Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | ################################################## |
2 | # The Exim mail transport agent # | |
3 | ################################################## | |
4 | ||
5 | # This is the template for Exim's main build-time configuration file. It | |
6 | # contains settings that are independent of any operating system. These are | |
7 | # things that are mostly sysadmin choices. The items below are divided into | |
8 | # those you must specify, those you probably want to specify, those you might | |
9 | # often want to specify, and those that you almost never need to mention. | |
10 | ||
11 | # Edit this file and save the result to a file called Local/Makefile within the | |
12 | # Exim distribution directory before running the "make" command. | |
13 | ||
14 | # Things that depend on the operating system have default settings in | |
84590578 HSHR |
15 | # OS/Makefile-Default, but these are overridden for some OS by files |
16 | # called called OS/Makefile-<osname>. You can further override these by | |
17 | # creating files called Local/Makefile-<osname>, and | |
18 | # Local/Makefile-<buildname> (where "<osname>" stands for the name of | |
19 | # your operating system - look at the names in the OS directory to see | |
20 | # which names are recognized, and "<buildname>" is derived from the | |
21 | # environment variable "build") | |
059ec3d9 PH |
22 | |
23 | # However, if you are building Exim for a single OS only, you don't need to | |
24 | # worry about setting up Local/Makefile-<osname>. Any build-time configuration | |
25 | # settings you require can in fact be placed in the one file called | |
26 | # Local/Makefile. It is only if you are building for several OS from the same | |
27 | # source files that you need to worry about splitting off your own OS-dependent | |
28 | # settings into separate files. (There's more explanation about how this all | |
29 | # works in the toplevel README file, under "Modifying the building process", as | |
30 | # well as in the Exim specification.) | |
31 | ||
32 | # One OS-specific thing that may need to be changed is the command for running | |
33 | # the C compiler; the overall default is gcc, but some OS Makefiles specify cc. | |
34 | # You can override anything that is set by putting CC=whatever in your | |
35 | # Local/Makefile. | |
36 | ||
37 | # NOTE: You should never need to edit any of the distributed Makefiles; all | |
38 | # overriding can be done in your Local/Makefile(s). This will make it easier | |
39 | # for you when the next release comes along. | |
40 | ||
41 | # The location of the X11 libraries is something else that is quite variable | |
42 | # even between different versions of the same operating system (and indeed | |
43 | # there are different versions of X11 as well, of course). The four settings | |
44 | # concerned here are X11, XINCLUDE, XLFLAGS (linking flags) and X11_LD_LIB | |
45 | # (dynamic run-time library). You need not worry about X11 unless you want to | |
46 | # compile the Exim monitor utility. Exim itself does not use X11. | |
47 | ||
48 | # Another area of variability between systems is the type and location of the | |
49 | # DBM library package. Exim has support for ndbm, gdbm, tdb, and Berkeley DB. | |
50 | # By default the code assumes ndbm; this often works with gdbm or DB, provided | |
51 | # they are correctly installed, via their compatibility interfaces. However, | |
52 | # Exim can also be configured to use the native calls for Berkeley DB (obsolete | |
53 | # versions 1.85, 2.x, 3.x, or the current 4.x version) and also for gdbm. | |
54 | ||
55 | # For some operating systems, a default DBM library (other than ndbm) is | |
56 | # selected by a setting in the OS-specific Makefile. Most modern OS now have | |
57 | # a DBM library installed as standard, and in many cases this will be selected | |
58 | # for you by the OS-specific configuration. If Exim compiles without any | |
59 | # problems, you probably do not have to worry about the DBM library. If you | |
60 | # do want or need to change it, you should first read the discussion in the | |
61 | # file doc/dbm.discuss.txt, which also contains instructions for testing Exim's | |
62 | # interface to the DBM library. | |
63 | ||
64 | # In Local/Makefiles blank lines and lines starting with # are ignored. It is | |
65 | # also permitted to use the # character to add a comment to a setting, for | |
66 | # example | |
67 | # | |
68 | # EXIM_GID=42 # the "mail" group | |
69 | # | |
70 | # However, with some versions of "make" this works only if there is no white | |
71 | # space between the end of the setting and the #, so perhaps it is best | |
72 | # avoided. A consequence of this facility is that it is not possible to have | |
73 | # the # character present in any setting, but I can't think of any cases where | |
74 | # this would be wanted. | |
75 | ############################################################################### | |
76 | ||
77 | ||
78 | ||
79 | ############################################################################### | |
80 | # THESE ARE THINGS YOU MUST SPECIFY # | |
81 | ############################################################################### | |
82 | ||
83 | # Exim will not build unless you specify BIN_DIRECTORY, CONFIGURE_FILE, and | |
84 | # EXIM_USER. You also need EXIM_GROUP if EXIM_USER specifies a uid by number. | |
85 | ||
86 | # If you don't specify SPOOL_DIRECTORY, Exim won't fail to build. However, it | |
87 | # really is a very good idea to specify it here rather than at run time. This | |
88 | # is particularly true if you let the logs go to their default location in the | |
89 | # spool directory, because it means that the location of the logs is known | |
90 | # before Exim has read the run time configuration file. | |
91 | ||
92 | #------------------------------------------------------------------------------ | |
93 | # BIN_DIRECTORY defines where the exim binary will be installed by "make | |
94 | # install". The path is also used internally by Exim when it needs to re-invoke | |
95 | # itself, either to send an error message, or to recover root privilege. Exim's | |
96 | # utility binaries and scripts are also installed in this directory. There is | |
97 | # no "standard" place for the binary directory. Some people like to keep all | |
98 | # the Exim files under one directory such as /usr/exim; others just let the | |
99 | # Exim binaries go into an existing directory such as /usr/sbin or | |
100 | # /usr/local/sbin. The installation script will try to create this directory, | |
101 | # and any superior directories, if they do not exist. | |
102 | ||
103 | BIN_DIRECTORY=/usr/exim/bin | |
104 | ||
105 | ||
106 | #------------------------------------------------------------------------------ | |
107 | # CONFIGURE_FILE defines where Exim's run time configuration file is to be | |
108 | # found. It is the complete pathname for the file, not just a directory. The | |
109 | # location of all other run time files and directories can be changed in the | |
110 | # run time configuration file. There is a lot of variety in the choice of | |
111 | # location in different OS, and in the preferences of different sysadmins. Some | |
112 | # common locations are in /etc or /etc/mail or /usr/local/etc or | |
113 | # /usr/local/etc/mail. Another possibility is to keep all the Exim files under | |
114 | # a single directory such as /usr/exim. Whatever you choose, the installation | |
115 | # script will try to make the directory and any superior directories if they | |
116 | # don't exist. It will also install a default runtime configuration if this | |
117 | # file does not exist. | |
118 | ||
119 | CONFIGURE_FILE=/usr/exim/configure | |
120 | ||
121 | # It is possible to specify a colon-separated list of files for CONFIGURE_FILE. | |
122 | # In this case, Exim will use the first of them that exists when it is run. | |
123 | # However, if a list is specified, the installation script no longer tries to | |
124 | # make superior directories or to install a default runtime configuration. | |
125 | ||
126 | ||
127 | #------------------------------------------------------------------------------ | |
128 | # The Exim binary must normally be setuid root, so that it starts executing as | |
129 | # root, but (depending on the options with which it is called) it does not | |
130 | # always need to retain the root privilege. These settings define the user and | |
131 | # group that is used for Exim processes when they no longer need to be root. In | |
132 | # particular, this applies when receiving messages and when doing remote | |
133 | # deliveries. (Local deliveries run as various non-root users, typically as the | |
10385c15 | 134 | # owner of a local mailbox.) Specifying these values as root is not supported. |
059ec3d9 PH |
135 | |
136 | EXIM_USER= | |
137 | ||
138 | # If you specify EXIM_USER as a name, this is looked up at build time, and the | |
139 | # uid number is built into the binary. However, you can specify that this | |
140 | # lookup is deferred until runtime. In this case, it is the name that is built | |
141 | # into the binary. You can do this by a setting of the form: | |
142 | ||
143 | # EXIM_USER=ref:exim | |
144 | ||
145 | # In other words, put "ref:" in front of the user name. If you set EXIM_USER | |
146 | # like this, any value specified for EXIM_GROUP is also passed "by reference". | |
147 | # Although this costs a bit of resource at runtime, it is convenient to use | |
148 | # this feature when building binaries that are to be run on multiple systems | |
149 | # where the name may refer to different uids. It also allows you to build Exim | |
150 | # on a system where there is no Exim user defined. | |
151 | ||
152 | # If the setting of EXIM_USER is numeric (e.g. EXIM_USER=42), there must | |
153 | # also be a setting of EXIM_GROUP. If, on the other hand, you use a name | |
154 | # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless | |
155 | # you want to use a group other than the default group for the given user. | |
156 | ||
157 | # EXIM_GROUP= | |
158 | ||
159 | # Many sites define a user called "exim", with an appropriate default group, | |
160 | # and use | |
161 | # | |
162 | # EXIM_USER=exim | |
163 | # | |
164 | # while leaving EXIM_GROUP unspecified (commented out). | |
165 | ||
166 | ||
167 | #------------------------------------------------------------------------------ | |
168 | # SPOOL_DIRECTORY defines the directory where all the data for messages in | |
