committing changes in /etc after apt run

Package changes:
+bsd-mailx 8.1.2-0.20160123cvs-4 armhf
+exim4-base 4.89-7 armhf
+exim4-config 4.89-7 all
+exim4-daemon-light 4.89-7 armhf
+eyed3 0.8-1 all
+id3tool 1.2a-7 armhf
+id3v2 0.1.12-3 armhf
+libid3-3.8.3v5 3.8.3-16.2 armhf
+liblockfile-bin 1.14-1 armhf
+liblockfile1 1.14-1 armhf
+python-eyed3 0.8-1 all
+python-pathlib 1.0.1-2 all
remotes/origin/may2018
Joshua Dye 7 years ago
parent ce98409de0
commit d1f6ef71c1

@ -51,6 +51,7 @@ maybe chmod 0755 'X11/Xsession.d'
maybe chmod 0644 'X11/Xsession.d/90gpg-agent' maybe chmod 0644 'X11/Xsession.d/90gpg-agent'
maybe chmod 0755 'X11/xkb' maybe chmod 0755 'X11/xkb'
maybe chmod 0644 'adduser.conf' maybe chmod 0644 'adduser.conf'
maybe chmod 0644 'aliases'
maybe chmod 0755 'alternatives' maybe chmod 0755 'alternatives'
maybe chmod 0644 'alternatives/README' maybe chmod 0644 'alternatives/README'
maybe chmod 0755 'apache2' maybe chmod 0755 'apache2'
@ -166,6 +167,7 @@ maybe chmod 0755 'cron.daily/aptitude'
maybe chmod 0755 'cron.daily/bsdmainutils' maybe chmod 0755 'cron.daily/bsdmainutils'
maybe chmod 0755 'cron.daily/dpkg' maybe chmod 0755 'cron.daily/dpkg'
maybe chmod 0755 'cron.daily/etckeeper' maybe chmod 0755 'cron.daily/etckeeper'
maybe chmod 0755 'cron.daily/exim4-base'
maybe chmod 0755 'cron.daily/logrotate' maybe chmod 0755 'cron.daily/logrotate'
maybe chmod 0755 'cron.daily/man-db' maybe chmod 0755 'cron.daily/man-db'
maybe chmod 0755 'cron.daily/passwd' maybe chmod 0755 'cron.daily/passwd'
@ -200,6 +202,7 @@ maybe chmod 0644 'default/console-setup'
maybe chmod 0644 'default/crda' maybe chmod 0644 'default/crda'
maybe chmod 0644 'default/cron' maybe chmod 0644 'default/cron'
maybe chmod 0644 'default/dbus' maybe chmod 0644 'default/dbus'
maybe chmod 0644 'default/exim4'
maybe chmod 0644 'default/fail2ban' maybe chmod 0644 'default/fail2ban'
maybe chmod 0644 'default/fake-hwclock' maybe chmod 0644 'default/fake-hwclock'
maybe chmod 0644 'default/hwclock' maybe chmod 0644 'default/hwclock'
@ -351,6 +354,7 @@ maybe chmod 0644 'dpkg/origins/debian'
maybe chmod 0644 'dpkg/origins/raspbian' maybe chmod 0644 'dpkg/origins/raspbian'
maybe chmod 0644 'dpkg/shlibs.default' maybe chmod 0644 'dpkg/shlibs.default'
maybe chmod 0644 'dpkg/shlibs.override' maybe chmod 0644 'dpkg/shlibs.override'
maybe chmod 0644 'email-addresses'
maybe chmod 0644 'environment' maybe chmod 0644 'environment'
maybe chmod 0755 'etckeeper' maybe chmod 0755 'etckeeper'
maybe chmod 0755 'etckeeper/commit.d' maybe chmod 0755 'etckeeper/commit.d'
@ -400,6 +404,59 @@ maybe chmod 0755 'etckeeper/update-ignore.d/01update-ignore'
maybe chmod 0644 'etckeeper/update-ignore.d/README' maybe chmod 0644 'etckeeper/update-ignore.d/README'
maybe chmod 0755 'etckeeper/vcs.d' maybe chmod 0755 'etckeeper/vcs.d'
maybe chmod 0755 'etckeeper/vcs.d/50vcs-cmd' maybe chmod 0755 'etckeeper/vcs.d/50vcs-cmd'
maybe chmod 0755 'exim4'
maybe chmod 0755 'exim4/conf.d'
maybe chmod 0755 'exim4/conf.d/acl'
maybe chmod 0644 'exim4/conf.d/acl/00_exim4-config_header'
maybe chmod 0644 'exim4/conf.d/acl/20_exim4-config_local_deny_exceptions'
maybe chmod 0644 'exim4/conf.d/acl/30_exim4-config_check_mail'
maybe chmod 0644 'exim4/conf.d/acl/30_exim4-config_check_rcpt'
maybe chmod 0644 'exim4/conf.d/acl/40_exim4-config_check_data'
maybe chmod 0755 'exim4/conf.d/auth'
maybe chmod 0644 'exim4/conf.d/auth/00_exim4-config_header'
maybe chmod 0644 'exim4/conf.d/auth/30_exim4-config_examples'
maybe chmod 0755 'exim4/conf.d/main'
maybe chmod 0644 'exim4/conf.d/main/01_exim4-config_listmacrosdefs'
maybe chmod 0644 'exim4/conf.d/main/02_exim4-config_options'
maybe chmod 0644 'exim4/conf.d/main/03_exim4-config_tlsoptions'
maybe chmod 0644 'exim4/conf.d/main/90_exim4-config_log_selector'
maybe chmod 0755 'exim4/conf.d/retry'
maybe chmod 0644 'exim4/conf.d/retry/00_exim4-config_header'
maybe chmod 0644 'exim4/conf.d/retry/30_exim4-config'
maybe chmod 0755 'exim4/conf.d/rewrite'
maybe chmod 0644 'exim4/conf.d/rewrite/00_exim4-config_header'
maybe chmod 0644 'exim4/conf.d/rewrite/31_exim4-config_rewriting'
maybe chmod 0755 'exim4/conf.d/router'
maybe chmod 0644 'exim4/conf.d/router/00_exim4-config_header'
maybe chmod 0644 'exim4/conf.d/router/100_exim4-config_domain_literal'
maybe chmod 0644 'exim4/conf.d/router/150_exim4-config_hubbed_hosts'
maybe chmod 0644 'exim4/conf.d/router/200_exim4-config_primary'
maybe chmod 0644 'exim4/conf.d/router/300_exim4-config_real_local'
maybe chmod 0644 'exim4/conf.d/router/400_exim4-config_system_aliases'
maybe chmod 0644 'exim4/conf.d/router/500_exim4-config_hubuser'
maybe chmod 0644 'exim4/conf.d/router/600_exim4-config_userforward'
maybe chmod 0644 'exim4/conf.d/router/700_exim4-config_procmail'
maybe chmod 0644 'exim4/conf.d/router/800_exim4-config_maildrop'
maybe chmod 0644 'exim4/conf.d/router/850_exim4-config_lowuid'
maybe chmod 0644 'exim4/conf.d/router/900_exim4-config_local_user'
maybe chmod 0644 'exim4/conf.d/router/mmm_mail4root'
maybe chmod 0755 'exim4/conf.d/transport'
maybe chmod 0644 'exim4/conf.d/transport/00_exim4-config_header'
maybe chmod 0644 'exim4/conf.d/transport/10_exim4-config_transport-macros'
maybe chmod 0644 'exim4/conf.d/transport/30_exim4-config_address_file'
maybe chmod 0644 'exim4/conf.d/transport/30_exim4-config_address_pipe'
maybe chmod 0644 'exim4/conf.d/transport/30_exim4-config_address_reply'
maybe chmod 0644 'exim4/conf.d/transport/30_exim4-config_mail_spool'
maybe chmod 0644 'exim4/conf.d/transport/30_exim4-config_maildir_home'
maybe chmod 0644 'exim4/conf.d/transport/30_exim4-config_maildrop_pipe'
maybe chmod 0644 'exim4/conf.d/transport/30_exim4-config_procmail_pipe'
maybe chmod 0644 'exim4/conf.d/transport/30_exim4-config_remote_smtp'
maybe chmod 0644 'exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost'
maybe chmod 0644 'exim4/conf.d/transport/35_exim4-config_address_directory'
maybe chmod 0644 'exim4/exim4.conf.template'
maybe chgrp 'Debian-exim' 'exim4/passwd.client'
maybe chmod 0640 'exim4/passwd.client'
maybe chmod 0644 'exim4/update-exim4.conf.conf'
maybe chmod 0755 'fail2ban' maybe chmod 0755 'fail2ban'
maybe chmod 0755 'fail2ban/action.d' maybe chmod 0755 'fail2ban/action.d'
maybe chmod 0644 'fail2ban/action.d/apf.conf' maybe chmod 0644 'fail2ban/action.d/apf.conf'
@ -610,6 +667,7 @@ maybe chmod 0755 'init.d/cron'
maybe chmod 0755 'init.d/dbus' maybe chmod 0755 'init.d/dbus'
maybe chmod 0755 'init.d/dhcpcd' maybe chmod 0755 'init.d/dhcpcd'
maybe chmod 0755 'init.d/dphys-swapfile' maybe chmod 0755 'init.d/dphys-swapfile'
maybe chmod 0755 'init.d/exim4'
maybe chmod 0755 'init.d/fail2ban' maybe chmod 0755 'init.d/fail2ban'
maybe chmod 0755 'init.d/fake-hwclock' maybe chmod 0755 'init.d/fake-hwclock'
maybe chmod 0755 'init.d/hwclock.sh' maybe chmod 0755 'init.d/hwclock.sh'
@ -795,14 +853,18 @@ maybe chmod 0755 'logrotate.d'
maybe chmod 0644 'logrotate.d/apt' maybe chmod 0644 'logrotate.d/apt'
maybe chmod 0644 'logrotate.d/aptitude' maybe chmod 0644 'logrotate.d/aptitude'
maybe chmod 0644 'logrotate.d/dpkg' maybe chmod 0644 'logrotate.d/dpkg'
maybe chmod 0644 'logrotate.d/exim4-base'
maybe chmod 0644 'logrotate.d/exim4-paniclog'
maybe chmod 0644 'logrotate.d/fail2ban' maybe chmod 0644 'logrotate.d/fail2ban'
maybe chmod 0644 'logrotate.d/nginx' maybe chmod 0644 'logrotate.d/nginx'
maybe chmod 0644 'logrotate.d/rsyslog' maybe chmod 0644 'logrotate.d/rsyslog'
maybe chmod 0444 'machine-id' maybe chmod 0444 'machine-id'
maybe chmod 0644 'magic' maybe chmod 0644 'magic'
maybe chmod 0644 'magic.mime' maybe chmod 0644 'magic.mime'
maybe chmod 0644 'mail.rc'
maybe chmod 0644 'mailcap' maybe chmod 0644 'mailcap'
maybe chmod 0644 'mailcap.order' maybe chmod 0644 'mailcap.order'
maybe chmod 0644 'mailname'
maybe chmod 0644 'manpath.config' maybe chmod 0644 'manpath.config'
maybe chmod 0644 'mime.types' maybe chmod 0644 'mime.types'
maybe chmod 0644 'mke2fs.conf' maybe chmod 0644 'mke2fs.conf'
@ -904,6 +966,7 @@ maybe chmod 0755 'ppp/ip-down.d/bind9'
maybe chmod 0755 'ppp/ip-up.d' maybe chmod 0755 'ppp/ip-up.d'
maybe chmod 0755 'ppp/ip-up.d/000resolvconf' maybe chmod 0755 'ppp/ip-up.d/000resolvconf'
maybe chmod 0755 'ppp/ip-up.d/bind9' maybe chmod 0755 'ppp/ip-up.d/bind9'
maybe chmod 0755 'ppp/ip-up.d/exim4'
maybe chmod 0644 'profile' maybe chmod 0644 'profile'
maybe chmod 0755 'profile.d' maybe chmod 0755 'profile.d'
maybe chmod 0644 'profile.d/Z97-byobu.sh' maybe chmod 0644 'profile.d/Z97-byobu.sh'

