X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fconfigure.default;h=c053466cf8bc1a289c1e767c8e5007ed5ee3cc43;hb=11b31159ac7d1acef923c29053fc3d9c6bbf5c12;hp=9247b10fe593b9a61754fd64ee7e3792a817d6c7;hpb=26739076aecabbede0a75c9554e4562c63bb1616;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/configure.default b/src/src/configure.default
index 9247b10fe..c053466cf 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -225,6 +225,13 @@ never_users = root
 host_lookup = *
 
 
+# The setting below causes Exim to try to initialize the system resolver
+# library with DNSSEC support.  It has no effect if your library lacks
+# DNSSEC support.
+
+dns_dnssec_ok = 1
+
+
 # The settings below cause Exim to make RFC 1413 (ident) callbacks
 # for all incoming SMTP calls. You can limit the hosts to which these
 # calls are made, and/or change the timeout that is used. If you set
@@ -593,6 +600,7 @@ dnslookup:
   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
 # if ipv6-enabled then instead use:
 # ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
+  dnssec_request_domains = *
   no_more
 
 
@@ -724,7 +732,12 @@ begin transports
 
 remote_smtp:
   driver = smtp
+  hosts_try_prdr = *
   message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+.ifdef _HAVE_DANE
+  dnssec_request_domains = *
+  hosts_try_dane = *
+.endif
 
 
 # This transport is used for delivering messages to a smarthost, if the
@@ -736,6 +749,7 @@ remote_smtp:
 
 smarthost_smtp:
   driver = smtp
+  hosts_try_prdr = *
   message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
   multi_domain
   #
@@ -751,10 +765,10 @@ smarthost_smtp:
   tls_try_verify_hosts = *
   #
 .ifdef _HAVE_OPENSSL
-  tls_require_ciphers = HIGH:@STRENGTH
+  tls_require_ciphers = HIGH:!aNULL:@STRENGTH
 .endif
 .ifdef _HAVE_GNUTLS
-  tls_require_ciphers = NONE:+VERS-TLS1.2:SECURE192
+  tls_require_ciphers = SECURE192:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
 .endif
 .endif