X-Git-Url: https://git.hcoop.net/hcoop/debian/exim4.git/blobdiff_plain/de45f55a663159e1967e347a64e3edd87efe5e8e..01e60269815612fced0df2994079cb2081f8ff0b:/debian/README.Debian.xml
diff --git a/debian/README.Debian.xml b/debian/README.Debian.xml
index 30c5961..77b4a37 100644
--- a/debian/README.Debian.xml
+++ b/debian/README.Debian.xml
@@ -35,14 +35,6 @@
lead you to the page.
-
-
- The Debian Exim 4 packages have their own
-
- Home Page
- which also links to a User FAQ.
-
-
The very extensive Upstream documentation is shipped
@@ -120,13 +112,6 @@
extremely flexible, allowing you to get exactly the amount of
control you need for the job at hand.
-
- The development web page contains a lot of
- useful links and other information. The subversion repository
- of the Debian package is available for public read-only access
- and is linked from the development web page.
-
Feature Sets in the daemon packages
To use Exim 4, you need at least the following packages:
@@ -214,8 +199,9 @@
please be familiar with how Exim works. At minimum, have read this
README file and the manpages delivered with the Debian Exim 4
packages, and /usr/share/doc/exim4-base/spec.txt.gz
- chapters 3 and 6. spec.txt.gz is an excellent
- reference.
+ chapters "How Exim receives and delivers mail" and
+ "The Exim run time configuration file".
+ spec.txt.gz is an excellent reference.
Please note that while most free-form fields in the
@@ -486,10 +472,9 @@
list extra care needs to be taken in this case.
Unresolvable names in the host list will break
relaying. See
-
- Exim specification - chapter Domain, host, address, and
- local part lists
- and the exim4-config_files man page.
+ Exim specification chapter "Domain, host, address, and
+ local part lists"
+ and the exim4-config_files man page.
IP address or host name of the outgoing
@@ -511,7 +496,9 @@
<para>
Multiple smarthost entries are permitted, semicolon
separated. Each of the hosts is tried, in the order
- specified (See Exim specification, chapter 20.5).
+ specified (See Exim specification, chapter
+ <phrase>"The manualroute router"</phrase>, section
+ <phrase>"How the list of hosts is used"</phrase>.)
</para>
</section>
<section> <title>Hide local mail name in outgoing mail
@@ -773,7 +760,7 @@
setting macros. That way, you can switch on and off certain
parts of the default configuration and/or override values set
in Debconf without having to touch the dpkg-conffiles. While
- touching dpkg-conffiles itself is explitly allowed and wanted,
+ touching dpkg-conffiles itself is explicitly allowed and wanted,
it can be quite a nuisance to be asked on package upgrade
whether one wants to use the locally changed file or the
file changed by the package maintainer.
@@ -800,7 +787,8 @@
into the appropriate file. For more detailed discussion of the
general macro mechanism, see the Exim specification, chapter
- 6.4, for details how macro expansion works.
+ "The Exim run time configuration file", for
+ details how macro expansion works.
How does this work?
@@ -1138,7 +1126,7 @@
(most prominent example being nearly all versions of Microsoft
Outlook and Outlook Express, and Incredimail) insist on doing
TLS on connect on Port 465. If you need to support these, set
- SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
+ SMTPLISTENEROPTIONS='-oX 465:25 -oP /run/exim4/exim.pid'
in /etc/default/exim4 and
"tls_on_connect_ports=465" in the main configuration section.
@@ -1148,13 +1136,14 @@
job will malfunction.
- It might be appropriate to add "+tls_cipher +tls_peerdn" to
+ It might be appropriate to add "+tls_cipher" to
any log_selector statement you might already have, or to add a
log_selector statement setting these two options in a local
- configuration file. These options have Exim log what cipher
+ configuration file. (For Debian's configuration simply define
+ the MAIN_LOG_SELECTOR macro.)
+ This option makes Exim log what cipher
your Exim and the peer's mailer have negotiated to use to
- encrypt the transaction, and they have Exim log the
- Distinguished Name of the peer's certificate.
+ encrypt the transaction.
Exim can be configured to ask a client for a certificate and to
@@ -1379,6 +1368,11 @@
to no. E4BCD_WATCH_PANICLOG=once will
rotate a non-empty paniclog automatically after sending out
the warning e-mail.
+
+
+ The E4BCD_PANICLOG_LINES setting can be
+ used to limit the number of lines of paniclog quoted in
+ warning email. It is set to 10 by default.
@@ -1488,20 +1482,20 @@ smtp stream tcp nowait Debian-exim /usr/sbin/exim4 exim4 -bs
Just in case that you need exceptions to the rule,
- /etc/exim4/lowuid_aliases is an alias
+ /etc/exim4/lowuid-aliases is an alias
file that is only honored for local accounts with UID lower
than FIRST_USER_ACCOUNT_UID. If you define an alias for such an
account here, incoming mail is processed according to the
alias. If you alias the account to itself, messages are
delivered to the account itself, which is an exception to the
rule that messages for low-UID accounts are rejected. The
- format of /etc/exim4/lowuid_aliases is
+ format of /etc/exim4/lowuid-aliases is
just another alias file.
