diff --git a/mail/exim/files.nok/extra-patch-Local-sa-exim.c b/mail/exim/files.nok/extra-patch-Local-sa-exim.c
deleted file mode 100644
index b3343e3..0000000
--- a/mail/exim/files.nok/extra-patch-Local-sa-exim.c
+++ /dev/null
@@ -1,200 +0,0 @@
---- Local/sa-exim.c.orig	2020-02-19 03:04:43 UTC
-+++ Local/sa-exim.c
-@@ -29,10 +29,7 @@ http://lists.merlins.org/lists/listinfo/sa-exim
- #include "sa-exim.h"
- 
- /* Exim includes */
--#include "local_scan.h"
--extern FILE   *smtp_out;               /* Exim's incoming SMTP output file */
--extern int     body_linecount;         /* Line count in body */
--extern uschar *primary_hostname;
-+#include <local_scan.h>
- 
- #ifdef DLOPEN_LOCAL_SCAN
- 
-@@ -409,6 +406,11 @@ int parsemlheader(char *buffer, FILE *readfh, char *he
- 	    if (buffer[strlen(buffer)-1] == '\n')
- 	    {
- 		buffer[strlen(buffer)-1]=0;
-+		/* and any carriage return */
-+		if (buffer[strlen(buffer)-1] == '\r')
-+		{
-+		    buffer[strlen(buffer)-1]=0;
-+		}
- 	    }
- 	    if (SAEximDebug > 5)
- 	    {
-@@ -515,6 +517,7 @@ int local_scan(volatile int fd, uschar **return_text)
-     int pid;
-     int writefd[2];
-     int readfd[2];
-+    char *spamc_argv[10];
-     int i;
-     /* These are the only values that we want working after the longjmp 
-      * The automatic ones can be clobbered, but we don't really care */
-@@ -550,8 +553,9 @@ int local_scan(volatile int fd, uschar **return_text)
-     static char *SAspamcpath=SPAMC_LOCATION;
-     static char *SAsafemesgidchars=SAFEMESGIDCHARS
-     static char *SAspamcSockPath=NULL;
--    static char *SAspamcPort="783";
--    static char *SAspamcHost="127.0.0.1";
-+    static char *SAspamcPort=NULL;
-+    static char *SAspamcHost=NULL;
-+    static char *SAspamcUser=NULL;
-     static char *SAEximRunCond="0";
-     static char *SAEximRejCond="1";
-     static int SAmaxbody=250*1024;
-@@ -602,6 +606,10 @@ int local_scan(volatile int fd, uschar **return_text)
-     /* Do not put a %s in there, or you'll segfault */
-     static char *SAmsgerror="Temporary local error while processing message, please contact postmaster";
- 
-+    /* This needs to be retrieved through expand_string in order
-+       not to violate the API. */
-+    uschar *primary_hostname=expand_string("$primary_hostname");
-+
-     /* New values we read from spamassassin */
-     char *xspamstatus=NULL;
-     char *xspamflag=NULL;
-@@ -712,6 +720,7 @@ int local_scan(volatile int fd, uschar **return_text)
- 	    M_CHECKFORSTR(SAspamcSockPath);
- 	    M_CHECKFORSTR(SAspamcPort);
- 	    M_CHECKFORSTR(SAspamcHost);
-+	    M_CHECKFORSTR(SAspamcUser);
- 	    M_CHECKFORSTR(SAEximRunCond);
- 	    M_CHECKFORSTR(SAEximRejCond);
- 	    M_CHECKFORVAR(SAmaxbody, "%d");
-@@ -914,6 +923,22 @@ int local_scan(volatile int fd, uschar **return_text)
- 	ret=dup2(readfd[1],2);
- 	CHECKERR(ret,"dup2 stderr",__LINE__);
- 
-+	i = 0;
-+	spamc_argv[i++] = "spamc";
-+	if (SAspamcUser && SAspamcUser[0])
-+	{
-+	    expand=expand_string(SAspamcUser);
-+	    if (expand == NULL)
-+	    {
-+		log_write(0, LOG_MAIN | LOG_PANIC, "SA: SAspamcUser expansion failure on %s, will run as Exim user instead.", SAspamcUser);
-+	    }
-+	    else if (expand[0] != '\0')
-+	    {
-+		spamc_argv[i++] = "-u";
-+		spamc_argv[i++] = expand;
-+	    }
-+	}
-+
