merge changes from trunk:1590-1595

svn path=/exim/branches/4.63-3-experimental/; revision=1597

5 files changed, 148 insertions, 78 deletions

diff --git a/debian/README.Debian.xml b/debian/README.Debian.xml
index aede8c3..d504c0d 100644
--- a/debian/README.Debian.xml
+++ b/debian/README.Debian.xml
@@ -1472,71 +1472,114 @@ commands        rmail rnews rsmtp
   </section>
   <section>
     <title>Misc Notes</title>
-    <para>
-      PAM: On Debian systems the PAM modules run as the same user as
-      the calling program, so they can't do anything you couldn't do
-      yourself, and in particular can't access
-      <filename>/etc/shadow</filename> unless the user is in group
-      shadow. - If you want to use <filename>/etc/shadow</filename>
-      for Exim's SMTP AUTH you will need to run exim as group shadow. 
-      Only exim4-daemon-heavy is linked against libpam.
-      I suggest using saslauthd instead.
-    </para>
-    <para>
-      In the default configuration, exim cannot locally deliver
-      e-mails to accounts which have capitals in their name. This is
-      caused by the fact that exim converts the local part of incoming
-      e-mail to lower case before the comparision done by the
-      check_local_user directive in routers is done.
-
-      The router option caseful_local_part can be used to control
-      this, and we decided not to set this option in the Debian
-      configuration since it would be a rather big change to exim's
-      default behavior.
-    </para>
-    <para>
-      <command>convert4r4</command> is installed as
-      <filename>/usr/sbin/exim_convert4r4.</filename>
-    </para>
-    <para>
-      Changed defaults:
-      * charset for $header_foo expansions defaults to UTF-8 instead of
-      ISO-8859-1
-    </para>
-    <para>
-      Since version 4.23 exim cannot run deliveries as root anymore. 
-      If you don't redirect mail for root via
-      <filename>/etc/aliases</filename> to a nonpriviledged account on
-      Debian the mail will be delivered to
-      <filename>/var/mail/mail</filename> with permissions 0600 and
-      owner mail:mail.
-
-      This is done by
-      <filename>/etc/exim4/conf.d/router/mmm_mail4root</filename>.
-      </para>
-    <para>
-      Most of the scripts that come with this Debian package do a
-      <command>set -x</command> if invoked with the environment
-      variable EX4DEBUG defined and non-zero. This is particularly
-      handy if you need to debug the maintainer scripts that are
-      invoked during package installation. Since dpkg redirects stdout
-      of maintainer scripts, calling dpkg with EX4DEBUG set might
-      yield interesting results. If in doubt, invoke the maintainer
-      scripts with EX4DEBUG set manually directly from the command
-      line.
-    </para>
-    <para>
-      <ulink url="http://marc.merlins.org/linux/exim/">Marc Merlin's
-      Exim 4 Page</ulink> has a lot of ACL examples.
-    </para>
-    <para>
-      For an example of Exim usage in a <emphasis>large</emphasis>
-      installation, see Tony Finch's <ulink
-      url="http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2005-02-eximconf/">paper</ulink>
-      about the exim installation at University of Cambridge:
-    </para>
+    <section>
+      <title>PAM</title>
+        <para>
+	  PAM: On Debian systems the PAM modules run as the same user
+	  as the calling program, so they can't do anything you
+	  couldn't do yourself, and in particular can't access
+	  <filename>/etc/shadow</filename> unless the user is in group
+	  shadow. - If you want to use
+	  <filename>/etc/shadow</filename> for Exim's SMTP AUTH you
+	  will need to run exim as group shadow.  Only
+	  exim4-daemon-heavy is linked against libpam. I suggest using
+	  saslauthd instead.
+        </para>
+    </section>
+    <section>
+      <title>Account name restrictions</title>
+        <para>
+          In the default configuration, exim cannot locally deliver
+          e-mails to accounts which have capitals in their name. This is
+          caused by the fact that exim converts the local part of incoming
+          e-mail to lower case before the comparision done by the
+          check_local_user directive in routers is done.
+        </para>
+	<para>
+          The router option caseful_local_part can be used to control
+          this, and we decided not to set this option in the Debian
+          configuration since it would be a rather big change to exim's
+          default behavior.
+        </para>
+    </section>
+    <section>
+        <title>No deliveries to root!</title>
+        <para>
+            No exim4 version released with any Debian OS can run
+	    deliveries as root. If you don't redirect mail for root via
+            <filename>/etc/aliases</filename> to a nonprivileged
+            account, the mail will be delivered to
+	    <filename>/var/mail/mail</filename> with permissions 0600 and
+            owner mail:mail.
+	</para>
+	<para>
+	    This redirection is done by the mail4root router which
+            is last in the list and will thus catch mail for root that has not
+            been taken care of earlier.
+        </para>
+    </section>
+    <section>
+        <title>Debugging maintainer and init scripts</title>
+        <para>
+	    Most of the scripts that come with this Debian package do a
+	    <command>set -x</command> if invoked with the environment
+	    variable EX4DEBUG defined and non-zero. This is particularly
+	    handy if you need to debug the maintainer scripts that are
+	    invoked during package installation. Since dpkg redirects
+	    stdout of maintainer scripts, calling dpkg with EX4DEBUG
+	    set might yield interesting results. If in doubt, invoke
+	    the maintainer scripts with EX4DEBUG set manually directly
+	    from the command line.
+        </para>
+    </section>
+    <section>
+        <title>SELinux</title>
+        <para>
+            There is no SELinux policy for exim4 available so far.
+	    Until this is resolved, users should use postfix or
+	    sendmail if they intend to run SELinux.
+        </para>
+	<para>
+	    The Debian exim4 maintainers would appreciate if
+            somebody could write an SELinux policy. We will gladly
+	    use them in the Debian packages as long as there is
+	    somebody available to test, debug and support.
+	</para>
+    </section>
+    <section>
+        <title>misc</title>
+        <itemizedlist>
+    	    <listitem>
+    	        <simpara>
+                    <command>convert4r4</command> is installed as
+                    <filename>/usr/sbin/exim_convert4r4.</filename>
+		</simpara>
+	    </listitem>
+    	    <listitem>
+    	        <simpara>
+                    The charset for $header_foo expansions defaults to
+		    UTF-8 instead of ISO-8859-1.
+		</simpara>
+	    </listitem>
+    	    <listitem>
+    	        <simpara>
+		    <ulink url="http://marc.merlins.org/linux/exim/">
+		    Marc Merlin's Exim 4 Page</ulink> has a lot of ACL
+		    examples.
+		</simpara>
+	    </listitem>
+    	    <listitem>
+    	        <simpara>
+		    For an example of Exim usage in a
+		    <emphasis>large</emphasis> installation, see
+		    Tony Finch's 
+		    <ulink url="http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2005-02-eximconf/">paper</ulink>
+		    about the exim installation at University of Cambridge:
+		</simpara>
+	    </listitem>
+	</itemizedlist>
+    </section>
   </section>  
-
   <section>
     <title>Debian modifications to the Exim source</title>
     <variablelist>
diff --git a/debian/changelog b/debian/changelog
index f9c3e31..1c58017 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -57,8 +57,19 @@ exim4 (4.63-3.0) UNRELEASED; urgency=low
   * Macroize log_selector, remove +tls_cipher from examples (it is on
     by default) and always set tls_peerdn (we use TLS by default for
     outgoing connections). Make it easier to enable debug logging.
+  * Mention in the comments of the default RCPT ACL that verification
+    is likely to have false negatives in smarthost/satellite setups. This
+    is the easiest way to fix #388460; the "real" fix would be very very
+    complicated and thus unsuitable for the default configuration.
+    Closes: #388460
+  * README.Debian:
+    * Re-Work "misc" section to contain subsection. Fix minor
+      formatting issues.
+    * Add a section about SELinux to the misc subsection saying that
+      we currently do not have an SELinux policy but would appreciate
+      people helping here. This is already bug #387327 and #390179.
 
