X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fconfigure.default;h=d6aaa5ec394d162602206c4b28dc46e234b1bfa4;hb=5901f0abfe16545a81e820cd9816e830287776a7;hp=9ae20dae91aec973333f339751ab826e96e61201;hpb=42119b09dd8a23c8fcc14ff65fdc8c4d16c83c23;p=exim.git diff --git a/src/src/configure.default b/src/src/configure.default index 9ae20dae9..d6aaa5ec3 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -1,5 +1,3 @@ -# $Cambridge: exim/src/src/configure.default,v 1.9 2006/07/07 13:54:32 ph10 Exp $ - ###################################################################### # Runtime configuration file for Exim # ###################################################################### @@ -62,7 +60,7 @@ hostlist relay_from_hosts = 127.0.0.1 # Most straightforward access control requirements can be obtained by # appropriate settings of the above options. In more complicated situations, -# you may need to modify the Access Control List (ACL) which appears later in +# you may need to modify the Access Control Lists (ACLs) which appear later in # this file. # The first setting specifies your local domains, for example: @@ -195,14 +193,15 @@ acl_smtp_data = acl_check_data # allow_domain_literals -# No deliveries will ever be run under the uids of these users (a colon- -# separated list). An attempt to do so causes a panic error to be logged, and -# the delivery to be deferred. This is a paranoic safety catch. There is an -# even stronger safety catch in the form of the FIXED_NEVER_USERS setting -# in the configuration for building Exim. The list of users that it specifies -# is built into the binary, and cannot be changed. The option below just adds -# additional users to the list. The default for FIXED_NEVER_USERS is "root", -# but just to be absolutely sure, the default here is also "root". +# No deliveries will ever be run under the uids of users specified by +# never_users (a colon-separated list). An attempt to do so causes a panic +# error to be logged, and the delivery to be deferred. This is a paranoic +# safety catch. There is an even stronger safety catch in the form of the +# FIXED_NEVER_USERS setting in the configuration for building Exim. The list of +# users that it specifies is built into the binary, and cannot be changed. The +# option below just adds additional users to the list. The default for +# FIXED_NEVER_USERS is "root", but just to be absolutely sure, the default here +# is also "root". # Note that the default setting means you cannot deliver mail addressed to root # as if it were a normal user. This isn't usually a problem, as most sites have @@ -275,6 +274,35 @@ ignore_bounce_errors_after = 2d timeout_frozen_after = 7d +# By default, messages that are waiting on Exim's queue are all held in a +# single directory called "input" which it itself within Exim's spool +# directory. (The default spool directory is specified when Exim is built, and +# is often /var/spool/exim/.) Exim works best when its queue is kept short, but +# there are circumstances where this is not always possible. If you uncomment +# the setting below, messages on the queue are held in 62 subdirectories of +# "input" instead of all in the same directory. The subdirectories are called +# 0, 1, ... A, B, ... a, b, ... z. This has two benefits: (1) If your file +# system degrades with many files in one directory, this is less likely to +# happen; (2) Exim can process the queue one subdirectory at a time instead of +# all at once, which can give better performance with large queues. + +# split_spool_directory = true + + +# If you're in a part of the world where ASCII is not sufficient for most +# text, then you're probably familiar with RFC2047 message header extensions. +# By default, Exim adheres to the specification, including a limit of 76 +# characters to a line, with encoded words fitting within a line. +# If you wish to use decoded headers in message filters in such a way +# that successful decoding of malformed messages matters, you may wish to +# configure Exim to be more lenient. +# +# check_rfc2047_length = false +# +# In particular, the Exim maintainers have had multiple reports of problems +# from Russian administrators of issues until they disable this check, +# because of some popular, yet buggy, mail composition software. + ###################################################################### # ACL CONFIGURATION # @@ -293,6 +321,7 @@ acl_check_rcpt: # testing for an empty sending host field. accept hosts = : + control = dkim_disable_verify ############################################################################# # The following section of the ACL is concerned with local parts that contain @@ -371,6 +400,7 @@ acl_check_rcpt: accept hosts = +relay_from_hosts control = submission + control = dkim_disable_verify # Accept if the message arrived over an authenticated connection, from # any host. Again, these messages are usually from MUAs, so recipient @@ -379,6 +409,22 @@ acl_check_rcpt: accept authenticated = * control = submission + control = dkim_disable_verify + + # Insist that any other recipient address that we accept is either in one of + # our local domains, or is in a domain for which we explicitly allow + # relaying. Any other domain is rejected as being unacceptable for relaying. + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + # We also require all accepted addresses to be verifiable. This check will + # do local part verification for local domains, but only check the domain + # for remote domains. The only way to check local parts for the remote + # relay domains is to use a callout (add /callout), but please read the + # documentation about callouts before doing this. + + require verify = recipient ############################################################################# # There are no default checks on DNS black lists because the domains that @@ -405,26 +451,10 @@ acl_check_rcpt: # require verify = csa ############################################################################# - # Accept if the address is in a local domain, but only if the recipient can - # be verified. Otherwise deny. The "endpass" line is the border between - # passing on to the next ACL statement (if tests above it fail) or denying - # access (if tests below it fail). - - accept domains = +local_domains - endpass - verify = recipient - - # Accept if the address is in a domain for which we are an incoming relay, - # but again, only if the recipient can be verified. - - accept domains = +relay_to_domains - endpass - verify = recipient + # At this point, the address has passed all the checks that have been + # configured, so we accept it unconditionally. - # Reaching the end of the ACL causes a "deny", but we might as well give - # an explicit message. - - deny message = relay not permitted + accept # This ACL is used after the contents of a message have been received. This @@ -675,6 +705,12 @@ begin retry # hours, then retries every 6 hours until 4 days have passed since the first # failed delivery. +# WARNING: If you do not have any retry rules at all (this section of the +# configuration is non-existent or empty), Exim will not do any retries of +# messages that fail to get delivered at the first attempt. The effect will +# be to treat temporary errors as permanent. Therefore, DO NOT remove this +# retry rule unless you really don't want any retries. + # Address or Domain Error Retries # ----------------- ----- -------