spam.m4: No, we can't check domains in the DATA ACL.

[exim-config] / config.m4

diff --git a/config.m4 b/config.m4
index 4678f20..c4931fe 100644 (file)
--- a/config.m4
+++ b/config.m4
@@ -30,6 +30,9 @@ DEFCONF(smarthost, mail.distorted.org.uk)
 ## The user who runs verification filters.
 DEFCONF(filter_user, Debian-exim)
 
+## Administrative groups.
+DEFCONF(admin_groups, root : adm)
+
 ## Where the spam filter is.
 DEFCONF(spamd_address, 172.29.199.179)
 DEFCONF(spamd_port, 783)
@@ -37,6 +40,9 @@ DEFCONF(spamd_port, 783)
 ## Default spam limit for incoming mail (multiplied by ten).
 DEFCONF(spam_max, 50)
 
+## Userv stuff for debugging.
+DEFCONF(userv_opts, )
+
 ## Which interfaces to listen on.  Exim checks for the literal string `::0'
 ## when setting things up: don't use `::', or we'll be tripped up by Linux's
 ## demented non-`IPV6_V6ONLY' behaviour.
@@ -55,7 +61,7 @@ DEFCONF(alias_file, /etc/aliases)
 DEFCONF(ca_dir, /etc/ca)
 
 ## User address suffix handling.
-DEFCONF(user_suffix_list, -* : +*)
+DEFCONF(user_suffix_list, +* : -*)
 DEFCONF(user_extaddr_regexp, $acl_c_user([-+@]|\$))
 DEFCONF(user_extaddr_fixup, ${sg {$local_part_suffix}{^[-+]}{}})
 
@@ -67,10 +73,10 @@ DEFCONF(relay_clients, +trusted)
 ## fairly hard to encourage any kind of crypto on the grounds that probably
 ## nobody can verify our certificate anyway.
 DEFCONF(good_ciphers, NONE<::>m4_dnl
-:+VERS-TLS1.2:+VERS-TLS1.1<::>m4_dnl
+:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0<::>m4_dnl
 :+DHE-RSA:+DHE-DSS<::>m4_dnl
 :+AES-256-CBC:+AES-128-CBC<::>m4_dnl
-:+SHA256<::>m4_dnl
+:+SHA256:+SHA384:+SHA512:+SHA1<::>m4_dnl
 :+SIGN-RSA-SHA512:+SIGN-RSA-SHA384:+SIGN-RSA-SHA256:+SIGN-DSA-SHA256<::>m4_dnl
 :+CTYPE-X.509<::>m4_dnl
 :+COMP-NULL<::>m4_dnl