base.m4, config.m4: Remove spaces from the `dkim_sign_headers' setting.
[exim-config] / config.m4
index a9b30b8..7fba559 100644 (file)
--- a/config.m4
+++ b/config.m4
@@ -42,7 +42,7 @@ DEFCONF(admin_groups, root : adm)
 DEFCONF(trusted_groups, root : adm)
 
 ## Where the spam filter is.
-DEFCONF(spamd_address, 172.29.199.179)
+DEFCONF(spamd_address, 172.29.199.8)
 DEFCONF(spamd_port, 783)
 
 ## Default spam limit for incoming mail (multiplied by ten).
@@ -67,6 +67,7 @@ DEFCONF(sysconf_dir, /etc/mail)
 DEFCONF(userconf_dir, $home/.mail)
 DEFCONF(alias_file, /etc/aliases)
 DEFCONF(ca_dir, /etc/ca)
+DEFCONF(dkim_keys_dir, /var/lib/dkim-keys)
 
 ## User address suffix handling.
 DEFCONF(user_suffix_list, +* : -*)
@@ -76,15 +77,28 @@ DEFCONF(user_extaddr_fixup, ${sg {$local_part_suffix}{^[-+]}{}})
 DEFCONF(relay_clients, <m4_dnl
 ; +trusted m4_dnl
 ; 172.31.80.8 m4_dnl chiark (VPN)
-; 172.29.198.161 ; 2001:ba8:1d9:a000::1:1 m4_dnl national
+; 172.29.198.161 ; 2001:8b0:c92:a000::1:1 m4_dnl national
 )
 
+## DKIM headers list.
+## Surprise!  Internal whitespace isn't allowed here.
+DEFCONF(dkim_headers,m4_dnl
+References:In-Reply-To:Subject:To:Date:Message-ID:m4_dnl
+From:Sender:Reply-To:Cc:m4_dnl
+Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:m4_dnl
+Resent-Message-ID:m4_dnl
+Content-Transfer-Encoding:Content-Type:MIME-Version:m4_dnl
+Content-ID:Content-Description:m4_dnl
+List-Id:List-Help:List-Unsubscribe:List-Subscribe:m4_dnl
+List-Post:List-Owner:List-Archive)
+
 ## TLS certificate list.
 DEFCONF(certlist,
 <:m4_ifelse(t, m4_ifelse(MODE, hub, nil, MODE, srv, nil, t),
 <:CONF_sysconf_dir/server.certlist:>,
-<:CONF_sysconf_dir/${if match_ip{$sender_host_address}{+trusted} \
-       {server}{letsencrypt}}.certlist:>):>)
+<:CONF_sysconf_dir/${if ={$received_port}{CONF_submission_port}{server}\
+                       {${if match_ip{$sender_host_address}{+trusted} \
+                                     {server}{letsencrypt}}}}.certlist:>):>)
 
 ## TLS-related settings.  We're assuming GNUTLS here, rather than OpenSSL.
 ## For local connections we are very strict.  For random clients, we try