@ -0,0 +1,13 @@
# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root

@ -0,0 +1 @@
/usr/bin/bsd-mailx

@ -0,0 +1 @@
/usr/share/man/man1/bsd-mailx.1.gz

@ -0,0 +1 @@
/usr/bin/bsd-mailx

@ -0,0 +1 @@
/usr/share/man/man1/bsd-mailx.1.gz

@ -0,0 +1 @@
/usr/bin/bsd-mailx

@ -0,0 +1 @@
/usr/share/man/man1/bsd-mailx.1.gz

@ -0,0 +1,105 @@
#!/bin/sh
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
# set this to some other value if you don't want the panic log to be
# watched by this script, for example when you're using your own log
# checking mechanisms or don't care.
E4BCD_DAILY_REPORT_TO=""
E4BCD_DAILY_REPORT_OPTIONS=""
E4BCD_WATCH_PANICLOG="yes"
# Number of lines of paniclog quoted in warning email.
E4BCD_PANICLOG_LINES="10"
E4BCD_PANICLOG_NOISE=""
# Only do anything if exim4 is actually installed
if [ ! -x /usr/lib/exim4/exim4 ]; then
exit 0
fi
[ -f /etc/default/exim4 ] && . /etc/default/exim4
SPOOLDIR="$(exim4 -bP spool_directory | sed 's/.*=[[:space:]]\(.*\)/\1/')"
# The log processing code used in this cron script is not very
# sophisticated. It relies on this cron job being executed earlier than
# the log rotation job, and will have false results if the log is not
# rotated exactly once daily in the daily cron processing. Even in the
# default configuration, it will ignore log entries made between this
# cron job and the log rotation job.
# Patches for more sophisticated processing are appreciated via the
# Debian BTS.
E4BCD_MAINLOG_NOISE="^[[:digit:][:space:]:-]\{20\}\(\(Start\|End\) queue run: pid=[[:digit:]]\+\|exim [[:digit:]\.]\+ daemon started: pid=[[:digit:]]\+, .*\)$"
if [ -n "$E4BCD_DAILY_REPORT_TO" ]; then
if [ -x "$(command -v eximstats)" ] && [ -x "$(command -v mail)" ]; then
if [ "$(< /var/log/exim4/mainlog grep -v "$E4BCD_MAINLOG_NOISE" | wc -l)" -gt "0" ]; then
< /var/log/exim4/mainlog grep -v "$E4BCD_MAINLOG_NOISE" \
| eximstats $E4BCD_DAILY_REPORT_OPTIONS \
| mail -s"$(hostname --fqdn) Daily e-mail activity report" \
$E4BCD_DAILY_REPORT_TO
else
echo "no mail activity in this interval" \
| mail -s"$(hostname --fqdn) Daily e-mail activity report" \
$E4BCD_DAILY_REPORT_TO
fi
else
echo "The exim4 cron job is configured to send a daily report, but eximstats"
echo "and/or mail cannot be found. Please check and make sure that these two"
echo "binaries are available"
fi
fi
log_this() {
TEXT="$@"
if ! logger -t exim4 -p mail.alert $TEXT; then
RET="$?"
echo >&2 "ALERT: could not syslog $TEXT, logger return value $RET"
fi
}
if [ "$E4BCD_WATCH_PANICLOG" != "no" ]; then
if [ -s "/var/log/exim4/paniclog" ]; then
if [ -x "/usr/local/lib/exim4/nonzero_paniclog_hook" ]; then
/usr/local/lib/exim4/nonzero_paniclog_hook
fi
if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then
log_this "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken"
if ! printf "Subject: exim paniclog on %s has non-zero size\nTo: root\n\nexim paniclog /var/log/exim4/paniclog on %s has non-zero size, mail system might be broken. The last ${E4BCD_PANICLOG_LINES} lines are quoted below.\n\n%s\n" \
"$(hostname --fqdn)" "$(hostname --fqdn)" \
"$(tail -n "${E4BCD_PANICLOG_LINES}" /var/log/exim4/paniclog)" \
| exim4 root; then
log_this "PANIC: sending out e-mail warning has failed, exim has non-zero return code"
fi
if [ "$E4BCD_WATCH_PANICLOG" = "once" ]; then
logrotate -f /etc/logrotate.d/exim4-paniclog
fi
fi
fi
fi
# run tidydb as Debian-exim:Debian-exim.
if [ -x /usr/sbin/exim_tidydb ]; then
cd $SPOOLDIR/db || exit 1
if ! find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
-or -type f -printf '%f\0' | \
xargs -0r -n 1 \
start-stop-daemon --start --exec /usr/sbin/exim_tidydb \
--chuid Debian-exim:Debian-exim -- $SPOOLDIR > /dev/null; then
# if we reach this, invoking exim_tidydb from start-stop-daemon has
# failed, most probably because of libpam-tmpdir being in use
# (see #373786 and #376165)
find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
-or -type f -printf '%f\0' | \
runuser --shell=/bin/bash \
--command="xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > /dev/null" \
Debian-exim
fi
fi

@ -0,0 +1,24 @@
# /etc/default/exim4
EX4DEF_VERSION=''
# 'combined' - one daemon running queue and listening on SMTP port
# 'no' - no daemon running the queue
# 'separate' - two separate daemons
# 'ppp' - only run queue with /etc/ppp/ip-up.d/exim4.
# 'nodaemon' - no daemon is started at all.
# 'queueonly' - only a queue running daemon is started, no SMTP listener.
# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4
QUEUERUNNER='combined'
# how often should we run the queue
QUEUEINTERVAL='30m'
# options common to quez-runner and listening daemon
COMMONOPTIONS=''
# more options for the daemon/process running the queue (applies to the one
# started in /etc/ppp/ip-up.d/exim4, too.
QUEUERUNNEROPTIONS=''
# special flags given to exim directly after the -q. See exim(8)
QFLAGS=''
# Options for the SMTP listener daemon. By default, it is listening on
# port 25 only. To listen on more ports, it is recommended to use
# -oX 25:587:10025 -oP /run/exim4/exim.pid
SMTPLISTENEROPTIONS=''

@ -0,0 +1,9 @@
# This is /etc/email-addresses. It is part of the exim package
#
# This file contains email addresses to use for outgoing mail. Any local
# part not in here will be qualified by the system domain as normal.
#
# It should contain lines of the form:
#
#user: someone@isp.com
#otheruser: someoneelse@anotherisp.com

