-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 15/01/15 19:00, Phil Pennock wrote: > FreeBSD is carrying a local patch to Exim, adding XCLIENT support. > > The ticket requesting its addition is at: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=133891 and > there's no indication given there about why this was aimed > directly at one OS's packaging, rather than at upstream. > > The feature documentation is: > http://www.postfix.org/XCLIENT_README.html The patch can be found > at: > https://github.com/freebsd/freebsd-ports/blob/master/mail/exim/files/extra-patch-xclient > > This should probably be considered as a parallel to the proxy > protocol support which we have. > > Aside from security review, the biggest issue is likely to be that > the patch wasn't given to us and is currently a standalone work > without a license statement, so we'd need to chase down the > original author and ask about permission to include as part of > Exim, under GPL.
I have no objections about applying GPL terms to this patch, actually, I'm fine with distributing it under the CC0 license. > In 2008 there was discussion on exim-users, subject "XCLIENT > supported by exim?"; Nigel summarized the state as zero previous > discussion, no patches, so no apparent interest. The tone of the > response I see was generally "oh that's a Postfix thing, we just > connect Exim directly to the Internet without anything in front of > it". > > One of the last posts referenced an existing patch by Vsevolod > Stakhov: http://cebka.pp.ru/blog/2007/12/xclient-exim.html > http://cebka.pp.ru/blog/patch-exim-xclient but there's no longer > any DNS for that host; however, the initial report in the FreeBSD > PR #133891 referenced > <http://cebka.pp.ru/blog/2009/01/-eximxclient.html> so it seems > that the history of this patch in FreeBSD traces back to then, even > though the FreeBSD patch has been maintained as it's patched for > more recent Exim releases. In 2013, I was contacted by Tony Finch who asked me to review the patch. I have fixed several issues and added XTEXT encoding for the original patch and sent it back. It would be really nice if this feature will be included in the upstream, because acting as mail/exim maintainer in FreeBSD I have to check all extra-patch for applicability to the recent exim sources. > I think that the biggest problem is that most postmaster folks back > then didn't see the benefit of siting an Exim behind a front-end > proxy, especially since this was presented as a security proxy > adding features, where all the features _could_ be done in Exim > already. Since then, with the widening spread of protocol-generic > front-end loadbalancers, we've seen the haproxy Proxy Protocol take > off, the approach of setting normally-from-getsockopt vars based > upon remote data _if_ the connecting host passes an ACL has been > validated and seen not to be a security issue (well, unless someone > allows the extension from the open Internet, instead of just from > the local trusted proxies) and I think that this is _much_ less > controversial. > > It looks like the "Vsevolod Stakhov" from the original report is > probably the gentleman by that name now at the University of > Cambridge (oh, it's the same guy who did the cool libucl config > library stuff, that's why the name was familiar :) ). > > On this basis, I'm going to explicitly CC Tony, also at UoC who > could perhaps chat with Vsevolod, and the address found on > <https://github.com/vstakhov>. > > Guys, okay to pull this patch into Exim? BTW, I'd like also to ask the same question about native rspamd support, which could be found at the following address: https://github.com/vstakhov/rspamd/blob/master/contrib/exim/patch-exim-src_spam.c.diff So far, I have several requests from rspamd users who run exim as MTA. - -- Vsevolod Stakhov -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUuO6RAAoJEHnvd0hTzOjBicgP/15jB1WYQ58JY7w8BlQ2o9LB TgDIRfCyCctbouKDh5/zqYR3fMTzie/4Ca7M0M07k2gaaztZ/M5TDZJqEPZzhFQL cK7jSKTgVGekGkg1vgClCbpCKDYZaHO4ye5wrjR7epUAZq4HXMrXw4LfiFcxG6ri HlkMq5Lpy+veBhscWnDtAyGa8+NDlBAfoBViY1caqnfRKbYu331SoP3xsIMyaVv2 YK6VcR6t2TLmsCAuCxgdhFi2U7K8WiGkGYcKZObWKVE2Pr8LU9+Jf3hPvsh7u0i2 aKhEQsi1IO0WqY5nMJJ6+BdRhknUI1ZkQXFeevCqB07uhrHGXHLXYtC666TvXf0d dW/D2wZ+XKCs8zaKEq9MQvbHQXoj/iXJSKO5hgRCEuAFj2bG3j91v3MFZrizKhf5 urhMsyjRWLcz4CdtnGgesidA/b0bnPTXES1mlvFlLPpqVqn28u/LO8Z3Q7ysTKvX wp0dXC2f8PJ01WyRO/xHj6i580MRMYbRKmXUjleD4i31nyfwxHr+fjOFWNlRNr5l Jx/fL50rxf3scuim5lXDnEJvoSWBTWTgKpOzGjkGSWD/KdSXTAbZTXPNlG3N9dXO Nfn7CytQLsU5etRqqTKZgHOciXKuXUlJeF96LRabiQ3Z7N3L99El65cDDCnTaHAd LPcgVE0OwbtubNGPPinI =9wSF -----END PGP SIGNATURE----- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
