##################################################
# The Exim mail transport agent #
##################################################
+# Copyright (c) The Exim Maintainers 2022 - 2023
+# SPDX-License-Identifier: GPL-2.0-or-later
# This is the template for Exim's main build-time configuration file. It
# contains settings that are independent of any operating system. These are
# they are correctly installed, via their compatibility interfaces. However,
# Exim can also be configured to use the native calls for Berkeley DB (obsolete
# versions 1.85, 2.x, 3.x, or the current 4.x version) and also for gdbm.
+# See definitions for DBMLIB below.
# For some operating systems, a default DBM library (other than ndbm) is
# selected by a setting in the OS-specific Makefile. Most modern OS now have
# for you by the OS-specific configuration. If Exim compiles without any
# problems, you probably do not have to worry about the DBM library. If you
# do want or need to change it, you should first read the discussion in the
-# file doc/dbm.discuss.txt, which also contains instructions for testing Exim's
-# interface to the DBM library.
+# file doc/doc-txt/dbm.discuss.txt, which also contains instructions for testing
+# Exim's interface to the DBM library.
# In Local/Makefiles blank lines and lines starting with # are ignored. It is
# also permitted to use the # character to add a comment to a setting, for
# For Redis you need to have hiredis installed on your system
# (https://github.com/redis/hiredis).
# Depending on where it is installed you may have to edit the CFLAGS
-# (often += -I/usr/local/include) and LDFLAGS (-lhiredis) lines.
+# (often += -I/usr/local/include) and LOOKUP_LIBS (-lhiredis) lines.
# If your system has pkg-config then the _INCLUDE/_LIBS setting can be
# handled for you automatically by also defining the _PC variable to reference
#------------------------------------------------------------------------------
-# Comment out the following line to remove DANE support
-# Note: Enabling this unconditionally overrides DISABLE_DNSSEC
-# forces you to have SUPPORT_TLS enabled (the default). For DANE under
-# GnuTLS we need an additional library. See TLS_LIBS or USE_GNUTLS_PC
-# below.
+# Comment out the following line to remove DANE support.
+# Note: DANE support requires DNSSEC support (the default) and
+# SUPPORT_TLS (the default). For DANE under GnuTLS we need an additional
+# library. See TLS_LIBS or USE_GNUTLS_PC below.
+
SUPPORT_DANE=yes
#------------------------------------------------------------------------------
# By default, Exim has support for checking the AD bit in a DNS response, to
# determine if DNSSEC validation was successful. If your system libraries
# do not support that bit, then set DISABLE_DNSSEC to "yes"
-# Note: Enabling SUPPORT_DANE unconditionally overrides this setting.
+# Note: DNSSEC is required for DANE support.
# DISABLE_DNSSEC=yes
# DISABLE_QUEUE_RAMP=yes
# Uncomment the following lines to add SRS (Sender Rewriting Scheme) support
-# using only native facilities. See EXPERIMENTAL_SRS_ALT for an alternative.
+# using only native facilities.
# SUPPORT_SRS=yes
# Uncomment the following line to add support for talking to dccifd. This
# defaults the socket path to /usr/local/dcc/var/dccifd.
-# Doing so will also explicitly turn on the WITH_CONTENT_SCAN option.
+# This support also requires WITH_CONTENT_SCAN enabled.
# EXPERIMENTAL_DCC=yes
-# Uncomment the following lines to add SRS (Sender rewriting scheme) support
-# using the implementation in linbsrs_alt.
-# You need to have libsrs_alt installed on your system (srs.mirtol.com).
-# Depending on where it is installed you may have to edit the CFLAGS and
-# LDFLAGS lines.
-
-# EXPERIMENTAL_SRS_ALT=yes
-# CFLAGS += -I/usr/local/include
-# LDFLAGS += -lsrs_alt
-
# Uncomment the following line to add DMARC checking capability, implemented
# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
-# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken;
-# 1.3.2-3 works. I seems that the OpenDMARC project broke their API.
# SUPPORT_DMARC=yes
# CFLAGS += -I/usr/local/include
# LDFLAGS += -lopendmarc
# Uncomment the following if you need to change the default. You can
# override it at runtime (main config option dmarc_tld_file)
# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
+#
+# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken;
+# 1.3.2-3 works. It seems that the OpenDMARC project broke their API.
+# Use this option if you need to build with an old library (1.3.x)
+# DMARC_API=100300
# Uncomment the following line to add ARC (Authenticated Received Chain)
# support. You must have SPF and DKIM support enabled also.
# Uncomment the following line to add queuefile transport support
# EXPERIMENTAL_QUEUEFILE=yes
+#
+# Uncomment the following line to add XCLIENT support
+# EXPERIMENTAL_XCLIENT=yes
###############################################################################
# THESE ARE THINGS YOU MIGHT WANT TO SPECIFY #
# understand these issues, go with the defaults, which are used by many sites.
+#------------------------------------------------------------------------------
+# Which DBM library to use. If you do not specify a specific here, you get
+# the platform default. Uncomment the pair of lines as preferred.
+# Note: when changing an installation from one DB type to another all the
+# hints-DB files, in spool/db, should be removed.
+
+# gdbm in native mode
+# USE_GDBM = yes
+# DBMLIB = -lgdbm
+
+# gdbm in Berkeley-DB compatibility mode
+# USE_NDBM = yes
+# DBMLIB = -lgdbm -lgdbm_compat
+
+# tdb
+# USE_TDB = yes
+# DBMLIB = -ltdb
+
+# Berkeley DB
+# USE_DB = yes
+# DBMLIB = -ldb
+
+
#------------------------------------------------------------------------------
# Although Exim is normally a setuid program, owned by root, it refuses to run
# local deliveries as root by default. There is a runtime option called
# WHITELIST_D_MACROS=TLS:SPOOL
-# The next setting enables a main config option
-# "allow_insecure_tainted_data" to turn taint failures into warnings.
-# Though this option is new, it is deprecated already now, and will be
-# ignored in future releases of Exim. It is meant as mitigation for
-# upgrading old (possibly insecure) configurations to more secure ones.
-ALLOW_INSECURE_TAINTED_DATA=yes
-
#------------------------------------------------------------------------------
# Exim has support for the AUTH (authentication) extension of the SMTP
# protocol, as defined by RFC 2554. If you don't know what SMTP authentication
# For development, add this to include code to time various stages and report.
# CFLAGS += -DMEASURE_TIMING
+# For a very slightly smaller build, for constrained systems, uncomment this.
+# The feature involved is purely for debugging.
+
+# DISABLE_CLIENT_CMD_LOG=yes
+
# End of EDITME for Exim 4.
git://git.exim.org / exim.git / blobdiff