@ -0,0 +1,8 @@
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl

@ -0,0 +1,49 @@
### acl/20_exim4-config_local_deny_exceptions
#################################
# This is used to determine whitelisted senders and hosts.
# It checks for CONFDIR/host_local_deny_exceptions and
# CONFDIR/sender_local_deny_exceptions.
#
# It is meant to be used from some other acl entry.
#
# See exim4-config_files(5) for details.
#
# If the files do not exist, the white list never matches, which is
# the desired behaviour.
#
# The old file names CONFDIR/local_host_whitelist and
# CONFDIR/local_sender_whitelist will continue to be honored for a
# transition period. Their use is deprecated.
acl_local_deny_exceptions:
accept
hosts = ${if exists{CONFDIR/host_local_deny_exceptions}\
{CONFDIR/host_local_deny_exceptions}\
{}}
accept
senders = ${if exists{CONFDIR/sender_local_deny_exceptions}\
{CONFDIR/sender_local_deny_exceptions}\
{}}
accept
hosts = ${if exists{CONFDIR/local_host_whitelist}\
{CONFDIR/local_host_whitelist}\
{}}
accept
senders = ${if exists{CONFDIR/local_sender_whitelist}\
{CONFDIR/local_sender_whitelist}\
{}}
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
.include LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
.endif
# this is still supported for a transition period and is deprecated.
.ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.endif

@ -0,0 +1,11 @@
### acl/30_exim4-config_check_mail
#################################
# This access control list is used for every MAIL command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_mail:
accept

@ -0,0 +1,363 @@
### acl/30_exim4-config_check_rcpt
#################################
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept
hosts = :
control = dkim_disable_verify
# Do not try to verify DKIM signatures of incoming mail if DC_minimaldns
# or DISABLE_DKIM_VERIFY are set.
.ifdef DC_minimaldns
warn
control = dkim_disable_verify
.else
.ifdef DISABLE_DKIM_VERIFY
warn
control = dkim_disable_verify
.endif
.endif
# The following section of the ACL is concerned with local parts that contain
# certain non-alphanumeric characters. Dots in unusual places are
# handled by this ACL as well.
#
# Non-alphanumeric characters other than dots are rarely found in genuine
# local parts, but are often tried by people looking to circumvent
# relaying restrictions. Therefore, although they are valid in local
# parts, these rules disallow certain non-alphanumeric characters, as
# a precaution.
#
# Empty components (two dots in a row) are not valid in RFC 2822, but Exim
# allows them because they have been encountered. (Consider local parts
# constructed as "firstinitial.secondinitial.familyname" when applied to
# a name without a second initial.) However, a local part starting
# with a dot or containing /../ can cause trouble if it is used as part of a
# file name (e.g. for a mailing list). This is also true for local parts that
# contain slashes. A pipe symbol can also be troublesome if the local part is
# incorporated unthinkingly into a shell command line.
#
# These ACL components will block recipient addresses that are valid
# from an RFC2822 point of view. We chose to have them blocked by
# default for security reasons.
#
# If you feel that your site should have less strict recipient
# checking, please feel free to change the default values of the macros
# defined in main/01_exim4-config_listmacrosdefs or override them from a
# local configuration file.
#
# Two different rules are used. The first one has a quite strict
# default, and is applied to messages that are addressed to one of the
# local domains handled by this host.
# The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined in
# main/01_exim4-config_listmacrosdefs:
# CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
# This blocks local parts that begin with a dot or contain a quite
# broad range of non-alphanumeric characters.
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
# The second rule applies to all other domains, and its default is
# considerably less strict.
# The default value of CHECK_RCPT_REMOTE_LOCALPARTS is defined in
# main/01_exim4-config_listmacrosdefs:
# CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
# It allows local users to send outgoing messages to sites
# that use slashes and vertical bars in their local parts. It blocks
# local parts that begin with a dot, slash, or vertical bar, but allows
# these characters within the local part. However, the sequence /../ is
# barred. The use of some other non-alphanumeric characters is blocked.
# Single quotes might probably be dangerous as well, but they're
# allowed by the default regexps to avoid rejecting mails to Ireland.
# The motivation here is to prevent local users (or local users' malware)
# from mounting certain kinds of attack on remote sites.
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
#
accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains : +relay_to_domains
# Deny unless the sender address can be verified.
#
# This is disabled by default so that DNSless systems don't break. If
# your system can do DNS lookups without delay or cost, you might want
# to enable this feature.
#
# This feature does not work in smarthost and satellite setups as
# with these setups all domains pass verification. See spec.txt section
# "Access control lists" subsection "Address verification" with the added
# information that a smarthost/satellite setup routes all non-local e-mail
# to the smarthost.
.ifdef CHECK_RCPT_VERIFY_SENDER
deny
message = Sender verification failed
!acl = acl_local_deny_exceptions
!verify = sender
.endif
# Verify senders listed in local_sender_callout with a callout.
#
# In smarthost and satellite setups, this causes the callout to be
# done to the smarthost. Verification will thus only be reliable if the
# smarthost does reject illegal addresses in the SMTP dialog.
deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout
# Accept if the message comes from one of the hosts for which we are an
# outgoing relay. It is assumed that such hosts are most likely to be MUAs,
# so we set control=submission to make Exim treat the message as a
# submission. It will fix up various errors in the message, for example, the
# lack of a Date: header line. If you are actually relaying out out from
# MTAs, you may want to disable this. If you are handling both relaying from
# MTAs and submissions from MUAs you should probably split them into two
# lists, and handle them differently.
# Recipient verification is omitted here, because in many cases the clients
# are dumb MUAs that don't cope well with SMTP error responses. If you are
# actually relaying out from MTAs, you should probably add recipient
# verification here.
# Note that, by putting this test before any DNS black list checks, you will
# always accept from these hosts, even if they end up on a black list. The
# assumption is that they are your friends, and if they get onto black
# list, it is a mistake.
accept
hosts = +relay_from_hosts
control = submission/sender_retain
control = dkim_disable_verify
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted, and submission mode is set. And again, we do this
# check before any black list tests.
accept
authenticated = *
control = submission/sender_retain
control = dkim_disable_verify
# Insist that a HELO/EHLO was accepted.
require message = nice hosts say HELO first
condition = ${if def:sender_helo_name}
# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
# relaying. Any other domain is rejected as being unacceptable for relaying.
require
message = relay not permitted
domains = +local_domains : +relay_to_domains
# We also require all accepted addresses to be verifiable. This check will
# do local part verification for local domains, but only check the domain
# for remote domains.
require
verify = recipient
# Verify recipients listed in local_rcpt_callout with a callout.
# This is especially handy for forwarding MX hosts (secondary MX or
# mail hubs) of domains that receive a lot of spam to non-existent
# addresses. The only way to check local parts for remote relay
# domains is to use a callout (add /callout), but please read the
# documentation about callouts before doing this.
deny
!acl = acl_local_deny_exceptions
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout
# CONFDIR/local_sender_blacklist holds a list of envelope senders that
# should have their access denied to the local host. Incoming messages
# with one of these senders are rejected at RCPT time.
#
# The explicit white lists are honored as well as negative items in
# the black list. See exim4-config_files(5) for details.
deny
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
# deny bad sites (IP address)
# CONFDIR/local_host_blacklist holds a list of host names, IP addresses
# and networks (CIDR notation) that should have their access denied to
# The local host. Messages coming in from a listed host will have all
# RCPT statements rejected.
#
# The explicit white lists are honored as well as negative items in
# the black list. See exim4-config_files(5) for details.
deny
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
# Warn if the sender host does not have valid reverse DNS.
#
# If your system can do DNS lookups without delay or cost, you might want
# to enable this.
# If sender_host_address is defined, it's a remote call. If
# sender_host_name is not defined, then reverse lookup failed. Use
# this instead of !verify = reverse_host_lookup to catch deferrals
# as well as outright failures.
.ifdef CHECK_RCPT_REVERSE_DNS
warn
condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
{yes}{no}}
add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
.endif
# Use spfquery to perform a pair of SPF checks (for details, see
# http://www.openspf.org/)
#
# This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not
# enable if that's an issue. Also note that if you enable this, you must
# install "spf-tools-perl" which provides the spfquery command.
# Missing spf-tools-perl will trigger the "Unexpected error in
# SPF check" warning.
.ifdef CHECK_RCPT_SPF
deny
message = [SPF] $sender_host_address is not allowed to send mail from \
${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
Please see \
http://www.openspf.org/Why?scope=${if def:sender_address_domain \
{mfrom}{helo}};identity=${if def:sender_address_domain \
{$sender_address}{$sender_helo_name}};ip=$sender_host_address
log_message = SPF check failed.
!acl = acl_local_deny_exceptions
condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
${quote:$sender_host_address} --identity \
${if def:sender_address_domain \
{--scope mfrom --identity ${quote:$sender_address}}\
{--scope helo --identity ${quote:$sender_helo_name}}}}\
{no}{${if eq {$runrc}{1}{yes}{no}}}}
defer
message = Temporary DNS error while checking SPF record. Try again later.
!acl = acl_local_deny_exceptions
condition = ${if eq {$runrc}{5}{yes}{no}}
warn
condition = ${if <={$runrc}{6}{yes}{no}}
add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\
{${if eq {$runrc}{2}{softfail}\
{${if eq {$runrc}{3}{neutral}\
{${if eq {$runrc}{4}{permerror}\
{${if eq {$runrc}{6}{none}{error}}}}}}}}}\
} client-ip=$sender_host_address; \
${if def:sender_address_domain \
{envelope-from=${sender_address}; }{}}\
helo=$sender_helo_name
warn
log_message = Unexpected error in SPF check.
condition = ${if >{$runrc}{6}{yes}{no}}
.endif
# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
warn
dnslists = CHECK_RCPT_IP_DNSBLS
add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
# Check against DNSBLs which list sender domains, with an option to locally
# whitelist certain domains that might be blacklisted.
#
# Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append
# "/$sender_address_domain" after each domain. For example:
# CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \
# : rhsbl.bar.org/$sender_address_domain
.ifdef CHECK_RCPT_DOMAIN_DNSBLS
warn
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
{CONFDIR/local_domain_dnsbl_whitelist}\
{}}
dnslists = CHECK_RCPT_DOMAIN_DNSBLS
add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_RCPT_LOCAL_ACL_FILE
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif
#############################################################################
# This check is commented out because it is recognized that not every
# sysadmin will want to do it. If you enable it, the check performs
# Client SMTP Authorization (csa) checks on the sending host. These checks
# do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
# an Internet draft. You can, of course, add additional conditions to this
# ACL statement to restrict the CSA checks to certain hosts only.
#
# require verify = csa
#############################################################################
# Accept if the address is in a domain for which we are an incoming relay,
# but again, only if the recipient can be verified.
accept
domains = +relay_to_domains
endpass
verify = recipient
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
accept

