### -*-m4-*-
###
### Basic configuration settings for distorted.org.uk Exim configuration
###
### (c) 2012 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This program is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### This program is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with this program; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

## Master domain name.
DEFCONF(master_domain, distorted.org.uk)

## List of home-system mail domain names.  This can be empty if we only
## provide service for special-purpose domanis.
DEFCONF(sysdomains, CONF_master_domain)

## The smarthost for satellite hosts.
DEFCONF(smarthost, mail.distorted.org.uk)

## The user who runs verification filters.
DEFCONF(filter_user, Debian-exim)

## Administrative groups.
DEFCONF(admin_groups, root : adm)
DEFCONF(trusted_groups, root : adm)

## Where the spam filter is.
DEFCONF(spamd_address, 172.29.199.179)
DEFCONF(spamd_port, 783)

## Default spam limit for incoming mail (multiplied by ten).
DEFCONF(spam_max, 50)

## Userv stuff for debugging.
DEFCONF(userv_opts, )

## Which interfaces to listen on.  Exim checks for the literal string `::0'
## when setting things up: don't use `::', or we'll be tripped up by Linux's
## demented non-`IPV6_V6ONLY' behaviour.
DEFCONF(interfaces, m4_ifelse(MODE, satellite, 127.0.0.1 ; ::1,
			      0.0.0.0 ; ::0))

## Main and submission port numbers.  (This is sometimes tweaked for
## testing.)
DEFCONF(smtp_port, 25)
DEFCONF(submission_port, 587)

## Locations of other configuration files.
DEFCONF(sysconf_dir, /etc/mail)
DEFCONF(userconf_dir, $home/.mail)
DEFCONF(alias_file, /etc/aliases)
DEFCONF(ca_dir, /etc/ca)

## User address suffix handling.
DEFCONF(user_suffix_list, +* : -*)
DEFCONF(user_extaddr_fixup, ${sg {$local_part_suffix}{^[-+]}{}})

## Other hosts allowed to relay mail through us.
DEFCONF(relay_clients, +trusted)

## TLS-related settings.  We're assuming GNUTLS here, rather than OpenSSL.
## For local connections we are very strict.  For random clients, we try
## fairly hard to encourage any kind of crypto on the grounds that probably
## nobody can verify our certificate anyway.
DEFCONF(good_ciphers, NONE<::>m4_dnl
:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0<::>m4_dnl
:+DHE-RSA:+DHE-DSS<::>m4_dnl
:+AES-256-CBC:+AES-128-CBC<::>m4_dnl
:+SHA256:+SHA384:+SHA512:+SHA1<::>m4_dnl
:+SIGN-RSA-SHA512:+SIGN-RSA-SHA384:+SIGN-RSA-SHA256:+SIGN-DSA-SHA256<::>m4_dnl
:+CTYPE-X.509<::>m4_dnl
:+COMP-NULL<::>m4_dnl
)
DEFCONF(acceptable_ciphers, NORMAL<::>m4_dnl
:-MD5<::>m4_dnl
)

###----- That's all, folks --------------------------------------------------