You are not logged in.
Please add by default TLS support with openssl in the exim package.
I know that the arch philosophy is only dependence to permit which are needed for the base functionality. but for me a mail server without encrypting does not fulfill the base functionality of a modern email server.
Here is a feature already request without answer to however unfortunately place is. http://bugs.archlinux.org/task/6004
And BTW. why postfix and courier-mta are encrypting dependence permitted?
Offline
I actually roll my own package for this. Here's the diff from the PKGBUILD in abs:
15c15
< source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d)
---
> source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d exim-4.66-openssl-0.9.8e.patch)
18c18
< 'd788c26f86a9d72a0aebb3b849fe74f2' 'b75fe4c6e960a59a25b5f51e8f61ba3a')
---
> 'd788c26f86a9d72a0aebb3b849fe74f2' 'b75fe4c6e960a59a25b5f51e8f61ba3a' '2b384258dcdcb4a7ec7267b5718931ed')
35a36
> patch -p1 < ../exim-4.66-openssl-0.9.8e.patch
54a56,58
> sed 's|^# SUPPORT_TLS.*$|SUPPORT_TLS=yes|' | \
> sed 's|^# TLS_LIBS.*$|TLS_LIBS=-L/usr/lib -lssl -lcrypto|' | \
> sed 's|^# TLS_INCLUDE.*$|TLS_INCLUDE=-I/usr/include/openssl|' | \
Also, you need an additional patch against the exim sources to work with openssl 0.9.8e (save as exim-4.66-openssl-0.9.8e.patch):
--- exim-4.66/src/tls-openssl.c.orig 2007-03-07 11:38:23.000000000 +0200
+++ exim-4.66/src/tls-openssl.c 2007-03-07 12:01:07.000000000 +0200
@@ -343,8 +343,7 @@
/* Set up the information callback, which outputs if debugging is at a suitable
level. */
-if (!(SSL_CTX_set_info_callback(ctx, (void (*)())info_callback)))
- return tls_error(US"SSL_CTX_set_info_callback", host);
+SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
/* The following patch was supplied by Robert Roselius */
So, 'cp -R' the /var/abs/daemons/exim directory, apply my PKGBUILD patch, and drop the second patch, makepkg, and you should be good to go. NB: Copy 'n' pasting the patch file might end up in generating a different md5sum; I'm assuming you know how to generate a new one...
-nogoma
---
Code Happy, Code Ruby!
http://www.last.fm/user/nogoma/
Offline
thx for the description but,
i think it is not good then a mail server compiled without a base function like tls.
Offline
bump
I agree that exim must be compiled with TLS support. It's way too common now
for mail servers to support SMTP Auth and TLS is required .
Offline
I actually roll my own package for this. Here's the diff from the PKGBUILD in abs:
15c15 < source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d) --- > source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d exim-4.66-openssl-0.9.8e.patch) 18c18 < 'd788c26f86a9d72a0aebb3b849fe74f2' 'b75fe4c6e960a59a25b5f51e8f61ba3a') --- > 'd788c26f86a9d72a0aebb3b849fe74f2' 'b75fe4c6e960a59a25b5f51e8f61ba3a' '2b384258dcdcb4a7ec7267b5718931ed') 35a36 > patch -p1 < ../exim-4.66-openssl-0.9.8e.patch 54a56,58 > sed 's|^# SUPPORT_TLS.*$|SUPPORT_TLS=yes|' | \ > sed 's|^# TLS_LIBS.*$|TLS_LIBS=-L/usr/lib -lssl -lcrypto|' | \ > sed 's|^# TLS_INCLUDE.*$|TLS_INCLUDE=-I/usr/include/openssl|' | \
Also, you need an additional patch against the exim sources to work with openssl 0.9.8e (save as exim-4.66-openssl-0.9.8e.patch):
--- exim-4.66/src/tls-openssl.c.orig 2007-03-07 11:38:23.000000000 +0200 +++ exim-4.66/src/tls-openssl.c 2007-03-07 12:01:07.000000000 +0200 @@ -343,8 +343,7 @@ /* Set up the information callback, which outputs if debugging is at a suitable level. */ -if (!(SSL_CTX_set_info_callback(ctx, (void (*)())info_callback))) - return tls_error(US"SSL_CTX_set_info_callback", host); +SSL_CTX_set_info_callback(ctx, (void (*)())info_callback); /* The following patch was supplied by Robert Roselius */
So, 'cp -R' the /var/abs/daemons/exim directory, apply my PKGBUILD patch, and drop the second patch, makepkg, and you should be good to go. NB: Copy 'n' pasting the patch file might end up in generating a different md5sum; I'm assuming you know how to generate a new one...
