Code Ruby!
http://www.last.fm/user/nogoma/

Offline

#3 2007-03-26 20:14:24

Namru
Member
From: Hamburg (Germany)
Registered: 2006-10-18
Posts: 13

Re: request: exim with TLS (openssl)

thx for the description but,
i think it is not good then a mail server compiled without a base function like tls.

Offline

#4 2008-04-27 19:51:46

insanum
Member
Registered: 2007-01-15
Posts: 26
Website

Re: request: exim with TLS (openssl)

bump

I agree that exim must be compiled with TLS support.  It's way too common now
for mail servers to support SMTP Auth and TLS is required .

Offline

#5 2008-04-27 19:52:29

insanum
Member
Registered: 2007-01-15
Posts: 26
Website

Re: request: exim with TLS (openssl)

nogoma wrote:

I actually roll my own package for this. Here's the diff from the PKGBUILD in abs:

15c15
< source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d)
---
> source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d exim-4.66-openssl-0.9.8e.patch)
18c18
<          'd788c26f86a9d72a0aebb3b849fe74f2' 'b75fe4c6e960a59a25b5f51e8f61ba3a')
---
>          'd788c26f86a9d72a0aebb3b849fe74f2' 'b75fe4c6e960a59a25b5f51e8f61ba3a' '2b384258dcdcb4a7ec7267b5718931ed')
35a36
>   patch -p1 < ../exim-4.66-openssl-0.9.8e.patch
54a56,58
>   sed 's|^# SUPPORT_TLS.*$|SUPPORT_TLS=yes|' | \
>   sed 's|^# TLS_LIBS.*$|TLS_LIBS=-L/usr/lib -lssl -lcrypto|' | \
>   sed 's|^# TLS_INCLUDE.*$|TLS_INCLUDE=-I/usr/include/openssl|' | \

Also, you need an additional patch against the exim sources to work with openssl 0.9.8e (save as exim-4.66-openssl-0.9.8e.patch):

--- exim-4.66/src/tls-openssl.c.orig    2007-03-07 11:38:23.000000000 +0200
+++ exim-4.66/src/tls-openssl.c    2007-03-07 12:01:07.000000000 +0200
@@ -343,8 +343,7 @@
 /* Set up the information callback, which outputs if debugging is at a suitable
 level. */
 
-if (!(SSL_CTX_set_info_callback(ctx, (void (*)())info_callback)))
-  return tls_error(US"SSL_CTX_set_info_callback", host);
+SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
 
 /* The following patch was supplied by Robert Roselius */

So, 'cp -R' the /var/abs/daemons/exim directory, apply my PKGBUILD patch, and drop the second patch, makepkg, and you should be good to go. NB: Copy 'n' pasting the patch file might end up in generating a different md5sum; I'm assuming you know how to generate a new one...

Note that with exim 4.68 this patch is no longer needed.

Offline

#6 2008-04-28 20:52:22

Namru
Member
From: Hamburg (Germany)
Registered: 2006-10-18
Posts: 13

Re: request: exim with TLS (openssl)

i used a patched testing PKGBUILD for the current exim 4.69 , arch only provide 4.68

this is a diff with the very small modifikations:

1c1
< # $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $
---
> # $Id: PKGBUILD,v 1.80 2007/11/20 18:49:09 aaron Exp $
4,5c4,5
< pkgver=4.68
< pkgrel=4
---
> pkgver=4.69
> pkgrel=1
18c18
< md5sums=('94c46a8bc24b3ad4ad892228449f378b'
---
> md5sums=('6f29f073328c858d8554b08cc0c3c2be'



btw. i used 4.69 since 12. March without any problems.

Last edited by Namru (2008-04-28 20:53:40)

Offline

#7 2008-04-28 21:06:53

insanum
Member
Registered: 2007-01-15
Posts: 26
Website

Re: request: exim with TLS (openssl)

Here is the modified PKGBUILD I used for for exim.  This adds support for TLS and SASLAUTHD.  If you roll your own you might want to put "IgnorePkg = exim" in your pacman.conf.  Exim is working like a champ for me across 3 ports: 25, 2525 (starttls, saslauthd, w/relay), 2526 (tls on connect, saslauthd, w/relay).  Also have clamav and dns blacklist configured as well.  /happy

# $Id$
# Maintainer: judd <jvinet@zeroflux.org>
pkgname=exim
pkgver=4.68
pkgrel=2
pkgdesc="A Message Transfer Agent"
arch=(i686 x86_64)
url="http://www.exim.org/"
license=('GPL')
backup=(etc/mail/aliases etc/mail/exim.conf \
        etc/logrotate.d/exim etc/conf.d/exim)
install=exim.install
depends=('db>=4.6' 'pcre' 'pam' 'tcp_wrappers')
provides=('smtp-server')
conflicts=('smtp-server')
source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d)