169 | # transit is kept. It is strongly recommended that you define it here, though | |
170 | # it is possible to leave this till the run time configuration. | |
171 | ||
172 | # Exim creates the spool directory if it does not exist. The owner and group | |
173 | # will be those defined by EXIM_USER and EXIM_GROUP, and this also applies to | |
174 | # all the files and directories that are created in the spool directory. | |
175 | ||
176 | # Almost all installations choose this: | |
177 | ||
178 | SPOOL_DIRECTORY=/var/spool/exim | |
179 | ||
180 | ||
181 | ||
01603eec JH |
182 | ############################################################################### |
183 | # TLS # | |
184 | ############################################################################### | |
185 | # Exim is built by default to support the SMTP STARTTLS command, which implements | |
186 | # Transport Layer Security using SSL (Secure Sockets Layer). This requires you | |
187 | # must install the OpenSSL library package or the GnuTLS library. Exim contains | |
188 | # no cryptographic code of its own. | |
189 | ||
190 | # If you are running Exim as a (TLS) server, just building it with TLS support | |
191 | # is all you need to do, as tls_advertise_hosts is set to '*' by | |
192 | # default. But you are advised to create a suiteable certificate, and tell | |
193 | # Exim about it by means of the tls_certificate and tls_privatekey run | |
194 | # time options, otherwise Exim will create a self signed certificate on | |
195 | # the fly. If you are running Exim only as a (TLS) client, building it with | |
196 | # TLS support is all you need to do. | |
197 | # | |
198 | # If you are using pkg-config then you should not need to worry where | |
199 | # the libraries and headers are installed, as the pkg-config .pc | |
200 | # specification should include all -L/-I information necessary. | |
201 | # Enabling the USE_*_PC options should be sufficient. If not using | |
202 | # pkg-config, then you have to specify the libraries, and you mmight | |
203 | # need to specify the locations too. | |
204 | ||
de517fd3 | 205 | # Uncomment the following lines if you want |
01603eec JH |
206 | # to build Exim without any TLS support (either OpenSSL or GnuTLS): |
207 | # DISABLE_TLS=yes | |
de517fd3 JH |
208 | # Unless you do this, you must define one of USE_OPENSSL or USE_GNUTLS |
209 | # below. | |
01603eec JH |
210 | |
211 | # If you are buliding with TLS, the library configuration must be done: | |
212 | ||
de517fd3 JH |
213 | # Uncomment this if you are using OpenSSL |
214 | # USE_OPENSSL=yes | |
01603eec JH |
215 | # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not |
216 | # and an optional location. | |
217 | # USE_OPENSSL_PC=openssl | |
218 | # TLS_LIBS=-lssl -lcrypto | |
219 | # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto | |
220 | ||
221 | # Uncomment this if you are using GnuTLS | |
222 | # USE_GNUTLS=yes | |
223 | # Uncomment one of these settings if you are using GnuTLS; pkg-config vs not | |
224 | # and an optional location. If you disable SUPPORT_DANE below, you | |
84539f73 JH |
225 | # can remove the gnutls-dane references here. Earlier versions of GnuTLS |
226 | # required libtasn1 and libgrypt also; add if needed. | |
01603eec | 227 | # USE_GNUTLS_PC=gnutls gnutls-dane |
84539f73 | 228 | # TLS_LIBS=-lgnutls -lgnutls-dane |
01603eec JH |
229 | # TLS_LIBS=-L/usr/local/gnu/lib -lgnutls -ltasn1 -lgcrypt -lgnutls-dane |
230 | ||
01603eec JH |
231 | # If using GnuTLS older than 2.10 and using pkg-config then note that Exim's |
232 | # build process will require libgcrypt-config to exist in your $PATH. A | |
233 | # version that old is likely to become unsupported by Exim in 2017. | |
234 | ||
235 | # The security fix we provide with the gnutls_allow_auto_pkcs11 option | |
236 | # (4.82 PP/09) introduces a compatibility regression. The symbol is | |
237 | # not available if GnuTLS is build without p11-kit (--without-p11-kit | |
238 | # configure option). In this case use AVOID_GNUTLS_PKCS11=yes when | |
239 | # building Exim. | |
240 | # AVOID_GNUTLS_PKCS11=yes | |
241 | ||
242 | # If you are running Exim as a server, note that just building it with TLS | |
243 | # support is not all you need to do. You also need to set up a suitable | |
244 | # certificate, and tell Exim about it by means of the tls_certificate | |
245 | # and tls_privatekey run time options. You also need to set tls_advertise_hosts | |
246 | # to specify the hosts to which Exim advertises TLS support. On the other hand, | |
247 | # if you are running Exim only as a client, building it with TLS support | |
248 | # is all you need to do. | |
249 | ||
250 | # If you are using pkg-config then you should not need to worry where the | |
251 | # libraries and headers are installed, as the pkg-config .pc specification | |
252 | # should include all -L/-I information necessary. If not using pkg-config | |
253 | # then you might need to specify the locations too. | |
254 | ||
255 | # Additional libraries and include files are required for both OpenSSL and | |
256 | # GnuTLS. The TLS_LIBS settings above assume that the libraries are installed | |
257 | # with all your other libraries. If they are in a special directory, you may | |
258 | # need something like | |
259 | ||
260 | # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto | |
261 | ||
262 | # or | |
263 | ||
264 | # TLS_LIBS=-L/opt/gnu/lib -lgnutls -ltasn1 -lgcrypt -lgnutls-dane | |
265 | # If not using DANE under GnuTLS we can lose one library | |
266 | # TLS_LIBS=-L/opt/gnu/lib -lgnutls -ltasn1 -lgcrypt | |
267 | ||
268 | # TLS_LIBS is included only on the command for linking Exim itself, not on any | |
269 | # auxiliary programs. If the include files are not in a standard place, you can | |
270 | # set TLS_INCLUDE to specify where they are, for example: | |
271 | ||
272 | # TLS_INCLUDE=-I/usr/local/openssl/include/ | |
273 | # or | |
274 | # TLS_INCLUDE=-I/opt/gnu/include | |
275 | ||
276 | # You don't need to set TLS_INCLUDE if the relevant directories are already | |
277 | # specified in INCLUDE. | |
278 | ||
279 | ||
280 | ||
059ec3d9 PH |
281 | ############################################################################### |
282 | # THESE ARE THINGS YOU PROBABLY WANT TO SPECIFY # | |
283 | ############################################################################### | |
284 | ||
76ea0716 PH |
285 | # If you need extra header file search paths on all compiles, put the -I |
286 | # options in INCLUDE. If you want the extra searches only for certain | |
287 | # parts of the build, see more specific xxx_INCLUDE variables below. | |
288 | ||
289 | # INCLUDE=-I/example/include | |
290 | ||
059ec3d9 PH |
291 | # You need to specify some routers and transports if you want the Exim that you |
292 | # are building to be capable of delivering mail. You almost certainly need at | |
293 | # least one type of lookup. You should consider whether you want to build | |
294 | # the Exim monitor or not. | |
295 | ||
856d1e16 PP |
296 | # If you need to override how pkg-config finds configuration files for |
297 | # installed software, then you can set that here; wildcards will be expanded. | |
298 | ||
299 | # PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig : /opt/*/lib/pkgconfig | |
300 | ||
059ec3d9 PH |
301 | |
302 | #------------------------------------------------------------------------------ | |
303 | # These settings determine which individual router drivers are included in the | |
304 | # Exim binary. There are no defaults in the code; those routers that are wanted | |
305 | # must be defined here by setting the appropriate variables to the value "yes". | |
306 | # Including a router in the binary does not cause it to be used automatically. | |
307 | # It has also to be configured in the run time configuration file. By | |
308 | # commenting out those you know you don't want to use, you can make the binary | |
309 | # a bit smaller. If you are unsure, leave all of these included for now. | |
310 | ||
311 | ROUTER_ACCEPT=yes | |
312 | ROUTER_DNSLOOKUP=yes | |
313 | ROUTER_IPLITERAL=yes | |
314 | ROUTER_MANUALROUTE=yes | |
315 | ROUTER_QUERYPROGRAM=yes | |
316 | ROUTER_REDIRECT=yes | |
317 | ||
318 | # This one is very special-purpose, so is not included by default. | |
319 | ||
320 | # ROUTER_IPLOOKUP=yes | |
321 | ||
322 | ||
323 | #------------------------------------------------------------------------------ | |
324 | # These settings determine which individual transport drivers are included in | |
325 | # the Exim binary. There are no defaults; those transports that are wanted must | |
326 | # be defined here by setting the appropriate variables to the value "yes". | |
327 | # Including a transport in the binary does not cause it to be used | |
328 | # automatically. It has also to be configured in the run time configuration | |
329 | # file. By commenting out those you know you don't want to use, you can make | |
330 | # the binary a bit smaller. If you are unsure, leave all of these included for | |
331 | # now. | |
332 | ||
333 | TRANSPORT_APPENDFILE=yes | |
334 | TRANSPORT_AUTOREPLY=yes | |
335 | TRANSPORT_PIPE=yes | |
336 | TRANSPORT_SMTP=yes | |
337 | ||
338 | # This one is special-purpose, and commonly not required, so it is not | |
339 | # included by default. | |
340 | ||
341 | # TRANSPORT_LMTP=yes | |
342 | ||
343 | ||
344 | #------------------------------------------------------------------------------ | |
345 | # The appendfile transport can write messages to local mailboxes in a number | |
346 | # of formats. The code for three specialist formats, maildir, mailstore, and | |
347 | # MBX, is included only when requested. If you do not know what this is about, | |
348 | # leave these settings commented out. | |
349 | ||
350 | # SUPPORT_MAILDIR=yes | |
351 | # SUPPORT_MAILSTORE=yes | |
352 | # SUPPORT_MBX=yes | |
353 | ||
354 | ||
e6d225ae DW |
355 | #------------------------------------------------------------------------------ |
356 | # See below for dynamic lookup modules. | |
8829633f | 357 | # |
6545de78 PP |
358 | # If not using package management but using this anyway, then think about how |
359 | # you perform upgrades and revert them. You should consider the benefit of | |
360 | # embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can | |
361 | # maintain two concurrent sets of modules. | |
31beb797 | 362 | # |
8829633f PP |
363 | # *BEWARE*: ability to modify the files in LOOKUP_MODULE_DIR is equivalent to |
364 | # the ability to modify the Exim binary, which is often setuid root! The Exim | |
