X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fconfigure.default;h=e581288c66d85804e86bd10d86f15e5cd5d4d436;hb=6b31b1506cb3c0f48bd0bfd88b96cf04b0e95d91;hp=da3f9960128d182364c35628306ef751a12eab72;hpb=a4e3111f2b200abc53c4a23133698d765e201600;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/configure.default b/src/src/configure.default
index da3f99601..e581288c6 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -1,4 +1,4 @@
-# $Cambridge: exim/src/src/configure.default,v 1.3 2005/05/10 14:48:07 ph10 Exp $
+# $Cambridge: exim/src/src/configure.default,v 1.7 2006/02/20 16:31:49 ph10 Exp $
 
 ######################################################################
 #                  Runtime configuration file for Exim               #
@@ -61,9 +61,9 @@ domainlist relay_to_domains =
 hostlist   relay_from_hosts = 127.0.0.1
 
 # Most straightforward access control requirements can be obtained by
-# appropriate settings of the above options. In more complicated situations, you
-# may need to modify the Access Control List (ACL) which appears later in this
-# file.
+# appropriate settings of the above options. In more complicated situations,
+# you may need to modify the Access Control List (ACL) which appears later in
+# this file.
 
 # The first setting specifies your local domains, for example:
 #
@@ -192,10 +192,11 @@ host_lookup = *
 # are disabled. RFC 1413 calls are cheap and can provide useful information
 # for tracing problem messages, but some hosts and firewalls have problems
 # with them. This can result in a timeout instead of an immediate refused
-# connection, leading to delays on starting up an SMTP session.
+# connection, leading to delays on starting up SMTP sessions. (The default was
+# reduced from 30s to 5s for release 4.61.)
 
 rfc1413_hosts = *
-rfc1413_query_timeout = 30s
+rfc1413_query_timeout = 5s
 
 
 # By default, Exim expects all envelope addresses to be fully qualified, that
@@ -279,21 +280,26 @@ acl_check_rcpt:
   #
   # Two different rules are used. The first one is stricter, and is applied to
   # messages that are addressed to one of the local domains handled by this
-  # host. It blocks local parts that begin with a dot or contain @ % ! / or |.
-  # If you have local accounts that include these characters, you will have to
-  # modify this rule.
+  # host. The line "domains = +local_domains" restricts it to domains that are
+  # defined by the "domainlist local_domains" setting above. The rule  blocks
+  # local parts that begin with a dot or contain @ % ! / or |. If you have
+  # local accounts that include these characters, you will have to modify this
+  # rule.
 
   deny    message       = Restricted characters in address
           domains       = +local_domains
           local_parts   = ^[.] : ^.*[@%!/|]
 
-  # The second rule applies to all other domains, and is less strict. This
-  # allows your own users to send outgoing messages to sites that use slashes
-  # and vertical bars in their local parts. It blocks local parts that begin
-  # with a dot, slash, or vertical bar, but allows these characters within the
-  # local part. However, the sequence /../ is barred. The use of @ % and ! is
-  # blocked, as before. The motivation here is to prevent your users (or
-  # your users' viruses) from mounting certain kinds of attack on remote sites.
+  # The second rule applies to all other domains, and is less strict. The line
+  # "domains = !+local_domains" restricts it to domains that are NOT defined by
+  # the "domainlist local_domains" setting above. The exclamation mark is a
+  # negating operator. This rule allows your own users to send outgoing
+  # messages to sites that use slashes and vertical bars in their local parts.
+  # It blocks local parts that begin with a dot, slash, or vertical bar, but
+  # allows these characters within the local part. However, the sequence /../
+  # is barred. The use of @ % and ! is blocked, as before. The motivation here
+  # is to prevent your users (or your users' viruses) from mounting certain
+  # kinds of attack on remote sites.
 
