summaryrefslogtreecommitdiff
path: root/network/exim/exim.Makefile
diff options
context:
space:
mode:
Diffstat (limited to 'network/exim/exim.Makefile')
-rw-r--r--network/exim/exim.Makefile55
1 files changed, 42 insertions, 13 deletions
diff --git a/network/exim/exim.Makefile b/network/exim/exim.Makefile
index 1da52718f6..9f14ed0de5 100644
--- a/network/exim/exim.Makefile
+++ b/network/exim/exim.Makefile
@@ -1,5 +1,3 @@
-# $Cambridge: exim/src/src/EDITME,v 1.27 2010/06/12 15:21:25 jetmore Exp $
-
##################################################
# The Exim mail transport agent #
##################################################
@@ -286,17 +284,17 @@ LOOKUP_DBM=yes
LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes
-# LOOKUP_CDB=yes
+LOOKUP_CDB=yes
LOOKUP_DSEARCH=yes
# LOOKUP_IBASE=yes
LOOKUP_LDAP=yes
-LOOKUP_MYSQL=yes
+# LOOKUP_MYSQL=yes
# LOOKUP_NIS=yes
# LOOKUP_NISPLUS=yes
# LOOKUP_ORACLE=yes
LOOKUP_PASSWD=yes
# LOOKUP_PGSQL=yes
-LOOKUP_SQLITE=yes
+# LOOKUP_SQLITE=yes
# LOOKUP_WHOSON=yes
# These two settings are obsolete; all three lookups are compiled when
@@ -345,8 +343,21 @@ PCRE_LIBS=-lpcre
# specified in INCLUDE. The settings below are just examples; -lpq is for
# PostgreSQL, -lgds is for Interbase, -lsqlite3 is for SQLite.
-LOOKUP_INCLUDE=-I/usr/include/mysql
-LOOKUP_LIBS=-L/usr/lib$(LIBDIRSUFFIX)/mysql -lldap -lmysqlclient -lsqlite3
+LOOKUP_INCLUDE=
+LOOKUP_LIBS=-lldap
+
+# Uncomment for MySQL lookups.
+#LOOKUP_MYSQL=yes
+#LOOKUP_INCLUDE+=-I/usr/include/mysql
+#LOOKUP_LIBS+=-L/usr/lib$(LIBDIRSUFFIX)/mysql -lmysqlclient_r
+
+# Uncomment for PostgreSQL lookups.
+#LOOKUP_PGSQL=yes
+#LOOKUP_LIBS+=-lpq
+
+# Uncomment for SQLite lookups.
+#LOOKUP_SQLITE=yes
+#LOOKUP_LIBS+=-lsqlite3
#------------------------------------------------------------------------------
@@ -357,7 +368,7 @@ LOOKUP_LIBS=-L/usr/lib$(LIBDIRSUFFIX)/mysql -lldap -lmysqlclient -lsqlite3
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
# local OS-specific make files.
-EXIM_MONITOR=eximon.bin
+# EXIM_MONITOR=eximon.bin
#------------------------------------------------------------------------------
@@ -528,7 +539,7 @@ FIXED_NEVER_USERS=root
#
# As a strictly transient measure to ease migration to 4.73, the
# WHITELIST_D_MACROS value definies a colon-separated list of macro-names
-# which are permitted to be overriden from the command-line which will be
+# which are permitted to be overridden from the command-line which will be
# honoured by the Exim user. So these are macros that can persist to delivery
# time.
# Examples might be -DTLS or -DSPOOL=/some/dir. The values on the
@@ -821,13 +832,13 @@ EXTRALIBS += -ldl
# is included only when requested by setting the following parameter to the
# location of your Radius configuration file:
-RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf
+# RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf
# RADIUS_CONFIG_FILE=/etc/radius.conf
# If you have set RADIUS_CONFIG_FILE, you should also set one of these to
# indicate which RADIUS library is used:
-RADIUS_LIB_TYPE=RADIUSCLIENT
+# RADIUS_LIB_TYPE=RADIUSCLIENT
# RADIUS_LIB_TYPE=RADIUSCLIENTNEW
# RADIUS_LIB_TYPE=RADLIB
@@ -845,8 +856,6 @@ RADIUS_LIB_TYPE=RADIUSCLIENT
# If you do not set RADIUS_LIB_TYPE, Exim assumes the radiusclient library,
# using the original API.
-EXTRALIBS += -lradiusclient
-
#------------------------------------------------------------------------------
# Support for authentication via the Cyrus SASL pwcheck daemon is available.
@@ -1210,6 +1219,26 @@ PID_FILE_PATH=/var/run/exim.pid
#------------------------------------------------------------------------------
+# Expanding match_* second paramters: BE CAREFUL IF ENABLING THIS!
+# It has proven too easy in practice for administrators to configure security
+# problems into their Exim install, by treating match_domain{}{} and friends
+# as a form of string comparison, where the second string comes from untrusted
+# data. Because these options take lists, which can include lookup;LOOKUPDATA
+# style elements, a foe can then cause Exim to, eg, execute an arbitrary MySQL
+# query, dropping tables.
+# From Exim 4.77 onwards, the second parameter is not expanded; it can still
+# be a list literal, or a macro, or a named list reference. There is also
+# the new expansion condition "inlisti" which does expand the second parameter,
+# but treats it as a list of strings; also, there's "eqi" which is probably
+# what is normally wanted.
+#
+# If you really need to have the old behaviour, know what you are doing and
+# will not complain if your system is compromised as a result of doing so, then
+# uncomment this option to get the old behaviour back.
+
+# EXPAND_LISTMATCH_RHS=yes
+
+#------------------------------------------------------------------------------
# Disabling the use of fsync(): DO NOT UNCOMMENT THE FOLLOWING LINE unless you
# really, really, really know what you are doing. And even then, think again.
# You should never uncomment this when compiling a binary for distribution.