Holger Jeromin | 10 Mar 16:58 2011

exim with 6to4 tunnel


i have an static ipv4 and configured a 6to4 tunnel.

exim4 uses this connection to deliver an mail to an freenet user.
But my 6to4 adress has no reverse DNS record, so their spamfilter
rejects this connection:

SMTP error from remote mail server after RCPT TO:<xxx <at> freenet.de>:
    host mx.freenet.de [2001:748:100:40::8:110]: 550 inconsistent or no
DNS PTR record for 2002:my:6to4::1 (see RFC 1912 2.1)

Non-authoritative answer:
freenet.de      mail exchanger = 1 mx.freenet.de.

Authoritative answers can be found from:
mx.freenet.de   internet address =
mx.freenet.de   internet address =
mx.freenet.de   internet address =
mx.freenet.de   has AAAA address 2001:748:100:40::8:110
mx.freenet.de   has AAAA address 2001:748:100:40::8:111
mx.freenet.de   has AAAA address 2001:748:100:40::8:112
dns.roka.net    internet address =
ns2.roka.net    internet address =
ns2.roka.net    has AAAA address 2001:748:100:70::2
ns2.free-net.net        internet address =

I just disabled ipv6 for exim:
disable_ipv6 = true
(Continue reading)

Andreas Metzler | 11 Feb 19:38 2011

syncing with ubuntu - enable hardening


apart from a bugfix (#528625) the Ubuntu package only has one
interesting difference: Add and enable hardened build for PIE:
Build-Depends:  hardening-wrapper


Any thoughts on merging this? I tend to do so, since I do not know of 
strong reasons against.
cu andreas
Andreas Metzler | 23 Jan 18:27 2011

Re: Uploading fixes

[moving back to the list]

On 2011-01-21 Andreas Metzler <ametzler <at> downhill.at.eu.org> wrote:
> FWIW: I consider CVE-2011-0017 to be a published issue. - The patch
> has been commited to git. I will prepare an update of 4.72 for sid/lenny
> and intend to upload on the weekend.

4.72-4 uploaded and unblocked for squeeze. Do you want me to prepare a
-lenny3 (probably with an added
cu andreas
Marc Haber | 10 Dec 13:49 2010

Uploading fixes


I have committed a few fixes to svn regarding the local privilege
escalation. Regaring the remote access exploit, it looks like this
patch is already in 4.70.

I plan to upload later today or on saturday. In the absence of any
reaction of any other members of the maintainer team, I'll do this
without further consultation. If you want to participate, please speak.


Andreas Metzler | 26 Oct 14:20 2010

Uploading SVN head to sid


I would like to upload svn head to sid, trying to get it into sqeeze.
Both the translation updates and the fix for #567876 would be nice
to have.

cu andreas
Kaz Kylheku | 19 Aug 00:17 2010

Oops! rbl_domains doesn't work (Lenny).

Hey all,

I grabbed the exim4-daemon-heavy package, but still no dice.

Upon doing an /etc/init.d/exim4 restart:

error in ACL: unknown ACL condition/modifier in "rbl_domains =
blackholes.mail-abuse.org/reject : dialups.mail-abuse.org/reject :

daemon-heavy not heavy enough?

Pkg-exim4-devel mailing list
Pkg-exim4-devel <at> lists.alioth.debian.org

Andreas Metzler | 3 Jun 18:30 2010

Uploading 4.72 to unstable


I would like to upload exim 4.72 to unstable, the code is identical to
the prerelase uploaded to experimental.

cu andreas

Pkg-exim4-devel mailing list
Pkg-exim4-devel <at> lists.alioth.debian.org

Andreas Metzler | 20 Mar 19:16 2010

New upload?


I think it couldn't hurt to upload current SVN:

   * Drop unneeded lintian overrides.
     + description-contains-homepage
     + debian/source.lintian-overrides dbg-package-missing-depends exim4-dbg.
     + partially-translated-question
     + maintainer-script-needs-depends-on-update-inetd
     + possible-bashism-in-maintainer-script
     + binary-without-manpage
     + possible-debconf-note-abuse
     + changelog-not-compressed-with-max-compression
   * Lintian informational hints:
     + hyphen-used-as-minus-sign. debian/manpages/exim4-config_files.5
       debian/manpages/update-exim4.conf.8 debian/manpages/exiwhat.8
   * Use dh_lintian.
   * Fix sourcing of lsb-functions in init-script. Test for existence of
     /usr/lib/exim4/exim4 first. Unconditionally read /lib/lsb/init-functions.
     If they are not present the package's dependencies are not installed.
     Bump dependency on lsb-base to 3.0-6. (log_action_*)
   * Update reference to spec.txt in README.Debian. Closes: #568051
   * Invoke spfquery as spfquery.mail-spf-query-perl. There are three different
     implementations of spfquery in Debian, with incompatible commandline
     switches and different exit codes. Closes: #573956


cu andreas

(Continue reading)