Note that with exim 4.68 this patch is no longer needed.
Offline
i used a patched testing PKGBUILD for the current exim 4.69 , arch only provide 4.68
this is a diff with the very small modifikations:
1c1
< # $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $
---
> # $Id: PKGBUILD,v 1.80 2007/11/20 18:49:09 aaron Exp $
4,5c4,5
< pkgver=4.68
< pkgrel=4
---
> pkgver=4.69
> pkgrel=1
18c18
< md5sums=('94c46a8bc24b3ad4ad892228449f378b'
---
> md5sums=('6f29f073328c858d8554b08cc0c3c2be'
btw. i used 4.69 since 12. March without any problems.
Last edited by Namru (2008-04-28 20:53:40)
Offline
Here is the modified PKGBUILD I used for for exim. This adds support for TLS and SASLAUTHD. If you roll your own you might want to put "IgnorePkg = exim" in your pacman.conf. Exim is working like a champ for me across 3 ports: 25, 2525 (starttls, saslauthd, w/relay), 2526 (tls on connect, saslauthd, w/relay). Also have clamav and dns blacklist configured as well. /happy
# $Id$
# Maintainer: judd <jvinet@zeroflux.org>
pkgname=exim
pkgver=4.68
pkgrel=2
pkgdesc="A Message Transfer Agent"
arch=(i686 x86_64)
url="http://www.exim.org/"
license=('GPL')
backup=(etc/mail/aliases etc/mail/exim.conf \
etc/logrotate.d/exim etc/conf.d/exim)
install=exim.install
depends=('db>=4.6' 'pcre' 'pam' 'tcp_wrappers')
provides=('smtp-server')
conflicts=('smtp-server')
source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d)
# NOTE: If you're building this as an unprivileged user and don't have exim
# already installed, the build will fail. It requires an exim
# user/group (79/79) to build.
md5sums=('94c46a8bc24b3ad4ad892228449f378b'
'4874006f0585253ddab027d441009757'
'ea39f58bffc16f5e3bbe59dffcf09449'
'b01c5f057bac2da61b4513281865d92f'
'd788c26f86a9d72a0aebb3b849fe74f2'
'b75fe4c6e960a59a25b5f51e8f61ba3a')
build() {
# An exim user is required to build this
if [ ! `egrep '^exim' /etc/passwd` ]; then
echo "==> Adding user/group exim (temporarily)"
groupadd -g 79 exim
useradd -u 79 -g exim -d /var/spool/exim -s /bin/false exim
cleanup=1
else
cleanup=0
fi
cd $startdir/src/$pkgname-$pkgver
sed -i 's|tail -1|tail -n -1|g' scripts/Configure-config.h
# Make some configuration changes
sed 's|^BIN_DIRECTORY.*$|BIN_DIRECTORY=/usr/sbin|' src/EDITME | \
sed 's|^CONFIGURE_FILE.*$|CONFIGURE_FILE=/etc/mail/exim.conf|' | \
sed 's|^EXIM_USER.*$|EXIM_USER=exim|' | \
sed 's|^COMPRESS_COMMAND.*$|COMPRESS_COMMAND=/bin/gzip|' | \
sed 's|^ZCAT_COMMAND.*$|ZCAT_COMMAND=/bin/zcat|' | \
sed 's|^CHOWN_COMMAND.*$|CHOWN_COMMAND=/bin/chown|' | \
sed 's|^CHGRP_COMMAND.*$|CHGRP_COMMAND=/bin/chgrp|' | \