@ -0,0 +1,84 @@
### acl/40_exim4-config_check_data
#################################
# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.
acl_check_data:
# Deny if the message contains an overlong line. Per the standards
# we should never receive one such via SMTP.
#
.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
deny message = maximum allowed line length is 998 octets, \
got $max_received_linelength
condition = ${if > {$max_received_linelength}{998}}
.endif
# Deny unless the address list headers are syntactically correct.
#
# If you enable this, you might reject legitimate mail.
.ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
deny
message = Message headers fail syntax check
!acl = acl_local_deny_exceptions
!verify = header_syntax
.endif
# require that there is a verifiable sender address in at least
# one of the "Sender:", "Reply-To:", or "From:" header lines.
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_local_deny_exceptions
!verify = header_sender
.endif
# Deny if the message contains malware. Before enabling this check, you
# must install a virus scanner and set the av_scanner option in the
# main configuration.
#
# exim4-daemon-heavy must be used for this section to work.
#
# deny
# malware = *
# message = This message was detected as possible malware ($malware_name).
# Add headers to a message if it is judged to be spam. Before enabling this,
# you must install SpamAssassin. You also need to set the spamd_address
# option in the main configuration.
#
# exim4-daemon-heavy must be used for this section to work.
#
# Please note that this is only suiteable as an example. There are
# multiple issues with this configuration method. For example, if you go
# this way, you'll give your spamassassin daemon write access to the
# entire exim spool which might be a security issue in case of a
# spamassassin exploit.
#
# See the exim docs and the exim wiki for more suitable examples.
#
# warn
# spam = Debian-exim:true
# add_header = X-Spam_score: $spam_score\n\
# X-Spam_score_int: $spam_score_int\n\
# X-Spam_bar: $spam_bar\n\
# X-Spam_report: $spam_report
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif
# accept otherwise
accept

@ -0,0 +1,8 @@
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators

@ -0,0 +1,254 @@
### auth/30_exim4-config_examples
#################################
# The examples below are for server side authentication, when the
# local exim is SMTP server and clients authenticate to the local exim.
# They allow two styles of plain-text authentication against an
# CONFDIR/passwd file whose syntax is described in exim4_passwd(5).
# Hosts that are allowed to use AUTH are defined by the
# auth_advertise_hosts option in the main configuration. The default is
# "*", which allows authentication to all hosts over all kinds of
# connections if there is at least one authenticator defined here.
# Authenticators which rely on unencrypted clear text passwords don't
# advertise on unencrypted connections by default. Thus, it might be
# wise to set up TLS to allow encrypted connections. If TLS cannot be
# used for some reason, you can set AUTH_SERVER_ALLOW_NOTLS_PASSWORDS to
# advertise unencrypted clear text password based authenticators on all
# connections. As this is severely reducing security, using TLS is
# preferred over allowing clear text password based authenticators on
# unencrypted connections.
# PLAIN authentication has no server prompts. The client sends its
# credentials in one lump, containing an authorization ID (which we do not
# use), an authentication ID, and a password. The latter two appear as
# $auth2 and $auth3 in the configuration and should be checked against a
# valid username and password. In a real configuration you would typically
# use $auth2 as a lookup key, and compare $auth3 against the result of the
# lookup, perhaps using the crypteq{}{} condition.
# plain_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# LOGIN authentication has traditional prompts and responses. There is no
# authorization ID in this mechanism, so unlike PLAIN the username and
# password are $auth1 and $auth2. Apart from that you can use the same
# server_condition setting for both authenticators.
# login_server:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
#
# cram_md5_server:
# driver = cram_md5
# public_name = CRAM-MD5
# server_secret = ${extract{2}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}fail}}}
# server_set_id = $auth1
# Here is an example of CRAM-MD5 authentication against PostgreSQL:
#
# psqldb_auth_server:
# driver = cram_md5
# public_name = CRAM-MD5
# server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$auth1}'}{$value}fail}
# server_set_id = $auth1
# Authenticate against local passwords using sasl2-bin
# Requires exim_uid to be a member of sasl group, see README.Debian.gz
# plain_saslauthd_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
# server_set_id = $auth2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
#
# login_saslauthd_server:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# # don't send system passwords over unencrypted connections
# server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
#
# ntlm_sasl_server:
# driver = cyrus_sasl
# public_name = NTLM
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
#
# digest_md5_sasl_server:
# driver = cyrus_sasl
# public_name = DIGEST-MD5
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# Authentcate against cyrus-sasl
# This is mainly untested, please report any problems to
# pkg-exim4-users@lists.alioth.debian.org.
# cram_md5_sasl_server:
# driver = cyrus_sasl
# public_name = CRAM-MD5
# server_realm = <short main hostname>
# server_set_id = $auth1
#
# plain_sasl_server:
# driver = cyrus_sasl
# public_name = PLAIN
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
#
# login_sasl_server:
# driver = cyrus_sasl
# public_name = LOGIN
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# Authenticate against courier authdaemon
# This is now the (working!) example from
# http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730
# Possible pitfall: access rights on /var/run/courier/authdaemon/socket.
# plain_courier_authdaemon:
# driver = plaintext
# public_name = PLAIN
# server_condition = \
# ${extract {ADDRESS} \
# {${readsocket{/var/run/courier/authdaemon/socket} \
# {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \
# {yes} \
# fail}
# server_set_id = $auth2
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# login_courier_authdaemon:
# driver = plaintext
# public_name = LOGIN
# server_prompts = Username:: : Password::
# server_condition = \
# ${extract {ADDRESS} \
# {${readsocket{/var/run/courier/authdaemon/socket} \
# {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \
# {yes} \
# fail}
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
# This one is a bad hack to support the broken version 4.xx of
# Microsoft Outlook Express which violates the RFCs by demanding
# "250-AUTH=" instead of "250-AUTH ".
# If your list of offered authenticators is other than PLAIN and LOGIN,
# you need to adapt the public_name line manually.
# It has to be the last authenticator to work and has not been tested
# well. Use at your own risk.
# See the thread entry point from
# http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050214/msg00213.html
# for the related discussion on the exim-users mailing list.
# Thanks to Fred Viles for this great work.
# support_broken_outlook_express_4_server:
# driver = plaintext
# public_name = "\r\n250-AUTH=PLAIN LOGIN"
# server_prompts = User Name : Password
# server_condition = no
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
##############
# See /usr/share/doc/exim4-base/README.Debian.gz
##############
# These examples below are the equivalent for client side authentication.
# They get the passwords from CONFDIR/passwd.client, whose format is
# defined in exim4_passwd_client(5)
# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
# only allow these mechanisms over encrypted connections by default.
# You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted
# clear text password authentication on all connections.
cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
# this returns the matching line from passwd.client and doubles all ^
PASSWDLINE=${sg{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
}\
{\\N[\\^]\\N}\
{^^}\
}
plain:
driver = plaintext
public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "<; ${if !eq{$tls_out_cipher}{}\
{^${extract{1}{:}{PASSWDLINE}}\
^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
}fail}"
.else
client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif
login:
driver = plaintext
public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
# Return empty string if not non-TLS AND looking up $host in passwd-file
# yields a non-empty string; fail otherwise.
client_send = "<; ${if and{\
{!eq{$tls_out_cipher}{}}\
{!eq{PASSWDLINE}{}}\
}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.else
# Return empty string if looking up $host in passwd-file yields a
# non-empty string; fail otherwise.
client_send = "<; ${if !eq{PASSWDLINE}{}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif

