-# $Cambridge: exim/src/src/configure.default,v 1.8 2006/06/07 17:42:27 fanf2 Exp $
+# $Cambridge: exim/src/src/configure.default,v 1.10 2006/07/27 10:36:34 ph10 Exp $
######################################################################
# Runtime configuration file for Exim #
accept authenticated = *
control = submission
+ # Insist that any other recipient address that we accept is either in one of
+ # our local domains, or is in a domain for which we explicitly allow
+ # relaying. Any other domain is rejected as being unacceptable for relaying.
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_domains
+
+ # We also require all accepted addresses to be verifiable. This check will
+ # do local part verification for local domains, but only check the domain
+ # for remote domains. The only way to check local parts for the remote
+ # relay domains is to use a callout (add /callout), but please read the
+ # documentation about callouts before doing this.
+
+ require verify = recipient
+
#############################################################################
# There are no default checks on DNS black lists because the domains that
# contain these lists are changing all the time. However, here are two
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
# dnslists = black.list.example
#
- # warn message = X-Warning: $sender_host_address is in a black list at $dnslist_domain
+ # warn dnslists = black.list.example
+ # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
# log_message = found in $dnslist_domain
- # dnslists = black.list.example
#############################################################################
#############################################################################
# require verify = csa
#############################################################################
- # Accept if the address is in a local domain, but only if the recipient can
- # be verified. Otherwise deny. The "endpass" line is the border between
- # passing on to the next ACL statement (if tests above it fail) or denying
- # access (if tests below it fail).
+ # At this point, the address has passed all the checks that have been
+ # configured, so we accept it unconditionally.
- accept domains = +local_domains
- endpass
- verify = recipient
-
- # Accept if the address is in a domain for which we are an incoming relay,
- # but again, only if the recipient can be verified.
-
- accept domains = +relay_to_domains
- endpass
- verify = recipient
-
- # Reaching the end of the ACL causes a "deny", but we might as well give
- # an explicit message.
-
- deny message = relay not permitted
+ accept
# This ACL is used after the contents of a message have been received. This
# Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above.
#
- # deny malware = *
- # message = This message contains a virus ($malware_name).
+ # deny malware = *
+ # message = This message contains a virus ($malware_name).
# Add headers to a message if it is judged to be spam. Before enabling this,
# you must install SpamAssassin. You may also need to set the spamd_address
# option above.
#
- # warn spam = nobody
- # message = X-Spam_score: $spam_score\n\
- # X-Spam_score_int: $spam_score_int\n\
- # X-Spam_bar: $spam_bar\n\
- # X-Spam_report: $spam_report
+ # warn spam = nobody
+ # add_header = X-Spam_score: $spam_score\n\
+ # X-Spam_score_int: $spam_score_int\n\
+ # X-Spam_bar: $spam_bar\n\
+ # X-Spam_report: $spam_report
# Accept the message.