# NOTE:  If you're building this as an unprivileged user and don't have exim
#        already installed, the build will fail.  It requires an exim
#        user/group (79/79) to build.
md5sums=('94c46a8bc24b3ad4ad892228449f378b'
         '4874006f0585253ddab027d441009757'
         'ea39f58bffc16f5e3bbe59dffcf09449'
         'b01c5f057bac2da61b4513281865d92f'
         'd788c26f86a9d72a0aebb3b849fe74f2'
         'b75fe4c6e960a59a25b5f51e8f61ba3a')

build() {
  # An exim user is required to build this
  if [ ! `egrep '^exim' /etc/passwd` ]; then
    echo "==> Adding user/group exim (temporarily)"
    groupadd -g 79 exim
    useradd -u 79 -g exim -d /var/spool/exim -s /bin/false exim
    cleanup=1
  else
    cleanup=0
  fi
  
  cd $startdir/src/$pkgname-$pkgver
  sed -i 's|tail -1|tail -n -1|g' scripts/Configure-config.h
  # Make some configuration changes
  sed 's|^BIN_DIRECTORY.*$|BIN_DIRECTORY=/usr/sbin|' src/EDITME | \
  sed 's|^CONFIGURE_FILE.*$|CONFIGURE_FILE=/etc/mail/exim.conf|' | \
  sed 's|^EXIM_USER.*$|EXIM_USER=exim|' | \
  sed 's|^COMPRESS_COMMAND.*$|COMPRESS_COMMAND=/bin/gzip|' | \
  sed 's|^ZCAT_COMMAND.*$|ZCAT_COMMAND=/bin/zcat|' | \
  sed 's|^CHOWN_COMMAND.*$|CHOWN_COMMAND=/bin/chown|' | \
  sed 's|^CHGRP_COMMAND.*$|CHGRP_COMMAND=/bin/chgrp|' | \
  sed 's|^EXIM_MONITOR.*$||' | \
  sed 's|^# MAX_NAMED_LIST.*$|MAX_NAMED_LIST=16|' | \
  sed 's|^# SUPPORT_MAILDIR.*$|SUPPORT_MAILDIR=yes|' | \
  sed 's|^# \(PID_FILE_PATH=/var\)/lock/exim.pid.*$|\1/run/exim.pid|' | \
  sed 's|^# AUTH_CRAM_MD5=yes$|AUTH_CRAM_MD5=yes|' | \
  sed 's|^# AUTH_CYRUS_SASL=yes$|AUTH_CYRUS_SASL=yes|' | \
  sed 's|^# AUTH_PLAINTEXT=yes$|AUTH_PLAINTEXT=yes|' | \
  sed 's|^# AUTH_SPA=yes$|AUTH_SPA=yes|' | \
  sed 's|^# AUTH_LIBS=-lsasl2$|AUTH_LIBS=-lsasl2|' | \
  sed 's|^# SUPPORT_PAM=yes$|SUPPORT_PAM=yes|' | \
  sed 's|^# USE_TCP_WRAPPERS=yes$|USE_TCP_WRAPPERS=yes|' | \
  sed 's|^EXIM_GROUP.*$|EXIM_GROUP=exim|' | \
  sed 's|^# SUPPORT_TLS.*$|SUPPORT_TLS=yes|' | \
  sed 's|^# TLS_LIBS.*$|TLS_LIBS=-L/usr/lib -lssl -lcrypto|' | \
  sed 's|^# TLS_INCLUDE.*$|TLS_INCLUDE=-I/usr/include/openssl/|' | \
  sed 's|^# CYRUS_SASLAUTHD_SOCKET.*$|CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux|' | \
  sed 's|^# WITH_CONTENT_SCAN.*$|WITH_CONTENT_SCAN=yes|' | \
  sed 's|^# WITH_OLD_DEMIME.*$|WITH_OLD_DEMIME=yes|' | \
  sed 's|^# \(LOG_FILE_PATH=/var/log/exim\)_%slog.*$|\1/%slog|' >Local/Makefile
  echo "EXTRALIBS_EXIM=-lwrap -lpam" >>Local/Makefile