365 | # developers only intend this functionality be used by OS software packagers | |
366 | # and we suggest that such packagings' integrity checks should be paranoid | |
367 | # about the permissions of the directory and the files within. | |
368 | ||
369 | # LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/ | |
e6d225ae | 370 | |
0a349494 PP |
371 | # To build a module dynamically, you'll need to define CFLAGS_DYNAMIC for |
372 | # your platform. Eg: | |
373 | # CFLAGS_DYNAMIC=-shared -rdynamic | |
374 | # CFLAGS_DYNAMIC=-shared -rdynamic -fPIC | |
375 | ||
059ec3d9 PH |
376 | #------------------------------------------------------------------------------ |
377 | # These settings determine which file and database lookup methods are included | |
378 | # in the binary. See the manual chapter entitled "File and database lookups" | |
379 | # for discussion. DBM and lsearch (linear search) are included by default. If | |
380 | # you are unsure about the others, leave them commented out for now. | |
381 | # LOOKUP_DNSDB does *not* refer to general mail routing using the DNS. It is | |
382 | # for the specialist case of using the DNS as a general database facility (not | |
383 | # common). | |
e6d225ae DW |
384 | # If set to "2" instead of "yes" then the corresponding lookup will be |
385 | # built as a module and must be installed into LOOKUP_MODULE_DIR. You need to | |
386 | # add -export-dynamic -rdynamic to EXTRALIBS. You may also need to add -ldl to | |
387 | # EXTRALIBS so that dlopen() is available to Exim. You need to define | |
388 | # LOOKUP_MODULE_DIR above so the exim binary actually loads dynamic lookup | |
389 | # modules. | |
390 | # Also, instead of adding all the libraries/includes to LOOKUP_INCLUDE and | |
391 | # LOOKUP_LIBS, add them to the respective LOOKUP_*_INCLUDE and LOOKUP_*_LIBS | |
392 | # (where * is the name as given here in this list). That ensures that only | |
393 | # the dynamic library and not the exim binary will be linked against the | |
394 | # library. | |
395 | # NOTE: LDAP cannot be built as a module! | |
f4b00a2d | 396 | # |
de78e2d5 JH |
397 | # For Redis you need to have hiredis installed on your system |
398 | # (https://github.com/redis/hiredis). | |
399 | # Depending on where it is installed you may have to edit the CFLAGS | |
400 | # (often += -I/usr/local/include) and LDFLAGS (-lhiredis) lines. | |
401 | ||
f4b00a2d PP |
402 | # If your system has pkg-config then the _INCLUDE/_LIBS setting can be |
403 | # handled for you automatically by also defining the _PC variable to reference | |
404 | # the name of the pkg-config package, if such is available. | |
059ec3d9 PH |
405 | |
406 | LOOKUP_DBM=yes | |
407 | LOOKUP_LSEARCH=yes | |
663ee6d9 | 408 | LOOKUP_DNSDB=yes |
059ec3d9 PH |
409 | |
410 | # LOOKUP_CDB=yes | |
059ec3d9 PH |
411 | # LOOKUP_DSEARCH=yes |
412 | # LOOKUP_IBASE=yes | |
ffc92d69 | 413 | # LOOKUP_JSON=yes |
059ec3d9 PH |
414 | # LOOKUP_LDAP=yes |
415 | # LOOKUP_MYSQL=yes | |
31beb797 | 416 | # LOOKUP_MYSQL_PC=mariadb |
059ec3d9 PH |
417 | # LOOKUP_NIS=yes |
418 | # LOOKUP_NISPLUS=yes | |
419 | # LOOKUP_ORACLE=yes | |
420 | # LOOKUP_PASSWD=yes | |
421 | # LOOKUP_PGSQL=yes | |
de78e2d5 | 422 | # LOOKUP_REDIS=yes |
13b685f9 | 423 | # LOOKUP_SQLITE=yes |
f4b00a2d | 424 | # LOOKUP_SQLITE_PC=sqlite3 |
059ec3d9 PH |
425 | # LOOKUP_WHOSON=yes |
426 | ||
427 | # These two settings are obsolete; all three lookups are compiled when | |
428 | # LOOKUP_LSEARCH is enabled. However, we retain these for backward | |
429 | # compatibility. Setting one forces LOOKUP_LSEARCH if it is not set. | |
430 | ||
431 | # LOOKUP_WILDLSEARCH=yes | |
432 | # LOOKUP_NWILDLSEARCH=yes | |
433 | ||
434 | ||
ec5bf0b8 JH |
435 | # Some platforms may need this for LOOKUP_NIS: |
436 | # LIBS += -lnsl | |
437 | ||
059ec3d9 PH |
438 | #------------------------------------------------------------------------------ |
439 | # If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate | |
440 | # which LDAP library you have. Unfortunately, though most of their functions | |
441 | # are the same, there are minor differences. Currently Exim knows about four | |
442 | # LDAP libraries: the one from the University of Michigan (also known as | |
443 | # OpenLDAP 1), OpenLDAP 2, the Netscape SDK library, and the library that comes | |
444 | # with Solaris 7 onwards. Uncomment whichever of these you are using. | |
445 | ||
446 | # LDAP_LIB_TYPE=OPENLDAP1 | |
447 | # LDAP_LIB_TYPE=OPENLDAP2 | |
448 | # LDAP_LIB_TYPE=NETSCAPE | |
449 | # LDAP_LIB_TYPE=SOLARIS | |
450 | ||
451 | # If you don't set any of these, Exim assumes the original University of | |
452 | # Michigan (OpenLDAP 1) library. | |
453 | ||
454 | ||
8eb9f5bd | 455 | #------------------------------------------------------------------------------ |
65872480 | 456 | # The PCRE library is required for Exim. There is no longer an embedded |
8eb9f5bd NM |
457 | # version of the PCRE library included with the source code, instead you |
458 | # must use a system library or build your own copy of PCRE. | |
459 | # In either case you must specify the library link info here. If the | |
460 | # PCRE header files are not in the standard search path you must also | |
461 | # modify the INCLUDE path (above) | |
6a6084f8 PP |
462 | # |
463 | # Use PCRE_CONFIG to query the pcre-config command (first found in $PATH) | |
464 | # to find the include files and libraries, else use PCRE_LIBS and set INCLUDE | |
465 | # too if needed. | |
8eb9f5bd | 466 | |
6cda585a | 467 | PCRE_CONFIG=yes |
6a6084f8 | 468 | # PCRE_LIBS=-lpcre |
8eb9f5bd NM |
469 | |
470 | ||
c0635b6d | 471 | #------------------------------------------------------------------------------ |
59c0959a | 472 | # Comment out the following line to remove DANE support |
c0635b6d | 473 | # Note: Enabling this unconditionally overrides DISABLE_DNSSEC |
fea4bca6 HSHR |
474 | # forces you to have SUPPORT_TLS enabled (the default). For DANE under |
475 | # GnuTLS we need an additional library. See TLS_LIBS or USE_GNUTLS_PC | |
476 | # below. | |
59c0959a | 477 | SUPPORT_DANE=yes |
c0635b6d | 478 | |
059ec3d9 PH |
479 | #------------------------------------------------------------------------------ |
480 | # Additional libraries and include directories may be required for some | |
481 | # lookup styles (e.g. LDAP, MYSQL or PGSQL). LOOKUP_LIBS is included only on | |
482 | # the command for linking Exim itself, not on any auxiliary programs. You | |
483 | # don't need to set LOOKUP_INCLUDE if the relevant directories are already | |
484 | # specified in INCLUDE. The settings below are just examples; -lpq is for | |
de78e2d5 | 485 | # PostgreSQL, -lgds is for Interbase, -lsqlite3 is for SQLite, -lhiredis |
ffc92d69 | 486 | # is for Redis, -ljansson for JSON. |
f4b00a2d PP |
487 | # |
488 | # You do not need to use this for any lookup information added via pkg-config. | |
059ec3d9 PH |
489 | |
490 | # LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include | |
2050824c PH |
491 | # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3 |
492 | ||
059ec3d9 PH |
493 | |
494 | #------------------------------------------------------------------------------ | |
495 | # Compiling the Exim monitor: If you want to compile the Exim monitor, a | |
496 | # program that requires an X11 display, then EXIM_MONITOR should be set to the | |
53738d6a | 497 | # value "eximon.bin". De-comment this setting to enable compilation of the |
059ec3d9 PH |
498 | # monitor. The locations of various X11 directories for libraries and include |
499 | # files are defaulted in the OS/Makefile-Default file, but can be overridden in | |
500 | # local OS-specific make files. | |
501 | ||
53738d6a | 502 | # EXIM_MONITOR=eximon.bin |
059ec3d9 | 503 | |
2050824c | 504 | |
8523533c TK |
505 | #------------------------------------------------------------------------------ |
506 | # Compiling Exim with content scanning support: If you want to compile Exim | |
507 | # with support for message body content scanning, set WITH_CONTENT_SCAN to | |
508 | # the value "yes". This will give you malware and spam scanning in the DATA ACL, | |
509 | # and the MIME ACL. Please read the documentation to learn more about these | |
510 | # features. | |
511 | ||
f7b63901 | 512 | # WITH_CONTENT_SCAN=yes |
8523533c | 513 | |
c11d665d JH |
514 | # If you have content scanning you may wish to only include some of the scanner |
515 | # interfaces. Uncomment any of these lines to remove that code. | |
516 | ||
517 | # DISABLE_MAL_FFROTD=yes | |
518 | # DISABLE_MAL_FFROT6D=yes | |
519 | # DISABLE_MAL_DRWEB=yes | |
c11d665d | 520 | # DISABLE_MAL_FSECURE=yes |
c11d665d JH |
521 | # DISABLE_MAL_SOPHIE=yes |
522 | # DISABLE_MAL_CLAM=yes | |
c11d665d JH |
523 | # DISABLE_MAL_AVAST=yes |
524 | # DISABLE_MAL_SOCK=yes | |
525 | # DISABLE_MAL_CMDLINE=yes | |
526 | ||
5a87167f JH |
527 | # These scanners are claimed to be no longer existent. |
528 | ||
529 | DISABLE_MAL_AVE=yes | |
530 | DISABLE_MAL_KAV=yes | |
531 | DISABLE_MAL_MKS=yes | |
532 | ||
c11d665d | 533 | |
a8c8d6b5 | 534 | #------------------------------------------------------------------------------ |
f444c2c7 | 535 | # If built with TLS, Exim includes code to support DKIM (DomainKeys Identified |
a8c8d6b5 JJ |
536 | # Mail, RFC4871) signing and verification. Verification of signatures is |
537 | # turned on by default. See the spec for information on conditionally | |
538 | # disabling it. To disable the inclusion of the entire feature, set | |
539 | # DISABLE_DKIM to "yes" | |
540 | ||
541 | # DISABLE_DKIM=yes | |
542 | ||
8ccd00b1 JH |
543 | #------------------------------------------------------------------------------ |
544 | # Uncomment the following line to remove Per-Recipient-Data-Response support. | |
545 | ||
546 | # DISABLE_PRDR=yes | |
a8c8d6b5 | 547 | |
f2de3a33 JH |
548 | #------------------------------------------------------------------------------ |
549 | # Uncomment the following line to remove OCSP stapling support in TLS, | |
550 | # from Exim. Note it can only be supported when built with | |
551 | # GnuTLS 3.1.3 or later, or OpenSSL | |
552 | ||
553 | # DISABLE_OCSP=yes | |
554 | ||
1f4a55da PP |
555 | #------------------------------------------------------------------------------ |
556 | # By default, Exim has support for checking the AD bit in a DNS response, to | |
557 | # determine if DNSSEC validation was successful. If your system libraries | |
558 | # do not support that bit, then set DISABLE_DNSSEC to "yes" | |
