gecos_pattern = ([^,:]*)
SECTION(global, incoming)m4_dnl
+rfc1413_hosts = *
+rfc1413_query_timeout = 10s
received_header_text = Received: \
${if def:sender_rcvhost \
{from $sender_rcvhost\n\t} \
${if def:sender_address \
{(envelope-from $sender_address\
${if def:authenticated_id \
- {; auth=$authenticated_id}})\n\t}}\
+ {; auth=${quote_local_part:$authenticated_id}} \
+ {${if and {{def:authenticated_sender} \
+ {match_address{$authenticated_sender} \
+ {*@CONF_master_domain}}} \
+ {; auth=${quote_local_part:\
+ ${local_part:\
+ $authenticated_sender}}}}}})\n\t}}\
id $message_exim_id\
${if def:received_for {\n\tfor $received_for}}
SECTION(global, smtp)m4_dnl
smtp_return_error_details = true
accept_8bitmime = true
+chunking_advertise_hosts =
SECTION(global, env)m4_dnl
keep_environment =
## we're the correct place to send this mail.
## Known clients and authenticated users are OK.
- accept hosts = CONF_relay_clients
- accept authenticated = *
+ accept hosts = CONF_relay_clients
+ accept authenticated = *
## Known domains are OK.
- accept domains = +public
+ accept domains = +public
## Finally, domains in our table are OK, unless they say they aren't.
- accept domains = \
- ${if exists{CONF_sysconf_dir/domains.conf} \
+ accept domains = \
+ ${if exists{CONF_sysconf_dir/domains.conf} \
{partial0-lsearch; CONF_sysconf_dir/domains.conf}}
- condition = DOMKV(service, {$value}{true})
+ condition = DOMKV(service, {$value}{true})
## Nope, that's not allowed.
deny
driver = smtp
APPLY_HEADER_CHANGES
tls_require_ciphers = CONF_acceptable_ciphers
- tls_dh_min_bits = 1020
+ tls_dh_min_bits = 508
tls_tempfail_tryclear = true
m4_define(<:SMTP_TRANS_DHBITS:>,
{CONF_acceptable_ciphers})
tls_dh_min_bits = $1
tls_tempfail_tryclear = true:>)m4_dnl
+smtp_dhbits_512:
+ SMTP_TRANS_DHBITS(508)
+smtp_dhbits_768:
+ SMTP_TRANS_DHBITS(764)
smtp_dhbits_1024:
SMTP_TRANS_DHBITS(1020)
smtp_dhbits_2048:
- SMTP_TRANS_DHBITS(2046)
+ SMTP_TRANS_DHBITS(2044)
## Transport to a local SMTP server; use TLS and perform client
## authentication.