  make -j1 || return 1
  install -D -m644 ../exim.logrotate $startdir/pkg/etc/logrotate.d/exim
  install -D -m644 ../exim.conf.d $startdir/pkg/etc/conf.d/exim
  install -D -m644 doc/exim.8 $startdir/pkg/usr/man/man8/exim.8
  mkdir -p $startdir/pkg/var/spool/exim $startdir/pkg/etc/mail \
    $startdir/pkg/var/log/exim $startdir/pkg/usr/lib
  chown root.exim $startdir/pkg/var/spool/exim $startdir/pkg/var/log/exim
  touch $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
  chown exim.exim $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
  chmod 640 $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
  chmod 770 $startdir/pkg/var/spool/exim $startdir/pkg/var/log/exim
  cd scripts
  cp exim_install exim_install.old
  sed "s|/etc/aliases|$startdir/pkg/etc/aliases|g" exim_install.old >exim_install
if [ "$CARCH" = "x86_64" ]; then
      cd ../build-Linux-x86_64
  else cd ../build-Linux-i386 
fi
  inst_dest=$startdir/pkg/usr/sbin inst_conf=$startdir/pkg/etc/mail/exim.conf ../scripts/exim_install
  cd $startdir/src/exim-$pkgver/src
  sed "s|/etc/aliases|/etc/mail/aliases|g" configure.default | \
    sed "s|SYSTEM_ALIASES_FILE|/etc/mail/aliases|g" \
    >$startdir/pkg/etc/mail/exim.conf
  rm -f $startdir/pkg/etc/aliases
  cp $startdir/src/aliases $startdir/pkg/etc/mail
  cp $startdir/src/newaliases $startdir/pkg/usr/sbin
  cd $startdir/pkg/usr/sbin
  ln -s exim mailq
  ln -s exim rmail
  ln -s exim rsmtp
  ln -s exim runq
  ln -s exim sendmail
  # fhs compliancy
  ln -s ../sbin/exim $startdir/pkg/usr/lib/sendmail

  mkdir -p $startdir/pkg/etc/rc.d
  cp $startdir/src/exim $startdir/pkg/etc/rc.d


  if [ $cleanup -eq 1 ]; then
    echo "==> Removing user/group exim"
    userdel exim
  fi
  return 0
}

Offline

#8 2008-04-28 21:09:31

insanum
Member
Registered: 2007-01-15
Posts: 26
Website

Re: request: exim with TLS (openssl)

insanum wrote:

Here is the modified PKGBUILD I used for for exim.  This adds support for TLS and SASLAUTHD.  If you roll your own you might want to put "IgnorePkg = exim" in your pacman.conf.  Exim is working like a champ for me across 3 ports: 25, 2525 (starttls, saslauthd, w/relay), 2526 (tls on connect, saslauthd, w/relay).  Also have clamav and dns blacklist configured as well.  /happy

# $Id$
# Maintainer: judd <jvinet@zeroflux.org>
pkgname=exim
pkgver=4.68
pkgrel=2
pkgdesc="A Message Transfer Agent"
arch=(i686 x86_64)
url="http://www.exim.org/"
license=('GPL')
backup=(etc/mail/aliases etc/mail/exim.conf \
        etc/logrotate.d/exim etc/conf.d/exim)
install=exim.install
depends=('db>=4.6' 'pcre' 'pam' 'tcp_wrappers')
provides=('smtp-server')
conflicts=('smtp-server')
source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d)

# NOTE:  If you're building this as an unprivileged user and don't have exim
#        already installed, the build will fail.  It requires an exim
#        user/group (79/79) to build.
md5sums=('94c46a8bc24b3ad4ad892228449f378b'
         '4874006f0585253ddab027d441009757'
         'ea39f58bffc16f5e3bbe59dffcf09449'
         'b01c5f057bac2da61b4513281865d92f'
         'd788c26f86a9d72a0aebb3b849fe74f2'
         'b75fe4c6e960a59a25b5f51e8f61ba3a')

build() {
  # An exim user is required to build this
  if [ ! `egrep '^exim' /etc/passwd` ]; then
    echo "==> Adding user/group exim (temporarily)"
    groupadd -g 79 exim
    useradd -u 79 -g exim -d /var/spool/exim -s /bin/false exim
    cleanup=1
  else
    cleanup=0
  fi
  