c0635b6d | 559 | # Note: Enabling SUPPORT_DANE unconditionally overrides this setting. |
1f4a55da PP |
560 | |
561 | # DISABLE_DNSSEC=yes | |
562 | ||
0cbf2b82 JH |
563 | # To disable support for Events set DISABLE_EVENT to "yes" |
564 | ||
565 | # DISABLE_EVENT=yes | |
566 | ||
1f4a55da | 567 | |
4e48d56c JH |
568 | # Uncomment this line to include support for early pipelining, per |
569 | # https://datatracker.ietf.org/doc/draft-harris-early-pipe/ | |
1dac7968 | 570 | # SUPPORT_PIPE_CONNECT=yes |
4e48d56c JH |
571 | |
572 | ||
8523533c TK |
573 | #------------------------------------------------------------------------------ |
574 | # Compiling Exim with experimental features. These are documented in | |
575 | # experimental-spec.txt. "Experimental" means that the way these features are | |
f7b63901 | 576 | # implemented may still change. Backward compatibility is not guaranteed. |
8523533c | 577 | |
7390e768 PP |
578 | # Uncomment the following line to add support for talking to dccifd. This |
579 | # defaults the socket path to /usr/local/dcc/var/dccifd. | |
b83823bd | 580 | # Doing so will also explicitly turn on the WITH_CONTENT_SCAN option. |
7390e768 PP |
581 | |
582 | # EXPERIMENTAL_DCC=yes | |
583 | ||
f7b63901 | 584 | # Uncomment the following lines to add SRS (Sender rewriting scheme) support. |
8523533c TK |
585 | # You need to have libsrs_alt installed on your system (srs.mirtol.com). |
586 | # Depending on where it is installed you may have to edit the CFLAGS and | |
587 | # LDFLAGS lines. | |
8523533c | 588 | |
f7b63901 PH |
589 | # EXPERIMENTAL_SRS=yes |
590 | # CFLAGS += -I/usr/local/include | |
591 | # LDFLAGS += -lsrs_alt | |
592 | ||
78f72498 | 593 | # Uncomment the following line to add DMARC checking capability, implemented |
fd5a6ffb | 594 | # using libopendmarc libraries. You must have SPF and DKIM support enabled also. |
1a2e76e1 | 595 | # SUPPORT_DMARC=yes |
78f72498 JH |
596 | # CFLAGS += -I/usr/local/include |
597 | # LDFLAGS += -lopendmarc | |
675a2142 HSHR |
598 | # Uncomment the following if you need to change the default. You can |
599 | # override it at runtime (main config option dmarc_tld_file) | |
600 | # DMARC_TLD_FILE=/etc/exim/opendmarc.tlds | |
78f72498 | 601 | |
617d3932 JH |
602 | # Uncomment the following line to add ARC (Authenticated Received Chain) |
603 | # support. You must have SPF and DKIM support enabled also. | |
fd5a6ffb | 604 | # EXPERIMENTAL_ARC=yes |
617d3932 | 605 | |
f7b63901 | 606 | # Uncomment the following lines to add Brightmail AntiSpam support. You need |
8523533c TK |
607 | # to have the Brightmail client SDK installed. Please check the experimental |
608 | # documentation for implementation details. You need to edit the CFLAGS and | |
609 | # LDFLAGS lines. | |
f7b63901 PH |
610 | |
611 | # EXPERIMENTAL_BRIGHTMAIL=yes | |
612 | # CFLAGS += -I/opt/brightmail/bsdk-6.0/include | |
12cdb9e7 | 613 | # LDFLAGS += -lxml2_single -lbmiclient_single -L/opt/brightmail/bsdk-6.0/lib |
8523533c | 614 | |
39755c16 JH |
615 | # Uncomment the following to include extra information in fail DSN message (bounces) |
616 | # EXPERIMENTAL_DSN_INFO=yes | |
617 | ||
5bde3efa ACK |
618 | # Uncomment the following to add LMDB lookup support |
619 | # You need to have LMDB installed on your system (https://github.com/LMDB/lmdb) | |
620 | # Depending on where it is installed you may have to edit the CFLAGS and LDFLAGS lines. | |
621 | # EXPERIMENTAL_LMDB=yes | |
622 | # CFLAGS += -I/usr/local/include | |
623 | # LDFLAGS += -llmdb | |
624 | ||
3369a853 ACK |
625 | # Uncomment the following line to add queuefile transport support |
626 | # EXPERIMENTAL_QUEUEFILE=yes | |
627 | ||
1dac7968 JH |
628 | # Uncomment the following line to include support for TLS Resumption |
629 | # EXPERIMENTAL_TLS_RESUME=yes | |
630 | ||
059ec3d9 PH |
631 | ############################################################################### |
632 | # THESE ARE THINGS YOU MIGHT WANT TO SPECIFY # | |
633 | ############################################################################### | |
634 | ||
635 | # The items in this section are those that are commonly changed according to | |
636 | # the sysadmin's preferences, but whose defaults are often acceptable. The | |
637 | # first five are concerned with security issues, where differing levels of | |
638 | # paranoia are appropriate in different environments. Sysadmins also vary in | |
639 | # their views on appropriate levels of defence in these areas. If you do not | |
640 | # understand these issues, go with the defaults, which are used by many sites. | |
641 | ||
642 | ||
643 | #------------------------------------------------------------------------------ | |
644 | # Although Exim is normally a setuid program, owned by root, it refuses to run | |
645 | # local deliveries as root by default. There is a runtime option called | |
646 | # "never_users" which lists the users that must never be used for local | |
647 | # deliveries. There is also the setting below, which provides a list that | |
648 | # cannot be overridden at runtime. This guards against problems caused by | |
649 | # unauthorized changes to the runtime configuration. You are advised not to | |
650 | # remove "root" from this option, but you can add other users if you want. The | |
926e1192 | 651 | # list is colon-separated. It must NOT contain any spaces. |
059ec3d9 | 652 | |
926e1192 | 653 | # FIXED_NEVER_USERS=root:bin:daemon |
059ec3d9 PH |
654 | FIXED_NEVER_USERS=root |
655 | ||
656 | ||
657 | #------------------------------------------------------------------------------ | |
c1d94452 DW |
658 | # By default, Exim insists that its configuration file be owned by root. You |
659 | # can specify one additional permitted owner here. | |
059ec3d9 PH |
660 | |
661 | # CONFIGURE_OWNER= | |
662 | ||
35edf2ff | 663 | # If the configuration file is group-writeable, Exim insists by default that it |
c1d94452 | 664 | # is owned by root. You can specify one additional permitted group owner here. |
35edf2ff PH |
665 | |
666 | # CONFIGURE_GROUP= | |
667 | ||
668 | # If you specify CONFIGURE_OWNER or CONFIGURE_GROUP as a name, this is looked | |
669 | # up at build time, and the uid or gid number is built into the binary. | |
670 | # However, you can specify that the lookup is deferred until runtime. In this | |
671 | # case, it is the name that is built into the binary. You can do this by a | |
672 | # setting of the form: | |
059ec3d9 PH |
673 | |
674 | # CONFIGURE_OWNER=ref:mail | |
35edf2ff | 675 | # CONFIGURE_GROUP=ref:sysadmin |
059ec3d9 | 676 | |
35edf2ff PH |
677 | # In other words, put "ref:" in front of the user or group name. Although this |
678 | # costs a bit of resource at runtime, it is convenient to use this feature when | |
679 | # building binaries that are to be run on multiple systems where the names may | |
680 | # refer to different uids or gids. It also allows you to build Exim on a system | |
681 | # where the relevant user or group is not defined. | |
059ec3d9 PH |
682 | |
683 | ||
684 | #------------------------------------------------------------------------------ | |
685 | # The -C option allows Exim to be run with an alternate runtime configuration | |
cd25e41d DW |
686 | # file. When this is used by root, root privilege is retained by the binary |
687 | # (for any other caller including the Exim user, it is dropped). You can | |
688 | # restrict the location of alternate configurations by defining a prefix below. | |
689 | # Any file used with -C must then start with this prefix (except that /dev/null | |
690 | # is also permitted if the caller is root, because that is used in the install | |
691 | # script). If the prefix specifies a directory that is owned by root, a | |
692 | # compromise of the Exim account does not permit arbitrary alternate | |
693 | # configurations to be used. The prefix can be more restrictive than just a | |
694 | # directory (the second example). | |
059ec3d9 PH |
695 | |
696 | # ALT_CONFIG_PREFIX=/some/directory/ | |
697 | # ALT_CONFIG_PREFIX=/some/directory/exim.conf- | |
698 | ||
699 | ||
261dc43e DW |
700 | #------------------------------------------------------------------------------ |
701 | # When a user other than root uses the -C option to override the configuration | |
702 | # file (including the Exim user when re-executing Exim to regain root | |
703 | # privileges for local message delivery), this will normally cause Exim to | |
90b6341f DW |
704 | # drop root privileges. The TRUSTED_CONFIG_LIST option, specifies a file which |
705 | # contains a list of trusted configuration filenames, one per line. If the -C | |
706 | # option is used by the Exim user or by the user specified in the | |
707 | # CONFIGURE_OWNER setting, to specify a configuration file which is listed in | |
708 | # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. | |
709 | ||
710 | # TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs | |
261dc43e DW |
711 | |
712 | ||
059ec3d9 PH |
713 | #------------------------------------------------------------------------------ |
714 | # Uncommenting this option disables the use of the -D command line option, | |
715 | # which changes the values of macros in the runtime configuration file. | |
716 | # This is another protection against somebody breaking into the Exim account. | |
717 | ||
718 | # DISABLE_D_OPTION=yes | |
719 | ||
720 | ||
a7cbbf50 PP |
721 | #------------------------------------------------------------------------------ |
722 | # By contrast, you might be maintaining a system which relies upon the ability | |
723 | # to override values with -D and assumes that these will be passed through to | |
724 | # the delivery processes. As of Exim 4.73, this is no longer the case by | |
725 | # default. Going forward, we strongly recommend that you use a shim Exim | |
cc5fdbc2 | 726 | # configuration file owned by root stored under TRUSTED_CONFIG_LIST. |
a7cbbf50 PP |
727 | # That shim can set macros before .include'ing your main configuration file. |
728 | # | |
729 | # As a strictly transient measure to ease migration to 4.73, the | |
4c04137d | 730 | # WHITELIST_D_MACROS value defines a colon-separated list of macro-names |
43236f35 | 731 | # which are permitted to be overridden from the command-line which will be |
a7cbbf50 PP |
732 | # honoured by the Exim user. So these are macros that can persist to delivery |
733 | # time. | |
734 | # Examples might be -DTLS or -DSPOOL=/some/dir. The values on the | |
735 | # command-line are filtered to only permit: [A-Za-z0-9_/.-]* | |
736 | # | |
737 | # This option is highly likely to be removed in a future release. It exists | |