sed 's|^EXIM_MONITOR.*$||' | \
sed 's|^# MAX_NAMED_LIST.*$|MAX_NAMED_LIST=16|' | \
sed 's|^# SUPPORT_MAILDIR.*$|SUPPORT_MAILDIR=yes|' | \
sed 's|^# \(PID_FILE_PATH=/var\)/lock/exim.pid.*$|\1/run/exim.pid|' | \
sed 's|^# AUTH_CRAM_MD5=yes$|AUTH_CRAM_MD5=yes|' | \
sed 's|^# AUTH_CYRUS_SASL=yes$|AUTH_CYRUS_SASL=yes|' | \
sed 's|^# AUTH_PLAINTEXT=yes$|AUTH_PLAINTEXT=yes|' | \
sed 's|^# AUTH_SPA=yes$|AUTH_SPA=yes|' | \
sed 's|^# AUTH_LIBS=-lsasl2$|AUTH_LIBS=-lsasl2|' | \
sed 's|^# SUPPORT_PAM=yes$|SUPPORT_PAM=yes|' | \
sed 's|^# USE_TCP_WRAPPERS=yes$|USE_TCP_WRAPPERS=yes|' | \
sed 's|^EXIM_GROUP.*$|EXIM_GROUP=exim|' | \
sed 's|^# SUPPORT_TLS.*$|SUPPORT_TLS=yes|' | \
sed 's|^# TLS_LIBS.*$|TLS_LIBS=-L/usr/lib -lssl -lcrypto|' | \
sed 's|^# TLS_INCLUDE.*$|TLS_INCLUDE=-I/usr/include/openssl/|' | \
sed 's|^# CYRUS_SASLAUTHD_SOCKET.*$|CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux|' | \
sed 's|^# WITH_CONTENT_SCAN.*$|WITH_CONTENT_SCAN=yes|' | \
sed 's|^# WITH_OLD_DEMIME.*$|WITH_OLD_DEMIME=yes|' | \
sed 's|^# \(LOG_FILE_PATH=/var/log/exim\)_%slog.*$|\1/%slog|' >Local/Makefile
echo "EXTRALIBS_EXIM=-lwrap -lpam" >>Local/Makefile
make -j1 || return 1
install -D -m644 ../exim.logrotate $startdir/pkg/etc/logrotate.d/exim
install -D -m644 ../exim.conf.d $startdir/pkg/etc/conf.d/exim
install -D -m644 doc/exim.8 $startdir/pkg/usr/man/man8/exim.8
mkdir -p $startdir/pkg/var/spool/exim $startdir/pkg/etc/mail \
$startdir/pkg/var/log/exim $startdir/pkg/usr/lib
chown root.exim $startdir/pkg/var/spool/exim $startdir/pkg/var/log/exim
touch $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
chown exim.exim $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
chmod 640 $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
chmod 770 $startdir/pkg/var/spool/exim $startdir/pkg/var/log/exim
cd scripts
cp exim_install exim_install.old
sed "s|/etc/aliases|$startdir/pkg/etc/aliases|g" exim_install.old >exim_install
if [ "$CARCH" = "x86_64" ]; then
cd ../build-Linux-x86_64
else cd ../build-Linux-i386
fi
inst_dest=$startdir/pkg/usr/sbin inst_conf=$startdir/pkg/etc/mail/exim.conf ../scripts/exim_install
cd $startdir/src/exim-$pkgver/src
sed "s|/etc/aliases|/etc/mail/aliases|g" configure.default | \
sed "s|SYSTEM_ALIASES_FILE|/etc/mail/aliases|g" \
>$startdir/pkg/etc/mail/exim.conf
rm -f $startdir/pkg/etc/aliases
cp $startdir/src/aliases $startdir/pkg/etc/mail
cp $startdir/src/newaliases $startdir/pkg/usr/sbin
cd $startdir/pkg/usr/sbin
ln -s exim mailq
ln -s exim rmail
ln -s exim rsmtp
ln -s exim runq
ln -s exim sendmail