- 	/* 
-          * I could implement the spamc protocol and talk to spamd directly
-          * instead of forking spamc, but considering the overhead spent
-@@ -924,17 +949,30 @@ int local_scan(volatile int fd, uschar **return_text)
- 	/* Ok, we cheat, spamc cares about how big the whole message is and
-          * we only know about the body size, so I'll  give an extra 16K
-          * to account for any headers that can accompany the message */
-+
-+	spamc_argv[i++] = "-s";
-+	spamc_argv[i++] = string_sprintf("%d", SAmaxbody+16384);
-+
- 	if(SAspamcSockPath)
- 	{
--	    ret=execl(SAspamcpath, "spamc", "-s", string_sprintf("%d", SAmaxbody+16384), "-U", SAspamcSockPath, NULL);
--	    CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
-+    	    spamc_argv[i++] = "-U";
-+	    spamc_argv[i++] = SAspamcSockPath;
- 	}
- 	else
- 	{
--	    ret=execl(SAspamcpath, "spamc", "-s", string_sprintf("%d", SAmaxbody+16384), "-d", SAspamcHost, "-p", SAspamcPort, NULL);
--	    CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
-+	    if (SAspamcHost) {
-+		spamc_argv[i++] = "-d";
-+		spamc_argv[i++] = SAspamcHost;
-+	    }
-+	    if (SAspamcPort) {
-+		spamc_argv[i++] = "-p";
-+		spamc_argv[i++] = SAspamcPort;
-+	    }
- 	}
--	
-+	spamc_argv[i++] = NULL;
-+
-+	ret=execv(SAspamcpath, spamc_argv);
-+	CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
-     }
- 
-     if (SAEximDebug > 8)
-@@ -1045,6 +1083,11 @@ int local_scan(volatile int fd, uschar **return_text)
- 	if (buffer[strlen(buffer)-1] == '\n')
- 	{
- 	    buffer[strlen(buffer)-1]=0;
-+	    /* and any carriage return */
-+	    if (buffer[strlen(buffer)-1] == '\r')
-+	    {
-+		buffer[strlen(buffer)-1]=0;
-+	    }
- 	}
- restart:
- 	if (SAEximDebug > 5)
-@@ -1218,7 +1261,7 @@ restart:
- 	    }
- 
- 	    stret=write(fd, buffer, strlen(buffer));
--	    CHECKERR(stret,string_sprintf("SA body write to msg"),__LINE__);
-+	    CHECKERR(stret,string_sprintf("%s", "SA body write to msg"),__LINE__);
- 	    if (SAEximDebug > 8)
- 	    {
- 		log_write(0, LOG_MAIN, "SA: Debug9: Wrote to msg; line %d (wrote %d)", line, ret);
-@@ -1229,18 +1272,20 @@ restart:
- 	    }
- 	}
- 
-+	
- 	if (SAEximDebug > 1)
- 	{
- 	    log_write(0, LOG_MAIN, "SA: Debug2: body_linecount before SA: %d", body_linecount);
- 	}
- 
- 	/* update global variable $body_linecount to reflect the new body size*/
--	body_linecount = (line - 1);
-+	if (body_linecount > 0) body_linecount = (line - 1); // Not updating if zero, indicating spool_wireformat
- 
- 	if (SAEximDebug > 1)
- 	{
- 	    log_write(0, LOG_MAIN, "SA: Debug2: body_linecount after SA: %d", body_linecount);
- 	}
-+
-     }
- 
-     fclose((FILE *)readfh);
-@@ -1331,6 +1376,9 @@ restart:
- 	
- 	if (dorej && doteergrube)
- 	{
-+	    char *teergrubewaitstr;
-+	    teergrubewaitstr=string_sprintf(SAmsgteergrubewait, spamstatus);
-+
- 	    /* By default, we'll only save temp bounces by message ID so
- 	     * that when the same message is submitted several times, we
- 	     * overwrite the same file on disk and not create a brand new
-@@ -1353,20 +1401,8 @@ restart:
- 
- 	    for (i=0;i<SAteergrubetime/10;i++)
- 	    {
--		char *str;
--		
--		/* Unfortunately, we can't use exim's smtp_printf because it
--		 * doesn't return an error code if the write gets an EPIPE.
