X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fconfigure.default;h=946137fc9ff838c9eff24b01bc12c51e8e9ea675;hb=4f10c76912b0ac78397ea157306460c20f30689a;hp=729cdc39230081848be02973034c6cb341b01ba5;hpb=599fc3c68f5e942c1d662012053ecfc6ea26bd49;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/configure.default b/src/src/configure.default
index 729cdc392..946137fc9 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -169,7 +169,16 @@ acl_smtp_data =         acl_check_data
 # tls_privatekey = /etc/ssl/exim.pem
 
 # For OpenSSL, prefer EC- over RSA-authenticated ciphers
-# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+.ifdef _HAVE_OPENSSL
+tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+.endif
+
+# Don't offer resumption to (most) MUAs, who we don't want to reuse
+# tickets.  Once the TLS extension for vended ticket numbers comes
+# though, re-examine since resumption on a single-use ticket is still a benefit.
+.ifdef _HAVE_TLS_RESUME
+tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
+.endif
 
 # In order to support roaming users who wish to send email from anywhere,
 # you may want to make Exim listen on other ports as well as port 25, in
@@ -801,15 +810,11 @@ begin transports
 
 
 # This transport is used for delivering messages over SMTP connections.
-# Refuse to send any message with over-long lines, which could have
-# been received other than via SMTP. The use of message_size_limit to
-# enforce this is a red herring.
 
 remote_smtp:
   driver = smtp
-  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
-.ifdef _HAVE_PRDR
-  hosts_try_prdr = *
+.ifdef _HAVE_TLS_RESUME
+  tls_resumption_hosts = *
 .endif
 
 
@@ -822,7 +827,6 @@ remote_smtp:
 
 smarthost_smtp:
   driver = smtp
-  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
   multi_domain
   #
 .ifdef _HAVE_TLS
@@ -848,9 +852,9 @@ smarthost_smtp:
 .ifdef _HAVE_GNUTLS
   tls_require_ciphers = SECURE192:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
 .endif
+.ifdef _HAVE_TLS_RESUME
+  tls_resumption_hosts = *
 .endif
-.ifdef _HAVE_PRDR
-  hosts_try_prdr = *
 .endif