From a8e066fe45d329521c65fbefe281247882aa58d1 Mon Sep 17 00:00:00 2001
From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Sun, 22 Apr 2018 05:51:08 -0400
Subject: [PATCH] misc updates from mccarthy config

---
 conf.d/auth/30_exim4-config_examples          | 60 +++++++++----------
 conf.d/main/01_exim4-config_listmacrosdefs    |  2 +-
 conf.d/main/02_exim4-config_options           |  4 +-
 .../35_exim4-config_address_directory         |  4 +-
 4 files changed, 34 insertions(+), 36 deletions(-)

diff --git a/conf.d/auth/30_exim4-config_examples b/conf.d/auth/30_exim4-config_examples
index bb4843b..ec7df95 100644
--- a/conf.d/auth/30_exim4-config_examples
+++ b/conf.d/auth/30_exim4-config_examples
@@ -99,7 +99,7 @@
 #   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
 #   server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
 #   .endif
-# 
+#
 # digest_md5_sasl_server:
 #   driver = cyrus_sasl
 #   public_name = DIGEST-MD5
@@ -218,35 +218,6 @@
 # 	        {^^}\
 # 	    }
 
-# hcoop-change: auth against sasld
-hcoop_plain:
-  driver = plaintext
-  public_name = PLAIN
-  server_prompts = :
-  server_condition = \
-    ${if or {{crypteq {$auth3} \
-                      {${extract{systempw}{${tr{${lookup{$auth2} \
-                                 dbm{/etc/courier/exim.dat} \
-                           }}{|}{ }}}}}} \
-             {saslauthd {{$auth2}{$auth3}{exim4}}}}}
-  server_set_id = $auth2
-  server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
-
-hcoop_login:
-  driver = plaintext
-  public_name = LOGIN
-  server_prompts = "Username:: : Password::"
-  server_condition = \
-    ${if or {{crypteq {$auth2} \
-                      {${extract{systempw}{${tr{${lookup{$auth1} \
-                                 dbm{/etc/courier/exim.dat} \
-                           }}{|}{ }}}}}} \
-             {saslauthd {{$auth1}{$auth2}{exim4}}}}}
-  server_set_id = $auth1
-  server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
-
-# hcoop-change: Comment out plain and login authenticators
-
 # plain:
 #   driver = plaintext
 #   public_name = PLAIN
@@ -280,4 +251,31 @@ hcoop_login:
 #                       {}fail}\
 #                  ; ${extract{1}{::}{PASSWDLINE}}\
 # 		 ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-# .endif
\ No newline at end of file
+# .endif
+
+# hcoop-change: auth against sasld
+hcoop_plain:
+  driver = plaintext
+  public_name = PLAIN
+  server_prompts = :
+  server_condition = \
+    ${if or {{crypteq {$auth3} \
+                      {${extract{systempw}{${tr{${lookup{$auth2} \
+                                 dbm{/etc/courier/exim.dat} \
+                           }}{|}{ }}}}}} \
+             {saslauthd {{$auth2}{$auth3}{exim4}}}}}
+  server_set_id = $auth2
+  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+
+hcoop_login:
+  driver = plaintext
+  public_name = LOGIN
+  server_prompts = "Username:: : Password::"
+  server_condition = \
+    ${if or {{crypteq {$auth2} \
+                      {${extract{systempw}{${tr{${lookup{$auth1} \
+                                 dbm{/etc/courier/exim.dat} \
+                           }}{|}{ }}}}}} \
+             {saslauthd {{$auth1}{$auth2}{exim4}}}}}
+  server_set_id = $auth1
+  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
\ No newline at end of file
diff --git a/conf.d/main/01_exim4-config_listmacrosdefs b/conf.d/main/01_exim4-config_listmacrosdefs
index 071987a..23f93fe 100644
--- a/conf.d/main/01_exim4-config_listmacrosdefs
+++ b/conf.d/main/01_exim4-config_listmacrosdefs
@@ -126,7 +126,7 @@ CHECK_RCPT_SPF = true
 # hcoop-change: use hcoop cert 2015-05-04 clinton
 MAIN_TLS_CERTKEY = /etc/hcoop-ssl/hcoop.pem
 
-# hcoop-change: forward to mailman deleuze
+# hcoop-change: uncomment and set to mailman host if this server does not host mailman
 #HCOOP_MAILMAN_RELAY_HOST = deleuze.hcoop.net
 
 # hcoop-change: all mail for users < 1000 to logs, reject entirely from untrusted remote hosts
diff --git a/conf.d/main/02_exim4-config_options b/conf.d/main/02_exim4-config_options
index 64b8cc2..80e90e1 100644
--- a/conf.d/main/02_exim4-config_options
+++ b/conf.d/main/02_exim4-config_options
@@ -101,8 +101,8 @@ primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
 # rejecting them. This can result in a timeout instead of an immediate refused
 # connection, leading to delays on starting up SMTP sessions. (The default was
 # reduced from 30s to 5s for release 4.61.)
-# rfc1413_hosts = *
-# rfc1413_query_timeout = 5s
+# rfc1413_hosts =
+# rfc1413_query_timeout = 0s
 
 # When using an external relay tester (such as rt.njabl.org and/or the
 # currently defunct relay-test.mail-abuse.org, the test may be aborted
diff --git a/conf.d/transport/35_exim4-config_address_directory b/conf.d/transport/35_exim4-config_address_directory
index d976f4b..e226ee6 100644
--- a/conf.d/transport/35_exim4-config_address_directory
+++ b/conf.d/transport/35_exim4-config_address_directory
@@ -2,8 +2,8 @@
 # or .forward files if the path ends in "/", which causes it to be treated
 # as a directory name rather than a file name.
 
-# hcoop-change: Add bogus group line to make sure get-token gets
-# executed and ignore owner
+# hcoop-change: Run get-token in directory so we acquire afs tokens,
+#  and ignore owner
 
 address_directory:
   debug_print = "T: address_directory for $local_part@$domain"
-- 
2.20.1