# tls_privatekey = /etc/ssl/exim.pem
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
-# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+.ifdef _HAVE_OPENSSL
+tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+.endif
+
+# Don't offer resumption to (most) MUAs, who we don't want to reuse
+# tickets. Once the TLS extension for vended ticket numbers comes
+# though, re-examine since resumption on a single-use ticket is still a benefit.
+tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
# In order to support roaming users who wish to send email from anywhere,
# you may want to make Exim listen on other ports as well as port 25, in
# Enable an efficiency feature. We advertise the feature; clients
# may request to use it. For multi-recipient mails we then can
# reject or accept per-user after the message is received.
+# This supports recipient-dependent content filtering; without it
+# you have to temp-reject any recipients after the first that have
+# incompatible filtering, and do the filtering in the data ACL.
+# Even with this enabled, you must support the old style for peers
+# not flagging support for PRDR (visible via $prdr_requested).
#
.ifdef _HAVE_PRDR
prdr_enable = true
# By default, messages that are waiting on Exim's queue are all held in a
-# single directory called "input" which it itself within Exim's spool
+# single directory called "input" which is itself within Exim's spool
# directory. (The default spool directory is specified when Exim is built, and
# is often /var/spool/exim/.) Exim works best when its queue is kept short, but
# there are circumstances where this is not always possible. If you uncomment
.ifdef _HAVE_PRDR
acl_check_prdr:
warn set acl_m_did_prdr = y
-.endif
#############################################################################
# do lookup on filtering, with $local_part@$domain, deny on filter match
#############################################################################
accept
+.endif
# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
transport = smarthost_smtp
route_data = ROUTER_SMARTHOST
ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
-.ifdef _HAVE_DNSSEC
- dnssec_request_domains = *
-.endif
no_more
.else
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
# if ipv6-enabled then instead use:
# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
-.ifdef _HAVE_DNSSEC
- dnssec_request_domains = *
-.endif
no_more
# This closes the ROUTER_SMARTHOST ifdef around the choice of routing for
remote_smtp:
driver = smtp
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
-.ifdef _HAVE_DANE
- hosts_try_dane = *
-.endif
+.ifdef _HAVE_TLS
+ tls_resumption_hosts = *
+#endif
.ifdef _HAVE_PRDR
hosts_try_prdr = *
.endif
.ifdef _HAVE_GNUTLS
tls_require_ciphers = SECURE192:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
.endif
+ tls_resumption_hosts = *
.endif
.ifdef _HAVE_PRDR
hosts_try_prdr = *
local_delivery:
driver = appendfile
- file = /var/mail/$local_part
+ file = /var/mail/$local_part_data
delivery_date_add
envelope_to_add
return_path_add
git://git.exim.org / exim.git / blobdiff