X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/10c331d72ffa289e765f937cc9288986aaf0f59a..a0375fd97549cd5492cd879cc1fed9ae0e789a0b:/base.m4 diff --git a/base.m4 b/base.m4 index 5880582..d64f7a6 100644 --- a/base.m4 +++ b/base.m4 @@ -59,6 +59,8 @@ gecos_name = $1 gecos_pattern = ([^,:]*) SECTION(global, incoming)m4_dnl +rfc1413_hosts = * +rfc1413_query_timeout = 10s received_header_text = Received: \ ${if def:sender_rcvhost \ {from $sender_rcvhost\n\t} \ @@ -73,13 +75,20 @@ received_header_text = Received: \ ${if def:sender_address \ {(envelope-from $sender_address\ ${if def:authenticated_id \ - {; auth=$authenticated_id}})\n\t}}\ + {; auth=${quote_local_part:$authenticated_id}} \ + {${if and {{def:authenticated_sender} \ + {match_address{$authenticated_sender} \ + {*@CONF_master_domain}}} \ + {; auth=${quote_local_part:\ + ${local_part:\ + $authenticated_sender}}}}}})\n\t}}\ id $message_exim_id\ ${if def:received_for {\n\tfor $received_for}} SECTION(global, smtp)m4_dnl smtp_return_error_details = true accept_8bitmime = true +chunking_advertise_hosts = SECTION(global, env)m4_dnl keep_environment = @@ -255,17 +264,17 @@ check_relay: ## we're the correct place to send this mail. ## Known clients and authenticated users are OK. - accept hosts = CONF_relay_clients - accept authenticated = * + accept hosts = CONF_relay_clients + accept authenticated = * ## Known domains are OK. - accept domains = +public + accept domains = +public ## Finally, domains in our table are OK, unless they say they aren't. - accept domains = \ - ${if exists{CONF_sysconf_dir/domains.conf} \ + accept domains = \ + ${if exists{CONF_sysconf_dir/domains.conf} \ {partial0-lsearch; CONF_sysconf_dir/domains.conf}} - condition = DOMKV(service, {$value}{true}) + condition = DOMKV(service, {$value}{true}) ## Nope, that's not allowed. deny @@ -412,7 +421,7 @@ smtp: driver = smtp APPLY_HEADER_CHANGES tls_require_ciphers = CONF_acceptable_ciphers - tls_dh_min_bits = 1020 + tls_dh_min_bits = 508 tls_tempfail_tryclear = true m4_define(<:SMTP_TRANS_DHBITS:>, @@ -435,10 +444,14 @@ m4_define(<:SMTP_TRANS_DHBITS:>, {CONF_acceptable_ciphers}) tls_dh_min_bits = $1 tls_tempfail_tryclear = true:>)m4_dnl +smtp_dhbits_512: + SMTP_TRANS_DHBITS(508) +smtp_dhbits_768: + SMTP_TRANS_DHBITS(764) smtp_dhbits_1024: SMTP_TRANS_DHBITS(1020) smtp_dhbits_2048: - SMTP_TRANS_DHBITS(2046) + SMTP_TRANS_DHBITS(2044) ## Transport to a local SMTP server; use TLS and perform client ## authentication.