3 ### Basic settings for distorted.org.uk Exim configuration
5 ### (c) 2012 Mark Wooding
8 ###----- Licensing notice ---------------------------------------------------
10 ### This program is free software; you can redistribute it and/or modify
11 ### it under the terms of the GNU General Public License as published by
12 ### the Free Software Foundation; either version 2 of the License, or
13 ### (at your option) any later version.
15 ### This program is distributed in the hope that it will be useful,
16 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ### GNU General Public License for more details.
20 ### You should have received a copy of the GNU General Public License
21 ### along with this program; if not, write to the Free Software Foundation,
22 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 ###--------------------------------------------------------------------------
27 SECTION(global, priv)m4_dnl
28 admin_groups = root : adm
29 prod_requires_admin = false
31 SECTION(global, logging)m4_dnl
32 log_file_path = : syslog
37 syslog_duplication = false
38 syslog_timestamp = false
40 SECTION(global, daemon)m4_dnl
41 local_interfaces = <; CONF_interfaces
42 extra_local_interfaces = <; 0.0.0.0 ; ::
44 SECTION(global, resource)m4_dnl
45 deliver_queue_load_max = 8
48 smtp_accept_queue = 32
49 smtp_accept_reserve = 4
50 smtp_load_reserve = 10
51 smtp_reserve_hosts = +trusted
53 SECTION(global, policy)m4_dnl
56 SECTION(global, users)m4_dnl
58 gecos_pattern = ([^,:]*)
60 SECTION(global, incoming)m4_dnl
61 received_header_text = Received: \
62 ${if def:sender_rcvhost {from $sender_rcvhost\n\t} \
63 {${if def:sender_ident \
64 {from ${quote_local_part:$sender_ident} }}\
65 ${if def:sender_helo_name \
66 {(helo=$sender_helo_name)\n\t}}}}\
67 by $primary_hostname \
68 ${if def:received_protocol \
69 {with $received_protocol \
70 ${if def:tls_cipher {(cipher=$tls_cipher)\n\t}}}}\
71 (Exim $version_number)\n\t\
72 ${if def:sender_address \
73 {(envelope-from <$sender_address>\
74 ${if def:authenticated_id \
75 {; auth=$authenticated_id}})\n\t}}\
77 ${if def:received_for {\n\tfor $received_for}}
79 SECTION(global, smtp)m4_dnl
80 smtp_return_error_details = true
81 accept_8bitmime = true
83 SECTION(global, process)m4_dnl
84 extract_addresses_remove_arguments = false
85 headers_charset = utf-8
86 qualify_domain = CONF_master_domain
88 SECTION(global, bounce)m4_dnl
89 delay_warning = 1h : 24h : 2d
92 ###--------------------------------------------------------------------------
93 ### Access control lists.
95 SECTION(global, acl-after)
96 SECTION(global, acl)m4_dnl
98 SECTION(acl, misc)m4_dnl
100 require message = The other one has bells on
105 SECTION(global, acl)m4_dnl
107 SECTION(acl, mail)m4_dnl
110 ## Always allow the empty sender, so that we can receive bounces.
113 ## Ensure that the sender is routable. This is important to prevent
114 ## undeliverable bounces.
115 require message = Invalid sender; \
116 ($sender_verify_failure; $acl_verify_message)
119 ## If this is directly from a client then hack on it for a while.
120 warn condition = ${if eq{$acl_c_mode}{submission}}
123 SECTION(acl, mail-tail)m4_dnl
127 SECTION(global, acl)m4_dnl
128 acl_smtp_connect = connect
129 SECTION(acl, connect)m4_dnl
131 SECTION(acl, connect-tail)m4_dnl
132 ## Configure variables according to the submission mode.
133 warn acl = check_submission
139 ## See whether this message needs hacking on.
140 accept !hosts = +localnet
141 !condition = ${if ={$received_port}{CONF_submission_port}}
142 set acl_c_mode = relay
144 ## Remember to apply submission controls.
145 warn set acl_c_mode = submission
150 SECTION(global, acl)m4_dnl
152 SECTION(acl, rcpt)m4_dnl
155 ## Reject if the client isn't allowed to relay and the recipient
156 ## isn't in one of our known domains.
157 deny message = Relaying not permitted
158 !hosts = CONF_relay_clients
162 ## Ensure that the recipient is routable.
163 require message = Invalid recipient \
164 ($recipient_verify_failure; $acl_verify_message)
167 SECTION(acl, rcpt-tail)m4_dnl
168 ## Everything checks out OK: let this one go through.
171 SECTION(global, acl)m4_dnl
173 SECTION(acl, data)m4_dnl
176 SECTION(acl, data-tail)m4_dnl
179 SECTION(global, acl)m4_dnl
180 acl_smtp_expn = expn_vrfy
181 acl_smtp_vrfy = expn_vrfy
184 accept hosts = +trusted
185 deny message = Suck it and see
188 ###--------------------------------------------------------------------------
189 ### Common options for forwarding routers.
191 ## We're pretty permissive here.
192 m4_define(<:FILTER_BASE:>,
200 forbid_blackhole = false
201 check_ancestor = true:>)
203 ## Common options for forwarding routers at verification time.
204 m4_define(<:FILTER_VERIFY:>,
206 user = CONF_filter_user
207 forbid_filter_dlfunc = true
208 forbid_filter_logwrite = true
209 forbid_filter_perl = true
210 forbid_filter_readsocket = true
211 forbid_filter_run = true
212 file_transport = dummy
213 directory_transport = dummy
214 pipe_transport = dummy
215 reply_transport = dummy:>)
217 ## Transports for redirection filters.
218 m4_define(<:FILTER_TRANSPORTS:>,
219 <:file_transport = mailbox
220 directory_transport = maildir
221 pipe_transport = pipe
222 reply_transport = reply:>)
225 ###--------------------------------------------------------------------------
226 ### Some standard transports.
228 m4_define(<:USER_DELIVERY:>,
229 <:delivery_date_add = true
230 envelope_to_add = true
231 return_path_add = true:>)
233 SECTION(transports)m4_dnl
234 ## A standard transport for remote delivery. Try to do TLS, and don't worry
235 ## too much if it's not very secure: the alternative is sending in plaintext
239 tls_require_ciphers = CONF_acceptable_ciphers
240 tls_dh_min_bits = 1020
241 tls_tempfail_tryclear = true
243 ## Transport to a local SMTP server; use TLS and perform client
247 hosts_require_tls = *
248 tls_certificate = CONF_sysconf_dir/client.cert
249 tls_privatekey = CONF_sysconf_dir/client.key
250 tls_verify_certificates = CONF_ca_dir/ca.cert
251 tls_require_ciphers = CONF_good_ciphers
252 tls_dh_min_bits = 3070
253 tls_tempfail_tryclear = false
254 authenticated_sender = ${if def:authenticated_id \
255 ${authenticated_id@CONF_master_domain} \
258 ## A standard transport for local delivery.
261 file = /var/mail/$local_part
264 mode_fail_narrower = false
267 ## Transports for user filters.
275 maildir_format = true
281 path = ${if and {{def:home} {exists{$home/bin}}} {$home/bin:} {}}\
282 /usr/local/bin:/usr/local/sbin:\
283 /usr/bin:/usr/sbin:/bin:/sbin
286 return_fail_output = true
289 ## A special dummy transport for use during address verification.
295 ###--------------------------------------------------------------------------
296 ### Retry configuration.
298 SECTION(retry, default)m4_dnl
301 F,2h,15m; G,16h,2h,1.5; F,4d,6h
304 ###----- That's all, folks --------------------------------------------------