   deny    message       = Restricted characters in address
           domains       = !+local_domains
@@ -310,11 +316,41 @@ acl_check_rcpt:
 
   require verify        = sender
 
+  # Accept if the message comes from one of the hosts for which we are an
+  # outgoing relay. It is assumed that such hosts are most likely to be MUAs,
+  # so we set control=submission to make Exim treat the message as a
+  # submission. It will fix up various errors in the message, for example, the
+  # lack of a Date: header line. If you are actually relaying out out from
+  # MTAs, you may want to disable this. If you are handling both relaying from
+  # MTAs and submissions from MUAs you should probably split them into two
+  # lists, and handle them differently.
+
+  # Recipient verification is omitted here, because in many cases the clients
+  # are dumb MUAs that don't cope well with SMTP error responses. If you are
+  # actually relaying out from MTAs, you should probably add recipient
+  # verification here.
+
+  # Note that, by putting this test before any DNS black list checks, you will
+  # always accept from these hosts, even if they end up on a black list. The
+  # assumption is that they are your friends, and if they get onto a black
+  # list, it is a mistake.
+
+  accept  hosts         = +relay_from_hosts
+          control       = submission
+
+  # Accept if the message arrived over an authenticated connection, from
+  # any host. Again, these messages are usually from MUAs, so recipient
+  # verification is omitted, and submission mode is set. And again, we do this
+  # check before any black list tests.
+
+  accept  authenticated = *
+          control       = submission
+
   #############################################################################
-  # There are no checks on DNS "black" lists because the domains that contain
-  # these lists are changing all the time. However, here are two examples of
-  # how you could get Exim to perform a DNS black list lookup at this point.
-  # The first one denies, while the second just warns.
+  # There are no default checks on DNS black lists because the domains that
+  # contain these lists are changing all the time. However, here are two
+  # examples of how you can get Exim to perform a DNS black list lookup at this
+  # point. The first one denies, whereas the second just warns.
   #
   # deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
   #         dnslists      = black.list.example
@@ -344,30 +380,13 @@ acl_check_rcpt:
           endpass
           verify        = recipient
 
-  # Accept if the address is in a domain for which we are relaying, but again,
-  # only if the recipient can be verified.
+  # Accept if the address is in a domain for which we are an incoming relay,
+  # but again, only if the recipient can be verified.
 
   accept  domains       = +relay_to_domains
           endpass
           verify        = recipient
 
-  # If control reaches this point, the domain is neither in +local_domains
-  # nor in +relay_to_domains.
-
-  # Accept if the message comes from one of the hosts for which we are an
-  # outgoing relay. Recipient verification is omitted here, because in many
-  # cases the clients are dumb MUAs that don't cope well with SMTP error
-  # responses. If you are actually relaying out from MTAs, you should probably
-  # add recipient verification here.
-
-  accept  hosts         = +relay_from_hosts
-
-  # Accept if the message arrived over an authenticated connection, from
-  # any host. Again, these messages are usually from MUAs, so recipient
-  # verification is omitted.
-
-  accept  authenticated = *
-
   # Reaching the end of the ACL causes a "deny", but we might as well give
   # an explicit message.
 
@@ -432,12 +451,17 @@ begin routers
 
 
 # This router routes addresses that are not in local domains by doing a DNS
-# lookup on the domain name. Any domain that resolves to 0.0.0.0 or to a
-# loopback interface address (127.0.0.0/8) is treated as if it had no DNS
-# entry. Note that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly treated
-# as the local host inside the network stack. It is not 0.0.0.0/0, the default
-# route. If the DNS lookup fails, no further routers are tried because of
-# the no_more setting, and consequently the address is unrouteable.
+# lookup on the domain name. The exclamation mark that appears in "domains = !
+# +local_domains" is a negating operator, that is, it can be read as "not". The
+# recipient's domain must not be one of those defined by "domainlist
+# local_domains" above for this router to be used.
+#
+# If the router is used, any domain that resolves to 0.0.0.0 or to a loopback
+# interface address (127.0.0.0/8) is treated as if it had no DNS entry. Note
+# that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly treated as the
+# local host inside the network stack. It is not 0.0.0.0/0, the default route.
+# If the DNS lookup fails, no further routers are tried because of the no_more
+# setting, and consequently the address is unrouteable.
 
 dnslookup:
   driver = dnslookup
@@ -447,7 +471,8 @@ dnslookup:
   no_more
 
 
-# The remaining routers handle addresses in the local domain(s).
+# The remaining routers handle addresses in the local domain(s), that is those
+# domains that are defined by "domainlist local_domains" above.
 
 
 # This router handles aliasing using a linearly searched alias file with the