  cd $startdir/src/$pkgname-$pkgver
  sed -i 's|tail -1|tail -n -1|g' scripts/Configure-config.h
  # Make some configuration changes
  sed 's|^BIN_DIRECTORY.*$|BIN_DIRECTORY=/usr/sbin|' src/EDITME | \
  sed 's|^CONFIGURE_FILE.*$|CONFIGURE_FILE=/etc/mail/exim.conf|' | \
  sed 's|^EXIM_USER.*$|EXIM_USER=exim|' | \
  sed 's|^COMPRESS_COMMAND.*$|COMPRESS_COMMAND=/bin/gzip|' | \
  sed 's|^ZCAT_COMMAND.*$|ZCAT_COMMAND=/bin/zcat|' | \
  sed 's|^CHOWN_COMMAND.*$|CHOWN_COMMAND=/bin/chown|' | \
  sed 's|^CHGRP_COMMAND.*$|CHGRP_COMMAND=/bin/chgrp|' | \
  sed 's|^EXIM_MONITOR.*$||' | \
  sed 's|^# MAX_NAMED_LIST.*$|MAX_NAMED_LIST=16|' | \
  sed 's|^# SUPPORT_MAILDIR.*$|SUPPORT_MAILDIR=yes|' | \
  sed 's|^# \(PID_FILE_PATH=/var\)/lock/exim.pid.*$|\1/run/exim.pid|' | \
  sed 's|^# AUTH_CRAM_MD5=yes$|AUTH_CRAM_MD5=yes|' | \
  sed 's|^# AUTH_CYRUS_SASL=yes$|AUTH_CYRUS_SASL=yes|' | \
  sed 's|^# AUTH_PLAINTEXT=yes$|AUTH_PLAINTEXT=yes|' | \
  sed 's|^# AUTH_SPA=yes$|AUTH_SPA=yes|' | \
  sed 's|^# AUTH_LIBS=-lsasl2$|AUTH_LIBS=-lsasl2|' | \
  sed 's|^# SUPPORT_PAM=yes$|SUPPORT_PAM=yes|' | \
  sed 's|^# USE_TCP_WRAPPERS=yes$|USE_TCP_WRAPPERS=yes|' | \
  sed 's|^EXIM_GROUP.*$|EXIM_GROUP=exim|' | \
  sed 's|^# SUPPORT_TLS.*$|SUPPORT_TLS=yes|' | \
  sed 's|^# TLS_LIBS.*$|TLS_LIBS=-L/usr/lib -lssl -lcrypto|' | \
  sed 's|^# TLS_INCLUDE.*$|TLS_INCLUDE=-I/usr/include/openssl/|' | \
  sed 's|^# CYRUS_SASLAUTHD_SOCKET.*$|CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux|' | \
  sed 's|^# WITH_CONTENT_SCAN.*$|WITH_CONTENT_SCAN=yes|' | \
  sed 's|^# WITH_OLD_DEMIME.*$|WITH_OLD_DEMIME=yes|' | \
  sed 's|^# \(LOG_FILE_PATH=/var/log/exim\)_%slog.*$|\1/%slog|' >Local/Makefile
  echo "EXTRALIBS_EXIM=-lwrap -lpam" >>Local/Makefile

  make -j1 || return 1
  install -D -m644 ../exim.logrotate $startdir/pkg/etc/logrotate.d/exim
  install -D -m644 ../exim.conf.d $startdir/pkg/etc/conf.d/exim
  install -D -m644 doc/exim.8 $startdir/pkg/usr/man/man8/exim.8
  mkdir -p $startdir/pkg/var/spool/exim $startdir/pkg/etc/mail \
    $startdir/pkg/var/log/exim $startdir/pkg/usr/lib
  chown root.exim $startdir/pkg/var/spool/exim $startdir/pkg/var/log/exim
  touch $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
  chown exim.exim $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
  chmod 640 $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
  chmod 770 $startdir/pkg/var/spool/exim $startdir/pkg/var/log/exim
  cd scripts
  cp exim_install exim_install.old
  sed "s|/etc/aliases|$startdir/pkg/etc/aliases|g" exim_install.old >exim_install
if [ "$CARCH" = "x86_64" ]; then
      cd ../build-Linux-x86_64
  else cd ../build-Linux-i386 
fi
  inst_dest=$startdir/pkg/usr/sbin inst_conf=$startdir/pkg/etc/mail/exim.conf ../scripts/exim_install
  cd $startdir/src/exim-$pkgver/src
  sed "s|/etc/aliases|/etc/mail/aliases|g" configure.default | \
    sed "s|SYSTEM_ALIASES_FILE|/etc/mail/aliases|g" \
    >$startdir/pkg/etc/mail/exim.conf
  rm -f $startdir/pkg/etc/aliases
  cp $startdir/src/aliases $startdir/pkg/etc/mail
  cp $startdir/src/newaliases $startdir/pkg/usr/sbin
  cd $startdir/pkg/usr/sbin
  ln -s exim mailq
  ln -s exim rmail
  ln -s exim rsmtp
  ln -s exim runq
  ln -s exim sendmail
  # fhs compliancy
  ln -s ../sbin/exim $startdir/pkg/usr/lib/sendmail

  mkdir -p $startdir/pkg/etc/rc.d
  cp $startdir/src/exim $startdir/pkg/etc/rc.d


  if [ $cleanup -eq 1 ]; then
    echo "==> Removing user/group exim"
    userdel exim
  fi
  return 0
}

I just realized with the above PKGBUILD 'openssl' and 'cyrus-sasl' should be added to the depends directive.

Offline

Pages: 1

Board footer

Powered by FluxBB