@ -0,0 +1,101 @@
######################################################################
# Runtime configuration file for Exim 4 (Debian Packaging) #
######################################################################
######################################################################
# /etc/exim4/exim4.conf.template is only used with the non-split
# configuration scheme.
# /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs is only used
# with the split configuration scheme.
# If you find this comment anywhere else, somebody copied it there.
# Documentation about the Debian exim4 configuration scheme can be
# found in /usr/share/doc/exim4-base/README.Debian.gz.
######################################################################
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# Just for reference and scripts.
# On Debian systems, the main binary is installed as exim4 to avoid
# conflicts with the exim 3 packages.
exim_path = /usr/sbin/exim4
# Macro defining the main configuration directory.
# We do not use absolute paths.
.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif
# debconf-driven macro definitions get inserted after this line
UPEX4CmacrosUPEX4C = 1
# Create domain and host lists for relay control
# '@' refers to 'the name of the local host'
# List of domains considered local for exim. Domains not listed here
# need to be deliverable remotely.
domainlist local_domains = MAIN_LOCAL_DOMAINS
# List of recipient domains to relay _to_. Use this list if you're -
# for example - fallback MX or mail gateway for domains.
domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
# List of sender networks (IP addresses) to _unconditionally_ relay
# _for_. If you intend to be SMTP AUTH server, you do not need to enter
# anything here.
hostlist relay_from_hosts = MAIN_RELAY_NETS
# Decide which domain to use to add to all unqualified addresses.
# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary
# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value
# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined,
# the first line of /etc/mailname is used.
.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
.ifndef MAIN_QUALIFY_DOMAIN
qualify_domain = ETC_MAILNAME
.else
qualify_domain = MAIN_QUALIFY_DOMAIN
.endif
.endif
# listen on all all interfaces?
.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.endif
.ifndef LOCAL_DELIVERY
# The default transport, set in /etc/exim4/update-exim4.conf.conf,
# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities
LOCAL_DELIVERY=mail_spool
.endif
# The gecos field in /etc/passwd holds not only the name. see passwd(5).
gecos_pattern = ^([^,:]*)
gecos_name = $1
# define macros to be used in acl/30_exim4-config_check_rcpt to check
# recipient local parts for strange characters.
# This macro definition really should be in
# acl/30_exim4-config_check_rcpt but cannot be there due to
# http://www.exim.org/bugzilla/show_bug.cgi?id=101 as of exim 4.62.
# These macros are documented in acl/30_exim4-config_check_rcpt,
# can be changed here or overridden by a locally added configuration
# file as described in README.Debian section "Using Exim Macros to control
# the configuration".
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif
.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
.endif
# always log tls_peerdn as we use TLS for outgoing connects by default
.ifndef MAIN_LOG_SELECTOR
MAIN_LOG_SELECTOR = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn
.endif

@ -0,0 +1,218 @@
### main/02_exim4-config_options
#################################
# Defines the access control list that is run when an
# SMTP MAIL command is received.
#
.ifndef MAIN_ACL_CHECK_MAIL
MAIN_ACL_CHECK_MAIL = acl_check_mail
.endif
acl_smtp_mail = MAIN_ACL_CHECK_MAIL
# Defines the access control list that is run when an
# SMTP RCPT command is received.
#
.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
# Defines the access control list that is run when an
# SMTP DATA command is received.
#
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA
# Message size limit. The default (used when MESSAGE_SIZE_LIMIT
# is unset) is 50 MB
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif
# If you are running exim4-daemon-heavy or a custom version of Exim that
# was compiled with the content-scanning extension, you can cause incoming
# messages to be automatically scanned for viruses. You have to modify the
# configuration in two places to set this up. The first of them is here,
# where you define the interface to your scanner. This example is typical
# for ClamAV; see the manual for details of what to set for other virus
# scanners. The second modification is in the acl_check_data access
# control list.
# av_scanner = clamd:/var/run/clamav/clamd.ctl
# For spam scanning, there is a similar option that defines the interface to
# SpamAssassin. You do not need to set this if you are using the default, which
# is shown in this commented example. As for virus scanning, you must also
# modify the acl_check_data access control list to enable spam scanning.
# spamd_address = 127.0.0.1 783
# Domain used to qualify unqualified recipient addresses
# If this option is not set, the qualify_domain value is used.
# qualify_recipient = <value of qualify_domain>
# Allow Exim to recognize addresses of the form "user@[10.11.12.13]",
# where the domain part is a "domain literal" (an IP address) instead
# of a named domain. The RFCs require this facility, but it is disabled
# in the default config since it is rarely used and frequently abused.
# Domain literal support also needs a special router, which is automatically
# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS.
# Additionally, you might want to make your local IP addresses (or @[])
# local domains.
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif
# Do a reverse DNS lookup on all incoming IP calls, in order to get the
# true host name. If you feel this is too expensive, the networks for
# which a lookup is done can be listed here.
.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif
# In a minimaldns setup, update-exim4.conf guesses the hostname and
# dumps it here to avoid DNS lookups being done at Exim run time.
.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
.endif
# The settings below cause Exim to make RFC 1413 (ident) callbacks
# for all incoming SMTP calls. You can limit the hosts to which these
# calls are made, and/or change the timeout that is used. If you set
# the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls
# are cheap and can provide useful information for tracing problem
# messages, but some hosts and firewalls have problems with them.
# This can result in a timeout instead of an immediate refused
# connection, leading to delays on starting up SMTP sessions.
# (The default was reduced from 30s to 5s for release 4.61. and to
# disabled for release 4.86)
#
#rfc1413_hosts = *
#rfc1413_query_timeout = 5s
# Enable an efficiency feature. We advertise the feature; clients
# may request to use it. For multi-recipient mails we then can
# reject or accept per-user after the message is received.
#
prdr_enable = true
# When using an external relay tester (such as rt.njabl.org and/or the
# currently defunct relay-test.mail-abuse.org, the test may be aborted
# since exim complains about "too many nonmail commands". If you want
# the test to complete, add the host from where "your" relay tester
# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro.
# Please note that a non-empty setting may cause extra DNS lookups to
# happen, which is the reason why this option is commented out in the
# default settings.
# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org
.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
.endif
# By default, exim forces a Sender: header containing the local
# account name at the local host name in all locally submitted messages
# that don't have the local account name at the local host name in the
# From: header, deletes any Sender: header present in the submitted
# message and forces the envelope sender of all locally submitted
# messages to the local account name at the local host name.
# The following settings allow local users to specify their own envelope sender
# in a locally submitted message. Sender: headers existing in a locally
# submitted message are not removed, and no automatic Sender: headers
# are added. These settings are fine for most hosts.
# If you run exim on a classical multi-user systems where all users
# have local mailboxes that can be reached via SMTP from the Internet
# with the local FQDN as the domain part of the address, you might want
# to disable the following three lines for traceability reasons.
.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif
# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. Configure exim
# to accept unqualified addresses from certain hosts. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).
# sender_unqualified_hosts = <unset>
# recipient_unqualified_hosts = <unset>
# Configure Exim to support the "percent hack" for certain domains.
# The "percent hack" is the feature by which mail addressed to x%y@z
# (where z is one of the domains listed) is locally rerouted to x@y
# and sent on. If z is not one of the "percent hack" domains, x%y is
# treated as an ordinary local part. The percent hack is rarely needed
# nowadays but frequently abused. You should not enable it unless you
# are sure that you really need it.
# percent_hack_domains = <unset>
# Bounce handling
.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL
# Define spool directory
.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR
# trusted users can set envelope-from to arbitrary values
.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif
# users in admin group can do many other things
# admin_groups = <unset>
# SMTP Banner. The example includes the Debian version in the SMTP dialog
# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}"
# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
.ifdef MAIN_KEEP_ENVIRONMENT
keep_environment = MAIN_KEEP_ENVIRONMENT
.else
# set option to empty value to avoid warning.
keep_environment =
.endif
.ifdef MAIN_ADD_ENVIRONMENT
add_environment = MAIN_ADD_ENVIRONMENT
.endif

@ -0,0 +1,85 @@
### main/03_exim4-config_tlsoptions
#################################
# TLS/SSL configuration for exim as an SMTP server.
# See /usr/share/doc/exim4-base/README.Debian.gz for explanations.
.ifdef MAIN_TLS_ENABLE
# Defines what hosts to 'advertise' STARTTLS functionality to. The
# default, *, will advertise to all hosts that connect with EHLO.
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
# Full paths to Certificate and Private Key. The Private Key file
# must be kept 'secret' and should be owned by root.Debian-exim mode
# 640 (-rw-r-----). exim-gencert takes care of these prerequisites.
# Normally, exim4 looks for certificate and key in different files:
# MAIN_TLS_CERTIFICATE - path to certificate file,
# CONFDIR/exim.crt if unset
# MAIN_TLS_PRIVATEKEY - path to private key file
# CONFDIR/exim.key if unset
# You can also configure exim to look for certificate and key in the
# same file, set MAIN_TLS_CERTKEY to that file to enable. This takes
# precedence over all other settings regarding certificate and key file.
.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE
.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.endif
# Pointer to the CA Certificates against which client certificates are
# checked. This is controlled by the `tls_verify_hosts' and
# `tls_try_verify_hosts' lists below.
# If you want to check server certificates, you need to add an
# tls_verify_certificates statement to the smtp transport.
# /etc/ssl/certs/ca-certificates.crt is generated by
# the "ca-certificates" package's update-ca-certificates(8) command.
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
{/etc/ssl/certs/ca-certificates.crt}\
{/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
# A list of hosts which are constrained by `tls_verify_certificates'. A host
# that matches `tls_verify_host' must present a certificate that is
# verifyable through `tls_verify_certificates' in order to be accepted as an
# SMTP client. If it does not, the connection is aborted.
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif
# A weaker form of checking: if a client matches `tls_try_verify_hosts' (but
# not `tls_verify_hosts'), request a certificate and check it against
# `tls_verify_certificates' but do not abort the connection if there is no
# certificate or if the certificate presented does not match. (This
# condition can be tested for in ACLs through `verify = certificate')
# By default, this check is done for all hosts. It is known that some
# clients (including incredimail's version downloadable in February
# 2008) choke on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an
# empty value.
.ifdef MAIN_TLS_TRY_VERIFY_HOSTS
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.endif
.ifdef _HAVE_GNUTLS
tls_dhparam = historic
.endif
.else
# Don't advertise TLS if MAIN_TLS_ENABLE is not set.
tls_advertise_hosts =
.endif

