X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/261dc43e32f6039781ca92535e56f5caaa68b809..44bbabb570db6e700a31469a0faf2ac27bf3bfe0:/src/src/EDITME diff --git a/src/src/EDITME b/src/src/EDITME index 1ae139944..7e426eaab 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -1,5 +1,3 @@ -# $Cambridge: exim/src/src/EDITME,v 1.27 2010/06/12 15:21:25 jetmore Exp $ - ################################################## # The Exim mail transport agent # ################################################## @@ -248,6 +246,19 @@ TRANSPORT_SMTP=yes # SUPPORT_MBX=yes +#------------------------------------------------------------------------------ +# See below for dynamic lookup modules. +# LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/ +# If not using package management but using this anyway, then think about how +# you perform upgrades and revert them. You should consider the benefit of +# embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can +# maintain two concurrent sets of modules. + +# To build a module dynamically, you'll need to define CFLAGS_DYNAMIC for +# your platform. Eg: +# CFLAGS_DYNAMIC=-shared -rdynamic +# CFLAGS_DYNAMIC=-shared -rdynamic -fPIC + #------------------------------------------------------------------------------ # These settings determine which file and database lookup methods are included # in the binary. See the manual chapter entitled "File and database lookups" @@ -256,6 +267,18 @@ TRANSPORT_SMTP=yes # LOOKUP_DNSDB does *not* refer to general mail routing using the DNS. It is # for the specialist case of using the DNS as a general database facility (not # common). +# If set to "2" instead of "yes" then the corresponding lookup will be +# built as a module and must be installed into LOOKUP_MODULE_DIR. You need to +# add -export-dynamic -rdynamic to EXTRALIBS. You may also need to add -ldl to +# EXTRALIBS so that dlopen() is available to Exim. You need to define +# LOOKUP_MODULE_DIR above so the exim binary actually loads dynamic lookup +# modules. +# Also, instead of adding all the libraries/includes to LOOKUP_INCLUDE and +# LOOKUP_LIBS, add them to the respective LOOKUP_*_INCLUDE and LOOKUP_*_LIBS +# (where * is the name as given here in this list). That ensures that only +# the dynamic library and not the exim binary will be linked against the +# library. +# NOTE: LDAP cannot be built as a module! LOOKUP_DBM=yes LOOKUP_LSEARCH=yes @@ -476,13 +499,13 @@ FIXED_NEVER_USERS=root # When a user other than root uses the -C option to override the configuration # file (including the Exim user when re-executing Exim to regain root # privileges for local message delivery), this will normally cause Exim to -# drop root privileges. The TRUSTED_CONFIG_PREFIX_LIST option, specifies -# a file which contains a list of trusted configuration prefixes (like the -# ALT_CONFIG_PREFIX above), one per line. If the -C option is used to specify -# a configuration file which matches a trusted prefix, root privileges are not -# dropped by Exim. +# drop root privileges. The TRUSTED_CONFIG_LIST option, specifies a file which +# contains a list of trusted configuration filenames, one per line. If the -C +# option is used by the Exim user or by the user specified in the +# CONFIGURE_OWNER setting, to specify a configuration file which is listed in +# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. -# TRUSTED_CONFIG_PREFIX_LIST=/usr/exim/trusted_configs +# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs #------------------------------------------------------------------------------ @@ -493,6 +516,31 @@ FIXED_NEVER_USERS=root # DISABLE_D_OPTION=yes +#------------------------------------------------------------------------------ +# By contrast, you might be maintaining a system which relies upon the ability +# to override values with -D and assumes that these will be passed through to +# the delivery processes. As of Exim 4.73, this is no longer the case by +# default. Going forward, we strongly recommend that you use a shim Exim +# configuration file owned by root stored under TRUSTED_CONFIG_LIST. +# That shim can set macros before .include'ing your main configuration file. +# +# As a strictly transient measure to ease migration to 4.73, the +# WHITELIST_D_MACROS value definies a colon-separated list of macro-names +# which are permitted to be overridden from the command-line which will be +# honoured by the Exim user. So these are macros that can persist to delivery +# time. +# Examples might be -DTLS or -DSPOOL=/some/dir. The values on the +# command-line are filtered to only permit: [A-Za-z0-9_/.-]* +# +# This option is highly likely to be removed in a future release. It exists +# only to make 4.73 as easy as possible to migrate to. If you use it, we +# encourage you to schedule time to rework your configuration to not depend +# upon it. Most people should not need to use this. +# +# By default, no macros are whitelisted for -D usage. + +# WHITELIST_D_MACROS=TLS:SPOOL + #------------------------------------------------------------------------------ # Exim has support for the AUTH (authentication) extension of the SMTP # protocol, as defined by RFC 2554. If you don't know what SMTP authentication @@ -505,6 +553,7 @@ FIXED_NEVER_USERS=root # AUTH_CRAM_MD5=yes # AUTH_CYRUS_SASL=yes # AUTH_DOVECOT=yes +# AUTH_GSASL=yes # AUTH_PLAINTEXT=yes # AUTH_SPA=yes @@ -512,9 +561,10 @@ FIXED_NEVER_USERS=root #------------------------------------------------------------------------------ # If you specified AUTH_CYRUS_SASL above, you should ensure that you have the # Cyrus SASL library installed before trying to build Exim, and you probably -# want to uncomment the following line: +# want to uncomment the first line below. Similarly for GNU SASL. # AUTH_LIBS=-lsasl2 +# AUTH_LIBS=-lgsasl #------------------------------------------------------------------------------ @@ -1156,6 +1206,26 @@ TMPDIR="/tmp" # SUPPORT_MOVE_FROZEN_MESSAGES=yes +#------------------------------------------------------------------------------ +# Expanding match_* second paramters: BE CAREFUL IF ENABLING THIS! +# It has proven too easy in practice for administrators to configure security +# problems into their Exim install, by treating match_domain{}{} and friends +# as a form of string comparison, where the second string comes from untrusted +# data. Because these options take lists, which can include lookup;LOOKUPDATA +# style elements, a foe can then cause Exim to, eg, execute an arbitrary MySQL +# query, dropping tables. +# From Exim 4.77 onwards, the second parameter is not expanded; it can still +# be a list literal, or a macro, or a named list reference. There is also +# the new expansion condition "inlisti" which does expand the second parameter, +# but treats it as a list of strings; also, there's "eqi" which is probably +# what is normally wanted. +# +# If you really need to have the old behaviour, know what you are doing and +# will not complain if your system is compromised as a result of doing so, then +# uncomment this option to get the old behaviour back. + +# EXPAND_LISTMATCH_RHS=yes + #------------------------------------------------------------------------------ # Disabling the use of fsync(): DO NOT UNCOMMENT THE FOLLOWING LINE unless you # really, really, really know what you are doing. And even then, think again.