-# $Cambridge: exim/src/src/configure.default,v 1.4 2005/10/11 09:30:41 ph10 Exp $
+# $Cambridge: exim/src/src/configure.default,v 1.6 2005/11/21 10:00:26 ph10 Exp $
######################################################################
# Runtime configuration file for Exim #
hostlist relay_from_hosts = 127.0.0.1
# Most straightforward access control requirements can be obtained by
-# appropriate settings of the above options. In more complicated situations, you
-# may need to modify the Access Control List (ACL) which appears later in this
-# file.
+# appropriate settings of the above options. In more complicated situations,
+# you may need to modify the Access Control List (ACL) which appears later in
+# this file.
# The first setting specifies your local domains, for example:
#
#
# Two different rules are used. The first one is stricter, and is applied to
# messages that are addressed to one of the local domains handled by this
- # host. It blocks local parts that begin with a dot or contain @ % ! / or |.
- # If you have local accounts that include these characters, you will have to
- # modify this rule.
+ # host. The line "domains = +local_domains" restricts it to domains that are
+ # defined by the "domainlist local_domains" setting above. The rule blocks
+ # local parts that begin with a dot or contain @ % ! / or |. If you have
+ # local accounts that include these characters, you will have to modify this
+ # rule.
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
- # The second rule applies to all other domains, and is less strict. This
- # allows your own users to send outgoing messages to sites that use slashes
- # and vertical bars in their local parts. It blocks local parts that begin
- # with a dot, slash, or vertical bar, but allows these characters within the
- # local part. However, the sequence /../ is barred. The use of @ % and ! is
- # blocked, as before. The motivation here is to prevent your users (or
- # your users' viruses) from mounting certain kinds of attack on remote sites.
+ # The second rule applies to all other domains, and is less strict. The line
+ # "domains = !+local_domains" restricts it to domains that are NOT defined by
+ # the "domainlist local_domains" setting above. The exclamation mark is a
+ # negating operator. This rule allows your own users to send outgoing
+ # messages to sites that use slashes and vertical bars in their local parts.
+ # It blocks local parts that begin with a dot, slash, or vertical bar, but
+ # allows these characters within the local part. However, the sequence /../
+ # is barred. The use of @ % and ! is blocked, as before. The motivation here
+ # is to prevent your users (or your users' viruses) from mounting certain
+ # kinds of attack on remote sites.
deny message = Restricted characters in address
domains = !+local_domains
require verify = sender
# Accept if the message comes from one of the hosts for which we are an
- # outgoing relay. Recipient verification is omitted here, because in many
- # cases the clients are dumb MUAs that don't cope well with SMTP error
- # responses. If you are actually relaying out from MTAs, you should probably
- # add recipient verification here. Note that, by putting this test before
- # any DNS black list checks, you will always accept from these hosts, even
- # if they end up on a black list. The assumption is that they are your
- # friends, and if they get onto a black list, it is a mistake.
+ # outgoing relay. It is assumed that such hosts are most likely to be MUAs,
+ # so we set control=submission to make Exim treat the message as a
+ # submission. It will fix up various errors in the message, for example, the
+ # lack of a Date: header line. If you are actually relaying out out from
+ # MTAs, you may want to disable this. If you are handling both relaying from
+ # MTAs and submissions from MUAs you should probably split them into two
+ # lists, and handle them differently.
+
+ # Recipient verification is omitted here, because in many cases the clients
+ # are dumb MUAs that don't cope well with SMTP error responses. If you are
+ # actually relaying out from MTAs, you should probably add recipient
+ # verification here.
+
+ # Note that, by putting this test before any DNS black list checks, you will
+ # always accept from these hosts, even if they end up on a black list. The
+ # assumption is that they are your friends, and if they get onto a black
+ # list, it is a mistake.
accept hosts = +relay_from_hosts
+ control = submission
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
- # verification is omitted. And again, we do this check before any black list
- # tests.
+ # verification is omitted, and submission mode is set. And again, we do this
+ # check before any black list tests.
accept authenticated = *
+ control = submission
#############################################################################
# There are no default checks on DNS black lists because the domains that
# This router routes addresses that are not in local domains by doing a DNS
-# lookup on the domain name. Any domain that resolves to 0.0.0.0 or to a
-# loopback interface address (127.0.0.0/8) is treated as if it had no DNS
-# entry. Note that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly treated
-# as the local host inside the network stack. It is not 0.0.0.0/0, the default
-# route. If the DNS lookup fails, no further routers are tried because of
-# the no_more setting, and consequently the address is unrouteable.
+# lookup on the domain name. The exclamation mark that appears in "domains = !
+# +local_domains" is a negating operator, that is, it can be read as "not". The
+# recipient's domain must not be one of those defined by "domainlist
+# local_domains" above for this router to be used.
+#
+# If the router is used, any domain that resolves to 0.0.0.0 or to a loopback
+# interface address (127.0.0.0/8) is treated as if it had no DNS entry. Note
+# that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly treated as the
+# local host inside the network stack. It is not 0.0.0.0/0, the default route.
+# If the DNS lookup fails, no further routers are tried because of the no_more
+# setting, and consequently the address is unrouteable.
dnslookup:
driver = dnslookup
no_more
-# The remaining routers handle addresses in the local domain(s).
+# The remaining routers handle addresses in the local domain(s), that is those
+# domains that are defined by "domainlist local_domains" above.
# This router handles aliasing using a linearly searched alias file with the
git://git.exim.org / exim.git / blobdiff