How to bypass local routing specialities
- Sometimes, it might be desireable to be able to bypass local
+ Sometimes, it might be desirable to be able to bypass local
routing specialities like the alias file or a user-forward
file. This is possible in the Debian Exim4 packages by
prefixing the account name with "real-". For a local account
@@ -1722,6 +1716,46 @@ commands rmail rnews rsmtp
+ Notes on running SpamAssassin at SMTP time
+
+ Exim can run
+
+ SpamAssassin while receiving a message by SMTP which
+ allows one to avoid acceptance of spam messages. The Debian
+ configuration contains some example code for running SpamAssassin,
+ but like all filtering this needs to be handled carefully.
+
+
+ SpamAssassin's default report should not be used in a add_header
+ statement since it contains empty lines. (This triggers e.g.
+ Amavis' warning "BAD HEADER SECTION, Improper folded header field
+ made up entirely of whitespace".) This is a safe, terse alternative:
+
+ clear_report_template
+ report (_SCORE_ / _REQD_ requ) _TESTSSCORES(,)_ autolearn=_AUTOLEARN_
+
+
+
+ Rejecting spam messages: Do not reject spam-messages received on
+ (non-spam) mailing lists, this can/will cause auto-unsubscription.
+ This also applies to messages received via forwarding services
+ (e.g. @debian.org addresses). If theses messages are rejected the
+ forwarding services will need to send a bounce address to the
+ spammer and will probably disable the forwarding if it happens all
+ the time. You will need to have some kind of whitelist to exclude
+ these hosts.
+
+
+ Security considerations: By default spamd
+ runs as root and changes uid/gid to the requested user to run
+ SpamAssassin. The example uses SpamAssassin default non-privileged
+ user (nobody) which prevents use of Bayesian filtering since this
+ requires persistent storage. You might want to setup a dedicated
+ user for exim spam scanning and use that one, either for a separate
+ SpamAssassin user profile or to run SpamAssassin as non-privileged
+ user.
+
+
Updating from Exim 3
@@ -1772,7 +1806,7 @@ commands rmail rnews rsmtp
Misc Notes
PAM
- PAM: On Debian systems the PAM modules run as the same user
+ On Debian systems the PAM modules run as the same user
as the calling program, so they cannot do anything you
could not do yourself, and in particular cannot access
/etc/shadow unless the user is in group
@@ -1788,7 +1822,7 @@ commands rmail rnews rsmtp
In the default configuration, Exim cannot locally deliver
mail to accounts which have capitals in their name. This is
caused by the fact that Exim converts the local part of incoming
- mail to lower case before the comparision done by the
+ mail to lower case before the comparison done by the
check_local_user directive in routers is done.
@@ -1875,85 +1909,59 @@ paper
Debian modifications to the Exim source
-
-
-
-
- Patches by Steve Haslam:
-
-
-
- boolean_redefine_protect
- [src/mytypes.h]
- Surround the definition of TRUE and FALSE macros with #ifndef
- /#endif, in case some other header defines them (from mixing No
- Perl and Exim, istr)
-
-
-
-
-
- Other stuff
-
-
-
-
-
- link exim dynamically against pcre.
-
-
-
-
- The main binary is /usr/sbin/exim4:
-
-
-
- src/globals.c was changed to use 'US
- BIN_DIRECTORY "/exim4"' as default for
- exim_path.
-
-
-
-
- changed default for $exim_path (modulo
- lower/upper case) from BIN_DIRECTORY/exim to
- BIN_DIRECTORY/exim4 in exicyclog.src,
- exim_checkaccess.src, eximon.src, exinext.src,
- exiqgrep.src, exiwhat.src.
-
-
-
-
- OS/Makefile-Linux:EXIWHAT_MULTIKILL_ARG=exim4
-
-
-
-
-
-
-
- localscan_dlopen
-.patch:
- Allow to use and switch between different local_scan
+
+
+
+ Install the exim binary as /usr/sbin/exim4 instead of
+ /usr/sbin/exim-<version> with a symlink /usr/sbin/exim. Also
+ adapt the documentation.
+
+
+
+
+ Make the build reproducible. Pull date/time from debian/changelog
+ and use it as build time instead of using __DATE__.
+
+
+
+
+ Documentation updates
+
+
+
+
+ Mention how to install the Debian packaged perl-modules needed
+ for eximstats' graphs.
+
+
+
+
+ Add a warning about convert4r4.
+
+
+
+
+ Point to the
+ Debian-specific mailing list instead of
+ the official
+ exim-users list.
+
+
+
+
+
+
+ localscan_dlopen.patch:
+ This patch makes it possible to use and switch between
+ different local_scan
functions without recompiling Exim. Use
local_scan_path = /path/to/sharedobject to utilize
local_scan() in /path/to/sharedobject.
-
-
-
-
- changes to the documentation to have the
- Debian-specific mailing list mentioned where
- the official
- exim-users list is mentioned
-
-
-
-
-
-
+
+
+