738 | # only to make 4.73 as easy as possible to migrate to. If you use it, we | |
739 | # encourage you to schedule time to rework your configuration to not depend | |
740 | # upon it. Most people should not need to use this. | |
741 | # | |
742 | # By default, no macros are whitelisted for -D usage. | |
743 | ||
744 | # WHITELIST_D_MACROS=TLS:SPOOL | |
745 | ||
059ec3d9 PH |
746 | #------------------------------------------------------------------------------ |
747 | # Exim has support for the AUTH (authentication) extension of the SMTP | |
748 | # protocol, as defined by RFC 2554. If you don't know what SMTP authentication | |
749 | # is, you probably won't want to include this code, so you should leave these | |
750 | # settings commented out. If you do want to make use of SMTP authentication, | |
751 | # you must uncomment at least one of the following, so that appropriate code is | |
752 | # included in the Exim binary. You will then need to set up the run time | |
753 | # configuration to make use of the mechanism(s) selected. | |
754 | ||
755 | # AUTH_CRAM_MD5=yes | |
756 | # AUTH_CYRUS_SASL=yes | |
14aa5a05 | 757 | # AUTH_DOVECOT=yes |
b53c265b | 758 | # AUTH_EXTERNAL=yes |
44bbabb5 | 759 | # AUTH_GSASL=yes |
f4b00a2d PP |
760 | # AUTH_GSASL_PC=libgsasl |
761 | # AUTH_HEIMDAL_GSSAPI=yes | |
762 | # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi | |
5dc309a4 | 763 | # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 |
059ec3d9 PH |
764 | # AUTH_PLAINTEXT=yes |
765 | # AUTH_SPA=yes | |
b3ef41c9 | 766 | # AUTH_TLS=yes |
059ec3d9 | 767 | |
5dc309a4 PP |
768 | # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 |
769 | # requires multiple pkg-config files to work with Exim, so the second example | |
770 | # above is needed. | |
059ec3d9 PH |
771 | |
772 | #------------------------------------------------------------------------------ | |
773 | # If you specified AUTH_CYRUS_SASL above, you should ensure that you have the | |
774 | # Cyrus SASL library installed before trying to build Exim, and you probably | |
f4b00a2d PP |
775 | # want to uncomment the first line below. |
776 | # Similarly for GNU SASL, unless pkg-config is used via AUTH_GSASL_PC. | |
777 | # Ditto for AUTH_HEIMDAL_GSSAPI(_PC). | |
059ec3d9 PH |
778 | |
779 | # AUTH_LIBS=-lsasl2 | |
44bbabb5 | 780 | # AUTH_LIBS=-lgsasl |
f4b00a2d | 781 | # AUTH_LIBS=-lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lroken -lcrypt |
059ec3d9 PH |
782 | |
783 | ||
784 | #------------------------------------------------------------------------------ | |
785 | # When Exim is decoding MIME "words" in header lines, most commonly for use | |
786 | # in the $header_xxx expansion, it converts any foreign character sets to the | |
787 | # one that is set in the headers_charset option. The default setting is | |
788 | # defined by this setting: | |
789 | ||
790 | HEADERS_CHARSET="ISO-8859-1" | |
791 | ||
792 | # If you are going to make use of $header_xxx expansions in your configuration | |
793 | # file, or if your users are going to use them in filter files, and the normal | |
794 | # character set on your host is something other than ISO-8859-1, you might | |
795 | # like to specify a different default here. This value can be overridden in | |
796 | # the runtime configuration, and it can also be overridden in individual filter | |
797 | # files. | |
798 | # | |
799 | # IMPORTANT NOTE: The iconv() function is needed for character code | |
800 | # conversions. Please see the next item... | |
801 | ||
802 | ||
803 | #------------------------------------------------------------------------------ | |
804 | # Character code conversions are possible only if the iconv() function is | |
805 | # installed on your operating system. There are two places in Exim where this | |
806 | # is relevant: (a) The $header_xxx expansion (see the previous item), and (b) | |
807 | # the Sieve filter support. For those OS where iconv() is known to be installed | |
808 | # as standard, the file in OS/Makefile-xxxx contains | |
809 | # | |
810 | # HAVE_ICONV=yes | |
811 | # | |
812 | # If you are not using one of those systems, but have installed iconv(), you | |
813 | # need to uncomment that line above. In some cases, you may find that iconv() | |
814 | # and its header file are not in the default places. You might need to use | |
815 | # something like this: | |
816 | # | |
817 | # HAVE_ICONV=yes | |
818 | # CFLAGS=-O -I/usr/local/include | |
819 | # EXTRALIBS_EXIM=-L/usr/local/lib -liconv | |
820 | # | |
821 | # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM | |
822 | # as well. | |
863bd541 PP |
823 | # |
824 | # nb: FreeBSD as of 4.89 defines LIBICONV_PLUG to pick up the system iconv | |
825 | # more reliably. If you explicitly want the libiconv Port then as well | |
826 | # as adding -liconv you'll want to unset LIBICONV_PLUG. If you actually need | |
827 | # this, let us know, but for now the Exim Maintainers are assuming that this | |
828 | # is uncommon and so you'll need to edit OS/os.h-FreeBSD yourself to remove | |
829 | # the define. | |
059ec3d9 PH |
830 | |
831 | ||
832 | #------------------------------------------------------------------------------ | |
833 | # The passwords for user accounts are normally encrypted with the crypt() | |
834 | # function. Comparisons with encrypted passwords can be done using Exim's | |
835 | # "crypteq" expansion operator. (This is commonly used as part of the | |
836 | # configuration of an authenticator for use with SMTP AUTH.) At least one | |
837 | # operating system has an extended function called crypt16(), which uses up to | |
838 | # 16 characters of a password (the normal crypt() uses only the first 8). Exim | |
96c065cb | 839 | # supports the use of crypt16() as well as crypt() but note the warning below. |
059ec3d9 PH |
840 | |
841 | # You can always indicate a crypt16-encrypted password by preceding it with | |
842 | # "{crypt16}". If you want the default handling (without any preceding | |
843 | # indicator) to use crypt16(), uncomment the following line: | |
844 | ||
845 | # DEFAULT_CRYPT=crypt16 | |
846 | ||
847 | # If you do that, you can still access the basic crypt() function by preceding | |
848 | # an encrypted password with "{crypt}". For more details, see the description | |
849 | # of the "crypteq" condition in the manual chapter on string expansions. | |
850 | ||
96c065cb PH |
851 | # Some operating systems do not include a crypt16() function, so Exim has one |
852 | # of its own, which it uses unless HAVE_CRYPT16 is defined. Normally, that will | |
853 | # be set in an OS-specific Makefile for the OS that have such a function, so | |
854 | # you should not need to bother with it. | |
855 | ||
856 | # *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** | |
857 | # It turns out that the above is not entirely accurate. As well as crypt16() | |
858 | # there is a function called bigcrypt() that some operating systems have. This | |
859 | # may or may not use the same algorithm, and both of them may be different to | |
860 | # Exim's built-in crypt16() that is used unless HAVE_CRYPT16 is defined. | |
861 | # | |
862 | # However, since there is now a move away from the traditional crypt() | |
863 | # functions towards using SHA1 and other algorithms, tidying up this area of | |
864 | # Exim is seen as very low priority. In practice, if you need to, you can | |
865 | # define DEFAULT_CRYPT to the name of any function that has the same interface | |
866 | # as the traditional crypt() function. | |
867 | # *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** | |
059ec3d9 PH |
868 | |
869 | ||
059ec3d9 PH |
870 | #------------------------------------------------------------------------------ |
871 | # The default distribution of Exim contains only the plain text form of the | |
872 | # documentation. Other forms are available separately. If you want to install | |
873 | # the documentation in "info" format, first fetch the Texinfo documentation | |
874 | # sources from the ftp directory and unpack them, which should create files | |
875 | # with the extension "texinfo" in the doc directory. You may find that the | |
876 | # version number of the texinfo files is different to your Exim version number, | |
877 | # because the main documentation isn't updated as often as the code. For | |
65872480 | 878 | # example, if you have Exim version 4.43, the source tarball unpacks into a |
059ec3d9 PH |
879 | # directory called exim-4.43, but the texinfo tarball unpacks into exim-4.40. |
880 | # In this case, move the contents of exim-4.40/doc into exim-4.43/doc after you | |
881 | # have unpacked them. Then set INFO_DIRECTORY to the location of your info | |
882 | # directory. This varies from system to system, but is often /usr/share/info. | |
883 | # Once you have done this, "make install" will build the info files and | |
884 | # install them in the directory you have defined. | |
885 | ||
886 | # INFO_DIRECTORY=/usr/share/info | |
887 | ||
888 | ||
889 | #------------------------------------------------------------------------------ | |
890 | # Exim log directory and files: Exim creates several log files inside a | |
891 | # single log directory. You can define the directory and the form of the | |
892 | # log file name here. If you do not set anything, Exim creates a directory | |
893 | # called "log" inside its spool directory (see SPOOL_DIRECTORY above) and uses | |
894 | # the filenames "mainlog", "paniclog", and "rejectlog". If you want to change | |
895 | # this, you can set LOG_FILE_PATH to a path name containing one occurrence of | |
896 | # %s. This will be replaced by one of the strings "main", "panic", or "reject" | |
897 | # to form the final file names. Some installations may want something like this: | |
898 | ||
899 | # LOG_FILE_PATH=/var/log/exim_%slog | |
900 | ||
901 | # which results in files with names /var/log/exim_mainlog, etc. The directory | |
902 | # in which the log files are placed must exist; Exim does not try to create | |
903 | # it for itself. It is also your responsibility to ensure that Exim is capable | |
904 | # of writing files using this path name. The Exim user (see EXIM_USER above) | |
905 | # must be able to create and update files in the directory you have specified. | |
906 | ||
907 | # You can also configure Exim to use syslog, instead of or as well as log | |
908 | # files, by settings such as these | |
909 | ||
910 | # LOG_FILE_PATH=syslog | |
911 | # LOG_FILE_PATH=syslog:/var/log/exim_%slog | |
912 | ||