--		 * So, we write ourselves, but this won't work if you have a
--		 * TLS connection opened (that said, if you are teergrubing
--		 * a TLS connection, it's probably a relay host, not a
--		 * spammer, and in this case you should not teergrube a
--		 * friendly relay, so basically we should be ok).
--		 * If you do teergrube an SSL connection with the current
--		 * code, you will break it, but that's acceptable */
--		str=string_sprintf(string_sprintf("451- %s\r\n",SAmsgteergrubewait), spamstatus);
--		fprintf(smtp_out, str);
--		ret=fflush(smtp_out);
-+		smtp_printf("451-%s\r\n", FALSE, teergrubewaitstr);
-+		ret=smtp_fflush();
- 		if (ret != 0)
- 		{
- 		    log_write(0, LOG_MAIN | LOG_REJECT, "SA: Action: teergrubed sender for %d secs until it closed the connection: %s (scanned in %d/%d secs | Message-Id: %s). %s", i*10, spamstatus, scantime, fulltime, safemesgid, mailinfo);
diff --git a/mail/exim/files.nok/patch-pass-fd-to-tcpwrappers b/mail/exim/files.nok/patch-pass-fd-to-tcpwrappers
deleted file mode 100644
index 91911dd..0000000
--- a/mail/exim/files.nok/patch-pass-fd-to-tcpwrappers
+++ /dev/null
@@ -1,32 +0,0 @@
---- src/smtp_in.c.orig	2017-03-08 16:31:57.587957000 +0000
-+++ src/smtp_in.c	2017-03-08 16:43:44.934346000 +0000
-@@ -2246,6 +2246,9 @@
- #ifdef USE_TCP_WRAPPERS
- struct request_info tcpwrap_ri;
- #endif
-+#ifdef USE_TCP_WRAPPERS
-+struct request_info tcpwrap_ri;
-+#endif
- 
- smtp_connection_start = time(NULL);
- for (smtp_ch_index = 0; smtp_ch_index < SMTP_HBUFF_SIZE; smtp_ch_index++)
-@@ -2602,11 +2605,14 @@
-     log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" "
-       "(tcp_wrappers_name) failed: %s", string_printing(tcp_wrappers_name),
-         expand_string_message);
--
--  if (!hosts_ctl(tcp_wrappers_name,
--         sender_host_name ? CS sender_host_name : STRING_UNKNOWN,
--         sender_host_address ? CS sender_host_address : STRING_UNKNOWN,
--         sender_ident ? CS sender_ident : STRING_UNKNOWN))
-+    request_init(&tcpwrap_ri,
-+         RQ_DAEMON, tcp_wrappers_name,
-+         RQ_FILE, fileno(smtp_out),
-+         RQ_CLIENT_NAME, (sender_host_name == NULL)? STRING_UNKNOWN : CS sender_host_name,
-+         RQ_CLIENT_ADDR, (sender_host_address == NULL)? STRING_UNKNOWN : CS sender_host_address,
-+         RQ_USER, (sender_ident == NULL)? STRING_UNKNOWN : CS sender_ident,
-+         0);
-+    if (!hosts_access(&tcpwrap_ri))
-     {
-     if (errno == 0 || errno == ENOENT)
-       {
diff --git a/mail/exim/files.nok/patch-src-auths-call_radius.c b/mail/exim/files.nok/patch-src-auths-call_radius.c
deleted file mode 100644
index 8b6b7de..0000000
--- a/mail/exim/files.nok/patch-src-auths-call_radius.c
+++ /dev/null
@@ -1,92 +0,0 @@
---- src/auths/call_radius.c.orig	2020-05-30 22:35:38.000000000 +0200
-+++ src/auths/call_radius.c	2020-06-01 19:54:14.402105000 +0200
-@@ -113,37 +113,37 @@
- 
- #ifdef RADIUS_LIB_RADIUSCLIENT
- if (rc_read_config(RADIUS_CONFIG_FILE) != 0)
--  *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
-+  *errptr = string_sprintf("%s", "RADIUS: can't open %s", RADIUS_CONFIG_FILE);