@ -0,0 +1,10 @@
### main/90_exim4-config_log_selector
#################################
# uncomment this for debugging
# MAIN_LOG_SELECTOR == MAIN_LOG_SELECTOR +all -subject -arguments
.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR
.endif

@ -0,0 +1,7 @@
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry

@ -0,0 +1,19 @@
### retry/30_exim4-config
#################################
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.
# Please note that these rules only limit the frequency of retries, the
# effective retry-time depends on the frequency of queue-running, too.
# See QUEUEINTERVAL in /etc/default/exim4.
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h

@ -0,0 +1,7 @@
######################################################################
# REWRITE CONFIGURATION #
######################################################################
begin rewrite

@ -0,0 +1,16 @@
### rewrite/31_exim4-config_rewriting
#################################
# This rewriting rule is particularly useful for dialup users who
# don't have their own domain, but could be useful for anyone.
# It looks up the real address of all local users in a file
.ifndef NO_EAA_REWRITE_REWRITE
*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail}" Ffrs
# identical rewriting rule for /etc/mailname
*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail}" Ffrs
.endif

@ -0,0 +1,11 @@
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers

@ -0,0 +1,18 @@
### router/100_exim4-config_domain_literal
#################################
# This router handles e-mail addresses in "domain literal" form like
# <user@[10.11.12.13]>. The RFCs require this facility, but it is disabled
# in the default config since it is rarely used and frequently abused.
# Domain literal support also needs to be enabled in the main config,
# which is automatically done if you use the enable macro
# MAIN_ALLOW_DOMAIN_LITERALS.
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
domain_literal:
debug_print = "R: domain_literal for $local_part@$domain"
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
.endif

@ -0,0 +1,18 @@
# router/150_exim4-config_hubbed_hosts
#################################
# route specific domains manually.
#
# see exim4-config_files(5) and spec.txt chapter 20.3 through 20.7 for
# more detailed documentation.
hubbed_hosts:
debug_print = "R: hubbed_hosts for $domain"
driver = manualroute
domains = "${if exists{CONFDIR/hubbed_hosts}\
{partial-lsearch;CONFDIR/hubbed_hosts}\
fail}"
same_domain_copy_routing = yes
route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
transport = remote_smtp

@ -0,0 +1,90 @@
### router/200_exim4-config_primary
#################################
# This file holds the primary router, responsible for nonlocal mails
.ifdef DCconfig_internet
# configtype=internet
#
# deliver mail to the recipient if recipient domain is a domain we
# relay for. We do not ignore any target hosts here since delivering to
# a site local or even a link local address might be wanted here, and if
# such an address has found its way into the MX record of such a domain,
# the local admin is probably in a place where that broken MX record
# could be fixed.
dnslookup_relay_to_domains:
debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more
# deliver mail directly to the recipient. This router is only reached
# for domains that we do not relay for. Since we most probably can't
# have broken MX records pointing to site local or link local IP
# addresses fixed, we ignore target hosts pointing to these addresses.
dnslookup:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes
# ignore private rfc1918 and APIPA addresses
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
255.255.255.255
no_more
.endif
.ifdef DCconfig_local
# configtype=local
#
# Stand-alone system, so generate an error for mail to a non-local domain
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
.endif
.ifdef DCconfig_smarthost DCconfig_satellite
# configtype=smarthost or configtype=satellite
#
# Send all non-local mail to a single other machine (smarthost).
#
# This means _ALL_ non-local mail goes to the smarthost. This will most
# probably not do what you want for domains that are listed in
# relay_domains. The most typical use for relay_domains is to control
# relaying for incoming e-mail on secondary MX hosts. In that case,
# it doesn't make sense to send the mail to the smarthost since the
# smarthost will probably send the message right back here, causing a
# loop.
#
# If you want to use a smarthost while being secondary MX for some
# domains, you'll need to copy the dnslookup_relay_to_domains router
# here so that mail to relay_domains is handled separately.
smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = ignore
same_domain_copy_routing = yes
no_more
.endif
# The "no_more" above means that all later routers are for
# domains in the local_domains list, i.e. just like Exim 3 directors.

@ -0,0 +1,22 @@
### router/300_exim4-config_real_local
#################################
# This router allows reaching a local user while avoiding local
# processing. This can be used to inform a user of a broken .forward
# file, for example. The userforward router does this.
COND_LOCAL_SUBMITTER = "\
${if match_ip{$sender_host_address}{:@[]}\
{1}{0}\
}"
real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
domains = +local_domains
condition = COND_LOCAL_SUBMITTER
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY

@ -0,0 +1,44 @@
### router/400_exim4-config_system_aliases
#################################
# This router handles aliasing using a traditional /etc/aliases file.
#
##### NB You must ensure that /etc/aliases exists. It used to be the case
##### NB that every Unix had that file, because it was the Sendmail default.
##### NB These days, there are systems that don't have it. Your aliases
##### NB file should at least contain an alias for "postmaster".
#
# This router handles the local part in a case-insensitive way which
# satisfies the RFCs requirement that postmaster be reachable regardless
# of case. If you decide to handle /etc/aliases in a caseful way, you
# need to make arrangements for a caseless postmaster.
#
# Delivery to arbitrary directories, files, and piping to programs in
# /etc/aliases is disabled per default.
# If that is a problem for you, see
# /usr/share/doc/exim4-base/README.Debian.gz
# for explanation and some workarounds.
system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
domains = +local_domains
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
.ifdef SYSTEM_ALIASES_USER
user = SYSTEM_ALIASES_USER
.endif
.ifdef SYSTEM_ALIASES_GROUP
group = SYSTEM_ALIASES_GROUP
.endif
.ifdef SYSTEM_ALIASES_FILE_TRANSPORT
file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
.endif

@ -0,0 +1,31 @@
### router/500_exim4-config_hubuser
#################################
.ifdef DCconfig_satellite
# This router is only used for configtype=satellite.
# It takes care to route all mail targeted to <somelocaluser@this.machine>
# to the host where we read our mail
#
hub_user:
debug_print = "R: hub_user for $local_part@$domain"
driver = redirect
domains = +local_domains
data = ${local_part}@DCreadhost
check_local_user
# Grab the redirected mail and deliver it.
# This is a duplicate of the smarthost router, needed because
# DCreadhost might end up as part of +local_domains
hub_user_smarthost:
debug_print = "R: hub_user_smarthost for $local_part@$domain"
driver = manualroute
domains = DCreadhost
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = ignore
same_domain_copy_routing = yes
check_local_user
.endif

@ -0,0 +1,51 @@
### router/600_exim4-config_userforward
#################################
# This router handles forwarding using traditional .forward files in users'
# home directories. It also allows mail filtering with a forward file
# starting with the string "# Exim filter" or "# Sieve filter".
#
# The no_verify setting means that this router is skipped when Exim is
# verifying addresses. Similarly, no_expn means that this router is skipped if
# Exim is processing an EXPN command.
#
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A.
#
# The four transports specified at the end are those that are used when
# forwarding generates a direct delivery to a directory, or a file, or to a
# pipe, or sets up an auto-reply, respectively.
#
userforward:
debug_print = "R: userforward for $local_part@$domain"
driver = redirect
domains = +local_domains
check_local_user
file = $home/.forward
require_files = $local_part:$home/.forward
no_verify
no_expn
check_ancestor
allow_filter
forbid_smtp_code = true
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
skip_syntax_errors
syntax_errors_to = real-$local_part@$domain
syntax_errors_text = \
This is an automatically generated message. An error has\n\
been found in your .forward file. Details of the error are\n\
reported below. While this error persists, you will receive\n\
a copy of this message for every message that is addressed\n\
to you. If your .forward file is a filter file, or if it is\n\
a non-filter file containing no valid forwarding addresses,\n\
a copy of each incoming message will be put in your normal\n\
mailbox. If a non-filter file contains at least one valid\n\
forwarding address, forwarding to the valid addresses will\n\
happen, and those will be the only deliveries that occur.