913 | # The first of these uses only syslog; the second uses syslog and also writes | |
914 | # to log files. Do not include white space in such a setting as it messes up | |
915 | # the building process. | |
916 | ||
917 | ||
918 | #------------------------------------------------------------------------------ | |
919 | # When logging to syslog, the following option caters for syslog replacements | |
920 | # that are able to accept log entries longer than the 1024 characters allowed | |
921 | # by RFC 3164. It is up to you to make sure your syslog daemon can handle this. | |
922 | # Non-printable characters are usually unacceptable regardless, so log entries | |
923 | # are still split on newline characters. | |
924 | ||
925 | # SYSLOG_LONG_LINES=yes | |
926 | ||
927 | # If you are not interested in the process identifier (pid) of the Exim that is | |
928 | # making the call to syslog, then comment out the following line. | |
929 | ||
930 | SYSLOG_LOG_PID=yes | |
931 | ||
932 | ||
933 | #------------------------------------------------------------------------------ | |
934 | # Cycling log files: this variable specifies the maximum number of old | |
935 | # log files that are kept by the exicyclog log-cycling script. You don't have | |
936 | # to use exicyclog. If your operating system has other ways of cycling log | |
937 | # files, you can use them instead. The exicyclog script isn't run by default; | |
938 | # you have to set up a cron job for it if you want it. | |
939 | ||
940 | EXICYCLOG_MAX=10 | |
941 | ||
942 | ||
943 | #------------------------------------------------------------------------------ | |
944 | # The compress command is used by the exicyclog script to compress old log | |
945 | # files. Both the name of the command and the suffix that it adds to files | |
946 | # need to be defined here. See also the EXICYCLOG_MAX configuration. | |
947 | ||
948 | COMPRESS_COMMAND=/usr/bin/gzip | |
949 | COMPRESS_SUFFIX=gz | |
950 | ||
951 | ||
952 | #------------------------------------------------------------------------------ | |
953 | # If the exigrep utility is fed compressed log files, it tries to uncompress | |
954 | # them using this command. | |
955 | ||
fd4c285c HSHR |
956 | # Leave it empty to enforce autodetection at runtime: |
957 | # ZCAT_COMMAND= | |
958 | # | |
959 | # Omit the path if you want to use your system's PATH: | |
960 | # ZCAT_COMMAND=zcat | |
961 | # | |
962 | # Or specify the full pathname: | |
059ec3d9 PH |
963 | ZCAT_COMMAND=/usr/bin/zcat |
964 | ||
059ec3d9 PH |
965 | #------------------------------------------------------------------------------ |
966 | # Compiling in support for embedded Perl: If you want to be able to | |
967 | # use Perl code in Exim's string manipulation language and you have Perl | |
968 | # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded | |
969 | # Perl costs quite a lot of resources. Only do this if you really need it. | |
970 | ||
971 | # EXIM_PERL=perl.o | |
972 | ||
973 | ||
1a46a8c5 PH |
974 | #------------------------------------------------------------------------------ |
975 | # Support for dynamically-loaded string expansion functions via ${dlfunc. If | |
976 | # you are using gcc the dynamically-loaded object must be compiled with the | |
977 | # -shared option, and you will need to add -export-dynamic to EXTRALIBS so | |
1ea70a03 | 978 | # that the local_scan API is made available by the linker. You may also need |
612ba564 | 979 | # to add -ldl to EXTRALIBS so that dlopen() is available to Exim. |
1a46a8c5 PH |
980 | |
981 | # EXPAND_DLFUNC=yes | |
982 | ||
983 | ||
059ec3d9 PH |
984 | #------------------------------------------------------------------------------ |
985 | # Exim has support for PAM (Pluggable Authentication Modules), a facility | |
986 | # which is available in the latest releases of Solaris and in some GNU/Linux | |
987 | # distributions (see http://ftp.kernel.org/pub/linux/libs/pam/). The Exim | |
988 | # support, which is intended for use in conjunction with the SMTP AUTH | |
989 | # facilities, is included only when requested by the following setting: | |
990 | ||
991 | # SUPPORT_PAM=yes | |
992 | ||
993 | # You probably need to add -lpam to EXTRALIBS, and in some releases of | |
994 | # GNU/Linux -ldl is also needed. | |
995 | ||
996 | ||
f0989ec0 JH |
997 | #------------------------------------------------------------------------------ |
998 | # Proxying. | |
cee5f132 JH |
999 | # |
1000 | # If you may want to use outbound (client-side) proxying, using Socks5, | |
1001 | # uncomment the line below. | |
f0989ec0 JH |
1002 | |
1003 | # SUPPORT_SOCKS=yes | |
1004 | ||
cee5f132 JH |
1005 | # If you may want to use inbound (server-side) proxying, using Proxy Protocol, |
1006 | # uncomment the line below. | |
1007 | ||
1008 | # SUPPORT_PROXY=yes | |
1009 | ||
1010 | ||
8c5d388a JH |
1011 | #------------------------------------------------------------------------------ |
1012 | # Internationalisation. | |
1013 | # | |
1014 | # Uncomment the following to include Internationalisation features. This is the | |
1015 | # SMTPUTF8 ESMTP extension, and associated facilities for handling UTF8 domain | |
9427e879 | 1016 | # and localparts, per RFC 3490 (IDNA2003). |
8c5d388a | 1017 | # You need to have the IDN library installed. |
9427e879 JH |
1018 | # If you want IDNA2008 mappings per RFCs 5890, 6530 and 6533, you additionally |
1019 | # need libidn2 and SUPPORT_I18N_2008. | |
8c5d388a JH |
1020 | |
1021 | # SUPPORT_I18N=yes | |
1022 | # LDFLAGS += -lidn | |
9427e879 JH |
1023 | # SUPPORT_I18N_2008=yes |
1024 | # LDFLAGS += -lidn -lidn2 | |
8c5d388a | 1025 | |
f0989ec0 | 1026 | |
7952eef9 JH |
1027 | #------------------------------------------------------------------------------ |
1028 | # Uncomment the following lines to add SPF support. You need to have libspf2 | |
1029 | # installed on your system (www.libspf2.org). Depending on where it is installed | |
1030 | # you may have to edit the CFLAGS and LDFLAGS lines. | |
1031 | ||
1032 | # SUPPORT_SPF=yes | |
1033 | # CFLAGS += -I/usr/local/include | |
1034 | # LDFLAGS += -lspf2 | |
1035 | ||
1036 | ||
059ec3d9 PH |
1037 | #------------------------------------------------------------------------------ |
1038 | # Support for authentication via Radius is also available. The Exim support, | |
1039 | # which is intended for use in conjunction with the SMTP AUTH facilities, | |
1040 | # is included only when requested by setting the following parameter to the | |
1041 | # location of your Radius configuration file: | |
1042 | ||
1043 | # RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf | |
1044 | # RADIUS_CONFIG_FILE=/etc/radius.conf | |
1045 | ||
1046 | # If you have set RADIUS_CONFIG_FILE, you should also set one of these to | |
1047 | # indicate which RADIUS library is used: | |
059ec3d9 PH |
1048 | |
1049 | # RADIUS_LIB_TYPE=RADIUSCLIENT | |
7766a4f0 | 1050 | # RADIUS_LIB_TYPE=RADIUSCLIENTNEW |
059ec3d9 PH |
1051 | # RADIUS_LIB_TYPE=RADLIB |
1052 | ||
7766a4f0 PH |
1053 | # RADIUSCLIENT is the radiusclient library; you probably need to add |
1054 | # -lradiusclient to EXTRALIBS. | |
1055 | # | |
1056 | # The API for the radiusclient library was changed at release 0.4.0. | |
1057 | # Unfortunately, the header file does not define a version number that clients | |
1058 | # can use to support both the old and new APIs. If you are using version 0.4.0 | |
1059 | # or later of the radiusclient library, you should use RADIUSCLIENTNEW. | |
1060 | # | |
1061 | # RADLIB is the Radius library that comes with FreeBSD (the header file is | |
1062 | # called radlib.h); you probably need to add -lradius to EXTRALIBS. | |
1063 | # | |
1064 | # If you do not set RADIUS_LIB_TYPE, Exim assumes the radiusclient library, | |
1065 | # using the original API. | |
059ec3d9 PH |
1066 | |
1067 | ||
1068 | #------------------------------------------------------------------------------ | |
1069 | # Support for authentication via the Cyrus SASL pwcheck daemon is available. | |
1070 | # Note, however, that pwcheck is now deprecated in favour of saslauthd (see | |
1071 | # next item). The Exim support for pwcheck, which is intented for use in | |
1072 | # conjunction with the SMTP AUTH facilities, is included only when requested by | |
1073 | # setting the following parameter to the location of the pwcheck daemon's | |
1074 | # socket. | |
1075 | # | |
1076 | # There is no need to install all of SASL on your system. You just need to run | |
1077 | # ./configure --with-pwcheck, cd to the pwcheck directory within the sources, | |
1078 | # make and make install. You must create the socket directory (default | |
65872480 | 1079 | # /var/pwcheck) and chown it to Exim's user and group. Once you have installed |
059ec3d9 PH |
1080 | # pwcheck, you should arrange for it to be started by root at boot time. |
1081 | ||
1082 | # CYRUS_PWCHECK_SOCKET=/var/pwcheck/pwcheck | |
1083 | ||
1084 | ||
1085 | #------------------------------------------------------------------------------ | |
1086 | # Support for authentication via the Cyrus SASL saslauthd daemon is available. | |
65872480 | 1087 | # The Exim support, which is intended for use in conjunction with the SMTP AUTH |
059ec3d9 PH |
1088 | # facilities, is included only when requested by setting the following |
1089 | # parameter to the location of the saslauthd daemon's socket. | |
1090 | # | |
1091 | # There is no need to install all of SASL on your system. You just need to run | |
1092 | # ./configure --with-saslauthd (and any other options you need, for example, to | |
1093 | # select or deselect authentication mechanisms), cd to the saslauthd directory | |
1094 | # within the sources, make and make install. You must create the socket | |
65872480 | 1095 | # directory (default /var/state/saslauthd) and chown it to Exim's user and |
059ec3d9 PH |
1096 | # group. Once you have installed saslauthd, you should arrange for it to be |
1097 | # started by root at boot time. | |
1098 | ||
1099 | # CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux | |
1100 | ||
1101 | ||
1102 | #------------------------------------------------------------------------------ | |
1103 | # TCP wrappers: If you want to use tcpwrappers from within Exim, uncomment | |
1104 | # this setting. See the manual section entitled "Use of tcpwrappers" in the | |
1105 | # chapter on building and installing Exim. | |
1106 | # | |
1107 | # USE_TCP_WRAPPERS=yes | |
1108 | # | |
1109 | # You may well also have to specify a local "include" file and an additional | |
