X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/c21235119a8ab47a55abcf94a83aace510edf5d7..19fdbfb4a2b6ca4a6a96ef52be848f0a23e2414f:/src/src/EDITME diff --git a/src/src/EDITME b/src/src/EDITME index e568bdbb1..a950662e6 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -198,7 +198,7 @@ SPOOL_DIRECTORY=/var/spool/exim # the libraries and headers are installed, as the pkg-config .pc # specification should include all -L/-I information necessary. # Enabling the USE_*_PC options should be sufficient. If not using -# pkg-config, then you have to specify the libraries, and you mmight +# pkg-config, then you have to specify the libraries, and you might # need to specify the locations too. # Uncomment the following lines if you want @@ -207,7 +207,7 @@ SPOOL_DIRECTORY=/var/spool/exim # Unless you do this, you must define one of USE_OPENSSL or USE_GNUTLS # below. -# If you are buliding with TLS, the library configuration must be done: +# If you are building with TLS, the library configuration must be done: # Uncomment this if you are using OpenSSL # USE_OPENSSL=yes @@ -276,6 +276,9 @@ SPOOL_DIRECTORY=/var/spool/exim # specified in INCLUDE. +# Uncomment the following line to remove support for TLS Resumption +# DISABLE_TLS_RESUME=yes + ############################################################################### # THESE ARE THINGS YOU PROBABLY WANT TO SPECIFY # @@ -411,6 +414,8 @@ LOOKUP_DNSDB=yes # LOOKUP_IBASE=yes # LOOKUP_JSON=yes # LOOKUP_LDAP=yes +# LOOKUP_LMDB=yes + # LOOKUP_MYSQL=yes # LOOKUP_MYSQL_PC=mariadb # LOOKUP_NIS=yes @@ -452,19 +457,19 @@ LOOKUP_DNSDB=yes #------------------------------------------------------------------------------ -# The PCRE library is required for Exim. There is no longer an embedded +# The PCRE2 library is required for Exim. There is no longer an embedded # version of the PCRE library included with the source code, instead you -# must use a system library or build your own copy of PCRE. +# must use a system library or build your own copy of PCRE2. # In either case you must specify the library link info here. If the -# PCRE header files are not in the standard search path you must also +# PCRE2 header files are not in the standard search path you must also # modify the INCLUDE path (above) # # Use PCRE_CONFIG to query the pcre-config command (first found in $PATH) # to find the include files and libraries, else use PCRE_LIBS and set INCLUDE # too if needed. -PCRE_CONFIG=yes -# PCRE_LIBS=-lpcre +PCRE2_CONFIG=yes +# PCRE_LIBS=-lpcre2 #------------------------------------------------------------------------------ @@ -487,7 +492,15 @@ SUPPORT_DANE=yes # You do not need to use this for any lookup information added via pkg-config. # LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include -# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3 +# LOOKUP_INCLUDE +=-I /usr/local/include +# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3 -llmdb + +#------------------------------------------------------------------------------ +# If you included LOOKUP_LMDB above you will need the library. Depending +# on where installed you may also need an include directory +# +# LOOKUP_INCLUDE += -I/usr/local/include +# LOOKUP_LIBS += -llmdb #------------------------------------------------------------------------------ @@ -560,13 +573,20 @@ DISABLE_MAL_MKS=yes # DISABLE_DNSSEC=yes # To disable support for Events set DISABLE_EVENT to "yes" - # DISABLE_EVENT=yes -# Uncomment this line to include support for early pipelining, per +# Uncomment this line to remove support for early pipelining, per # https://datatracker.ietf.org/doc/draft-harris-early-pipe/ -# SUPPORT_PIPE_CONNECT=yes +# DISABLE_PIPE_CONNECT=yes + + +# Uncomment the following to remove the fast-ramp two-phase-queue-run support +# DISABLE_QUEUE_RAMP=yes + +# Uncomment the following lines to add SRS (Sender Rewriting Scheme) support +# using only native facilities. +# SUPPORT_SRS=yes #------------------------------------------------------------------------------ @@ -580,21 +600,10 @@ DISABLE_MAL_MKS=yes # EXPERIMENTAL_DCC=yes -# Uncomment the following lines to add SRS (Sender rewriting scheme) support. -# You need to have libsrs_alt installed on your system (srs.mirtol.com). -# Depending on where it is installed you may have to edit the CFLAGS and -# LDFLAGS lines. - -# EXPERIMENTAL_SRS=yes -# CFLAGS += -I/usr/local/include -# LDFLAGS += -lsrs_alt - -# Uncomment the following lines to add SRS (Sender rewriting scheme) support -# using only native facilities. -# EXPERIMENTAL_SRS_NATIVE=yes - # Uncomment the following line to add DMARC checking capability, implemented # using libopendmarc libraries. You must have SPF and DKIM support enabled also. +# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken; +# 1.3.2-3 works. I seems that the OpenDMARC project broke their API. # SUPPORT_DMARC=yes # CFLAGS += -I/usr/local/include # LDFLAGS += -lopendmarc @@ -618,22 +627,9 @@ DISABLE_MAL_MKS=yes # Uncomment the following to include extra information in fail DSN message (bounces) # EXPERIMENTAL_DSN_INFO=yes -# Uncomment the following to add LMDB lookup support -# You need to have LMDB installed on your system (https://github.com/LMDB/lmdb) -# Depending on where it is installed you may have to edit the CFLAGS and LDFLAGS lines. -# EXPERIMENTAL_LMDB=yes -# CFLAGS += -I/usr/local/include -# LDFLAGS += -llmdb - # Uncomment the following line to add queuefile transport support # EXPERIMENTAL_QUEUEFILE=yes -# Uncomment the following line to include support for TLS Resumption -# EXPERIMENTAL_TLS_RESUME=yes - -# Uncomment the following to include the fast-ramp two-phase-queue-run support -# EXPERIMENTAL_QUEUE_RAMP=yes - ############################################################################### # THESE ARE THINGS YOU MIGHT WANT TO SPECIFY # ############################################################################### @@ -749,6 +745,13 @@ FIXED_NEVER_USERS=root # WHITELIST_D_MACROS=TLS:SPOOL +# The next setting enables a main config option +# "allow_insecure_tainted_data" to turn taint failures into warnings. +# Though this option is new, it is deprecated already now, and will be +# ignored in future releases of Exim. It is meant as mitigation for +# upgrading old (possibly insecure) configurations to more secure ones. +ALLOW_INSECURE_TAINTED_DATA=yes + #------------------------------------------------------------------------------ # Exim has support for the AUTH (authentication) extension of the SMTP # protocol, as defined by RFC 2554. If you don't know what SMTP authentication