# fhs compliancy
ln -s ../sbin/exim $startdir/pkg/usr/lib/sendmail
mkdir -p $startdir/pkg/etc/rc.d
cp $startdir/src/exim $startdir/pkg/etc/rc.d
if [ $cleanup -eq 1 ]; then
echo "==> Removing user/group exim"
userdel exim
fi
return 0
}
Offline
Here is the modified PKGBUILD I used for for exim. This adds support for TLS and SASLAUTHD. If you roll your own you might want to put "IgnorePkg = exim" in your pacman.conf. Exim is working like a champ for me across 3 ports: 25, 2525 (starttls, saslauthd, w/relay), 2526 (tls on connect, saslauthd, w/relay). Also have clamav and dns blacklist configured as well. /happy
# $Id$ # Maintainer: judd <jvinet@zeroflux.org> pkgname=exim pkgver=4.68 pkgrel=2 pkgdesc="A Message Transfer Agent" arch=(i686 x86_64) url="http://www.exim.org/" license=('GPL') backup=(etc/mail/aliases etc/mail/exim.conf \ etc/logrotate.d/exim etc/conf.d/exim) install=exim.install depends=('db>=4.6' 'pcre' 'pam' 'tcp_wrappers') provides=('smtp-server') conflicts=('smtp-server') source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate exim.conf.d) # NOTE: If you're building this as an unprivileged user and don't have exim # already installed, the build will fail. It requires an exim # user/group (79/79) to build. md5sums=('94c46a8bc24b3ad4ad892228449f378b' '4874006f0585253ddab027d441009757' 'ea39f58bffc16f5e3bbe59dffcf09449' 'b01c5f057bac2da61b4513281865d92f' 'd788c26f86a9d72a0aebb3b849fe74f2' 'b75fe4c6e960a59a25b5f51e8f61ba3a') build() { # An exim user is required to build this if [ ! `egrep '^exim' /etc/passwd` ]; then echo "==> Adding user/group exim (temporarily)" groupadd -g 79 exim useradd -u 79 -g exim -d /var/spool/exim -s /bin/false exim cleanup=1 else cleanup=0 fi cd $startdir/src/$pkgname-$pkgver sed -i 's|tail -1|tail -n -1|g' scripts/Configure-config.h # Make some configuration changes sed 's|^BIN_DIRECTORY.*$|BIN_DIRECTORY=/usr/sbin|' src/EDITME | \ sed 's|^CONFIGURE_FILE.*$|CONFIGURE_FILE=/etc/mail/exim.conf|' | \ sed 's|^EXIM_USER.*$|EXIM_USER=exim|' | \ sed 's|^COMPRESS_COMMAND.*$|COMPRESS_COMMAND=/bin/gzip|' | \ sed 's|^ZCAT_COMMAND.*$|ZCAT_COMMAND=/bin/zcat|' | \ sed 's|^CHOWN_COMMAND.*$|CHOWN_COMMAND=/bin/chown|' | \ sed 's|^CHGRP_COMMAND.*$|CHGRP_COMMAND=/bin/chgrp|' | \ sed 's|^EXIM_MONITOR.*$||' | \ sed 's|^# MAX_NAMED_LIST.*$|MAX_NAMED_LIST=16|' | \ sed 's|^# SUPPORT_MAILDIR.*$|SUPPORT_MAILDIR=yes|' | \ sed 's|^# \(PID_FILE_PATH=/var\)/lock/exim.pid.