1110 | # library for TCP wrappers, so you probably need something like this: | |
1111 | # | |
1112 | # USE_TCP_WRAPPERS=yes | |
1113 | # CFLAGS=-O -I/usr/local/include | |
1114 | # EXTRALIBS_EXIM=-L/usr/local/lib -lwrap | |
1115 | # | |
1116 | # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM | |
1117 | # as well. | |
5dc43717 JJ |
1118 | # |
1119 | # To use a name other than exim in the tcpwrappers config file, | |
1120 | # e.g. if you're running multiple daemons with different access lists, | |
1121 | # or multiple MTAs with the same access list, define | |
1122 | # TCP_WRAPPERS_DAEMON_NAME accordingly | |
1123 | # | |
1124 | # TCP_WRAPPERS_DAEMON_NAME="exim" | |
059ec3d9 PH |
1125 | |
1126 | ||
1127 | #------------------------------------------------------------------------------ | |
1128 | # The default action of the exim_install script (which is run by "make | |
1129 | # install") is to install the Exim binary with a unique name such as | |
1130 | # exim-4.43-1, and then set up a symbolic link called "exim" to reference it, | |
1131 | # moving the symbolic link from any previous version. If you define NO_SYMLINK | |
1132 | # (the value doesn't matter), the symbolic link is not created or moved. You | |
1133 | # will then have to "turn Exim on" by setting up the link manually. | |
1134 | ||
1135 | # NO_SYMLINK=yes | |
1136 | ||
1137 | ||
1138 | #------------------------------------------------------------------------------ | |
1139 | # Another default action of the install script is to install a default runtime | |
1140 | # configuration file if one does not exist. This configuration has a router for | |
1141 | # expanding system aliases. The default assumes that these aliases are kept | |
1142 | # in the traditional file called /etc/aliases. If such a file does not exist, | |
1143 | # the installation script creates one that contains just comments (no actual | |
1144 | # aliases). The following setting can be changed to specify a different | |
1145 | # location for the system alias file. | |
1146 | ||
1147 | SYSTEM_ALIASES_FILE=/etc/aliases | |
1148 | ||
1149 | ||
1150 | #------------------------------------------------------------------------------ | |
1151 | # There are some testing options (-be, -bt, -bv) that read data from the | |
1152 | # standard input when no arguments are supplied. By default, the input lines | |
1153 | # are read using the standard fgets() function. This does not support line | |
1154 | # editing during interactive input (though the terminal's "erase" character | |
1155 | # works as normal). If your operating system has the readline() function, and | |
1156 | # in addition supports dynamic loading of library functions, you can cause | |
1157 | # Exim to use readline() for the -be testing option (only) by uncommenting the | |
1158 | # following setting. Dynamic loading is used so that the library is loaded only | |
1159 | # when the -be testing option is given; by the time the loading occurs, | |
1160 | # Exim has given up its root privilege and is running as the calling user. This | |
1161 | # is the reason why readline() is NOT supported for -bt and -bv, because Exim | |
1162 | # runs as root or as exim, respectively, for those options. When USE_READLINE | |
1163 | # is "yes", as well as supporting line editing, a history of input lines in the | |
1164 | # current run is maintained. | |
1165 | ||
1166 | # USE_READLINE=yes | |
1167 | ||
79b5812b | 1168 | # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes. |
b08b24c8 PH |
1169 | # Note that this option adds to the size of the Exim binary, because the |
1170 | # dynamic loading library is not otherwise included. | |
1171 | ||
bdde2215 PP |
1172 | # If libreadline is not in the normal library paths, then because Exim is |
1173 | # setuid you'll need to ensure that the correct directory is stamped into | |
1174 | # the binary so that dlopen will find it. | |
1175 | # Eg, on macOS/Darwin with a third-party install of libreadline, perhaps: | |
1176 | ||
1177 | # EXTRALIBS_EXIM+=-Wl,-rpath,/usr/local/opt/readline/lib | |
1178 | ||
059ec3d9 | 1179 | |
e9eb3457 JH |
1180 | #------------------------------------------------------------------------------ |
1181 | # Uncomment this setting to include IPv6 support. | |
1182 | ||
37dd1b19 | 1183 | # HAVE_IPV6=yes |
059ec3d9 PH |
1184 | |
1185 | ############################################################################### | |
1186 | # THINGS YOU ALMOST NEVER NEED TO MENTION # | |
1187 | ############################################################################### | |
1188 | ||
1189 | # The settings in this section are available for use in special circumstances. | |
1190 | # In the vast majority of installations you need not change anything below. | |
1191 | ||
1192 | ||
1193 | #------------------------------------------------------------------------------ | |
1194 | # The following commands live in different places in some OS. Either the | |
1195 | # ultimate default settings, or the OS-specific files should already point to | |
1196 | # the right place, but they can be overridden here if necessary. These settings | |
1197 | # are used when building various scripts to ensure that the correct paths are | |
1198 | # used when the scripts are run. They are not used in the Makefile itself. Perl | |
1199 | # is not necessary for running Exim unless you set EXIM_PERL (see above) to get | |
1200 | # it embedded, but there are some utilities that are Perl scripts. If you | |
1201 | # haven't got Perl, Exim will still build and run; you just won't be able to | |
1202 | # use those utilities. | |
1203 | ||
1204 | # CHOWN_COMMAND=/usr/bin/chown | |
1205 | # CHGRP_COMMAND=/usr/bin/chgrp | |
c2f9a1ee | 1206 | # CHMOD_COMMAND=/usr/bin/chmod |
059ec3d9 PH |
1207 | # MV_COMMAND=/bin/mv |
1208 | # RM_COMMAND=/bin/rm | |
c2f9a1ee | 1209 | # TOUCH_COMMAND=/usr/bin/touch |
059ec3d9 PH |
1210 | # PERL_COMMAND=/usr/bin/perl |
1211 | ||
1212 | ||
1213 | #------------------------------------------------------------------------------ | |
1214 | # The following macro can be used to change the command for building a library | |
1215 | # of functions. By default the "ar" command is used, with options "cq". | |
1216 | # Only in rare circumstances should you need to change this. | |
1217 | ||
1218 | # AR=ar cq | |
1219 | ||
1220 | ||
1221 | #------------------------------------------------------------------------------ | |
1222 | # In some operating systems, the value of the TMPDIR environment variable | |
1223 | # controls where temporary files are created. Exim does not make use of | |
1224 | # temporary files, except when delivering to MBX mailboxes. However, if Exim | |
1225 | # calls any external libraries (e.g. DBM libraries), they may use temporary | |
1226 | # files, and thus be influenced by the value of TMPDIR. For this reason, when | |
1227 | # Exim starts, it checks the environment for TMPDIR, and if it finds it is set, | |
1228 | # it replaces the value with what is defined here. Commenting this setting | |
8f3bfb82 HSHR |
1229 | # suppresses the check altogether. Older installations call this macro |
1230 | # just TMPDIR, but this has side effects at build time. At runtime | |
1231 | # TMPDIR is checked as before. | |
059ec3d9 | 1232 | |
75286da3 | 1233 | EXIM_TMPDIR="/tmp" |
059ec3d9 PH |
1234 | |
1235 | ||
1236 | #------------------------------------------------------------------------------ | |
1237 | # The following macros can be used to change the default modes that are used | |
1238 | # by the appendfile transport. In most installations the defaults are just | |
1239 | # fine, and in any case, you can change particular instances of the transport | |
1240 | # at run time if you want. | |
1241 | ||
1242 | # APPENDFILE_MODE=0600 | |
1243 | # APPENDFILE_DIRECTORY_MODE=0700 | |
1244 | # APPENDFILE_LOCKFILE_MODE=0600 | |
1245 | ||
1246 | ||
1247 | #------------------------------------------------------------------------------ | |
1248 | # In some installations there may be multiple machines sharing file systems, | |
1249 | # where a different configuration file is required for Exim on the different | |
1250 | # machines. If CONFIGURE_FILE_USE_NODE is defined, then Exim will first look | |
1251 | # for a configuration file whose name is that defined by CONFIGURE_FILE, | |
1252 | # with the node name obtained by uname() tacked on the end, separated by a | |
1253 | # period (for example, /usr/exim/configure.host.in.some.domain). If this file | |
1254 | # does not exist, then the bare configuration file name is tried. | |
1255 | ||
1256 | # CONFIGURE_FILE_USE_NODE=yes | |
1257 | ||
1258 | ||
1259 | #------------------------------------------------------------------------------ | |
1260 | # In some esoteric configurations two different versions of Exim are run, | |
1261 | # with different setuid values, and different configuration files are required | |
1262 | # to handle the different cases. If CONFIGURE_FILE_USE_EUID is defined, then | |
1263 | # Exim will first look for a configuration file whose name is that defined | |
1264 | # by CONFIGURE_FILE, with the effective uid tacked on the end, separated by | |
65872480 | 1265 | # a period (for example, /usr/exim/configure.0). If this file does not exist, |
059ec3d9 PH |
1266 | # then the bare configuration file name is tried. In the case when both |
1267 | # CONFIGURE_FILE_USE_EUID and CONFIGURE_FILE_USE_NODE are set, four files | |
1268 | # are tried: <name>.<euid>.<node>, <name>.<node>, <name>.<euid>, and <name>. | |
1269 | ||
1270 | # CONFIGURE_FILE_USE_EUID=yes | |
1271 | ||
1272 | ||
1273 | #------------------------------------------------------------------------------ | |
1274 | # The size of the delivery buffers: These specify the sizes (in bytes) of | |
1275 | # the buffers that are used when copying a message from the spool to a | |
1276 | # destination. There is rarely any need to change these values. | |
1277 | ||
1278 | # DELIVER_IN_BUFFER_SIZE=8192 | |
1279 | # DELIVER_OUT_BUFFER_SIZE=8192 | |
1280 | ||
1281 | ||
1282 | #------------------------------------------------------------------------------ | |
1283 | # The mode of the database directory: Exim creates a directory called "db" | |
1284 | # in its spool directory, to hold its databases of hints. This variable | |
1285 | # determines the mode of the created directory. The default value in the | |
1286 | # source is 0750. | |
1287 | ||
1288 | # EXIMDB_DIRECTORY_MODE=0750 | |
1289 | ||
1290 | ||
1291 | #------------------------------------------------------------------------------ | |