- -- Marc Haber <mh+debian-packages@zugschlus.de>  Fri, 22 Sep 2006 14:03:12 +0000
+ -- Marc Haber <mh+debian-packages@zugschlus.de>  Fri, 29 Sep 2006 18:04:04 +0200
 
 exim4 (4.63-3) unstable; urgency=low
 
diff --git a/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
index ff05e73..cb4b73b 100644
--- a/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
+++ b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
@@ -100,6 +100,11 @@ acl_check_rcpt:
   # This is disabled by default so that DNSless systems don't break. If
   # your system can do DNS lookups without delay or cost, you might want
   # to enable this feature.
+  #
+  # This feature does not work in smarthost and satellite setups as
+  # with these setups all domains pass verification. See spec.txt chapter
+  # 39.31 with the added information that a smarthost/satellite setup
+  # routes all non-local e-mail to the smarthost.
   .ifdef CHECK_RCPT_VERIFY_SENDER
   deny
     message = Sender verification failed
@@ -108,6 +113,10 @@ acl_check_rcpt:
   .endif
 
   # Verify senders listed in local_sender_callout with a callout.
+  #
+  # In smarthost and satellite setups, this causes the callout to be
+  # done to the smarthost. Verification will thus only be reliable if the
+  # smarthost does reject illegal addresses in the SMTP dialog.
   deny
     !acl = acl_whitelist_local_deny
     senders = ${if exists{CONFDIR/local_sender_callout}\
@@ -158,9 +167,7 @@ acl_check_rcpt:
 
