Context Navigation

← Previous Ticket
Next Ticket →

#15624 closed enhancement (fixed)

exim-4.95

Reported by:	Bruce Dubbs	Owned by:	pierre
Priority:	normal	Milestone:	11.1
Component:	BOOK	Version:	git
Severity:	normal	Keywords:
Cc:

Description ¶

New minor version.

Attachments (1)

exim-4.95-call_pam-1.patch (756 bytes ) - added by Tim Tassonis 3 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 by pierre, 3 years ago

Owner:	changed from blfs-book to pierre
Status:	new → assigned

comment:2 by pierre, 3 years ago

New stuff we've added since 4.94:

- From previous experimental support:
- fast-ramp queue run
- native SRS
- TLS resumption
- LMDB lookups with single key
- New:
- smtp transport option "message_linelength_limit"
- optionally ignore lookup caches
- quota checking for appendfile transport during message reception
- sqlite lookups allow a "file=<path>" option
- lsearch lookups allow a "ret=full" option
- command line option for the notifier socket
- faster TLS startup
- new main config option "proxy_protocol_timeout"
- expand "smtp_accept_max_per_connection"
- log selector "queue_size_exclusive"
- main config option "smtp_backlog_monitor"
- main config option "hosts_require_helo"
- main config option "allow_insecure_tainted_data"
- Removed:
- support for MacOS

All fixes from the 4.94.2+fixes branch (this includes the "21 nails" CVEs) are
included too.

If you upgrade from previous versions <4.94: the new taint checks are likely to
make your runtime configuration unusable. Read about the mitigation via the
"allow_insecure_tainted_data" first or make your configuration "taint check
proof".

If you upgrade from 4.94.2, nothing should break.

comment:3 by pierre, 3 years ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at 3713bc71c8799deddf404003ad32bde2df32fd03

by Tim Tassonis, 3 years ago

Attachment:	exim-4.95-call_pam-1.patch added

comment:4 by Tim Tassonis, 3 years ago

Resolution:	fixed
Status:	closed → reopened

4.95 has a serious pam bug, for which there is also already a fix:

https://bugs.exim.org/show_bug.cgi?id=2813

I have attached the patch, it applies with -p2 and fixes the problem for me (sending authenticated mails).

comment:5 by pierre, 3 years ago

Tim, should we add this patch to the book? We do not build exim with PAM support, do we?

comment:6 by Tim Tassonis, 3 years ago

I would. I build exim with

    echo "EXTRALIBS=-lldap -llber -lpam" >> Local/Makefile

before the printf USE_GDBM line, which then automatically enables pam and ldap authentication and allows you to use exim as an authenticating smtp server.

The pam file for exim is also quite simple/standard:

# Begin /etc/pam.d/exim

auth    include system-auth
account include system-account
session include system-session

# End /etc/pam.d/exim

If you want, I can add that to the page.

comment:7 by Bruce Dubbs, 3 years ago

Lets put that in the "Adding Additional Functionality" section with the pam file in the configuration section.

comment:8 by pierre, 3 years ago

Hmm, "Adding additional functionality" has already a link to the documentation about linking to PAM. I think either we should have it in the "install" section (with the PAM file in "configuration", or possibly, just something in "command explanations" (but without the PAM file).

Personally, I am not against adding PAM support, if Tim is able to include it.

It would involve adding the patch.

Last edited 3 years ago by pierre (previous) (diff)

comment:9 by Tim Tassonis, 3 years ago

Resolution:	→ fixed
Status:	reopened → closed

I added the pam-specific patch, build and config instructions.

Fixed in commit dd9aab332d

Note: See TracTickets for help on using tickets.

Download in other formats: