X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fconfigure.default;h=946137fc9ff838c9eff24b01bc12c51e8e9ea675;hb=d6ffd8ef9ebcb2dc913c75ee255459e8ff4fb4da;hp=c9b2fc6efeeeeb07be7c9eb53bd0e6ad5c5cae40;hpb=95dfacf282b0a4f0f595b43bdc997ef0e3ed43ed;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/configure.default b/src/src/configure.default
index c9b2fc6ef..946137fc9 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -169,7 +169,16 @@ acl_smtp_data =         acl_check_data
 # tls_privatekey = /etc/ssl/exim.pem
 
 # For OpenSSL, prefer EC- over RSA-authenticated ciphers
-# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+.ifdef _HAVE_OPENSSL
+tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+.endif
+
+# Don't offer resumption to (most) MUAs, who we don't want to reuse
+# tickets.  Once the TLS extension for vended ticket numbers comes
+# though, re-examine since resumption on a single-use ticket is still a benefit.
+.ifdef _HAVE_TLS_RESUME
+tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
+.endif
 
 # In order to support roaming users who wish to send email from anywhere,
 # you may want to make Exim listen on other ports as well as port 25, in
@@ -265,6 +274,11 @@ dns_dnssec_ok = 1
 # Enable an efficiency feature.  We advertise the feature; clients
 # may request to use it.  For multi-recipient mails we then can
 # reject or accept per-user after the message is received.
+# This supports recipient-dependent content filtering; without it
+# you have to temp-reject any recipients after the first that have
+# incompatible filtering, and do the filtering in the data ACL.
+# Even with this enabled, you must support the old style for peers
+# not flagging support for PRDR (visible via $prdr_requested).
 #
 .ifdef _HAVE_PRDR
 prdr_enable = true
@@ -288,7 +302,7 @@ prdr_enable = true
 # detail than the default.  Adjust to suit.
 
 log_selector = +smtp_protocol_error +smtp_syntax_error \
-	+tls_certificate_verified
+        +tls_certificate_verified
 
 
 # If you want Exim to support the "percent hack" for certain domains,
@@ -321,7 +335,7 @@ timeout_frozen_after = 7d
 
 
 # By default, messages that are waiting on Exim's queue are all held in a
-# single directory called "input" which it itself within Exim's spool
+# single directory called "input" which is itself within Exim's spool
 # directory. (The default spool directory is specified when Exim is built, and
 # is often /var/spool/exim/.) Exim works best when its queue is kept short, but
 # there are circumstances where this is not always possible. If you uncomment
@@ -478,8 +492,8 @@ acl_check_rcpt:
 
   # Insist that a HELO/EHLO was accepted.
 
-  require message	= nice hosts say HELO first
-          condition	= ${if def:sender_helo_name}
+  require message       = nice hosts say HELO first
+          condition     = ${if def:sender_helo_name}
 
   # Insist that any other recipient address that we accept is either in one of
   # our local domains, or is in a domain for which we explicitly allow
@@ -502,8 +516,8 @@ acl_check_rcpt:
   # examples of how you can get Exim to perform a DNS black list lookup at this
   # point. The first one denies, whereas the second just warns.
   #
-  # deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
-  #         dnslists      = black.list.example
+  # deny    dnslists      = black.list.example
+  #         message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
   #
   # warn    dnslists      = black.list.example
   #         add_header    = X-Warning: $sender_host_address is in a black list at $dnslist_domain
@@ -549,7 +563,6 @@ acl_check_rcpt:
 .ifdef _HAVE_PRDR
 acl_check_prdr:
   warn  set acl_m_did_prdr = y
-.endif
 
   #############################################################################
   # do lookup on filtering, with $local_part@$domain, deny on filter match
@@ -559,6 +572,7 @@ acl_check_prdr:
   #############################################################################
 
   accept
+.endif
 
 # This ACL is used after the contents of a message have been received. This
 # is the ACL in which you can test a message's headers or body, and in
@@ -573,15 +587,15 @@ acl_check_data:
   # Deny if the message contains an overlong line.  Per the standards
   # we should never receive one such via SMTP.
   #
-  deny    message    = maximum allowed line length is 998 octets, \
+  deny    condition  = ${if > {$max_received_linelength}{998}}
+          message    = maximum allowed line length is 998 octets, \
                        got $max_received_linelength
-          condition  = ${if > {$max_received_linelength}{998}}
 
   # Deny if the headers contain badly-formed addresses.
   #
-  deny	  !verify =	header_syntax
-	  message =	header syntax
-	  log_message = header syntax ($acl_verify_message)
+  deny    !verify =     header_syntax
+          message =     header syntax
+          log_message = header syntax ($acl_verify_message)
 
   # Deny if the message contains a virus. Before enabling this check, you
   # must install a virus scanner and set the av_scanner option above.
@@ -682,7 +696,6 @@ dnslookup:
   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
 # if ipv6-enabled then instead use:
 # ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
-  dnssec_request_domains = *
   no_more
 
 # This closes the ROUTER_SMARTHOST ifdef around the choice of routing for
@@ -797,19 +810,11 @@ begin transports
 
 
 # This transport is used for delivering messages over SMTP connections.
-# Refuse to send any message with over-long lines, which could have
-# been received other than via SMTP. The use of message_size_limit to
-# enforce this is a red herring.
 
 remote_smtp:
   driver = smtp
-  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
-.ifdef _HAVE_DANE
-  dnssec_request_domains = *
-  hosts_try_dane = *
-.endif
-.ifdef _HAVE_PRDR
-  hosts_try_prdr = *
+.ifdef _HAVE_TLS_RESUME
+  tls_resumption_hosts = *
 .endif
 
 
@@ -822,7 +827,6 @@ remote_smtp:
 
 smarthost_smtp:
   driver = smtp
-  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
   multi_domain
   #
 .ifdef _HAVE_TLS
@@ -848,9 +852,9 @@ smarthost_smtp:
 .ifdef _HAVE_GNUTLS
   tls_require_ciphers = SECURE192:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
 .endif
+.ifdef _HAVE_TLS_RESUME
+  tls_resumption_hosts = *
 .endif
-.ifdef _HAVE_PRDR
-  hosts_try_prdr = *
 .endif
 
 
@@ -863,7 +867,7 @@ smarthost_smtp:
 
 local_delivery:
   driver = appendfile
-  file = /var/mail/$local_part
+  file = /var/mail/$local_part_data
   delivery_date_add
   envelope_to_add
   return_path_add