## Master domain name.
DEFCONF(master_domain, distorted.org.uk)
+## List of home-system mail domain names. This can be empty if we only
+## provide service for special-purpose domains.
+DEFCONF(sysdomains, CONF_master_domain)
+
+## The magic token for local header names.
+DEFCONF(header_token, Distorted)
+
## The smarthost for satellite hosts.
DEFCONF(smarthost, mail.distorted.org.uk)
## The user who runs verification filters.
DEFCONF(filter_user, Debian-exim)
+## Administrative groups.
+DEFCONF(admin_groups, root : adm)
+DEFCONF(trusted_groups, root : adm)
+
## Where the spam filter is.
DEFCONF(spamd_address, 172.29.199.179)
DEFCONF(spamd_port, 783)
## Default spam limit for incoming mail (multiplied by ten).
DEFCONF(spam_max, 50)
+## Userv stuff for debugging.
+DEFCONF(userv_opts, )
+
## Which interfaces to listen on. Exim checks for the literal string `::0'
## when setting things up: don't use `::', or we'll be tripped up by Linux's
## demented non-`IPV6_V6ONLY' behaviour.
DEFCONF(interfaces, m4_ifelse(MODE, satellite, 127.0.0.1 ; ::1,
0.0.0.0 ; ::0))
-## Submission port number. (This is sometimes tweaked for testing.)
+## Main and submission port numbers. (This is sometimes tweaked for
+## testing.)
+DEFCONF(smtp_port, 25)
DEFCONF(submission_port, 587)
## Locations of other configuration files.
DEFCONF(ca_dir, /etc/ca)
## User address suffix handling.
-DEFCONF(user_suffix_list, -* : +*)
-DEFCONF(user_extaddr_regexp, $acl_c_user([-+@]|\$))
+DEFCONF(user_suffix_list, +* : -*)
DEFCONF(user_extaddr_fixup, ${sg {$local_part_suffix}{^[-+]}{}})
## Other hosts allowed to relay mail through us.
-DEFCONF(relay_clients, +trusted)
+DEFCONF(relay_clients, <; +trusted ; 172.29.80.8)
## TLS-related settings. We're assuming GNUTLS here, rather than OpenSSL.
## For local connections we are very strict. For random clients, we try
## fairly hard to encourage any kind of crypto on the grounds that probably
## nobody can verify our certificate anyway.
DEFCONF(good_ciphers, NONE<::>m4_dnl
-:+VERS-TLS1.2:+VERS-TLS1.1<::>m4_dnl
+:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0<::>m4_dnl
:+DHE-RSA:+DHE-DSS<::>m4_dnl
:+AES-256-CBC:+AES-128-CBC<::>m4_dnl
-:+SHA256<::>m4_dnl
+:+SHA256:+SHA384:+SHA512:+SHA1<::>m4_dnl
:+SIGN-RSA-SHA512:+SIGN-RSA-SHA384:+SIGN-RSA-SHA256:+SIGN-DSA-SHA256<::>m4_dnl
:+CTYPE-X.509<::>m4_dnl
:+COMP-NULL<::>m4_dnl