- 
- else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0)
--  *errptr = US"RADIUS: can't read dictionary";
-+  *errptr = string_sprintf("%s", "RADIUS: can't read dictionary");
- 
- else if (!rc_avpair_add(&send, PW_USER_NAME, user, 0))
--  *errptr = US"RADIUS: add user name failed";
-+  *errptr = string_sprintf("%s", "RADIUS: add user name failed\n");
- 
- else if (!rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0))
--  *errptr = US"RADIUS: add password failed");
-+  *errptr = string_sprintf("%s", "RADIUS: add password failed\n");
- 
- else if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0))
--  *errptr = US"RADIUS: add service type failed";
-+  *errptr = string_sprintf("%s", "RADIUS: add service type failed\n");
- 
- #else  /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */
- 
- if (!(h = rc_read_config(RADIUS_CONFIG_FILE)))
--  *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
-+  *errptr = string_sprintf("%s", "RADIUS: can't open %s", RADIUS_CONFIG_FILE);
- 
- else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0)
--  *errptr = US"RADIUS: can't read dictionary";
-+  *errptr = string_sprintf("%s", "RADIUS: can't read dictionary");
- 
- else if (!rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0))
--  *errptr = US"RADIUS: add user name failed";
-+  *errptr = string_sprintf("%s", "RADIUS: add user name failed\n");
- 
- else if (!rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args,
-     Ustrlen(radius_args), 0))
--  *errptr = US"RADIUS: add password failed";
-+  *errptr = string_sprintf("%s", "RADIUS: add password failed\n");
- 
- else if (!rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0))
--  *errptr = US"RADIUS: add service type failed";
-+  *errptr = string_sprintf("%s", "RADIUS: add service type failed\n");
- 
- #endif  /* RADIUS_LIB_RADIUSCLIENT */
- 
-@@ -176,7 +176,7 @@
- 
-   case BADRESP_RC:
-   default:
--    *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
-+    *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result);
-     return ERROR;
-   }
- 
-@@ -186,7 +186,7 @@
- 
- if (!(h = rad_auth_open()))
-   {
--  *errptr = string_sprintf("RADIUS: can't initialise libradius");
-+  *errptr = string_sprintf("%s", "RADIUS: can't initialise libradius");
-   return ERROR;
-   }
- if (rad_config(h, RADIUS_CONFIG_FILE) != 0 ||
-@@ -196,7 +196,7 @@
-     rad_put_int(h, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY) != 0 ||
-     rad_put_string(h, RAD_NAS_IDENTIFIER, CS primary_hostname) != 0)
-   {
--  *errptr = string_sprintf("RADIUS: %s", rad_strerror(h));
-+  *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h));
-   result = ERROR;
-   }
- else
-@@ -211,12 +211,12 @@
-       break;
- 
-     case -1:
--      *errptr = string_sprintf("RADIUS: %s", rad_strerror(h));
-+      *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h));
-       result = ERROR;
-       break;
- 
-     default:
--      *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
-+      *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result);
-       result= ERROR;
-       break;
-     }