X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fconfigure.default;h=9ae20dae91aec973333f339751ab826e96e61201;hb=42119b09dd8a23c8fcc14ff65fdc8c4d16c83c23;hp=6b09309ad300e76607d02a2c800ed4f60740417f;hpb=533940842646f8f15ce05b0f2a3110385b153529;p=exim.git

diff --git a/src/src/configure.default b/src/src/configure.default
index 6b09309ad..9ae20dae9 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -1,4 +1,4 @@
-# $Cambridge: exim/src/src/configure.default,v 1.6 2005/11/21 10:00:26 ph10 Exp $
+# $Cambridge: exim/src/src/configure.default,v 1.9 2006/07/07 13:54:32 ph10 Exp $
 
 ######################################################################
 #                  Runtime configuration file for Exim               #
@@ -130,6 +130,40 @@ acl_smtp_data = acl_check_data
 # spamd_address = 127.0.0.1 783
 
 
+# If Exim is compiled with support for TLS, you may want to enable the
+# following options so that Exim allows clients to make encrypted
+# connections. In the authenticators section below, there are template
+# configurations for plaintext username/password authentication. This kind
+# of authentication is only safe when used within a TLS connection, so the
+# authenticators will only work if the following TLS settings are turned on
+# as well.
+
+# Allow any client to use TLS.
+
+# tls_advertise_hosts = *
+
+# Specify the location of the Exim server's TLS certificate and private key.
+# The private key must not be encrypted (password protected). You can put
+# the certificate and private key in the same file, in which case you only
+# need the first setting, or in separate files, in which case you need both
+# options.
+
+# tls_certificate = /etc/ssl/exim.crt
+# tls_privatekey = /etc/ssl/exim.pem
+
+# In order to support roaming users who wish to send email from anywhere,
+# you may want to make Exim listen on other ports as well as port 25, in
+# case these users need to send email from a network that blocks port 25.
+# The standard port for this purpose is port 587, the "message submission"
+# port. See RFC 4409 for details. Microsoft MUAs cannot be configured to
+# talk the message submission protocol correctly, so if you need to support
+# them you should also allow TLS-on-connect on the traditional but
+# non-standard port 465.
+
+# daemon_smtp_ports = 25 : 465 : 587
+# tls_on_connect_ports = 465
+
+
 # Specify the domain you want to be added to all unqualified addresses
 # here. An unqualified address is one that does not contain an "@" character
 # followed by a domain. For example, "caesar@rome.example" is a fully qualified
@@ -192,10 +226,11 @@ host_lookup = *
 # are disabled. RFC 1413 calls are cheap and can provide useful information
 # for tracing problem messages, but some hosts and firewalls have problems
 # with them. This can result in a timeout instead of an immediate refused
-# connection, leading to delays on starting up an SMTP session.
+# connection, leading to delays on starting up SMTP sessions. (The default was
+# reduced from 30s to 5s for release 4.61.)
 
 rfc1413_hosts = *
-rfc1413_query_timeout = 30s
+rfc1413_query_timeout = 5s
 
 
 # By default, Exim expects all envelope addresses to be fully qualified, that
@@ -354,9 +389,9 @@ acl_check_rcpt:
   # deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
   #         dnslists      = black.list.example
   #
-  # warn    message       = X-Warning: $sender_host_address is in a black list at $dnslist_domain
+  # warn    dnslists      = black.list.example
+  #         add_header    = X-Warning: $sender_host_address is in a black list at $dnslist_domain
   #         log_message   = found in $dnslist_domain
-  #         dnslists      = black.list.example
   #############################################################################
 
   #############################################################################
@@ -405,18 +440,18 @@ acl_check_data:
   # Deny if the message contains a virus. Before enabling this check, you
   # must install a virus scanner and set the av_scanner option above.
   #
-  # deny    malware   = *
-  #         message   = This message contains a virus ($malware_name).
+  # deny    malware    = *
+  #         message    = This message contains a virus ($malware_name).
 
   # Add headers to a message if it is judged to be spam. Before enabling this,
   # you must install SpamAssassin. You may also need to set the spamd_address
   # option above.
   #
-  # warn    spam      = nobody
-  #         message   = X-Spam_score: $spam_score\n\
-  #                     X-Spam_score_int: $spam_score_int\n\
-  #                     X-Spam_bar: $spam_bar\n\
-  #                     X-Spam_report: $spam_report
+  # warn    spam       = nobody
+  #         add_header = X-Spam_score: $spam_score\n\
+  #                      X-Spam_score_int: $spam_score_int\n\
+  #                      X-Spam_bar: $spam_bar\n\
+  #                      X-Spam_report: $spam_report
 
   # Accept the message.
 
@@ -661,10 +696,49 @@ begin rewrite
 #                   AUTHENTICATION CONFIGURATION                     #
 ######################################################################
 
-# There are no authenticator specifications in this default configuration file.
+# The following authenticators support plaintext username/password
+# authentication using the standard PLAIN mechanism and the traditional
+# but non-standard LOGIN mechanism, with Exim acting as the server.
+# PLAIN and LOGIN are enough to support most MUA software.
+#
+# These authenticators are not complete: you need to change the
+# server_condition settings to specify how passwords are verified.
+# They are set up to offer authentication to the client only if the
+# connection is encrypted with TLS, so you also need to add support
+# for TLS. See the global configuration options section at the start
+# of this file for more about TLS.
+#
+# The default RCPT ACL checks for successful authentication, and will accept
+# messages from authenticated users from anywhere on the Internet.
 
 begin authenticators
 
+# PLAIN authentication has no server prompts. The client sends its
+# credentials in one lump, containing an authorization ID (which we do not
+# use), an authentication ID, and a password. The latter two appear as
+# $auth2 and $auth3 in the configuration and should be checked against a
+# valid username and password. In a real configuration you would typically
+# use $auth2 as a lookup key, and compare $auth3 against the result of the
+# lookup, perhaps using the crypteq{}{} condition.
+
+#PLAIN:
+#  driver                     = plaintext
+#  server_set_id              = $auth2
+#  server_prompts             = :
+#  server_condition           = Authentication is not yet configured
+#  server_advertise_condition = ${if def:tls_cipher }
+
+# LOGIN authentication has traditional prompts and responses. There is no
+# authorization ID in this mechanism, so unlike PLAIN the username and
+# password are $auth1 and $auth2. Apart from that you can use the same
+# server_condition setting for both authenticators.
+
+#LOGIN:
+#  driver                     = plaintext
+#  server_set_id              = $auth1
+#  server_prompts             = <| Username: | Password:
+#  server_condition           = Authentication is not yet configured
+#  server_advertise_condition = ${if def:tls_cipher }
 
 
 ######################################################################