-# $Cambridge: exim/src/src/configure.default,v 1.1 2004/10/07 10:39:01 ph10 Exp $
+# $Cambridge: exim/src/src/configure.default,v 1.5 2005/10/11 13:50:48 ph10 Exp $
######################################################################
# Runtime configuration file for Exim #
# SMTP mail by using the loopback address. A number of MUAs use this method of
# sending mail.
-
# All three of these lists may contain many different kinds of item, including
# wildcarded names, regular expressions, and file lookups. See the reference
-# manual for details. The lists above are used in the access control list for
-# incoming messages. The name of this ACL is defined here:
+# manual for details. The lists above are used in the access control lists for
+# checking incoming messages. The names of these ACLs are defined here:
acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+
+# You should not change those settings until you understand how ACLs work.
+
+
+# If you are running a version of Exim that was compiled with the content-
+# scanning extension, you can cause incoming messages to be automatically
+# scanned for viruses. You have to modify the configuration in two places to
+# set this up. The first of them is here, where you define the interface to
+# your scanner. This example is typical for ClamAV; see the manual for details
+# of what to set for other virus scanners. The second modification is in the
+# acl_check_data access control list (see below).
+
+# av_scanner = clamd:/tmp/clamd
-# You should not change that setting until you understand how ACLs work.
+
+# For spam scanning, there is a similar option that defines the interface to
+# SpamAssassin. You do not need to set this if you are using the default, which
+# is shown in this commented example. As for virus scanning, you must also
+# modify the acl_check_data access control list to enable spam scanning.
+
+# spamd_address = 127.0.0.1 783
# Specify the domain you want to be added to all unqualified addresses
require verify = sender
+ # Accept if the message comes from one of the hosts for which we are an
+ # outgoing relay. It is assumed that such hosts are most likely to be MUAs,
+ # so we set control=submission to make Exim treat the message as a
+ # submission. It will fix up various errors in the message, for example, the
+ # lack of a Date: header line. If you are actually relaying out out from
+ # MTAs, you may want to disable this. If you are handling both relaying from
+ # MTAs and submissions from MUAs you should probably split them into two
+ # lists, and handle them differently.
+
+ # Recipient verification is omitted here, because in many cases the clients
+ # are dumb MUAs that don't cope well with SMTP error responses. If you are
+ # actually relaying out from MTAs, you should probably add recipient
+ # verification here.
+
+ # Note that, by putting this test before any DNS black list checks, you will
+ # always accept from these hosts, even if they end up on a black list. The
+ # assumption is that they are your friends, and if they get onto a black
+ # list, it is a mistake.
+
+ accept hosts = +relay_from_hosts
+ control = submission
+
+ # Accept if the message arrived over an authenticated connection, from
+ # any host. Again, these messages are usually from MUAs, so recipient
+ # verification is omitted, and submission mode is set. And again, we do this
+ # check before any black list tests.
+
+ accept authenticated = *
+ control = submission
+
#############################################################################
- # There are no checks on DNS "black" lists because the domains that contain
- # these lists are changing all the time. However, here are two examples of
- # how you could get Exim to perform a DNS black list lookup at this point.
- # The first one denies, while the second just warns.
+ # There are no default checks on DNS black lists because the domains that
+ # contain these lists are changing all the time. However, here are two
+ # examples of how you can get Exim to perform a DNS black list lookup at this
+ # point. The first one denies, whereas the second just warns.
#
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
# dnslists = black.list.example
# dnslists = black.list.example
#############################################################################
+ #############################################################################
+ # This check is commented out because it is recognized that not every
+ # sysadmin will want to do it. If you enable it, the check performs
+ # Client SMTP Authorization (csa) checks on the sending host. These checks
+ # do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
+ # an Internet draft. You can, of course, add additional conditions to this
+ # ACL statement to restrict the CSA checks to certain hosts only.
+ #
+ # require verify = csa
+ #############################################################################
+
# Accept if the address is in a local domain, but only if the recipient can
# be verified. Otherwise deny. The "endpass" line is the border between
# passing on to the next ACL statement (if tests above it fail) or denying
endpass
verify = recipient
- # Accept if the address is in a domain for which we are relaying, but again,
- # only if the recipient can be verified.
+ # Accept if the address is in a domain for which we are an incoming relay,
+ # but again, only if the recipient can be verified.
accept domains = +relay_to_domains
endpass
verify = recipient
- # If control reaches this point, the domain is neither in +local_domains
- # nor in +relay_to_domains.
+ # Reaching the end of the ACL causes a "deny", but we might as well give
+ # an explicit message.
- # Accept if the message comes from one of the hosts for which we are an
- # outgoing relay. Recipient verification is omitted here, because in many
- # cases the clients are dumb MUAs that don't cope well with SMTP error
- # responses. If you are actually relaying out from MTAs, you should probably
- # add recipient verification here.
+ deny message = relay not permitted
- accept hosts = +relay_from_hosts
- # Accept if the message arrived over an authenticated connection, from
- # any host. Again, these messages are usually from MUAs, so recipient
- # verification is omitted.
+# This ACL is used after the contents of a message have been received. This
+# is the ACL in which you can test a message's headers or body, and in
+# particular, this is where you can invoke external virus or spam scanners.
+# Some suggested ways of configuring these tests are shown below, commented
+# out. Without any tests, this ACL accepts all messages. If you want to use
+# such tests, you must ensure that Exim is compiled with the content-scanning
+# extension (WITH_CONTENT_SCAN=yes in Local/Makefile).
- accept authenticated = *
+acl_check_data:
- # Reaching the end of the ACL causes a "deny", but we might as well give
- # an explicit message.
+ # Deny if the message contains a virus. Before enabling this check, you
+ # must install a virus scanner and set the av_scanner option above.
+ #
+ # deny malware = *
+ # message = This message contains a virus ($malware_name).
- deny message = relay not permitted
+ # Add headers to a message if it is judged to be spam. Before enabling this,
+ # you must install SpamAssassin. You may also need to set the spamd_address
+ # option above.
+ #
+ # warn spam = nobody
+ # message = X-Spam_score: $spam_score\n\
+ # X-Spam_score_int: $spam_score_int\n\
+ # X-Spam_bar: $spam_bar\n\
+ # X-Spam_report: $spam_report
+
+ # Accept the message.
+
+ accept