*$|\1/run/exim.pid|' | \ sed 's|^# AUTH_CRAM_MD5=yes$|AUTH_CRAM_MD5=yes|' | \ sed 's|^# AUTH_CYRUS_SASL=yes$|AUTH_CYRUS_SASL=yes|' | \ sed 's|^# AUTH_PLAINTEXT=yes$|AUTH_PLAINTEXT=yes|' | \ sed 's|^# AUTH_SPA=yes$|AUTH_SPA=yes|' | \ sed 's|^# AUTH_LIBS=-lsasl2$|AUTH_LIBS=-lsasl2|' | \ sed 's|^# SUPPORT_PAM=yes$|SUPPORT_PAM=yes|' | \ sed 's|^# USE_TCP_WRAPPERS=yes$|USE_TCP_WRAPPERS=yes|' | \ sed 's|^EXIM_GROUP.*$|EXIM_GROUP=exim|' | \ sed 's|^# SUPPORT_TLS.*$|SUPPORT_TLS=yes|' | \ sed 's|^# TLS_LIBS.*$|TLS_LIBS=-L/usr/lib -lssl -lcrypto|' | \ sed 's|^# TLS_INCLUDE.*$|TLS_INCLUDE=-I/usr/include/openssl/|' | \ sed 's|^# CYRUS_SASLAUTHD_SOCKET.*$|CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux|' | \ sed 's|^# WITH_CONTENT_SCAN.*$|WITH_CONTENT_SCAN=yes|' | \ sed 's|^# WITH_OLD_DEMIME.*$|WITH_OLD_DEMIME=yes|' | \ sed 's|^# \(LOG_FILE_PATH=/var/log/exim\)_%slog.*$|\1/%slog|' >Local/Makefile echo "EXTRALIBS_EXIM=-lwrap -lpam" >>Local/Makefile make -j1 || return 1 install -D -m644 ../exim.logrotate $startdir/pkg/etc/logrotate.d/exim install -D -m644 ../exim.conf.d $startdir/pkg/etc/conf.d/exim install -D -m644 doc/exim.8 $startdir/pkg/usr/man/man8/exim.8 mkdir -p $startdir/pkg/var/spool/exim $startdir/pkg/etc/mail \ $startdir/pkg/var/log/exim $startdir/pkg/usr/lib chown root.exim $startdir/pkg/var/spool/exim $startdir/pkg/var/log/exim touch $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog} chown exim.exim $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog} chmod 640 $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog} chmod 770 $startdir/pkg/var/spool/exim $startdir/pkg/var/log/exim cd scripts cp exim_install exim_install.old sed "s|/etc/aliases|$startdir/pkg/etc/aliases|g" exim_install.old >exim_install if [ "$CARCH" = "x86_64" ]; then cd ../build-Linux-x86_64 else cd ../build-Linux-i386 fi inst_dest=$startdir/pkg/usr/sbin inst_conf=$startdir/pkg/etc/mail/exim.conf ../scripts/exim_install cd $startdir/src/exim-$pkgver/src sed "s|/etc/aliases|/etc/mail/aliases|g" configure.default | \ sed "s|SYSTEM_ALIASES_FILE|/etc/mail/aliases|g" \ >$startdir/pkg/etc/mail/exim.conf rm -f $startdir/pkg/etc/aliases cp $startdir/src/aliases $startdir/pkg/etc/mail cp $startdir/src/newaliases $startdir/pkg/usr/sbin cd $startdir/pkg/usr/sbin ln -s exim mailq ln -s exim rmail ln -s exim rsmtp ln -s exim runq ln -s exim sendmail # fhs compliancy ln -s ../sbin/exim $startdir/pkg/usr/lib/sendmail mkdir -p $startdir/pkg/etc/rc.d cp $startdir/src/exim $startdir/pkg/etc/rc.d if [ $cleanup -eq 1 ]; then echo "==> Removing user/group exim" userdel exim fi return 0 }
I just realized with the above PKGBUILD 'openssl' and 'cyrus-sasl' should be added to the depends directive.
Offline