1292 | # Database file mode: The mode of files created in the "db" directory defaults | |
1293 | # to 0640 in the source, and can be changed here. | |
1294 | ||
1295 | # EXIMDB_MODE=0640 | |
1296 | ||
1297 | ||
1298 | #------------------------------------------------------------------------------ | |
1299 | # Database lock file mode: The mode of zero-length files created in the "db" | |
1300 | # directory to use for locking purposes defaults to 0640 in the source, and | |
1301 | # can be changed here. | |
1302 | ||
1303 | # EXIMDB_LOCKFILE_MODE=0640 | |
1304 | ||
1305 | ||
1306 | #------------------------------------------------------------------------------ | |
1307 | # This parameter sets the maximum length of the header portion of a message | |
1308 | # that Exim is prepared to process. The default setting is one megabyte. The | |
1309 | # limit exists in order to catch rogue mailers that might connect to your SMTP | |
1310 | # port, start off a header line, and then just pump junk at it for ever. The | |
1311 | # message_size_limit option would also catch this, but it may not be set. | |
1312 | # The value set here is the default; it can be changed at runtime. | |
1313 | ||
1314 | # HEADER_MAXSIZE="(1024*1024)" | |
1315 | ||
1316 | ||
1317 | #------------------------------------------------------------------------------ | |
1318 | # The mode of the input directory: The input directory is where messages are | |
1319 | # kept while awaiting delivery. Exim creates it if necessary, using a mode | |
1320 | # which can be defined here (default 0750). | |
1321 | ||
1322 | # INPUT_DIRECTORY_MODE=0750 | |
1323 | ||
1324 | ||
1325 | #------------------------------------------------------------------------------ | |
1326 | # The mode of Exim's log directory, when it is created by Exim inside the spool | |
1327 | # directory, defaults to 0750 but can be changed here. | |
1328 | ||
1329 | # LOG_DIRECTORY_MODE=0750 | |
1330 | ||
1331 | ||
1332 | #------------------------------------------------------------------------------ | |
1333 | # The log files themselves are created as required, with a mode that defaults | |
1334 | # to 0640, but which can be changed here. | |
1335 | ||
1336 | # LOG_MODE=0640 | |
1337 | ||
1338 | ||
1339 | #------------------------------------------------------------------------------ | |
1340 | # The TESTDB lookup is for performing tests on the handling of lookup results, | |
1341 | # and is not useful for general running. It should be included only when | |
1342 | # debugging the code of Exim. | |
1343 | ||
1344 | # LOOKUP_TESTDB=yes | |
1345 | ||
1346 | ||
1347 | #------------------------------------------------------------------------------ | |
1348 | # /bin/sh is used by default as the shell in which to run commands that are | |
1349 | # defined in the makefiles. This can be changed if necessary, by uncommenting | |
1350 | # this line and specifying another shell, but note that a Bourne-compatible | |
1351 | # shell is expected. | |
1352 | ||
1353 | # MAKE_SHELL=/bin/sh | |
1354 | ||
1355 | ||
1356 | #------------------------------------------------------------------------------ | |
1357 | # The maximum number of named lists of each type (address, domain, host, and | |
1358 | # local part) can be increased by changing this value. It should be set to | |
1359 | # a multiple of 16. | |
1360 | ||
1361 | # MAX_NAMED_LIST=16 | |
1362 | ||
1363 | ||
1364 | #------------------------------------------------------------------------------ | |
1365 | # Network interfaces: Unless you set the local_interfaces option in the runtime | |
1366 | # configuration file to restrict Exim to certain interfaces only, it will run | |
1367 | # code to find all the interfaces there are on your host. Unfortunately, | |
1368 | # the call to the OS that does this requires a buffer large enough to hold | |
1369 | # data for all the interfaces - it was designed in the days when a host rarely | |
1370 | # had more than three or four interfaces. Nowadays hosts can have very many | |
1371 | # virtual interfaces running on the same hardware. If you have more than 250 | |
1372 | # virtual interfaces, you will need to uncomment this setting and increase the | |
1373 | # value. | |
1374 | ||
1375 | # MAXINTERFACES=250 | |
1376 | ||
1377 | ||
1378 | #------------------------------------------------------------------------------ | |
1379 | # Per-message logs: While a message is in the process of being delivered, | |
1380 | # comments on its progress are written to a message log, for the benefit of | |
1381 | # human administrators. These logs are held in a directory called "msglog" | |
1382 | # in the spool directory. Its mode defaults to 0750, but can be changed here. | |
1383 | # The message log directory is also used for storing files that are used by | |
1384 | # transports for returning data to a message's sender (see the "return_output" | |
1385 | # option for transports). | |
1386 | ||
1387 | # MSGLOG_DIRECTORY_MODE=0750 | |
1388 | ||
1389 | ||
1390 | #------------------------------------------------------------------------------ | |
1391 | # There are three options which are used when compiling the Perl interface and | |
1392 | # when linking with Perl. The default values for these are placed automatically | |
1393 | # at the head of the Makefile by the script which builds it. However, if you | |
1394 | # want to override them, you can do so here. | |
1395 | ||
1396 | # PERL_CC= | |
1397 | # PERL_CCOPTS= | |
1398 | # PERL_LIBS= | |
1399 | ||
1400 | ||
438257ba PP |
1401 | #------------------------------------------------------------------------------ |
1402 | # If you wish to disable valgrind in the binary, define NVALGRIND=1. | |
1403 | # This should not be needed. | |
1404 | ||
1405 | # NVALGRIND=1 | |
1406 | ||
059ec3d9 PH |
1407 | #------------------------------------------------------------------------------ |
1408 | # Identifying the daemon: When an Exim daemon starts up, it writes its pid | |
1409 | # (process id) to a file so that it can easily be identified. The path of the | |
1410 | # file can be specified here. Some installations may want something like this: | |
1411 | ||
1412 | # PID_FILE_PATH=/var/lock/exim.pid | |
1413 | ||
1414 | # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory | |
1415 | # using the name "exim-daemon.pid". | |
1416 | ||
1417 | # If you start up a daemon without the -bd option (for example, with just | |
1418 | # the -q15m option), a pid file is not written. Also, if you override the | |
1419 | # configuration file with the -oX option, no pid file is written. In other | |
1420 | # words, the pid file is written only for a "standard" daemon. | |
1421 | ||
1422 | ||
1423 | #------------------------------------------------------------------------------ | |
1424 | # If Exim creates the spool directory, it is given this mode, defaulting in the | |
1425 | # source to 0750. | |
1426 | ||
1427 | # SPOOL_DIRECTORY_MODE=0750 | |
1428 | ||
1429 | ||
1430 | #------------------------------------------------------------------------------ | |
1431 | # The mode of files on the input spool which hold the contents of messages can | |
1432 | # be changed here. The default is 0640 so that information from the spool is | |
1433 | # available to anyone who is a member of the Exim group. | |
1434 | ||
1435 | # SPOOL_MODE=0640 | |
1436 | ||
1437 | ||
1438 | #------------------------------------------------------------------------------ | |
1439 | # Moving frozen messages: If the following is uncommented, Exim is compiled | |
1440 | # with support for automatically moving frozen messages out of the main spool | |
1441 | # directory, a facility that is found useful by some large installations. A | |
1442 | # run time option is required to cause the moving actually to occur. Such | |
1443 | # messages become "invisible" to the normal management tools. | |
1444 | ||
1445 | # SUPPORT_MOVE_FROZEN_MESSAGES=yes | |
1446 | ||
54fc8428 | 1447 | |
82c6910a | 1448 | #------------------------------------------------------------------------------ |
65872480 | 1449 | # Expanding match_* second parameters: BE CAREFUL IF ENABLING THIS! |
82c6910a PP |
1450 | # It has proven too easy in practice for administrators to configure security |
1451 | # problems into their Exim install, by treating match_domain{}{} and friends | |
1452 | # as a form of string comparison, where the second string comes from untrusted | |
1453 | # data. Because these options take lists, which can include lookup;LOOKUPDATA | |
1454 | # style elements, a foe can then cause Exim to, eg, execute an arbitrary MySQL | |
1455 | # query, dropping tables. | |
1456 | # From Exim 4.77 onwards, the second parameter is not expanded; it can still | |
1457 | # be a list literal, or a macro, or a named list reference. There is also | |
1458 | # the new expansion condition "inlisti" which does expand the second parameter, | |
1459 | # but treats it as a list of strings; also, there's "eqi" which is probably | |
1460 | # what is normally wanted. | |
1461 | # | |
1462 | # If you really need to have the old behaviour, know what you are doing and | |
1463 | # will not complain if your system is compromised as a result of doing so, then | |
1464 | # uncomment this option to get the old behaviour back. | |
1465 | ||
1466 | # EXPAND_LISTMATCH_RHS=yes | |
1467 | ||
54fc8428 PH |
1468 | #------------------------------------------------------------------------------ |
1469 | # Disabling the use of fsync(): DO NOT UNCOMMENT THE FOLLOWING LINE unless you | |
1470 | # really, really, really know what you are doing. And even then, think again. | |
1471 | # You should never uncomment this when compiling a binary for distribution. | |
1472 | # Use it only when compiling Exim for your own use. | |
1473 | # | |
1474 | # Uncommenting this line enables the use of a runtime option called | |
1475 | # disable_fsync, which can be used to stop Exim using fsync() to ensure that | |
1476 | # files are written to disc before proceeding. When this is disabled, crashes | |
1477 | # and hardware problems such as power outages can cause data to be lost. This | |
1478 | # feature should only be used in very exceptional circumstances. YOU HAVE BEEN | |
1479 | # WARNED. | |
1480 | ||
1481 | # ENABLE_DISABLE_FSYNC=yes | |
1482 | ||
9f01e50d JH |
1483 | #------------------------------------------------------------------------------ |
1484 | # For development, add this to include code to time various stages and report. | |
1485 | # CFLAGS += -DMEASURE_TIMING | |
1486 | ||
059ec3d9 | 1487 | # End of EDITME for Exim 4. |