Introduce main config option allow_insecure_tainted_data

[exim.git] / src / src / EDITME

diff --git a/src/src/EDITME b/src/src/EDITME
index fa1fe1c9fdbef4caff5448cf4ef1d9c880806c14..cebb8e2ec9e7a4a6873cc0a494a7b8c0a9a9e850 100644 (file)
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -13,12 +13,11 @@
 
 # Things that depend on the operating system have default settings in
 # OS/Makefile-Default, but these are overridden for some OS by files
-# called called OS/Makefile-<osname>. You can further override these by
-# creating files called Local/Makefile-<osname>, and
-# Local/Makefile-<buildname> (where "<osname>" stands for the name of
-# your operating system - look at the names in the OS directory to see
-# which names are recognized, and "<buildname>" is derived from the
-# environment variable "build")
+# called OS/Makefile-<osname>. You can further override these settings by
+# creating files Local/Makefile-<osname>, and Local/Makefile-<build>.
+# The suffix "<osname>" stands for the name of your operating system - look
+# at the names in the OS directory to see which names are recognized,
+# and "<build>" is the content of the environment variable "build".
 
 # However, if you are building Exim for a single OS only, you don't need to
 # worry about setting up Local/Makefile-<osname>. Any build-time configuration
@@ -432,6 +431,9 @@ LOOKUP_DNSDB=yes
 # LOOKUP_NWILDLSEARCH=yes
 
 
+# Some platforms may need this for LOOKUP_NIS:
+# LIBS += -lnsl
+
 #------------------------------------------------------------------------------
 # If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
 # which LDAP library you have. Unfortunately, though most of their functions
@@ -491,12 +493,12 @@ SUPPORT_DANE=yes
 #------------------------------------------------------------------------------
 # Compiling the Exim monitor: If you want to compile the Exim monitor, a
 # program that requires an X11 display, then EXIM_MONITOR should be set to the
-# value "eximon.bin". Comment out this setting to disable compilation of the
+# value "eximon.bin". De-comment this setting to enable compilation of the
 # monitor. The locations of various X11 directories for libraries and include
 # files are defaulted in the OS/Makefile-Default file, but can be overridden in
 # local OS-specific make files.
 
-EXIM_MONITOR=eximon.bin
+# EXIM_MONITOR=eximon.bin
 
 
 #------------------------------------------------------------------------------
@@ -562,9 +564,9 @@ DISABLE_MAL_MKS=yes
 # DISABLE_EVENT=yes
 
 
-# Uncomment this line to include support for early pipelining, per
+# Uncomment this line to remove support for early pipelining, per
 # https://datatracker.ietf.org/doc/draft-harris-early-pipe/
-# SUPPORT_PIPE_CONNECT
+# DISABLE_PIPE_CONNECT=yes
 
 
 #------------------------------------------------------------------------------
@@ -587,9 +589,13 @@ DISABLE_MAL_MKS=yes
 # CFLAGS  += -I/usr/local/include
 # LDFLAGS += -lsrs_alt
 
+# Uncomment the following lines to add SRS (Sender rewriting scheme) support
+# using only native facilities.
+# EXPERIMENTAL_SRS_NATIVE=yes
+
 # Uncomment the following line to add DMARC checking capability, implemented
 # using libopendmarc libraries. You must have SPF and DKIM support enabled also.
-# EXPERIMENTAL_DMARC=yes
+# SUPPORT_DMARC=yes
 # CFLAGS += -I/usr/local/include
 # LDFLAGS += -lopendmarc
 # Uncomment the following if you need to change the default. You can
@@ -622,6 +628,12 @@ DISABLE_MAL_MKS=yes
 # Uncomment the following line to add queuefile transport support
 # EXPERIMENTAL_QUEUEFILE=yes
 
+# Uncomment the following line to include support for TLS Resumption
+# EXPERIMENTAL_TLS_RESUME=yes
+
+# Uncomment the following to include the fast-ramp two-phase-queue-run support
+# EXPERIMENTAL_QUEUE_RAMP=yes
+
 ###############################################################################
 #                 THESE ARE THINGS YOU MIGHT WANT TO SPECIFY                  #
 ###############################################################################
@@ -737,6 +749,13 @@ FIXED_NEVER_USERS=root
 
 # WHITELIST_D_MACROS=TLS:SPOOL
 
+# The next setting enables a main config option
+# "allow_insecure_tainted_data" to turn taint failures into warnings.
+# Though this option is new, it is deprecated already now, and will be
+# ignored in future releases of Exim. It is meant as mitigation for
+# upgrading old (possibly insecure) configurations to more secure ones.
+ALLOW_INSECURE_TAINTED_DATA=yes
+
 #------------------------------------------------------------------------------
 # Exim has support for the AUTH (authentication) extension of the SMTP
 # protocol, as defined by RFC 2554. If you don't know what SMTP authentication
@@ -774,6 +793,9 @@ FIXED_NEVER_USERS=root
 # AUTH_LIBS=-lgsasl
 # AUTH_LIBS=-lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lroken -lcrypt
 
+# If using AUTH_GSASL with SCRAM methods, you should also be defining
+# SUPPORT_I18N to get standards-conformant support of utf8 normalization.
+
 
 #------------------------------------------------------------------------------
 # When Exim is decoding MIME "words" in header lines, most commonly for use
@@ -1474,4 +1496,8 @@ EXIM_TMPDIR="/tmp"
 
 # ENABLE_DISABLE_FSYNC=yes
 
+#------------------------------------------------------------------------------
+# For development, add this to include code to time various stages and report.
+# CFLAGS += -DMEASURE_TIMING
+
 # End of EDITME for Exim 4.