bug#44553: Exim has no authenticators

Tue, 10 Nov 2020 05:46:47 -0800 

Dear guix,

Exim has no authenticator drivers. By default, they don't get included
in the binary, but in my case, I want to set up an internet site with
authenticated SMTP 
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.htm
. Authentication is necessary, otherwise the system is vulnerable to
spam abuse.

The fix would be to un-comment the following lines in the src/EDITME
(copied as Local/Makefile):

# AUTH_CRAM_MD5=yes
# AUTH_CYRUS_SASL=yes
# AUTH_DOVECOT=yes
# AUTH_EXTERNAL=yes
# AUTH_GSASL=yes
# AUTH_HEIMDAL_GSSAPI=yes
# AUTH_PLAINTEXT=yes
# AUTH_SPA=yes
# AUTH_TLS=yes

Unfortunately, CYRUS_SASL requires cyrus-sasl as a native input and
GSASL, gsasl. HEIMDAL_GSSAPI does not seem to build.

However, it is vital to have plaintext (it is the only one used in the
default exim configuration, 
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_default_configuration_file.html
) and it would be nice to have the other as authenticators. What do you
think?

Best regards,

divoplade 

From 5f1e0ea844a26a6e024443f3898969b8ab1048bb Mon Sep 17 00:00:00 2001
From: divoplade <d...@divoplade.fr>
Date: Tue, 10 Nov 2020 14:21:17 +0100
Subject: [PATCH] gnu: exim: enable some authenticators

---
 gnu/packages/mail.scm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 488e714976..4eda49e72d 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1503,7 +1503,13 @@ delivery.")
                  (("(ZCAT_COMMAND=).*" all var)
                   (string-append var gzip "/bin/zcat\n"))
                  (("# (USE_GNUTLS(|_PC)=.*)" all line)
-                  (string-append line "\n")))
+                  (string-append line "\n"))
+                 (("# AUTH_CRAM_MD5=yes") "AUTH_CRAM_MD5=yes\n")
+                 (("# AUTH_DOVECOT=yes") "AUTH_DOVECOT=yes\n")
+                 (("# AUTH_EXTERNAL=yes") "AUTH_EXTERNAL=yes\n")
+                 (("# AUTH_PLAINTEXT=yes") "AUTH_PLAINTEXT=yes\n")
+                 (("# AUTH_SPA=yes") "AUTH_SPA=yes\n")
+                 (("# AUTH_TLS=yes") "AUTH_TLS=yes\n"))
                ;; This file has hard-coded relative file names for tools despite
                ;; the zcat configuration above.
                (substitute* '("src/exigrep.src")
-- 
2.29.2

Reply via email to