@ -0,0 +1,15 @@
procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = procmail_pipe
# emulate OR with "if exists"-expansion
require_files = ${local_part}:\
${if exists{/etc/procmailrc}\
{/etc/procmailrc}{${home}/.procmailrc}}:\
+/usr/bin/procmail
no_verify
no_expn

@ -0,0 +1,14 @@
### router/800_exim4-config_maildrop
#################################
maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = maildrop_pipe
require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn

@ -0,0 +1,29 @@
### router/850_exim4-config_lowuid
#################################
.ifndef FIRST_USER_ACCOUNT_UID
FIRST_USER_ACCOUNT_UID = 0
.endif
.ifndef DEFAULT_SYSTEM_ACCOUNT_ALIAS
DEFAULT_SYSTEM_ACCOUNT_ALIAS = :fail: no mail to system accounts
.endif
COND_SYSTEM_USER_AND_REMOTE_SUBMITTER = "\
${if and{{! match_ip{$sender_host_address}{:@[]}}\
{<{$local_user_uid}{FIRST_USER_ACCOUNT_UID}}}\
{1}{0}\
}"
lowuid_aliases:
debug_print = "R: lowuid_aliases for $local_part@$domain (UID $local_user_uid)"
check_local_user
driver = redirect
allow_fail
domains = +local_domains
condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
data = ${if exists{CONFDIR/lowuid-aliases}\
{${lookup{$local_part}lsearch{CONFDIR/lowuid-aliases}\
{$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}\
{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}

@ -0,0 +1,15 @@
### router/900_exim4-config_local_user
#################################
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY
cannot_route_message = Unknown user

@ -0,0 +1,17 @@
### router/mmm_mail4root
#################################
# deliver mail addressed to root to /var/mail/mail as user mail:mail
# if it was not redirected in /etc/aliases or by other means
# Exim cannot deliver as root since 4.24 (FIXED_NEVER_USERS)
mail4root:
debug_print = "R: mail4root for $local_part@$domain"
driver = redirect
domains = +local_domains
data = /var/mail/mail
file_transport = address_file
local_parts = root
user = mail
group = mail

@ -0,0 +1,13 @@
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a router that successfully
# handles an address.
begin transports

@ -0,0 +1,16 @@
### transport/10_exim4-config_transport-macros
#################################
.ifdef HIDE_MAILNAME
REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains $1@DCreadhost frs : *@ETC_MAILNAME $1@DCreadhost frs
REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}}
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
.ifdef REMOTE_SMTP_HELO_DATA
REMOTE_SMTP_HELO_DATA==${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
.else
REMOTE_SMTP_HELO_DATA=${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
.endif
.endif

@ -0,0 +1,11 @@
# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.
#
address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

@ -0,0 +1,10 @@
# This transport is used for handling pipe deliveries generated by
# .forward files. If the commands fails and produces any output on standard
# output or standard error streams, the output is returned to the sender
# of the message as a delivery error.
address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
return_fail_output

@ -0,0 +1,8 @@
# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.
#
address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply

@ -0,0 +1,17 @@
### transport/30_exim4-config_mail_spool
# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format.
#
mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false

@ -0,0 +1,41 @@
### transport/30_exim4-config_maildir_home
#################################
# Use this instead of mail_spool if you want to to deliver to Maildir in
# home-directory - change the definition of LOCAL_DELIVERY
#
maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
.ifdef MAILDIR_HOME_MAILDIR_LOCATION
directory = MAILDIR_HOME_MAILDIR_LOCATION
.else
directory = $home/Maildir
.endif
.ifdef MAILDIR_HOME_CREATE_DIRECTORY
create_directory
.endif
.ifdef MAILDIR_HOME_CREATE_FILE
create_file = MAILDIR_HOME_CREATE_FILE
.endif
delivery_date_add
envelope_to_add
return_path_add
maildir_format
.ifdef MAILDIR_HOME_DIRECTORY_MODE
directory_mode = MAILDIR_HOME_DIRECTORY_MODE
.else
directory_mode = 0700
.endif
.ifdef MAILDIR_HOME_MODE
mode = MAILDIR_HOME_MODE
.else
mode = 0600
.endif
mode_fail_narrower = false
# This transport always chdirs to $home before trying to deliver. If
# $home is not accessible, this chdir fails and prevents delivery.
# If you are in a setup where home directories might not be
# accessible, uncomment the current_directory line below.
# current_directory = /

@ -0,0 +1,12 @@
maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
message_prefix =
message_suffix =
return_path_add
delivery_date_add
envelope_to_add

@ -0,0 +1,10 @@
procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add

@ -0,0 +1,53 @@
### transport/30_exim4-config_remote_smtp
#################################
# This transport is used for delivering messages over SMTP connections.
# Refuse to send any message with over-long lines, which could have
# been received other than via SMTP. The use of message_size_limit to
# enforce this is a red herring.
remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
.endif
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
.ifdef REMOTE_SMTP_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_PRIVATEKEY
.endif

@ -0,0 +1,47 @@
### transport/30_exim4-config_remote_smtp_smarthost
#################################
# This transport is used for delivering messages over SMTP connections
# to a smarthost. The local host tries to authenticate.
# This transport is used for smarthost and satellite configurations.
# Refuse to send any messsage with over-long lines, which could have
# been received other than via SMTP. The use of message_size_limit to
# enforce this is a red herring.
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
.endif
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
}\
{} \
}
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
.endif

@ -0,0 +1,14 @@
# This transport is used for handling file addresses generated by alias
# or .forward files if the path ends in "/", which causes it to be treated
# as a directory name rather than a file name.
address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
check_string = ""
escape_string = ""
maildir_format

File diff suppressed because it is too large Load Diff

@ -0,0 +1,7 @@
# password file used when the local exim is authenticating to a remote
# host as a client.
#
# see exim4_passwd_client(5) for more documentation
#
# Example:
### target.mail.server.example:login:password

@ -0,0 +1,31 @@
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
dc_eximconfig_configtype='local'
dc_other_hostnames='samwise.natalieandjoshua.com'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

@ -55,3 +55,4 @@ gpio:x:997:
middle:x:1001: middle:x:1001:
jgdye:x:1000: jgdye:x:1000:
bind:x:113: bind:x:113:
Debian-exim:x:114:

@ -54,3 +54,4 @@ i2c:x:998:
gpio:x:997: gpio:x:997:
middle:x:1001: middle:x:1001:
jgdye:x:1000: jgdye:x:1000:
bind:x:113:

@ -55,3 +55,4 @@ gpio:!::
middle:!:: middle:!::
jgdye:!:: jgdye:!::
bind:!:: bind:!::
Debian-exim:!::

@ -54,3 +54,4 @@ i2c:!::
gpio:!:: gpio:!::
middle:!:: middle:!::
jgdye:!:: jgdye:!::
bind:!::