   # We also require all accepted addresses to be verifiable. This check will
   # do local part verification for local domains, but only check the domain
-  # for remote domains. The only way to check local parts for the remote
-  # relay domains is to use a callout (add /callout), but please read the
-  # documentation about callouts before doing this.
+  # for remote domains.
   require
     verify = recipient
 
@@ -168,7 +175,9 @@ acl_check_rcpt:
   # Verify recipients listed in local_rcpt_callout with a callout.
   # This is especially handy for forwarding MX hosts (secondary MX or
   # mail hubs) of domains that receive a lot of spam to non-existent
-  # addresses
+  # addresses.  The only way to check local parts for remote relay
+  # domains is to use a callout (add /callout), but please read the
+  # documentation about callouts before doing this.
   deny
     !acl = acl_whitelist_local_deny
     recipients = ${if exists{CONFDIR/local_rcpt_callout}\
diff --git a/debian/exim4-base.cron.daily b/debian/exim4-base.cron.daily
index 5efd64b..9267196 100644
--- a/debian/exim4-base.cron.daily
+++ b/debian/exim4-base.cron.daily
@@ -14,6 +14,7 @@ fi
 
 E4BCD_WATCH_PANICLOG="yes"
 E4BCD_PANICLOG_NOISE=""
+E4BCD_GNUTLS_PARAMS_MAXAGE="14"
 
 # Only do anything if exim4 is actually installed
 if [ ! -x /usr/lib/exim4/exim4 ]; then
@@ -73,13 +74,18 @@ if [ -x /usr/sbin/exim_tidydb ]; then
       --chuid Debian-exim:Debian-exim -- $SPOOLDIR > /dev/null
 fi
 
-/usr/share/exim4/exim4_refresh_gnutls-params
+if ! [ -z "$(exim -bP tls_advertise_hosts | sed 's/.*=[[:space:]]\(.*\)/\1/')" ]; then 
+  # TLS enabled
 
-GNUTLS_PARAMS_FILE="gnutls-params"
-GNUTLS_PARAMS_MAXAGE="14"
-if [ -n "$(find $SPOOLDIR -maxdepth 1 -name $GNUTLS_PARAMS_FILE -mtime +$GNUTLS_PARAMS_MAXAGE)" ] ; then
-  log_this "ALERT: $SPOOLDIR/$GNUTLS_PARMS_FILE is older than $GNUTLS_PARAMS_MAXAGE days, please check your entropy generator"
-    if ! echo -e "Subject: outdated $GNUTLS_PARMS_FILE on $(hostname)\nTo: root\n\n$SPOOLDIR/$GNUTLS_PARMS_FILE on $(hostname) is older than $GNUTLS_PARAMS_MAXAGE days, please check your entropy generator" | exim4 root; then
-      log_this "PANIC: sending out e-mail warning has failed, exim has non-zero return code"
-    fi
+  # refresh GnuTLS parameters via external script
+  /usr/share/exim4/exim4_refresh_gnutls-params
+
+  # warn if GnuTLS parameters have not been refreshed for 
+  GNUTLS_PARAMS_FILE="gnutls-params"
+  if [ -n "$(find $SPOOLDIR -maxdepth 1 -name $GNUTLS_PARAMS_FILE -mtime +$E4BCD_GNUTLS_PARAMS_MAXAGE)" ] ; then
+    log_this "ALERT: $SPOOLDIR/$GNUTLS_PARMS_FILE is older than $E4BCD_GNUTLS_PARAMS_MAXAGE days, please check your entropy generator"
+      if ! echo -e "Subject: outdated $GNUTLS_PARMS_FILE on $(hostname)\nTo: root\n\n$SPOOLDIR/$GNUTLS_PARMS_FILE on $(hostname) is older than $E4BCD_GNUTLS_PARAMS_MAXAGE days, please check your entropy generator" | exim4 root; then
+        log_this "PANIC: sending out e-mail warning has failed, exim has non-zero return code"
+      fi
+  fi
 fi
diff --git a/debian/exim4_refresh_gnutls-params b/debian/exim4_refresh_gnutls-params
index 7801551..0c10969 100755
--- a/debian/exim4_refresh_gnutls-params
+++ b/debian/exim4_refresh_gnutls-params
@@ -32,8 +32,9 @@ if [ -z "$1" ]; then
       --chuid Debian-exim:Debian-exim -- ${CERTTOOLTIMEOUT}
     exit 0
   else
-    # zap existing file to have exim regenerate on the flx
+    # zap existing file to have exim regenerate on the fly
     rm -f $SPOOLDIR/gnutls-params
+    exit 0
   fi
 fi