Opened 3 years ago

Closed 3 years ago

#15624 closed enhancement (fixed)


Reported by: Bruce Dubbs Owned by: pierre
Priority: normal Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:


New minor version.

Attachments (1)

exim-4.95-call_pam-1.patch (756 bytes ) - added by Tim Tassonis 3 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 by pierre, 3 years ago

Owner: changed from blfs-book to pierre
Status: newassigned

comment:2 by pierre, 3 years ago

New stuff we've added since 4.94:

- From previous experimental support:
- fast-ramp queue run
- native SRS
- TLS resumption
- LMDB lookups with single key
- New:
- smtp transport option "message_linelength_limit"
- optionally ignore lookup caches
- quota checking for appendfile transport during message reception
- sqlite lookups allow a "file=<path>" option
- lsearch lookups allow a "ret=full" option
- command line option for the notifier socket
- faster TLS startup
- new main config option "proxy_protocol_timeout"
- expand "smtp_accept_max_per_connection"
- log selector "queue_size_exclusive"
- main config option "smtp_backlog_monitor"
- main config option "hosts_require_helo"
- main config option "allow_insecure_tainted_data"
- Removed:
- support for MacOS

All fixes from the 4.94.2+fixes branch (this includes the "21 nails" CVEs) are
included too.

If you upgrade from previous versions <4.94: the new taint checks are likely to
make your runtime configuration unusable. Read about the mitigation via the
"allow_insecure_tainted_data" first or make your configuration "taint check

If you upgrade from 4.94.2, nothing should break.

comment:3 by pierre, 3 years ago

Resolution: fixed
Status: assignedclosed

by Tim Tassonis, 3 years ago

Attachment: exim-4.95-call_pam-1.patch added

comment:4 by Tim Tassonis, 3 years ago

Resolution: fixed
Status: closedreopened

4.95 has a serious pam bug, for which there is also already a fix:

I have attached the patch, it applies with -p2 and fixes the problem for me (sending authenticated mails).

comment:5 by pierre, 3 years ago

Tim, should we add this patch to the book? We do not build exim with PAM support, do we?

comment:6 by Tim Tassonis, 3 years ago

I would. I build exim with

    echo "EXTRALIBS=-lldap -llber -lpam" >> Local/Makefile

before the printf USE_GDBM line, which then automatically enables pam and ldap authentication and allows you to use exim as an authenticating smtp server.

The pam file for exim is also quite simple/standard:

# Begin /etc/pam.d/exim

auth    include system-auth
account include system-account
session include system-session

# End /etc/pam.d/exim

If you want, I can add that to the page.

comment:7 by Bruce Dubbs, 3 years ago

Lets put that in the "Adding Additional Functionality" section with the pam file in the configuration section.

comment:8 by pierre, 3 years ago

Hmm, "Adding additional functionality" has already a link to the documentation about linking to PAM. I think either we should have it in the "install" section (with the PAM file in "configuration", or possibly, just something in "command explanations" (but without the PAM file).

Personally, I am not against adding PAM support, if Tim is able to include it.

It would involve adding the patch.

Last edited 3 years ago by pierre (previous) (diff)

comment:9 by Tim Tassonis, 3 years ago

Resolution: fixed
Status: reopenedclosed

I added the pam-specific patch, build and config instructions.

Fixed in commit dd9aab332d

Note: See TracTickets for help on using tickets.