@ -0,0 +1,279 @@
#! /bin/sh
# /etc/init.d/exim4
#
# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
# Modified for exim by Tim Cutts <timc@chiark.greenend.org.uk>
# Modified for exim4 by Andreas Metzler <ametzler@debian.org>
# and Marc Haber <mh+debian-packages@zugschlus.de>
### BEGIN INIT INFO
# Provides: exim4
# Required-Start: $remote_fs $syslog $named $network $time
# Required-Stop: $remote_fs $syslog $named $network
# Should-Start: postgresql mysql clamav-daemon greylist spamassassin
# Should-Stop: postgresql mysql clamav-daemon greylist spamassassin
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: exim Mail Transport Agent
# Description: exim is a Mail Transport agent
### END INIT INFO
set -e
test -x /usr/lib/exim4/exim4 || exit 0
. /lib/lsb/init-functions
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
LANG=C
export LANG
#read default file
QUEUERUNNER='combined'
QUEUEINTERVAL='30m'
UPEX4OPTS=''
[ -f /etc/default/exim4 ] && . /etc/default/exim4
PIDFILE="/run/exim4/exim.pid"
QRPIDFILE="/run/exim4/eximqr.pid"
upex4conf() {
UPEX4CONF="update-exim4.conf"
OLDIFS="$IFS"
IFS=:
for p in $PATH; do
if [ -x "$p/$UPEX4CONF" ]; then
IFS="$OLDIFS"
$p/$UPEX4CONF $UPEX4OPTS $1
return 0
fi
done
IFS="$OLDIFS"
}
# Exit if exim runs from /etc/inetd.conf
if [ -f /etc/inetd.conf ] && grep -E -q '^[[:space:]]*((\*|[[:alnum:].-]+):)?smtp[[:space:]]' /etc/inetd.conf
then
upex4conf
exit 0
fi
DAEMON="/usr/sbin/exim4"
NAME="exim4"
# this is from madduck on IRC, 2006-07-06
# There should be a better possibility to give daemon error messages
# and/or to log things
log()
{
case "$1" in
[[:digit:]]*) success=$1; shift;;
*) :;;
esac
log_action_begin_msg "$1"; shift
log_action_end_msg ${success:-0} "$*"
}
start_exim()
{
[ -e /run/exim4 ] || \
install -d -oDebian-exim -gDebian-exim -m750 /run/exim4
case ${QUEUERUNNER} in
combined)
start_daemon -p "$PIDFILE" \
"$DAEMON" -bd "-q${QFLAGS}${QUEUEINTERVAL}" \
${COMMONOPTIONS} \
${QUEUERUNNEROPTIONS} \
${SMTPLISTENEROPTIONS}
log_progress_msg "exim4"
;;
separate)
start_daemon -p "$PIDFILE" \
"$DAEMON" -bd \
${COMMONOPTIONS} \
${SMTPLISTENEROPTIONS}
log_progress_msg "exim4_listener"
start_daemon -p "$QRPIDFILE" \
"$DAEMON" -oP $QRPIDFILE \
"-q${QFLAGS}${QUEUEINTERVAL}" \
${COMMONOPTIONS} \
${QUEUERUNNEROPTIONS}
log_progress_msg "exim4_queuerunner"
;;
queueonly)
start_daemon -p "$PIDFILE" \
"$DAEMON" -oP $PIDFILE \
"-q${QFLAGS}${QUEUEINTERVAL}" \
${COMMONOPTIONS} \
${QUEUERUNNEROPTIONS}
log_progress_msg "exim4_queuerunner"
;;
no|ppp)
start_daemon -p "$PIDFILE" \
"$DAEMON" -bd \
${COMMONOPTIONS} \
${SMTPLISTENEROPTIONS}
log_progress_msg "exim4_listener"
;;
nodaemon)
;;
esac
}
stop_exim()
{
# we try to kill eximqr and exim SMTP listener, no matter what
# ${QUEUERUNNER} is set to, we could have switched since starting.
if [ -f "$QRPIDFILE" ]; then
killproc -p "$QRPIDFILE" "$DAEMON"
# exim does not remove the pidfile
if [ $? -eq 0 ] ; then rm -f "$QRPIDFILE" ; fi
log_progress_msg "exim4_queuerunner"
fi
if [ -f "$PIDFILE" ]; then
killproc -p "$PIDFILE" "$DAEMON"
# exim does not remove the pidfile
if [ $? -eq 0 ] ; then rm -f "$PIDFILE" ; fi
log_progress_msg "exim4_listener"
fi
}
reload_exim()
{
case ${QUEUERUNNER} in
combined|no|ppp|queueonly)
killproc -p "$PIDFILE" "$DAEMON" -HUP
log_progress_msg "exim4"
;;
separate)
killproc -p "$PIDFILE" "$DAEMON" -HUP
log_progress_msg "exim4_listener"
killproc -p "$QRPIDFILE" "$DAEMON" -HUP
log_progress_msg "exim4_queuerunner"
;;
esac
}
kill_all_exims()
{ SIG="${1:-TERM}"
for pid in $(pidof $NAME); do
if [ "$(readlink /proc/$pid/root)" = "/" ]; then
kill -$SIG $pid
fi
done
}
status()
{
# the exit value of this function reflects the status of the SMTP
# service. Output shows the status of the queue runner as well.
SMTPNAME="SMTP listener daemon"
QRNAME="separate queue runner daemon"
if [ "${QUEUERUNNER}" = "combined" ]; then
SMTPNAME="combined SMTP listener and queue runner daemon"
elif [ "${QUEUERUNNER}" = "queueonly" ]; then
SMTPNAME="separate queue runner daemon"
fi
log_action_begin_msg "checking $QRNAME"
if pidofproc -p "$QRPIDFILE" "$DAEMON" >/dev/null; then
log_action_end_msg 0 "running"
else
if [ -e "$QRPIDFILE" ]; then
log_action_end_msg 1 "$QRNAME failed"
else
log_action_end_msg 0 "not running"
fi
fi
log_action_begin_msg "checking $SMTPNAME"
if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then
log_action_end_msg 0 "running"
exit 0
else
if [ -e "$PIDFILE" ]; then
log_action_end_msg 1 "$SMTPNAME failed"
exit 1
else
log_action_end_msg 0 "not running"
exit 3
fi
fi
}
# check for valid configuration file
isconfigvalid()
{
if ! $DAEMON -bV > /dev/null ; then
log 1 "Warning! Invalid configuration file for $NAME. Exiting."
exit 1
fi
}
# check for non-empty paniclog
warn_paniclog()
{
if [ -s "/var/log/exim4/paniclog" ]; then
if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then
echo "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken" 1>&2
fi
fi
}
case "$1" in
start)
log_daemon_msg "Starting MTA"
# regenerate exim4.conf
upex4conf
isconfigvalid
start_exim
log_end_msg 0
warn_paniclog
;;
stop)
log_daemon_msg "Stopping MTA"
stop_exim
log_end_msg 0
warn_paniclog
;;
restart)
# check whether newly generated config would work
upex4conf --check
log_daemon_msg "Stopping MTA for restart"
stop_exim
# regenerate exim4.conf
upex4conf
isconfigvalid
log_end_msg 0
sleep 2
log_daemon_msg "Restarting MTA"
start_exim
log_end_msg 0
warn_paniclog
;;
reload|force-reload)
log_daemon_msg "Reloading $NAME configuration files"
# regenerate exim4.conf
upex4conf
isconfigvalid
reload_exim
log_end_msg 0
warn_paniclog
;;
status)
status
;;
force-stop)
kill_all_exims $2
;;
*)
echo "Usage: $0 {start|stop|restart|reload|status|force-stop}"
exit 1
;;
esac
exit 0
# vim:tabstop=2:expandtab:shiftwidth=2

@ -0,0 +1,9 @@
/var/log/exim4/mainlog /var/log/exim4/rejectlog {
daily
missingok
rotate 10
compress
delaycompress
notifempty
create 640 Debian-exim adm
}

@ -0,0 +1,10 @@
/var/log/exim4/paniclog {
size 10M
missingok
rotate 10
compress
delaycompress
notifempty
create 640 Debian-exim adm
}

@ -0,0 +1,2 @@
set ask askcc append dot save crt
ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via Delivered-To

@ -0,0 +1 @@
samwise.natalieandjoshua.com

@ -28,3 +28,4 @@ avahi:x:108:112:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
middle:x:1001:1001:,,,:/home/middle:/bin/bash middle:x:1001:1001:,,,:/home/middle:/bin/bash
jgdye:x:1000:1000:Joshua Dye,,,:/home/jgdye:/usr/bin/zsh jgdye:x:1000:1000:Joshua Dye,,,:/home/jgdye:/usr/bin/zsh
bind:x:109:113::/var/cache/bind:/usr/sbin/nologin bind:x:109:113::/var/cache/bind:/usr/sbin/nologin
Debian-exim:x:110:114::/var/spool/exim4:/usr/sbin/nologin

@ -1,4 +1,4 @@
root:x:0:0:root:/root:/bin/bash root:x:0:0:root:/root:/usr/bin/zsh
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin

@ -0,0 +1,15 @@
#!/bin/sh
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
[ -x /usr/lib/exim4/exim4 ] || exit 0
[ -f /etc/default/exim4 ] && . /etc/default/exim4
if [ "${QUEUERUNNER}" != "no" ] ; then
# Flush exim queue
/usr/sbin/exim4 -qqf ${QUEUERUNNEROPTIONS} ${COMMONOPTIONS}
fi

@ -0,0 +1 @@
../init.d/exim4

@ -0,0 +1 @@
../init.d/exim4

@ -0,0 +1 @@
../init.d/exim4

@ -0,0 +1 @@
../init.d/exim4

@ -0,0 +1 @@
../init.d/exim4

@ -0,0 +1 @@
../init.d/exim4

@ -0,0 +1 @@
../init.d/exim4

@ -28,3 +28,4 @@ avahi:*:17416:0:99999:7:::
middle:$6$M8N7aBIv$5gaTB8ACCVT1N0DidZviQ3.T/YarR/FIkd86BUFDUxURJF32Wa.c1.KC6CNNpG5OVlBHyNcnJY2rgEkRyRvCH.:17452:0:99999:7::: middle:$6$M8N7aBIv$5gaTB8ACCVT1N0DidZviQ3.T/YarR/FIkd86BUFDUxURJF32Wa.c1.KC6CNNpG5OVlBHyNcnJY2rgEkRyRvCH.:17452:0:99999:7:::
jgdye:$6$taLG2n/D$WCkHqVIY3aICSXIeg9pfcjEHPX1WWlnTGO8SUqXfXM/3ns56GVKCwxeKvgvzLBF3Ix3QuenmuST9.u8E.XNYD/:17452:0:99999:7::: jgdye:$6$taLG2n/D$WCkHqVIY3aICSXIeg9pfcjEHPX1WWlnTGO8SUqXfXM/3ns56GVKCwxeKvgvzLBF3Ix3QuenmuST9.u8E.XNYD/:17452:0:99999:7:::
bind:*:17452:0:99999:7::: bind:*:17452:0:99999:7:::
Debian-exim:!:17452:0:99999:7:::

@ -28,3 +28,4 @@ avahi:*:17416:0:99999:7:::
middle:$6$M8N7aBIv$5gaTB8ACCVT1N0DidZviQ3.T/YarR/FIkd86BUFDUxURJF32Wa.c1.KC6CNNpG5OVlBHyNcnJY2rgEkRyRvCH.:17452:0:99999:7::: middle:$6$M8N7aBIv$5gaTB8ACCVT1N0DidZviQ3.T/YarR/FIkd86BUFDUxURJF32Wa.c1.KC6CNNpG5OVlBHyNcnJY2rgEkRyRvCH.:17452:0:99999:7:::
jgdye:$6$taLG2n/D$WCkHqVIY3aICSXIeg9pfcjEHPX1WWlnTGO8SUqXfXM/3ns56GVKCwxeKvgvzLBF3Ix3QuenmuST9.u8E.XNYD/:17452:0:99999:7::: jgdye:$6$taLG2n/D$WCkHqVIY3aICSXIeg9pfcjEHPX1WWlnTGO8SUqXfXM/3ns56GVKCwxeKvgvzLBF3Ix3QuenmuST9.u8E.XNYD/:17452:0:99999:7:::
bind:*:17452:0:99999:7::: bind:*:17452:0:99999:7:::
Debian-exim:!:17452:0:99999:7:::

Loading…
Cancel
Save