Protect build against LibreSSL.

[exim.git] / src / src / configure.default

diff --git a/src/src/configure.default b/src/src/configure.default
index 3c8cf97ed7a10fb88354897263d719f37ff20943..79bbc8c30fb98d190a34f1d1e02ab3c72b2f82a6 100644 (file)
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -153,6 +153,9 @@ acl_smtp_data = acl_check_data
 # tls_certificate = /etc/ssl/exim.crt
 # tls_privatekey = /etc/ssl/exim.pem
 
+# For OpenSSL, prefer EC- over RSA-authenticated ciphers
+# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+
 # In order to support roaming users who wish to send email from anywhere,
 # you may want to make Exim listen on other ports as well as port 25, in
 # case these users need to send email from a network that blocks port 25.
@@ -334,7 +337,7 @@ timeout_frozen_after = 7d
 # libraries that Exim uses (e.g. LDAP) depend on specific environment settings.
 # There are two lists: keep_environment for the variables we trust, and
 # add_environment for variables we want to set to a specific value.
-# Note that TZ is handled separateley by the timezone runtime option
+# Note that TZ is handled separately by the timezone runtime option
 # and TIMEZONE_DEFAULT buildtime option.
 
 # keep_environment = ^LDAP
@@ -513,7 +516,15 @@ acl_check_data:
   # Deny if the message contains an overlong line.  Per the standards
   # we should never receive one such via SMTP.
   #
-  deny    condition  = ${if > {$max_received_linelength}{998}}
+  deny    message    = maximum allowed line length is 998 octets, \
+                       got $max_received_linelength
+          condition  = ${if > {$max_received_linelength}{998}}
+
+  # Deny if the headers contain badly-formed addresses.
+  #
+  deny   !verify =     header_syntax
+         message =     header syntax
+         log_message = header syntax ($acl_verify_message)
 
   # Deny if the message contains a virus. Before enabling this check, you
   # must install a virus scanner and set the av_scanner option above.