This is a unified RPM spec file which has a number of options contained within it: you can select whether to build with:

• Eximon support
• Exiscan-ACL support (spec versions prior to 4.24 also support the 'old-style' Exiscan)
• SA-Exim support

As with my other RPM spec files, this is primarily designed for/tested on Red Hat (tested on 7.3, 9 and Fedora Core 1.0), mainly with reference to the Makefile settings; you may have to change them for other OS's. It also includes a number of useful things missing from the main Exim distribution such as sysinit script, log rotation script etc. Basically it should be a complete drop-in replacement for sendmail. You can download the spec file and other files below:

NOTE: The spec file/Makefile for Exim 4.30 up as provided below assumes that you are using the user/group 'mailnull' to run Exim as. This group exists by default on newer versions of Red Hat and some other systems, although you may want to change it's home directory in /etc/passwd from /var/spool/mqueue to /var/spool/exim. If it doesn't exist, you can either create it or change the EXIM_USER option in the Makefile along with the %{eximuser} and %{eximgroup} macros in the spec file to choose a different user/group to run as.

• Exim 4.30 spec file. Requires:
  • exim.aliases
  • exim.clean
  • exim.init
  • exim4.logrotate
  • exim.sysconfig
  • exim-4.30.Makefile (alter to your tastes; this basic version caters for a Red Hat system and includes OpenSSL support but doesn't include LDAP, PAM etc.)

Post-install configuration (for fresh installs)

After installing using this packaging, you will probably need to change a couple of things in /etc/exim.conf:

• Change the reference to 'SYSTEM_ALIASES_FILE' to '/etc/aliases'
• For Red Hat systems, uncomment the 'user=mail' and 'mode=0660' parameters in the local_delivery transport

Red Hat 9 notes

In Red Hat 9, OpenSSL is linked into Kerberos but the system include path doesn't include the Kerberos headers, thus making the compilation fail. This problem has been extensively discussed on the exim-users mailing list, and the conclusion is that you need to set TLS_INCLUDE as follows:

• TLS_INCLUDE=-I/usr/kerberos/include/

Alternatively, add this to your ~/.rpmrc file

• optflags: i386 -O2 -g -march=i386 -mcpu=i686 -I/usr/kerberos/include

Mandrake notes

Derek Simkowiak notes that db.h (the header file for your DBM library) may not be installed by default, which will prevent Exim building. On Mandrake systems you can get this file by installing the RPM libdb3.3-devel RPM (or similar) (which may require libdbtcl). On Red Hat systems, this file is normally part of the db3-devel package.

Mandrake users should take care: a program called 'msec' may change the installed permissions of Exim's binary. You may need to adjust /usr/share/msec/perm.x (where 'x' is your security level), and set the permissions for /usr/sbin/sendmail to 4755.

Exim 4.24

• Exim 4.24 spec file. Requires:
  • exim.aliases
  • exim.clean
  • exim.init
  • exim4.logrotate
  • exim.sysconfig
  • exim-4.24.Makefile (alter to your tastes; this basic version caters for a Red Hat system and includes OpenSSL support but doesn't include LDAP, PAM etc.)

Exim 4.22

• Exim 4.22 spec file. Requires:
  • exim.aliases
  • exim.clean
  • exim.init
  • exim4.logrotate
  • exim.sysconfig
  • exim-4.22.Makefile

Exim 4.20

• Exim 4.20 spec file. Requires:
  • exim.aliases
  • exim.clean
  • exim.init
  • exim4.logrotate
  • exim.sysconfig
  • exim-4.20.Makefile

Exiscan patches

I have produced some small patches to Exiscan in the past, which are listed below. They are no longer needed with the latest version of Exiscan as the functionality is included.

Exiscan 4.24 debug-keepfiles patch

The below patches apply to the original Exiscan, now deprecated. They do not work with Exiscan-ACL. Also, the information disclosure patches are not needed anyway for Exiscan-ACL, due to the different way that Exiscan-ACL handles things)

Information Disclosure Patches

These patches together reduce the disclosure of sensitive information to the outside world under error situations. A typical Exiscan error message, returned to a remote MTA, may look something like: "421 Temporary local problem - ClamAV connection to 127.0.0.1, port 3310 failed: Connection refused". Personally I think that's too much information, so I've come up with these patches for Exim 4.14/Exiscan rel 26. Note that they are no longer needed for Exiscan-ACL.

• exiscan-4.14-26.error_messages.patch - this is a trivial, 1-line patch that stops the leaking of sensitive info, but unfortunately it also stops it being logged so that you can find out what went wrong.
• exiscan-4.14-26.log_errors.patch - this patch forces the full logging of temporary errors into the Exim main log (but not to the outside world), to counteract the above problem.

I've also come up with 'proper fixes' that separate out the error messages for internal/external errors and will hopefully be included in future versions of Exiscan:

• exiscan-4.14-26.ext-int.errors-header.patch
• exiscan-4.14-26.ext-int.errors.patch

Debugging patches

This patch creates a new option 'exiscan_debug_keepfiles' - if you set this to 1, the temporary files that Exiscan creates for a virus scanner to chew on will be saved, so you can find out exactly how the different de-MIME options affect things, and run individual attachments in their source form through your virus scanner.

• exiscan-4.14-26.debug_keepfiles.patch