On Sat, Aug 23, 2003 at 02:14:36AM -0500, Cory Daehn wrote:
> exim-4.22-3rph.i586.rpm was the source.
>
> (/root) -> exim -bV
[...]
> Configuration file is /etc/exim/exim.conf
> My question is, what if any, changes will I need to add SA/Exiscan to my
> configuration...
Impossible to tell, exim -bV does not tell whether the binary was
patched with exiscan-acl or includes sa-exim as local_scan. You could
copy your exim.conf, include an inactive ACL using exiscan-options
-------------
inactive:
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
-------------
and test whether "exim -bV -C /path/to/exim.conf.axiscanacl" barfs
with:
2003-08-23 09:55:17 Exim configuration error in line 135:
error in ACL: unknown ACL condition/modifier in "demime = *"
or not.
> As much as I'm opposed to the idea, the request has finally
> come down due to the latest viruses... Everything I'm seeing is talking
> about compiling exim... something I'd rather not do if I can avoid it since I
> have yet to get the 4.x version to build properly on my system for some
> reason.
There are precompiled rpm's for RedHat7/8/9 on
ftp.exim.org which
include the exiscan-acl and offer the sa-exim plugin as separate
rpm. They work quite well for me. If you are running RedHat and
deciding to use rpm I'd suggest to backup your config, copy
/etc/exim/exim.conf to /etc/exim/exim4.conf, uninstall (probably with
---force) the old rpms and install Nigel's rpms afterwards. rpm -U
probably won't work.
> I would also like to explore the possibility of adding SMTP-AUTH to my
> configuration, PAM is already built in,
PAM is a little bit more difficult, you'll need to add pam-exim
> but many of my users are virtual
> domain users, whose password information is kept in
> /etc/vmail/shadow.domain.name...
Just use a regular lsearch lookup, like this one, which parses an
colon separated list containing username and crypted pasword in the
leading two columns, and cleartext password in the 3rd column
plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if crypteq{$3}{${extract{1}{:}\
{${lookup{$2}lsearch{CONFDIR/passwd}{$value}\
{*:*}}}}}{1}{0}}"
server_set_id = $2
server_prompts = :
cram_md5:
driver = cram_md5
public_name = CRAM-MD5
# force failure if lookup doesn't succeed
server_secret = ${extract{2}{:}{${lookup{$1}\
lsearch{CONFDIR//passwd}{$value}fail}}}
server_set_id = $1
spect.txt has more examples.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