Andreas Metzler | 13 Oct 19:21 2009

4.70 pre-release


I plan to push the 4.70 prerelase to testing, based on the deban code
currently available in SVN branches/4.69+cvs (+ at least #550841).
Please speak up (or be faster than me) if there are changes you are
not happy with.

For your convenience, the current changelog:
  * Fix syntax errors in README.Debian.xml. (Thank's, Daniel Leidert)
  * New upstream cvs snapshot.
    + Drop unnecessary patches: 36_pcre 37_exiwhatpsmisc.
    + Close dovecot socket after wrong password was given. Closes: #515503
    + Standalone DKIM support. Obsoletes and therefore
      Closes: #486437,#459883
  * Drop upstream URL from package descriptions. Closes: #471425
  * [patches/00_unpack.dpatch] Drop workaround for tar 1.14, even oldstable
    has 1.16. Closes: #486436.
  * Do not set 'tls_try_verify_hosts = *' by default anymore. Some clients
    (e.g Outlook) will terminate the SSL connection when the server presents
    the long list of accepted TLS certificates after STARTTLS. If TLS
    certificate validation of clients is needed you'll need to set
    a file containing only the accepted certificates.
    Closes: #515999, #316522, #482012
  * Add debian/README.source. (Policy 3.8.3)
  * Fix typo in update-exim4.conf.8.
    Thanks to Calum Mackay. Closes: #543354
  * Listen on IPv6 loopback interface by default. (Only applies to fresh
    installations.) Closes: #544292
(Continue reading)

Edison Wong | 19 Aug 07:19 2009

Hope to contribute for Exim4 + LDAP integration

Hi folks,

I am new with Debian package development and hope to contribute for
Exim4 + LDAP integration. I am now file the research progress as package
with name Exim4-LDAP. Would someone like to review this?

The primary goal of Exim4-LDAP is going to replace Qmail-LDAP with
identical LDAP schema and clone most of the major features. It is depend
on Debian's Exim4 with split configuration file handling and
exim4-daemon-heavy. Some example configuration files are also provided
for integrate with Courier, Samba, PAM/NSS, and so on. It is now
supporting local mail, forward, aliases, quota, max message size,
vacation message, program pipe, etc. BTW, no CLI nor GUI management
tools are including now.

Project homepage:

SVN source repositories:
|Browse SVN with ViewVC:|

Draft installation guideline:

Some other question:
1. Should I submit this project to Debian and try to be an official
maintainer? I have read some document but have no idea right now.
(Continue reading)

Teemu Likonen | 13 Aug 12:34 2009

Suggestion about PkgExim4UserFAQ


I have a suggestion to improve the item 1.3.3 "Exim stops delivery after
ten messages are received" in the Debian's Exim FAQ:


Among other things, it currently says:

    It is, however, a better fix for the fetchmail case to have
    fetchmail execute exim -q after finishing the retrieving process.
    This decreases the load spike which would otherwise be experienced
    if one had simply increased smtp_accept_queue_per_connection.

    You can specify a command to execute in fetchmailrc using the
    postconnect user option, e.g. postconnect "/usr/sbin/exim4 -q", in
    the appropriate "poll" line in your fetchmailrc. This, of course,
    assumes that the user running fetchmail has the appropriate
    privileges to cause an exim queue run (for example, it is a member
    of the Debian-exim group).

I'd suggest adding another option for fetchmail users: skipping Exim
processing completely and deliver directly to procmail or similar
delivery agent. This does not require any privileged access (like "exim
-q" does). Perhaps something like the following text to the FAQ item
1.3.3 would do. Feel free to improve it and possibly fix my English.

    Alternatively, you can configure fetchmail to deliver its mail
    directly to a local mail delivery agent, such as procmail. You can
    do this with keyword "mda" in the "defaults" section or "poll"
(Continue reading)