3 ### Basic settings for distorted.org.uk Exim configuration
5 ### (c) 2012 Mark Wooding
8 ###----- Licensing notice ---------------------------------------------------
10 ### This program is free software; you can redistribute it and/or modify
11 ### it under the terms of the GNU General Public License as published by
12 ### the Free Software Foundation; either version 2 of the License, or
13 ### (at your option) any later version.
15 ### This program is distributed in the hope that it will be useful,
16 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ### GNU General Public License for more details.
20 ### You should have received a copy of the GNU General Public License
21 ### along with this program; if not, write to the Free Software Foundation,
22 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 ###--------------------------------------------------------------------------
27 SECTION(global, priv)m4_dnl
28 prod_requires_admin = false
30 SECTION(global, logging)m4_dnl
31 log_file_path = : syslog
36 syslog_duplication = false
37 syslog_timestamp = false
39 SECTION(global, daemon)m4_dnl
40 local_interfaces = <; CONF_interfaces
41 extra_local_interfaces = <; 0.0.0.0 ; ::
43 SECTION(global, resource)m4_dnl
44 deliver_queue_load_max = 8
47 smtp_accept_queue = 32
48 smtp_accept_reserve = 4
49 smtp_load_reserve = 10
50 smtp_reserve_hosts = +trusted
52 SECTION(global, policy)m4_dnl
55 SECTION(global, users)m4_dnl
57 gecos_pattern = ([^,:]*)
59 SECTION(global, incoming)m4_dnl
60 received_header_text = Received: \
61 ${if def:sender_rcvhost {from $sender_rcvhost\n\t} \
62 {${if def:sender_ident \
63 {from ${quote_local_part:$sender_ident} }}\
64 ${if def:sender_helo_name \
65 {(helo=$sender_helo_name)\n\t}}}}\
66 by $primary_hostname \
67 ${if def:received_protocol \
68 {with $received_protocol \
69 ${if def:tls_cipher {(cipher=$tls_cipher)\n\t}}}}\
70 (Exim $version_number)\n\t\
71 ${if def:sender_address \
72 {(envelope-from <$sender_address>\
73 ${if def:authenticated_id \
74 {; auth=$authenticated_id}})\n\t}}\
76 ${if def:received_for {\n\tfor $received_for}}
78 SECTION(global, smtp)m4_dnl
79 smtp_return_error_details = true
80 accept_8bitmime = true
82 SECTION(global, process)m4_dnl
83 extract_addresses_remove_arguments = false
84 headers_charset = utf-8
85 qualify_domain = CONF_master_domain
87 SECTION(global, bounce)m4_dnl
88 delay_warning = 1h : 24h : 2d
91 ###--------------------------------------------------------------------------
92 ### Access control lists.
94 SECTION(global, acl-after)
95 SECTION(global, acl)m4_dnl
97 SECTION(acl, misc)m4_dnl
99 require message = The other one has bells on
104 SECTION(global, acl)m4_dnl
106 SECTION(acl, mail)m4_dnl
109 ## Always allow the empty sender, so that we can receive bounces.
112 ## Ensure that the sender is routable. This is important to prevent
113 ## undeliverable bounces.
114 require message = Invalid sender; \
115 ($sender_verify_failure; $acl_verify_message)
118 ## If this is directly from a client then hack on it for a while.
119 warn condition = ${if eq{$acl_c_mode}{submission}}
122 SECTION(acl, mail-tail)m4_dnl
126 SECTION(global, acl)m4_dnl
127 acl_smtp_connect = connect
128 SECTION(acl, connect)m4_dnl
130 SECTION(acl, connect-tail)m4_dnl
131 ## Configure variables according to the submission mode.
132 warn acl = check_submission
138 ## See whether this message needs hacking on.
139 accept !hosts = +localnet
140 !condition = ${if ={$received_port}{CONF_submission_port}}
141 set acl_c_mode = relay
143 ## Remember to apply submission controls.
144 warn set acl_c_mode = submission
149 SECTION(global, acl)m4_dnl
151 SECTION(acl, rcpt)m4_dnl
154 ## Reject if the client isn't allowed to relay and the recipient
155 ## isn't in one of our known domains.
156 deny message = Relaying not permitted
157 !hosts = CONF_relay_clients
161 ## Ensure that the recipient is routable.
162 require message = Invalid recipient \
163 ($recipient_verify_failure; $acl_verify_message)
166 SECTION(acl, rcpt-tail)m4_dnl
167 ## Everything checks out OK: let this one go through.
170 SECTION(global, acl)m4_dnl
172 SECTION(acl, data)m4_dnl
175 SECTION(acl, data-tail)m4_dnl
178 SECTION(global, acl)m4_dnl
179 acl_smtp_expn = expn_vrfy
180 acl_smtp_vrfy = expn_vrfy
183 accept hosts = +trusted
184 deny message = Suck it and see
187 ###--------------------------------------------------------------------------
188 ### Common options for forwarding routers.
190 ## We're pretty permissive here.
191 m4_define(<:FILTER_BASE:>,
199 forbid_blackhole = false
200 check_ancestor = true:>)
202 ## Common options for forwarding routers at verification time.
203 m4_define(<:FILTER_VERIFY:>,
205 user = CONF_filter_user
206 forbid_filter_dlfunc = true
207 forbid_filter_logwrite = true
208 forbid_filter_perl = true
209 forbid_filter_readsocket = true
210 forbid_filter_run = true
211 file_transport = dummy
212 directory_transport = dummy
213 pipe_transport = dummy
214 reply_transport = dummy:>)
216 ## Transports for redirection filters.
217 m4_define(<:FILTER_TRANSPORTS:>,
218 <:file_transport = mailbox
219 directory_transport = maildir
220 pipe_transport = pipe
221 reply_transport = reply:>)
224 ###--------------------------------------------------------------------------
225 ### Some standard transports.
227 m4_define(<:USER_DELIVERY:>,
228 <:delivery_date_add = true
229 envelope_to_add = true
230 return_path_add = true:>)
232 SECTION(transports)m4_dnl
233 ## A standard transport for remote delivery. Try to do TLS, and don't worry
234 ## too much if it's not very secure: the alternative is sending in plaintext
238 tls_require_ciphers = CONF_acceptable_ciphers
239 tls_dh_min_bits = 1020
240 tls_tempfail_tryclear = true
242 ## Transport to a local SMTP server; use TLS and perform client
246 hosts_require_tls = *
247 tls_certificate = CONF_sysconf_dir/client.cert
248 tls_privatekey = CONF_sysconf_dir/client.key
249 tls_verify_certificates = CONF_ca_dir/ca.cert
250 tls_require_ciphers = CONF_good_ciphers
251 tls_dh_min_bits = 3070
252 tls_tempfail_tryclear = false
253 authenticated_sender = ${if def:authenticated_id \
254 ${authenticated_id@CONF_master_domain} \
257 ## A standard transport for local delivery.
260 file = /var/mail/$local_part
263 ## Transports for user filters.
270 maildir_format = true
277 ## A special dummy transport for use during address verification.
283 ###--------------------------------------------------------------------------
284 ### Retry configuration.
286 SECTION(retry, default)m4_dnl
289 F,2h,15m; G,16h,2h,1.5; F,4d,6h
292 ###----- That's all, folks --------------------------------------------------