X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/2d3b825d0876f639b68ee1d0cb5c356f7268991c..a09e121325e480dfee2e51e135be2deb18192796:/config.m4

diff --git a/config.m4 b/config.m4
index 1731d59..5e3cc9b 100644
--- a/config.m4
+++ b/config.m4
@@ -42,7 +42,7 @@ DEFCONF(admin_groups, root : adm)
 DEFCONF(trusted_groups, root : adm)
 
 ## Where the spam filter is.
-DEFCONF(spamd_address, 172.29.199.179)
+DEFCONF(spamd_address, 172.29.199.8)
 DEFCONF(spamd_port, 783)
 
 ## Default spam limit for incoming mail (multiplied by ten).
@@ -67,6 +67,7 @@ DEFCONF(sysconf_dir, /etc/mail)
 DEFCONF(userconf_dir, $home/.mail)
 DEFCONF(alias_file, /etc/aliases)
 DEFCONF(ca_dir, /etc/ca)
+DEFCONF(dkim_keys_dir, /var/lib/dkim-keys)
 
 ## User address suffix handling.
 DEFCONF(user_suffix_list, +* : -*)
@@ -76,9 +77,29 @@ DEFCONF(user_extaddr_fixup, ${sg {$local_part_suffix}{^[-+]}{}})
 DEFCONF(relay_clients, <m4_dnl
 ; +trusted m4_dnl
 ; 172.31.80.8 m4_dnl chiark (VPN)
-; 172.29.198.161 ; 2001:ba8:1d9:a000::1:1 m4_dnl national
+; 172.29.198.161 ; 2001:8b0:c92:a000::1:1 m4_dnl national
 )
 
+## DKIM headers list.
+DEFCONF(dkim_headers, m4_dnl
+References : In-Reply-To : Subject : To : Date : Message-ID : m4_dnl
+From : Sender : Reply-To : Cc : m4_dnl
+Resent-Date : Resent-From : Resent-Sender : Resent-To : Resent-Cc : m4_dnl
+Resent-Message-ID : m4_dnl
+Content-Transfer-Encoding : Content-Type : MIME-Version : m4_dnl
+Content-ID : Content-Description : m4_dnl
+List-Id : List-Help : List-Unsubscribe : List-Subscribe : m4_dnl
+List-Post : List-Owner : List-Archive m4_dnl
+)
+
+## TLS certificate list.
+DEFCONF(certlist,
+<:m4_ifelse(t, m4_ifelse(MODE, hub, nil, MODE, srv, nil, t),
+<:CONF_sysconf_dir/server.certlist:>,
+<:CONF_sysconf_dir/${if ={$received_port}{CONF_submission_port}{server}\
+			{${if match_ip{$sender_host_address}{+trusted} \
+				      {server}{letsencrypt}}}}.certlist:>):>)
+
 ## TLS-related settings.  We're assuming GNUTLS here, rather than OpenSSL.
 ## For local connections we are very strict.  For random clients, we try
 ## fairly hard to encourage any kind of crypto on the grounds that probably
@@ -97,12 +118,19 @@ DEFCONF(good_ciphers, NONE<::>m4_dnl
 :+COMP-NULL<::>m4_dnl
 )
 DEFCONF(acceptable_ciphers, NONE<::>m4_dnl
+:+VERS-TLS-ALL<::>m4_dnl
 :+ECDHE-RSA:+ECDHE-ECDSA<::>m4_dnl
+:+KX-ALL<::>m4_dnl
+:+SIGN-ALL<::>m4_dnl
+:+CTYPE-ALL<::>m4_dnl
 :+CHACHA20-POLY1305<::>m4_dnl
 :+AES-256-GCM:+AES-128-GCM<::>m4_dnl
+:+CIPHER-ALL<::>m4_dnl
 :+CURVE-X25519<::>m4_dnl
+:+CURVE-ALL<::>m4_dnl
 :+AEAD<::>m4_dnl
-:+NORMAL<::>m4_dnl
+:+MAC-ALL<::>m4_dnl
+:+COMP-NULL<::>m4_dnl
 :-MD5<::>m4_dnl
 )